Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Lionel Messi, Cristiano Ronaldo, and Mohamed Salah have spent the past two decades defining one of soccer’s greatest eras. Now, as the 2026 FIFA World Cup marks Ronaldo’s final appearance at the tournament and another defining moment in the careers of Messi and Salah, they’re also preparing for life beyond the pitch.
Before Messi’s Argentina beat Salah’s Egypt in one of the tournament’s best matches on Tuesday, Salah was asked which player he would choose for one final “last dance” from a generation that included both Messi and Ronaldo. He chose Messi without hesitation. The answer carried extra weight given that Ronaldo had already confirmed this would be his final FIFA World Cup before Portugal’s Round of 16 defeat to Spain, bringing an end to his six-tournament World Cup career.
Away from football, however, the players’ futures are beginning to diverge. Messi and Ronaldo have increasingly embraced equity stakes in AI, health tech, and startup companies, while Salah has largely stuck to a more traditional mix of commercial partnerships, property, and philanthropy.
That shift has accelerated over the past decade as venture capital firms and startups increasingly seek celebrity investors who bring more than money. A footballer with hundreds of millions of followers can offer global reach, credibility, and distribution that few traditional investors can match.
“The shift from traditional sponsorship agreements towards equity stakes and startup investments reflects a broader focus on long-term wealth creation and financial security beyond an athlete’s playing career,” says Kamraan Khan, a partner at Dubai-based firm Archers Valuation and Advisory.
Over the past decade, elite athletes have increasingly traded one-off endorsement fees for ownership stakes in companies, joining a broader trend that has seen sports stars become investors rather than just brand ambassadors. In October 2022, Messi launched Play Time HoldCo, a San Francisco–based investment firm alongside entrepreneur Razmig Hovaghimian, founder of video-streaming platform Viki, which had earlier been acquired by Rakuten. The firm’s goal is simple: invest in companies operating across sports, media, and technology.
“While sponsorships typically generate income during an athlete’s peak earning years, equity investments can provide the potential for capital appreciation and, where applicable, future dividend income, helping to build more sustainable wealth after retirement,” notes Khan.
Initially reported to be targeting roughly $200 million, Play Time has since assembled a portfolio that increasingly resembles a Silicon Valley venture fund.
Per Play Time’s website, its bets include FieldAI, Fish Audio, World Labs, Perceptron, Intangible, and SuperAnnotate, alongside sports-specific investments in the FIFA-licensed mobile game Matchday and the memorabilia marketplace AC Momento.
Outside Play Time, Messi also holds an equity stake in fantasy football platform Sorare, which lets users buy and trade officially licensed digital player cards, and joined the ownership group of KRÜ Esports, the Valorant and Rocket League organization founded by his former Argentina teammate Sergio Agüero. His three-year, reportedly $20 million deal to serve as global ambassador for the blockchain fan-token platform Socios.com is a paid promotional contract, not an undisclosed equity stake.
As part of his landmark 2023 move to Inter Miami, Messi received an ownership component alongside his salary and signing bonus—an unprecedented arrangement in Major League Soccer. While reports have speculated about the size of that stake, neither the club nor MLS has publicly confirmed the details.
Sportico valued Inter Miami at $1.45 billion in February 2026, up 22 percent year-on-year and the highest valuation in MLS history.
If Messi’s investments reflect Silicon Valley’s AI boom, Ronaldo’s are centered almost entirely on health technology—an area that aligns closely with the personal brand he has spent decades cultivating around fitness and longevity.
Ronaldo became an investor in Whoop—the wearable fitness tracker and health analytics company—in May 2024, a deal that Whoop itself called “one of Ronaldo’s most significant investments to date,” after he had already been a paying member for years. “Whoop has become one of the most important tools I use to support my long-term health,” he said at the time. Whoop’s foray into the UAE is backed by both the Qatar Investment Authority and Mubadala Investment Company.
Google is giving Photos another dose of Gemini. The company has announced Video Remix, a new AI-powered editing tool that can transform ordinary video clips into stylized creations with just a few taps. Rather than requiring professional editing skills, Google says the feature lets users quickly reinvent existing videos using creative AI effects directly inside Google Photos.
Available from the Create tab in Google Photos, Video Remix uses Gemini Omni to apply AI-powered transformations to an existing video clip. Instead of trimming footage or manually layering effects, users simply choose a creative template, and Gemini generates a new version of the clip with a completely different look and feel.
The available effects go well beyond simple filters. Video Remix can apply cinematic relighting to brighten dark footage, swap plain backgrounds for entirely new environments, or turn videos into artistic creations with styles such as watercolor, raw sketchbook, and oil painting. Google even showcases examples like giving a video a morning glow, placing someone inside a greenhouse, or transforming a clip into dreamy watercolor artwork.
There are a few limitations, though. Video Remix currently works only with video clips up to 10 seconds long, and longer recordings need to be trimmed before the AI begins generating a new version. The process itself can also take a couple of minutes, depending on the edit.
Video Remix is rolling out starting today for eligible Google AI Plus, Pro, and Ultra subscribers in select countries, including India, the U.S., Japan, South Korea, Brazil, Mexico, and several others.

The launch continues Google’s steady push to bring Gemini deeper into Photos. Over the past year, the app has gained AI-powered image editing, smarter search, and creative tools for photos. Video Remix extends that philosophy to videos, making it less about traditional editing and more about letting AI completely reinvent how a familiar clip looks—all without leaving Google Photos
Mount Royal University in Calgary says hackers stole and then deleted data from its file storage systems after breaching the university’s network.
In an update published on its website, MRU states that it has engaged technical teams and external cybersecurity experts to investigate the incident and to support recovery efforts following a cyberattack on June 17.
The incident disrupted a broad range of university systems, including online services, internet access, and certain internal systems.
MRU is a public university with a history of more than 100 years. It currently has 11,560 students and 12,500 undergraduates.
So far, the investigation confirmed that the attacker stole data stored on a drive used by students and employees for file storage, and the original copies were wiped to disrupt recovery operations.
“We regret to inform our community that our investigation has now shown that data within certain folders on the University’s “H drive” was accessed and taken by an unauthorized actor,” reads the announcement.
The university specified that the incident affected certain folders on the H drive, which contained information affecting current and former students, current and former employees of the university, and an unspecified category of “other individuals.”
Additionally, the attackers also wiped a separate drive, labeled “J,” which stored departmental data. “There is currently no evidence that J drive data was accessed or copied before it was deleted,” MRU says.
“We are still working to recover deleted J drive data, but a full recovery may not be possible.”
The university stated that the incident has been reported to the Alberta Information and Privacy Commissioner and to law enforcement authorities.
The university states that the exposed data varies by person, and because it has been deleted, determining the exact impact for each individual is complicated and will take time.
Once impacted individuals are identified, they will be contacted directly via personalized notifications.
The MRU attack was claimed by the threat group CMD Organization, which has published samples of the allegedly stolen data, including passport scans and other sensitive documents.
The threat actor asked for a 30 BTC ransom, currently around $1.9 million, and gave the university six days to respond before leaking the full set of stolen information.

CMD Organization appears to use an auction-style system, offering to sell the stolen data exclusively to the highest bidder. The threat group currently lists 30 organizations on its extortion site and operates both a clear web and a dark web portal.
MRU said that the recovery of the affected systems may take between several weeks and months and will provide updates as soon as new details become available.
The university is also offering two years of credit monitoring and identity theft protection to all current employees and individuals employed in the past five years.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
We cover so many projects here at Hackaday that lead the author down a rabbit hole of technological investigation that distracts us from the task of bringing them to you. Such a project is polyUAnalog, a very modern take on an analogue synthesizer. If you are imagining a synth of old with modules and patch cables, think again. The modern way to do this is it seems to use an individual synthesizer chip for each voice, resulting in a very versatile instrument indeed.
The integrated circuit in question is the AS3397, which when coupled on a PCB with a Raspberry Pi Pico makes for a self-contained single-voice analog synth. It’s controlled via I2C from a conductor board for which frustratingly the README doesn’t give a processor, but we think may be powered by another Pi Pico. This board does the job of taking MIDI and other controls, and farming them out tot he individual voices. The prototype has ten, but it can support many more.
It’s the work of a pair of researchers from the University of Angers in France, and we’re told it’s a side project from their work in the field of spectroscopy. There’s a video about it which we’ve placed below the break, and they’ve also written a paper about it.
Ira Apfel sits down with Sarah McKibben, Editor-in-Chief of EdSurge to close out a full week of coverage from ISTELive 26 in Orlando. This conversation is a recap of everything that stood out once the keynotes ended and the convention floor quieted down, from a new idea called relational intelligence to a phrase about AI slop that stuck with educators all week. It only scratches the surface of what the EdSurge team gathered on the ground. Many more conversations recorded live at the conference are set to roll out across upcoming episodes in the weeks ahead. Listen now to hear what Apfel and McKibben took away from ISTELive 26 before the rest of the coverage arrives.
Stories Mentioned in This Episode
This is a special recap episode from ISTELive 26 in Orlando where Ira and Sarah reflect on the hallway conversations, speaker presentations, and podcast interviews they enjoyed throughout the week. Featured speakers include:
Pat Yongpradit, GM, Education and Workforce Policy at Microsoft
Dr. Nneka McGee, Fmr. Chief Academic Officer and Founder of Muon Global
Isabelle Hau, Executive Director of the Stanford Accelerator for Learning
Heather E. McGowan, Bestselling Author, Leadership Expert, and LinkedIn Global Voice for Education
Melinda Glowacki, MAT Supervisor and Leadership Coach for the University of California, Irvine
Tambra Clark, Technology Integration Facilitator of Birmingham City Schools
Mary Ehrenworth, Author, Speaker, Consultant, from Teachers College, Columbia University
Philip Seyfried, Student, from Teachers College, Columbia University
Jessica Garner, Managing Director, Innovative Learning at ISTE+ASCD
Court Shuller from the Voices of Change Fellowship
This Week with EdSurge is a weekly podcast from EdSurge. Subscribe to the EdSurge newsletter for more news and analysis on education and technology.
For years, conversations around screen time have focused almost entirely on children. How much YouTube is too much? Should teenagers be on social media? When should a child get their first smartphone? A new study suggests we may have been asking the wrong question.

According to research published last month in the peer-reviewed journal Frontiers in Psychology (via Bloomberg), it’s not just children’s screen habits that matter. Parents who are constantly distracted by their phones may unintentionally weaken their emotional bond with their children, potentially leaving lasting developmental and psychological effects. The study surveyed 600 U.S. adolescents aged 12 to 17, many of whom reported feeling ignored or sidelined when their parents were absorbed in their devices.
The researchers found that excessive phone use by caregivers can contribute to what’s known as “insecure attachment” — a pattern that may make children more anxious, avoidant, and less confident in relationships later in life. According to Don Grant, a media psychologist, addiction expert, and fellow of the American Psychological Association, those effects can persist well into adulthood if left unchecked.
It “could really unfavorably impact their attachment security, which they will carry for life,” Grant said.
Grant described the issue as more than simply spending too much time on a phone. It’s about being physically present but emotionally absent. One example from the study highlights parents who proudly attended every recital or sports match, only for their children to remember them as constantly looking down at a screen instead of watching the moment unfold.
We’ve previously covered how excessive screen time and social media can affect children. What’s different here is that the researchers turn the spotlight onto parents instead. Their work represents one of the most comprehensive studies examining how children perceive their caregivers’ technology habits and how those habits shape the parent-child relationship.

The findings also build on growing research around “technoference” — the idea that digital devices quietly disrupt face-to-face relationships. While earlier studies largely examined its impact on romantic partners, this research suggests the same pattern may be playing out between parents and their children. It also aligns with broader trends. For instance, Bloomberg notes that nearly half of American teenagers surveyed by the Pew Research Center in 2024 said their parents were at least sometimes distracted by a phone during interactions, even though far fewer parents believed it was happening.
The funny thing is that we’ve spent years worrying about children becoming glued to their screens. This study flips that conversation on its head, suggesting the bigger issue may be what children see when they look up. After all, the moments kids tend to remember aren’t the ones spent staring at a screen, but the ones when the people they wanted to connect with were staring at theirs.
HubSpot has scrapped a plan to use its customers’ data for a new AI feature, just four days after announcing it. The CRM firm changed its terms on 1 July to pool customer data, including contact and employer details, for a tool that finds sales leads, The Information reported.
It opted users in by default. The backlash came at once.
The objection was less about AI than about consent. Customers argued that the data they had built up in HubSpot belonged to them, not to the company to share around. HubSpot set the default to opt-out. It enrolled everyone unless they hunted down a toggle. That turned a product tweak into a trust problem.
The revolt played out mostly on LinkedIn, where sales leaders and RevOps teams piled in. Some said they would switch providers. Within days HubSpot folded.
Chief product and technology officer Duncan Lennox apologised and called the change “a mistake”. He said HubSpot would not implement the new terms, and that any future use of customer data would be opt-in. The plan, in short, is dead.
The speed of the climbdown says as much as the policy. Software firms are racing to bolt AI onto their products, and customer data is the obvious fuel. HubSpot is not the first to get burned. Slack drew fire in 2024, and Zoom in 2023, over terms that let them train AI on customer data. What stung this time is that CRM data is a company’s competitive asset, not just its files.
It also shows where power sits. In an era when a business can rebuild a workflow with cheap AI tools, big software vendors have less room to dictate terms. Annoy the customer base and it has more exits than it used to.
The episode is small, but it is a marker. Every SaaS company is weighing how to feed its AI without spooking the people who pay for it. HubSpot just ran the experiment in public, and learned that “opt-out” is now a fighting word.
The weather is warm, flowers are blooming, and many DIYers are hard at work on summer projects. Whether you’re adding a new deck, building raised garden beds, or constructing your own fire pit, it’s a great time of year to knock some items off of your “to do” list. Harbor Freight quietly dropped some great deals that may make you pull out your wallet even if the holiday sales are over.
There are more than 1,600 Harbor Freight locations across the U.S., but if you don’t have a store near you, many of these deals are also available online. You can find everything from power tools to storage solutions to shop equipment and everything in between, often for lower prices than competitors. Products are often categorized in tiers according to different needs, including casual use and up through more professional jobs. If you change your mind, Harbor Freight offers a 90-day return policy for exchanges or refunds. Proof of purchase is required, and some items are exempt from this policy. Here are five new products that can help you get the job done on time (or at least before winter sets in!) and on budget.
If you’re hard at work renovating a new home or on a tough plumbing job, you may want to invest in a handheld inspection camera. It’s a perfect tool for when you need a look into tight, dark, or other inaccessible space. It can be used for HVAC inspection, taking a peek into your roof or attic, and more. This inspection camera from ICON is currently priced at $179.99. It’s lightweight and has a dual-lens probe and a 5.5 mm camera.
The 4.3-inch LCD screen is backlit to provide a clear image no matter where you’re working. Accessories include a water-resistant probe that comes with a 36-inch cable for maximum reach. When you’re not using the probe, it has integrated cord management for easy storage so you don’t misplace it. This camera also has front and side LED lights to provide maximum illumination. A zippered case for storage is included, along with the necessary four AA batteries. It has a USB-C port if you want to transfer your photos to a computer, and interested buyers should note this camera does not have a slot for an additional SD card.
Whether you simply don’t want to spend hundreds of dollars on tool storage or you’re looking for a portable tool bag, this bag from Bauer may be the perfect solution. Nothing will slow a job down faster than having to dig through a disorganized, messy tool bag, but this Bauer product offers several compartments for organization. It is considered a modular solution because it locks into all of the brand’s Modular Storage System components, such as rolling toolboxes or organizers.
The tool bag, which cost $69.99 at time of writing and is sold only in stores, is made from professional-quality, reinforced polyester fabric for durability. It has a main compartment with a wide opening that makes it easy to access and load your tools. The base is freestanding and water-resistant to keep the contents dry and clean, and the padded shoulder strap and handles make the bag easier to transport even when fully loaded.
In addition to the main compartment, this tool bag also has 40 pockets and a removable divider with five additional pockets. There are 12 daisy chain loops to help keep everything in place, and a clip just for your tape measure. You can also use the full-length zippered pockets on the front and back of the bag to store extra gear, towels, or other handy equipment.
When you’re at work on a big job, sometimes you need to turn up the brightness. Harbor Freight offers plenty of lighting solutions, from inexpensive, tiny portable lights to tripod work lights, but it’s hard to beat the versatility of a clamp light. Forget the tangled cords and disposable batteries, the BRAUN LED rechargeable clamp light can be secured onto pipes, work stations, lumber, tables, ladders, and more. The foldable spring clamp also allows you to simply prop the light on the ground or table surface without worrying that it will fall over.
Depending on your needs, you can use this light at low, medium, or high mode. It provides up to 4,200 Lumens and has an adjustable head that swivels 270 degrees and also pivots 60 degrees, allowing you to target the light exactly where you need it. The spring clamp has a heavy-duty design, and the light is both water- and dust-resistant.
This LED light has a rechargeable USB-C battery and can run for 16 hours on a full charge. A battery indicator removes the guesswork and lets you know how much charge remains. It can also be used as an additional power source on your job site, offering a USB-A output for charging your phone, tablet, or other tools. This clamp light was priced at $49.99 at time of writing.
A ladder is a ladder, right? The American Ladder Institute begs to differ! Choosing the right type of ladder for your job is important for several reasons. If you’re doing electrical work, for example, you should avoid metal ladders. If you select a ladder that is too short or too tall, you won’t be able to set it up properly, it may not reach, or it may slide out from under you. A multitask ladder like the Franklin 22-foot ladder with wheels is a great option if you want a space-saving option that fits many needs.
This type IAA ladder is professional-grade and can support up to 375 pounds. It is made of aluminum (so avoid those electrical jobs), and offers 31 possible configurations. The wide-flared base provides extra stability, and it has non-slip industrial-grade rubber feet that are safe for most surfaces. It folds flat for storage and transport, and weighs about 42 pounds. Basic setups include an A-frame ladder, an extension ladder and scaffolding. Available in-store only, this ladder costs $219.99.
This ATLAS 80V Brushless Cordless Dual-Port Backpack Blower Kit is a bit of an investment at $499.99, but it’s probably worth it if you have a large yard or do some landscaping work on the side. In addition to yard maintenance, however, you can also use a backpack blower for snow removal and even to dry your car after a hand wash. This kit includes two batteries that together offer 60 minutes of a run time at full throttle, and a charger.
The blower has a padded waist belt and shoulder straps, and the backpack is designed to help evenly distribute the weight. There are two battery ports — you can use one battery at a time, or both for the longest run time. The blower has up to 760 CFM and 190 MPH of power, and a turbo button gives a boost when you need it most. A variable-speed trigger allows you to adjust the power as you work, or a cruise control lever allows you to set it and forget it. The tube has an adjustable length to make it more comfortable to use and for the greatest coverage.
ai and ml
Third-party testing shows heterogeneous compute platform combining H200s and SN50 RDUs churning out 763 tok/s in MiniMax M2.7
Intel’s big bet on SambaNova appears to be paying off in a big way. This week, the AI chip startup shared benchmark results showing its latest generation of AI acceleration, which combines Nvidia GPUs and the company’s accelerators, beating GPU-only inference platforms by a wide margin.
The testing, conducted by the AI benchmarking gurus at Artificial Analysis, showed SambaNova’s SN50-series accelerators, announced in February, churning out 763 tokens a second in MiniMax M2.7 at short context lengths (10,000 input tokens) — several times faster than competing inference providers running on GPUs alone.
Meanwhile, for longer context lengths, the company says that its platform is able to sustain more than 450 tokens a second.

This feat was accomplished by combining Nvidia GPUs with SambaNova Reconfigurable Dataflow Units (RDUs) to form a heterogeneous inference platform.
Specifically, the computationally intensive prefill phase of the inference pipeline, during which prompts are processed and key value caches are generated, was handled by four Nvidia H200 GPUs.
Meanwhile, memory-bandwidth-bound decode operations, where output tokens are generated, were done on a single SambaNova rack containing 16 SN50 accelerators.
Disaggregating prefill from decode has become a key lever for reducing token costs for long-running AI agents, like code assistants. Nvidia initially demonstrated this with its NVL72 rack systems, by varying the ratio of GPUs used for prefill versus decode. The company further disaggregated this with its Groq-based LPX racks revealed at GTC this spring. Since then, just about everyone from AMD to AWS and Cerebras has announced some kind of disaggregated or heterogeneous inference platform using one or more accelerators.
With SambaNova’s latest performance figures, the startup hopes to demonstrate how customers can breathe new life into their aging GPU fleets by using its systems as decode accelerators. And because its systems are air-cooled, they can be deployed in existing datacenters — something that can’t be said of Nvidia’s latest generation of Rubin GPUs, which absolutely need liquid cooling.
SambaNova plans to show off even more powerful inference configs, with 128 and eventually 256 accelerators to demonstrate its ability to maintain high token generation rates at high throughput. As we’ve previously explored, this is something that GPUs alone have historically struggled with and one of the key drivers behind Nvidia’s Groq acquihire late last year.
The results come just a month after SambaNova and Intel announced Vector Core Compute would be among the first to deploy the combined GPU + RDU offering with TogetherAI as their first large-scale customer.
Ramping production of any chip isn’t a cheap prospect, but for its fifth-gen part, capital shouldn’t be an issue. On Wednesday, SambaNova completed the first close of a $1 billion Series F funding round led by General Atlantic, giving the AI chip startup an $11 billion valuation. ®
This is one of those hacks that makes you stop in your tracks and say, “wait, you can do that!?” — before realizing, oh, yes, of course you can do that. With enough computational power, you can do a lot of things, and the Raspberry Pi 5 is a far cry from the single-board computer’s humble beginnings. In this case, the “you can do that!?” is both that [Oliver] was able to get the digital audio TOSLINK working via an LED tied to one GPIO pin on the Pi, but also the larger project that is embedded in: using the Pi as a full featured 8-channel USB sound card called Camilla DSP.
For the first one: the old TOSLink standard is very simple, and all you need to do is blink an LED quickly enough. Considering the clock frequency of the Pi 5 is in the GHz range and the TOSLINK is the same 3.1 Mbit/s S/PDIF signal you could pull off your CD-ROM drive to your Sound Blaster, there’s no problem there. Except, wouldn’t the operating system get in the way? Well, not when you have enough clock cycles to throw at the problem. Using a Pi 5 doesn’t hurt: the RP1 I/O chip included on the board is keeping things smooth with its included PIO while Linux mucks about in the background. There’s a reason we called it the most important product Raspberry Pi ever made.
As for making a USB sound card from an SBC — well, we’re not sure why that got the “you can do that” reaction. The Raspberry Pi family had ‘gadget mode’ for over a decade now, allowing you to present the computer as a USB device, so why not a sound card? That’s a valid class of USB device.
Malicious packages on the Node Package Manager (npm) and the Python Package Index (PyPI) delivered stealer malware to developers and users of Paysafe, Skrill, and Neteller payment applications.
The threat actor published at least 17 malicious packages simultaneously, each tasked to exfiltrate credentials and access tokens to a command-and-control server hosted on Amazon Web Services (AWS).
All three payment platforms are popular, with Paysafe being mostly used by e-commerce sites and online marketplaces, gaming platforms, travel businesses, and financial services or software-as-a-service (SaaS) providers.
Skrill and Neteller are digital wallets and money transfer services used in online betting, cryptocurrency exchanges, and on Forex trading platforms.
Software developers working on such platforms integrate Paysafe’s SDKs into apps and websites to implement a secure payments and funds management system.
According to application security company Socket, these developers are the targets of the latest campaign via the following packages:
The researchers say that the 13 npm packages published four malicious versions, from 1.0.0 to 1.0.3, whereas the PyPI packages published only one malicious version, 1.0.0.
All 17 packages pretend to be legitimate payment SDKs, even exposing the expected APIs, but instead return fake success responses rather than communicate with Paysafe’s backend services.
The real purpose is credential theft, as the embedded malicious code searches compromised environments for secrets such as tokens, passwords, and API keys.
According to Socket, the exfiltrated data includes Paysafe API keys, AWS keys, GitHub tokens, npm tokens, hostname, username, and metadata about API usage.

The data theft module in the npm packages attempts exfiltration only if a Paysafe API key is present and activates when the fake SDK is called.
The PyPI packages automatically activate the data theft routine upon initialization and do not require a Paysafe API key to be present at all.
Socket’s analysis of the malware reveals that it includes some rather basic anti-analysis features, stopping execution if it detects fewer than 2 CPU cores or if the hostname or username contains cues indicating a virtualized environment.

It is unclear who is behind this campaign, but Socket’s report highlights some attributes suggesting that the threat actor is sufficiently technical and may return in a more organized way.
The researchers warn that the attacker’s ability to pivot between ecosystems may make it more difficult to defend if there is only one ecosystem of visibility.
If any of the listed packages were installed, developers are recommended to immediately “rotate all secrets on any machine that imported or executed this package.”
The researchers also advise searching dependency trees for the package names used in the campaign and deny any requests for them at the registry proxy level.
It is also recommended to look in the logs of Continuous Integration (CI) systems for PAYSAFE_API_KEY in combination with any of the listed package names.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Weekend Open Thread: High Hopes
Taylor Swift and Travis Kelce wedding staffer hilariously struggles to keep her cool while checking in megastars
Open Thread: What Great Books Have You Read Recently?
The House | “Reframing the debate from a binary discussion of winners and losers”: Yuan Yang reviews ‘We Are Not Machines’
Standard Chartered Secures MiCA License as ESMA Adds 37 New Crypto Firms
Whats Hidden Inside This Cash Register? #treasure #reselling #money
Anthropic’s new “J-lens” reveals a silent workspace inside Claude that mirrors a leading theory of consciousness
AXT Shares Jump Nearly 14% as Semiconductor Materials Maker Rebounds on AI-Linked Indium Phosphide Demand
Binance stock trading tops $1B in first month after launch
SK hynix (000660.KS) Stock Dips as $28B Nasdaq ADR Offering Drives AI Memory Expansion
Alibaba-affiliate Ant Group enters the humanoid robot market with 12 deals
South Africa proposes crypto tax guidance under existing rules
Best Time to Enter Small Caps Right Now? Another Bull Run? | Financially Free
Lenovo laptops are now shipping with YMTC SSDs, a sign of Chinese NAND entering the mainstream
ESMA Expands Crypto Register by 37 Firms Following MiCA Transition Period
New exhibition reflects five decades of movement between island of Ireland and GB
What a 10 Percent Drop Means for Buyers, Sellers and Renters
Binance Re-Enters Philippines As EU MiCA Rules Restrict Access
Avoid entering in FOMO #bitcoin #cryptocurrency #trading #scalping
Joshua Pacio ‘more complete’ ahead of ONE rematch vs Malachiev
You must be logged in to post a comment Login