On Tuesday, the nonprofit Consumer Federation of America filed a lawsuit against Meta, alleging that the way the social networking giant handles scammers on its platforms violates Washington, DC’s consumer protection laws.
While many online scams involve direct outreach to victims by scammers (who are often themselves human trafficking victims trapped in scam compounds), CFA’s lawsuit focuses on fraudulent advertising that CFA alleges Meta profited from and allowed to “proliferate on its platforms,” despite publicly promising that it takes cracking down on fraud and scams seriously.
In its complaint, CFA points to ads found in Meta’s ads library that CFA claims are types of well-known scams, including several that appear to target people by their birth year and tout $1,400 checks, as well as others that advertise free government iPhones.
Speaking with WIRED, Ben Winters, CFA’s director of AI and data privacy, says others can find more dubious ads just by searching Meta’s ad library using key words like “free phone” and “stimulus check.” WIRED’s quick perusal of the ads library on Monday shows more live ads for “secret tax checks” that lead to a website that promises to reveal “Wall Street’s recession-proof investing strategy.”
Meta did not immediately respond to a request for comment.
CFA is seeking to recover damages and what it says are illegal profits from Meta, in addition to business reforms. Winters says that there’s more to be done to take down repeat violators and scrutinize ads that promise things like free government programs that don’t exist before they’re put in front of consumers.
Meta has faced particular scrutiny because Facebook, Instagram, and WhatsApp—which are all owned by Meta—are among the most widely used online platforms by Americans, according to a recent Pew Research Center report. In late 2025, Reuters reported on a set of internal Meta documents that detailed how the company dealt with fraudulent and prohibited user activity, including a May 2025 presentation that estimated that its platforms were involved with a third of all successful scams in the US. Another presentation cited by Reuters alleged that an internal Meta review found it “is easier to advertise scams on Meta platforms than Google.”
One Meta document from 2024 that Reuters cited estimated that the company would earn 10.1 percent of its revenue that year—around $16 billion—from ads that were actually scams or other types of prohibited content. To put that figure in perspective, the FBI estimated that in 2024, Americans lost $16 billion from all internet crimes. At the time, a Meta spokesperson called the estimate “rough and overly inclusive” and said that the set of documents Reuters reported on “distorts Meta’s approach to fraud and scams” and that the actual revenue was lower, but declined to tell Reuters by how much.
In June 2025, a bipartisan coalition of state attorneys general urged Meta to crack down on Facebook ads that led consumers to WhatsApp groups that were used for carrying out investment scams. The letter, which was signed by New York AG Letiticia James, said that Meta’s solutions were not working and that investigators in New York kept seeing scam advertisements months after submitting reports to Meta.
Since then, the US Virgin Islands attorney general’s office filed a lawsuit against Meta that, among other things, alleged that the company not only failed to crack down on scam advertising but charged advertisers higher rates to run ads flagged as likely to be fraudulent. That lawsuit is ongoing.
Though the federal government and many states have similar consumer protection laws as the DC law that CFA alleges Meta violated, Winters says he’s not holding his breath for the federal government to take action, and while he appreciates the work of state attorneys general, he believes consumers need relief now.
“We appreciate their work and think it’s absolutely critical, but we can’t wait for them to act when we haven’t seen them able to act as quickly as we need to,” Winters says. “This is why nonprofits and civil society exist in the idealized world, right? To fill in gaps where there are gaps.”
Electric truck and SUV manufacturer Rivian on Tuesday announced the rollout of its new Rivian Assistant AI via software update to all compatible R1T and R1S owners subscribed to its Connect Plus cellular data plan. The new functionality will also be unlocked for the upcoming R2 at launch later this year. Powered directly by the EV’s onboard hardware and software rather than layered atop a phone-mirroring system or living in the cloud, Rivian’s Assistant will gain native access to almost all vehicle systems — which enables advanced features beyond just answering questions.
Rivian first announced at its Autonomy & AI Day event last year that an AI-powered in-vehicle assistant was coming. At the time, the automaker’s engineers and software developers detailed how it planned to use the powerful compute hardware in its R1 and R2 series EVs for everything from a new generation of driver-assist and autonomous features to Rivian Assistant, which ships today. For current and future Rivian owners, the feature set is substantive enough to be worth the wait.
Rivian Assistant sits on top of what the automaker calls Unified Intelligence, described as “a multimodal AI foundation” that runs across the company’s products and operations. Basically, it’s Rivian’s version of the shared-AI-backbone pitch that automakers and tech giants have been making in various forms for a few years now. The idea is that the same “unified” AI model can learn from customer data, vehicle telemetry and operational context together rather than treating each data set as a separate silo to provide more comprehensive and useful functionality to you, the end user.
First announced in December, Rivian Assistant is now rolling out to R1 EVs.
The promise is that the assistant will become more capable and more personalized over time. It learns driver preferences, retains context across sessions (stored in each driver’s profile), and uses real-time vehicle logs to inform its responses. Whether that learning loop delivers measurable year-over-year improvements (and whether automakers like Rivian can be good stewards of drivers’ privacy) will take time to evaluate. At the very least, the architecture enables such improvements in ways that basic voice command systems don’t.
Holding the left steering wheel button or saying, “Hey, Rivian,” tells the assistant to start listening. The basic vehicle control functions range from the familiar — call Mom, navigate home, adjust the temperature, etc. — to more advanced tasks like changing drive modes, adjusting ride height, opening the front trunk or checking range-on-arrival estimates. The utility of such voice commands is proven and well-covered.
More interesting are the context-aware commands. Instead of requiring precise phrasing, the assistant parses natural language and interprets intent. Rivian’s own example — “Make everyone’s seat toasty except mine” — is a good illustration of what this looks like in practice. The system understands the implicit (all seats except the driver’s) and executes accordingly. That’s a different category of interaction than “set passenger seat heat to level 2,” and the kind of thing that makes voice control actually useful for normal people rather than just people who speak like robots.
Navigation works in natural language as well. You can ask for a coffee shop near your destination rather than searching by category in the map UI, or ask for directions without specifying the exact address. Media queries follow a similar pattern; you can ask when a song came out or ask for something similar to what’s playing. None of this is revolutionary relative to what smartphone assistants do, but the integration with the vehicle’s native software and hardware is tighter than what you get through Android Auto or Apple CarPlay. (Though the latest generation of vehicles running native Google Built-in software seems similar.)
Being able to understand natural language and intent is what makes the difference between a useful feature for regular folks and voice command system for techies who talk like robots.
Messaging is handled through AI-assisted dictation that goes beyond simple voice-to-text. The assistant reads incoming texts, summarizes them, and helps draft replies. For anyone who’s tried to compose a text by voice while driving and ended up with something barely coherent, the summarization and drafting layer looks like a genuine improvement.
Additionally, Rivian says the assistant is grounded in real-time vehicle data and has a custom-built system for the owner’s manual, meaning you can ask operational questions — “How do I change a tire?” or, “What does this warning light mean?” — and get answers specific to your vehicle and its current state rather than a generic response pulled from the web. Even for car enthusiasts and automotive experts like me, this vehicle knowledge base is sure to be one of the more practical and useful features.
The most forward-looking piece of the rollout is the agentic integration with Google Calendar, which Rivian is positioning as the first in a series of external connections. The pitch is straightforward: Managing calendar events through your phone while driving is a bad idea, and doing it through a native vehicle assistant promises to be safer and faster.
The integration allows you to check your schedule, reschedule appointments or execute multistep tasks in a single voice command. Rivian’s example walkthrough — checking your schedule, finding a coffee stop on your route, and texting your ETA to a contact, all as one continuous flow — illustrates the agentic part of this. Rather than issuing three separate commands and waiting for each to complete, here Rivian Assistant acts more like a human flunky you’ve delegated a task to and chains the steps together — at least, that’s the vision.
At the AI Day event, Rivian demonstrated Assistant’s deep integration with Google Calendar.
What comes after Google Calendar hasn’t been specified yet. The word “first” is doing some load-bearing in Rivian’s announcement, suggesting a pipeline of integrations yet to be announced.
According to the automaker, owners will retain control over the data Rivian Assistant collects. The “Hey, Rivian” wake word can be toggled off, location sharing can be restricted and the memory feature — which stores personal context across sessions and trips — can be disabled entirely. Data is tied to individual driver profiles, not the vehicle, which feels like the right approach for multi-driver households.
Full Rivian Assistant functionality requires an active Rivian Connect Plus data subscription or an active trial and is currently available in English only. Rivian hasn’t announced any pricing changes (still $15 per month or $150 per year) or bundling adjustments alongside this rollout, so the math on Connect Plus’ value is somewhat better than it was before this feature existed, particularly for owners who were on the fence about renewing.
Unfortunately, the likelihood of your hearing worsening overtime are higher than they’ve ever been, thanks in no small part to the fact that many of us walk around with headphones clamped to our heads or earbuds firmly planted into our aural canals. In fact, the World Health Organization (WHO) is so concerned about hearing loss that they’ve issued some very dire warnings that we should all pay attention to.
According to the WHO, 2.5 billion people will experience some degree of hearing loss by 2050, with at least 700 million requiring hearing assistance and/or rehabilitation. Right now, over 95 million kids between the ages of 5 and 19 already have some level of auditory impairment, and more than one billion (with a B!) more are vulnerable. The American Osteopathic Association reports that 1 in 5 teens will experience hearing problems, which is a 30% increase from just 20 years ago.
Both Dr. Kelly Conroy, a Mayo Clinic audiologist, and James E. Foy, DO, an osteopathic pediatrician from Vallejo, California, suggest one way to help prevent hearing loss is to follow what’s known as the 60/60 rule. Thankfully, it’s an easy rule to follow — the first 60 represents listening to a portable music device at just 60% of its maximum volume, while the second 60 refers to only listening for 60 minutes at any given time.
The 60/60 rule is based on scientific research conducted by audiologists and hearing experts that shows long-term exposure to loud noises can cause permanent damage. Many cells in the body can regrow or repair themselves, but not the cochlear hairs that line the inside of the ear. Those tiny hairs are important because they’re needed to convert sound into electrical signals that your brain can make sense of.
As you may know, sound is measured in decibels (dB). Everything under 70 dB is considered safe, but anything above that can be problematic. To put this all into perspective, a normal whisper registers around 30 dB, and a normal inside voice conversation typically sits around 60 dB. A vacuum cleaner hits 70 dB, and smaller DIY power tools and lawnmowers routinely exceed 71 dB. More powerful tools, like jackhammers, can easily surpass 120 dB, a range where instantaneous damage can occur.
So, what’s worse — headphones or earbuds? According to the experts, definitely earbuds. Yes, they’re more convenient and easier to carry around than big ole cans, but buds sit directly inside the ear, putting them much closer to the eardrum. Cranking the volume up will only cause damage more quickly.
Something else buds do, that over-the-ear headphones don’t, is push wax and funk farther into the ear canal, which by itself can cause temporary hearing loss. Worst-case scenario: An infection takes root, turning your life into a nightmare that nobody wants to deal with. The WHO also advises that we should get our hearing checked annually, something most of us probably neglect.
Apple supply chain partner Foxconn suffered a cyberattack at its Wisconsin facility.
More than 10 million documents spanning 8 terabytes of data were reportedly stolen from Foxconn’s network. Confidential AMD, Google, and Intel projects are at risk of exposure, but Apple’s tech appears to be safe.
Even with Apple’s extensive security measures for pre-production designs, the company’s supply chain partners often fall victim to cyberattacks. In December 2025, an Apple assembler in China was targeted by attackers, with the same thing happening to Luxshare in January 2026.
Now, Foxconn has become the latest Apple supply chain and assembly partner to suffer a cyberattack. On Tuesday, the company confirmed its facility in Mount Pleasant, Wisconsin, had been impacted by the attack in May 2026.
Ransomware group Nitrogen claims to have taken 8TB of data, or over 11 million files. “These include files such as confidential instructions, projects, and drawings from Intel, Apple, Google, Dell, Nvidia, and many other projects,” reads the group’s announcement.
Nitrogen also posted a collection of sample files, meant to serve as proof of the alleged attack. While AppleInsider won’t share links to the allegedly stolen files, we did analyze the sample provided by the group to gain a better understanding of the scope of the attack.
The attackers seemingly stole financial documents related to Foxconn’s Houston, Texas, facility. Also stolen was documentation related to Foxconn temperature sensors, integrated circuits, board layouts, and more.
Additionally, the files appear to contain network topology documentation related to AMD, Intel, and Google projects, including files related to server processors, sockets, and other components. The sample set seems to contain files related to Foxconn’s electrical engineering team more than anything else.
It’s not clear if there are any files directly related to existing or future Apple projects. This ultimately doesn’t serve as much of a surprise, given that Foxconn’s Mount Pleasant facility primarily produces televisions and data servers rather than Apple devices.
Based on the sample provided, it does not look like Nitrogen obtained any Apple schematics, documentation related to Foxconn’s Apple product development teams, or Apple quality control data.
Foxconn’s manufacturing facilities, be they in China, India, or elsewhere, are typically protected via an internal VPN. While the facility network typically encompasses on-site computers, Foxconn plants do communicate with one another and with Apple via email.
As the group has documents related to Foxconn’s Houston, Texas, facility, they may have acquired additional data from facilities beyond the one in Wisconsin. In other words, Nitrogen might have obtained Apple designs from a separate Foxconn factory, maybe through emails or file-sharing servers.
While it’s difficult to ascertain exactly what was taken, given the group allegedly stole 8TB worth of files, it does not look like Apple has much to worry about.
As noted by the Wisconsin publication TMJ4, Foxconn’s Mount Pleasant facility experienced a network outage in early May 2026 because of a cyberattack. Production was allegedly interrupted for around a week, but has since resumed.
Foxconn’s Wisconsin plant in 2020.
Per The Cybersec Guru, the facility’s network began experiencing issues on May 1, with Wi-Fi being cut off at 7 AM ET, and disruptions to the core plant infrastructure occurring by 11 AM ET. Manufacturing seemingly remained affected until May 12, 2026.
“We were told to turn off our computers and not log back in under any circumstances,” allegedly said an unnamed worker. “The timecard terminals were dead. We were filling out paper timesheets just to track our hours.”
Analyst Mark Henderson claims that “the topology specs for Google and Intel are the real concern.” He explains that these are “architectural maps of live infrastructure,” and that attackers could use the data to identify vulnerabilities in data centers across the world.
The ransomware group behind the attack, Nitrogen, has been around since 2023. The group seems to have ties to the BlackHat/ALPHV ransomware and is known for utilizing a double-extortion model. This means it resorts to encrypting data and later threatening to leak it.
However, according to Coveware, Nitrogen’s ESXi encryptor has a critical flaw. During encryption, the files’ public key gets corrupted, meaning that victims are unable to receive decrypted files even if the ransom is paid.
The full scope of the cyberattack targeting Foxconn’s Wisconsin facility remains to be seen. Judging by the available information, however, it’s unlikely we’ll see Apple’s product designs surface as a result of the hackers’ efforts.
In the frame, NASA’s six-wheeled Perseverance rover is securely planted on a stretch of dirt far to the west of Jezero Crater. You can see its mast dipping down towards Arethusa, the rocky protrusion we’ve all become familiar with, before swinging back around to face the camera full on. Years of driving have created a fine layer of dust on the rover and its wheels, catching the light and creating a beautiful warm glow. Meanwhile, a new circular mark on Arethusa indicates where the rover dug in with its biters and removed a portion of the surface to examine what was hidden beneath. The robotic arm in front, with the WATSON camera attached to its end, is the one that took it all in.
Sixty-one separate exposures went into the final composite. The arm performed sixty-two precise shifts across roughly one hour on March 11, 2026, the 1,797th Martian day of the mission. Each small adjustment let the camera capture another slice of the rover and its surroundings until the pieces fit together into one complete portrait.
Sale
Beyond the rover, the landscape stretches in all directions. The western rim of Jezero Crater is made up of all these ancient rock layers that continue on for as far as the eye can see beneath that pale, pale sky. The land around the rover is covered with boulders and strange ridges that have formed over billions of years. We name that area Lac de Charmes, and it’s all the way out on the western side, the farthest Perseverance has gotten since it landed five years ago.
The rock named Arethusa drew the rover here for good reason. After the abrasion the team studied the freshly exposed material and found it consists of igneous minerals with large crystals that formed deep underground long before Jezero Crater itself existed. Those crystals point back to some of the earliest chapters in Mars history, when molten rock cooled slowly far beneath the surface.
Moments like this one are a big part of what keeps the mission going, as Perseverance is currently in the middle of its fifth science campaign on the northern rim, collecting data that helps connect the younger sedimentary layers inside the crater to the much older stuff that’s exposed outside. So far, the rover has cut a piece out of 62 rocks, filled 25 sample tubes, and explored about 26 miles of terrain, which is just a couple of miles shy of a full marathon.
cyber-crime
Affected factories back up and running, we’re told
Foxconn, a critical supplier for major hardware companies like Apple and Nvidia, on Tuesday confirmed a cyberattack affecting its North American operations after the Nitrogen ransomware gang listed the electronics manufacturer on its data leak site.
“Some of Foxconn’s factories in North America suffered a cyberattack,” a Foxconn spokesperson told The Register. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production.”
Nitrogen ransomware criminals on Monday claimed to have breached the Taiwan-based company and stolen 8 TB of data comprising more than 11 million files. The miscreants say the leaks include confidential instructions, internal project documentation, and technical drawings related to projects at Intel, Apple, Google, Dell, and Nvidia, among others.
Foxconn declined to confirm that these – or any – customers’ information was hoovered up in the digital intrusion.
Nitrogen, which has been around since 2023, is believed to be one of the various ransomware offshoots that borrowed code from the leaked Conti 2 builder.
And, in what may be very bad news for its latest victim, even paying the ransom demand may not guarantee recovery of encrypted files.
In February, Coveware researchers warned that a programming error prevents the gang’s decryptor from recovering victims’ files, so paying up is futile. The finding specifically concerns the group’s malware that targets VMware ESXi.
This isn’t the first time Foxconn has been targeted by ransomware gangs. In 2024, LockBit claimed to have infected Foxsemicon Integrated Technology, a semiconductor equipment manufacturer within the Foxconn Technology Group. The same criminal crew also hit a Foxconn subsidiary in Mexico in 2022. ®
Instructure, the company behind the widely used Canvas learning platform, says it reached an agreement with the hackers who stole 3.5 terabytes of student and university data. The company says it received “digital confirmation” that the information was destroyed and that affected schools and students would not be extorted. The BBC reports: Paying cyber criminals goes against the advice of law enforcement agencies around the world, as it can fuel further attacks and offers no guarantee the data has been deleted. In previous cases, criminals have accepted ransom payments but lied about destroying stolen data, instead keeping it for resale. For example, when the notorious LockBit ransomware group was hacked by the National Crime Agency, police found stolen data had not been deleted even after payments had been made.
Instructure said in a statement on its website that protecting students’ and education staff data was its primary motivation. “While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible,” the company said. Instructure did not set out the terms of the agreement but said that it meant that:
– the data was returned to the company
– it received “digital confirmation of data destruction”
– it had been informed that no Instructure customers would be extorted as a result of the incident
– the agreement covers all affected customers, with no need for individuals to engage with the hackers
Quietly extends waivers to 2029 after realizing it was about to leave millions of devices unpatched
America’s telco regulator has seen some sense over its ban
on foreign-made routers, deciding that existing devices should continue receiving software and firmware updates after all.
The Federal Communications Commission (FCC) has extended waivers covering certain foreign-made routers (and drones) already operating in the US, pushing the update deadline to at least January 1, 2029. Without the extension, updates would have been blocked as early as 2027.
Back in March, the FCC updated its Covered List to include all
foreign-made consumer routers, prohibiting the approval of any new models.
This effectively banned any new kit made in other countries from being sold,
but did not prevent the import, sale, or use of existing models that had previously
been authorized.
The policy stems from fears that foreign-made router pose a security threat. Because they handle network traffic, they could introduce
vulnerabilities exploitable against critical infrastructure, and in
the words of the FCC represent “a severe cybersecurity risk that could harm
Americans.”
Miscreants have exploited security flaws in routers to
disrupt networks or steal intellectual property, and routers are implicated in
the Volt, Flax, and Salt Typhoon cyberattacks.
The policy was widely regarded as flawed, not just because the
vast majority of consumer router kit is made outside the US or built from components
sourced abroad, but because vulnerabilities and security flaws are not limited
to any particular geography, and appear in products from all brands and
countries of origin, as noted
by the Global Electronics Association (GEA).
Blocking firmware updates, which typically deliver security patches for newly discovered flaws, also seemed a peculiar own goal for a regulator whose stated motivation is reducing network vulnerability.
The FCC has belatedly recognized this, stating that its
policies would have “had the effect of prohibiting permissive changes to the
UAS, UAS critical components, and routers added to the Covered List in December
and March.
“This prohibition would be in effect even for Class I and Class II
permissive changes – such as software and firmware security updates that
mitigate harm to US consumers – because previously authorized UAS, UAS critical
components, and routers are now covered equipment.”
The waivers now run until at least until January 1, 2029, falling into the final month of the Trump administration, when there is a chance this may be overlooked in the preparations for Trump’s successor.
The FCC extension was met with some approval. Doc McConnell, head
of policy and compliance at security biz Finite State said in a supplied
remark:
“I strongly support the FCC’s decision to allow firmware and software
updates for already-authorized routers, including covered devices already
deployed in the United States.”
“The biggest practical security risk with routers is not
only who made them, but whether they remain patched. When they stop receiving
updates, known vulnerabilities remain exposed, attackers gain durable
footholds, and consumers are left with equipment they cannot realistically
secure on their own.
“The original restriction risked creating exactly that
problem: millions of deployed routers frozen in time, unable to receive
security fixes. I appreciate the FCC recognizing that preventing updates could
unintentionally make Americans less safe,” he added.
However, as previously reported by The Register, the FCC’s
Conditional Approval framework explicitly requires vendors seeking approval for
new routers to submit plans to establish or expand manufacturing in America, with quarterly progress updates.
As stated by the GEA, “The policy’s logic assumes that
manufacturers can and will move production to the United States.” That might be
an assumption too far.
®
A cyberattack against one of the world’s largest digital education platforms has forced attention onto the vulnerability of U.S. schools’ data.
Instructure, the company behind Canvas, a learning management system used by thousands of schools which has 30 million active users, had its service interrupted late last week. According to a company statement, hackers breached Instructure’s “free for teacher” account, or those specifically offered to give teachers access to Canvas courses.
The criminal hacking group ShinyHunters claims to have stolen 275 million records from roughly 9,000 educational institutions around the world, per reporting from Security Week.
In the latest, at the beginning of this week, Instructure published a note saying that it had reached a deal with the hackers to return the stolen data and had received digital confirmation of data destruction, along with assurance that none of its customers would be extorted. The note did not mention what Instructure gave in return. But the note announced a webinar with “Instructure leadership” scheduled for Wednesday.
According to Instructure, this is the second data breach within the year. The latest included a breach of customer — including teacher and students’ — email addresses, usernames, enrollment information and course names.
The attacks happened around finals for many colleges. Canvas was back online as of Saturday, according to a note about the incident on Instructure’s website. But at least six universities and school districts in a dozen states sent out alerts noting they had been impacted by the attack, according to reporting from CNN. Prior to Instructure’s deal, CNN noted that ShinyHunters had set a Tuesday deadline for schools to “negotiate a settlement.”
The education sector is an attractive target for hackers, with experts describing it as “target rich, resource poor.”
The breach comes amid immense frustration and legislative pushback against the extent schools have become reliant on edtech since pandemic closures forced schools to rush to embrace digital instruction and tools. Some wonder whether the attacks raise thorny questions about trust and the ability of schools to respond when outside vendors are targeted.
While this latest incident has renewed attention, cyber attacks against schools are not a new concern. Cybersecurity was even identified as a top concern in EdSurge’s 2025 trends forecast.
Indeed, the frequency of attacks has increased dramatically in recent years against both higher ed and K-12 schools, and some experts worry that AI is making attacks more sophisticated.
The figures are startling. For example, 82 percent of K-12 organizations reported a cyber security incident, according to a 2025 report from the Center for Internet Security, which noted 9,300 confirmed incidents.
Schools have struggled to figure out how to respond to new cybersecurity threats. Here are some notable highlights from the past few years:
Some argue that the latest attacks are a sign that institutions need more meaningful expectations around cybersecurity, since the audits and certifications they currently rely on are failing to safeguard student data.
“Too often they serve as compliance theater and as weak shields against liability,” wrote Douglas Levin, national director of K12 Security Exchange Information, on social media.
Over the years, cybersecurity experts have shared a range of tips for schools to stay secure — from educating staff and students to seeking outside help to deal with the mounting threat.
With increasingly sophisticated attacks, there’s more than ever pressure for schools to secure student data despite all the challenges.
Bristol Myers Squibb signed a $15.2 billion deal with China’s Hengrui Medicine for 13 early-stage drug programmes, as Big Pharma’s patent cliff makes Chinese innovation the fastest path to commercial survival — even as the BIOSECURE Act tries to decouple the two countries’ biotech sectors.
TL;DR
Bristol Myers Squibb has signed a deal worth up to 15.2 billion dollars with Jiangsu Hengrui Medicine, China’s largest pharmaceutical company by market capitalisation. The agreement covers 13 early-stage drug programmes across oncology, haematology, and immunology. None of the drugs have entered human clinical trials. The deal was announced on the same day that President Trump flew to Beijing for his first state visit to China in his second term.
The timing is coincidence. The economics are not. Bristol Myers Squibb is staring at a patent cliff that will strip roughly 300 billion dollars in revenue from the global pharmaceutical industry by 2030. Its own blockbusters, Opdivo and Eliquis, together generating more than 22 billion dollars in annual sales, face loss of exclusivity around 2028. The company needs new molecules. It cannot discover them fast enough on its own. China can.
BMS will pay Hengrui 600 million dollars at closing, 175 million on the first anniversary, and a contingent 175 million in 2028, totalling 950 million dollars in structured payments through the near term. The remaining 14.25 billion is in development, regulatory, and commercial milestones. BMS gets exclusive worldwide rights to Hengrui’s four oncology and haematology assets outside mainland China, Hong Kong, and Macau. Hengrui gets exclusive rights to four BMS immunology assets inside those territories. The two companies will jointly discover and develop five additional programmes using Hengrui’s discovery engine.
The structure tells the story. BMS is not acquiring Hengrui. It is licensing Hengrui’s research output. The American company with the patent cliff is paying the Chinese company with the pipeline. The transaction is expected to close in the third quarter of 2026, subject to antitrust review. Hengrui’s share price rose on the announcement. BMS’s did not fall.
Hengrui is not the Chinese pharmaceutical company that American executives imagined a decade ago. It is not a generics manufacturer. It operates more than 90 in-house therapies in clinical development across 400 clinical trials, including over 20 international studies. It is the only Chinese pharmaceutical company to rank among Citeline’s global top 10 pharma pipelines, alongside Pfizer, Roche, and AstraZeneca. Its R&D spending exceeded 2.22 billion yuan in the first quarter of 2026 alone, representing 27 per cent of revenue. It has 30 commercialised drugs in China and 20 approved in the EU, the US, and Japan.
The company’s market capitalisation is roughly 54.6 billion dollars. It reported first-quarter profit growth of 21.8 per cent. Its pipeline spans oncology, cardiometabolic diseases, immunology, respiratory conditions, and neuroscience. The deal with BMS is not Hengrui’s first major international licensing agreement. It is the largest. And it comes after a year in which Chinese drug companies collectively struck 137.7 billion dollars in out-licensing deals, a figure that was nearly tenfold the total recorded in 2021.
The pharmaceutical industry’s patent cliff is not a future event. It is underway. BMS reported full-year 2025 revenues of 48.2 billion dollars, down from 48.3 billion the year before, and guided 2026 revenues between 46 billion and 47.5 billion dollars. Legacy product revenue fell 15 per cent to 21.8 billion in 2025. Pomalyst sales declined from 3.55 billion to 2.73 billion as generic competition arrived. The company’s growth portfolio, led by Opdivo, Breyanzi, Reblozyl, and Camzyos, is generating 16 per cent year-over-year increases, but the growth must outrun the erosion.
BMS is not alone. The industry faces more than 300 billion dollars in revenue losing patent protection between 2025 and 2030. Merck’s Keytruda, the world’s best-selling drug at 29.5 billion dollars in 2024, hits its own cliff. Pfizer is racing to launch obesity drugs by 2028 to offset expiring franchises. The entire sector is searching for the same thing: molecules. The companies that have them are increasingly Chinese.
AstraZeneca signed an 18.5 billion dollar deal with China’s CSPC Pharmaceutical in January for eight obesity and diabetes drug candidates. AbbVie agreed to a 5.6 billion dollar cancer deal with RemeGen. Chinese companies accounted for roughly one third of all global licensing spending in 2025, up from a fraction of that five years earlier. The average upfront payment for a licensing deal with a Chinese company rose from 52 million dollars in 2022 to 172 million in early 2026. The bargain era is over. Chinese biotechs know the value of what they have built.
Stanford’s 2026 AI Index found that China has narrowed the performance gap with the US to 2.7 per cent while spending 23 times less on AI investment. The same dynamic is playing out in pharmaceutical R&D. Chinese clinical trial output surpassed the US for the first time in 2025. Chinese biotechs now account for nearly 70 per cent of global AI-driven drug discovery patent filings. The country is producing more drug candidates, faster, at lower cost, than the Western pharmaceutical companies that need them most.
The BIOSECURE Act became law in December 2025. It restricts federal agencies from contracting with designated Chinese biotechnology companies. The law was designed to reduce American dependence on Chinese biotech infrastructure, particularly contract research and manufacturing organisations like WuXi AppTec and WuXi Biologics. The intention was to decouple the US pharmaceutical supply chain from China.
BMS’s 15.2 billion dollar deal with Hengrui is not covered by the BIOSECURE Act. The law targets government contracts, not private licensing agreements. But the contradiction is structural. Congress passed legislation to restrict Chinese biotech access on national security grounds while the largest American pharmaceutical companies are signing record-breaking deals with Chinese drug developers because they cannot fill their pipelines without them. The decoupling strategy that works in semiconductors and AI chips does not work in drug discovery, because the molecules that Chinese scientists are finding are the molecules that American patients need.
Foreign automakers have been forced to partner with Chinese technology companies because they cannot develop competitive software fast enough on their own. The same logic now applies to pharmaceuticals. BMS is not signing a 15.2 billion dollar deal because it wants to. It is signing it because the patent cliff has made Chinese innovation the fastest path to commercial survival.
The deal was announced as Trump’s delegation, including Elon Musk, Tim Cook, and Larry Fink, prepared to land in Beijing for three days of talks on trade, technology, and the Iran war. Semiconductor export controls, rare earth restrictions, and tariff extensions dominate the summit agenda. Pharmaceuticals are not on the official programme. But the BMS-Hengrui deal illustrates a reality that the trade negotiators on both sides already understand: American companies are dependent on Chinese innovation in ways that export controls cannot reach.
China’s manufacturing supply chain is pivoting from smartphones to humanoid robots, from consumer electronics to autonomous systems, from generics to novel drug candidates. The pattern is the same across industries. Chinese companies that were once low-cost manufacturers are now high-value innovators, and the Western companies that once outsourced production to them are now licensing intellectual property from them. The power dynamic has inverted.
American capital is flowing into R&D at industrial scale, with billions pouring into AI laboratories, biotech platforms, and drug discovery engines. But the capital is increasingly being deployed to access Chinese research rather than replace it. BMS’s structured payments to Hengrui, 950 million dollars through 2028 before a single drug reaches clinical trials, represent the price of admission to a pipeline that took decades of Chinese R&D investment to build.
China’s regulatory environment is maturing alongside its innovation capacity, with governance frameworks for AI, biotech, and pharmaceutical research developing in parallel with the scientific output. The Chinese pharmaceutical industry that American companies are now licensing from is not the unregulated manufacturing sector of the early 2000s. It is a state-supported, globally competitive, scientifically rigorous ecosystem that produces drug candidates that meet FDA standards, which is why BMS is paying 15.2 billion dollars for access to 13 of them.
The deal will close this summer. The drugs will take years to reach patients, if they work at all. Thirteen early-stage programmes with no human clinical data carry enormous risk. But Bristol Myers Squibb calculated that the risk of not signing was greater than the risk of signing. The patent cliff does not wait for geopolitics. The largest pharmaceutical deal with a Chinese company in history was announced on the same day the American president arrived in Beijing to discuss decoupling. One conversation is about separating the two economies. The other is about why that is no longer possible.
Building a railway tunnel through somewhere as historic as Varberg in Sweden meant the authorities couldn’t just send in the contractors straightaway. That’s because Swedish law requires archaeological digs first in these sensitive zones, since careless digging could destroy valuable artifacts.
Case in point, a team of archaeologists and marine archaeologists from Arkeologerna, Bohuslän Museum, Visual Archaeology, and Cultural Environment Halland got to it. They started digging in 2019 and ended up finding a whopping six old ships over the next few years, with some dating way back to the Middle Ages.
The dig itself was part of the Varberg Tunnel project, a major undertaking that’s taking the main stretch of rail and burying it under Varberg itself, similar to the E39 Ferry Free project in Norway. This is a 3 km (1.86 mi) stretch, which, after moving underground, will give the waterfront back to the locals and smooth out commutes. The area itself was once a harbor with defensive structures, so old vessels showing up there makes sense. The ships were all found buried in mud, and four of them are from the Middle Ages, while another dates back to the 17th century. The sixth is a bit of a mystery, though, since the team couldn’t pin down its age.
The crew detailed their findings in a report, as reported by the Swedish Arkeologerna – though the initial version only covers three of the wrecks. Out of these, the second wreck got the most thorough look since it was the best preserved. Wrecks five and six, on the other hand, had to be lifted out of the mud in a hurry due to the tight schedule of the tunnel construction, and they weren’t in great shape.
The second wreck was also the most interesting of the bunch, and a significant section of the ship was found in one piece. Overall, two starboard hull sections, a bunch of scattered timbers, and a berghult – a wooden strip bolted to the outside of the hull, mainly there to take a beating when the ship pulls up to a quay – were fished out.
The ship itself dates back to the late 1530s, putting it roughly in the same window as France’s deepest shipwreck. It’s made out of oak from the Halland and West Sweden timber stock. It’s also built clinker-style, meaning the planks overlap at their edges rather than sitting flush. Perhaps the oddest bit about the whole ship is the burn marks on that berghult. The team reckons that the whole thing went up in flames before sinking, if it wasn’t intentionally torched.
Then there’s fifth wreck, which has plenty in common with the second one. Even though it was built about a century later in the 1600s, it uses the same kind of oak. This one probably worked the waters around Varberg and nearby Ny Varberg, another medieval city in the area, and likely sailed through the Baltic Sea too. Those are the same waters where another historic Navy shipwreck broke through the surface after 400 years under the sea. The final one in the report is Wreck 6, and it’s the odd one out. It’s a caravel-style vessel, meaning the planks sit edge to edge against the frame instead of wrapping around.
The thing is, with large infrastructure projects popping up along Sweden’s West Coast, it’s likely that even more preserved shipwrecks will be unearthed in the region. After all, this area has served as a port for centuries.
HarrisX Poll Found 52% of Registered Voters Support the CLARITY Act
Weekend Open Thread: Marianne Dress
Upbit adds B3 Korean won pair as Base token gains Korea access
NCP car park operator enters administration putting 340 UK sites at risk of closure
Coffee Break: Travel Steam Iron
What to Know Before Buying a Curling Wand or Curling Iron
Auto Enthusiast Carves Functional Two-Stroke Engine from Solid Metal
What to expect when you’re expecting a budget
Politics Home Article | Starmer Enters The Danger Zone
Ignore market noise, India’s long-term story intact, say D-Street bulls Ramesh Damani and Sunil Singhania
GM Agrees To Pay $12.75 Million To Settle California Lawsuit Over Misuse Of Customers’ Driving Data
BlackRock CEO Larry Fink Discusses a New Asset Class
NBA playoff winners and losers: Austin Reaves is not loving Lakers vs. Thunder matchup, but Chet Holmgren is
Sarah Paulson Called Out For Met Gala ‘Hypocrisy’
General Hospital: Ric & Ava Bombshell – Ric’s Massive Secret Exposed!
Simon Cowell Says He Was ‘Horrible’ To Susan Boyle During BGT Audition
Bold and Beautiful Early Spoilers May 11-15: Steffy Revolted & Liam Overjoyed!
Robinhood says Wall Street is building onchain
UEFA Champions League final schedule, teams, venue, live time and streaming | Football News
Apple and Samsung are dominating smartphone sales so thoroughly that only one other company makes the top 10
You must be logged in to post a comment Login