China wants its electric vehicles to go on a diet. The average passenger car in the country weighed 1,704 kg in 2024, roughly a third more than in 2012, state broadcaster CCTV reported on Sunday. Many popular SUVs and MPVs now approach or exceed 2 metres in width, squeezing into parking spaces designed a decade ago for smaller cars.

One vehicle measured by CCTV was nearly 2.3 metres wide. The current standard parking space is 2.4 metres. That leaves 10 cm of clearance, barely enough to open a door.

The weight problem starts with batteries. Some manufacturers market vehicles with ranges up to 1,000 km on a single charge, which can require battery packs weighing as much as 800 kg, according to experts cited in the report. Heavy batteries are not unique to China, but the scale of the problem is, given that the country produces more EVs than any other nation.

Feature bloat is also a factor. China’s crowded EV market has pushed manufacturers to differentiate by turning cars into mobile living spaces. Some models let users work, watch videos, drink coffee, and rest inside. A few even come with in-car toilets, CCTV reported. Each feature adds weight.

Beijing has already responded. On 1 January 2026, China became the first country in the world to enforce a mandatory energy consumption standard for electric vehicles. The rule caps two-tonne EVs at 15.1 kWh per 100 km under the Chinese CLTC cycle, tightening limits by approximately 11% compared with previous recommendations. New EV models that fail the standard cannot be produced, sold, or registered.

The regulation pushes manufacturers toward efficiency rather than simply adding bigger batteries. Better aerodynamics, lighter materials, and drivetrain optimisation become more important than raw range figures. With battery capacity unchanged, compliance is expected to increase an average EV’s range by about 7%.

The timing matters. China produced 16 million electric cars in 2025, according to the IEA, and exports are surging into new markets. Lighter, more efficient vehicles would not only ease domestic infrastructure pressure but also help Chinese automakers meet emissions and efficiency standards in export markets like the US and Europe, where regulations are tightening in parallel.

As Apple’s Worldwide Developers Conference, WWDC 2026, approaches, the excitement is building around what Apple has in store for us this year. From Siri’s overhaul to new Apple Intelligence updates, there’s a lot to look forward to.

The annual Worldwide Developers Conference kicks off Monday at 10 a.m. PT/1 p.m. ET. For those eager to tune in, the event will be streamed live via the Apple Developer app, Apple’s website, and the Apple Developer YouTube channel.

Siri’s big AI makeover 

The most anticipated announcement is a major AI upgrade to Siri, transforming it into a more conversational assistant capable of understanding context, handling multi-step tasks, and interacting more naturally across apps and services. The revamped Siri will leverage Google’s Gemini technology to enhance its capabilities.

Additionally, recent leaks from Bloomberg have unveiled a standalone Siri app that aims to compete with advanced AI chatbots like ChatGPT, Claude, and Gemini. Apple may also introduce a feature reminiscent of messaging apps, enabling users to set timers for automatically deleting conversations after 30 days, a year, or keeping them indefinitely.

AI agent app store

According to The Information, Apple plans to introduce an AI agent integration with the app store. While details are scarce, agents allow users to delegate tasks such as booking reservations, managing everyday tasks, editing documents, or controlling smart home devices.

Camera and Photos apps

A new “Visual Intelligence” section is anticipated to be introduced within the Camera app, taking the place of the previous Visual Intelligence feature found in the Camera Control button. This upgrade will introduce a dedicated Siri mode that exists next to options like Photo, Video, Portrait, and Panorama. The Visual Intelligence feature leverages Google Image Search to accurately identify objects captured by the user.

In addition, the Photos app is set to receive exciting enhancements powered by Apple Intelligence. These may include intelligent scene recommendations for optimizing photos, automatic object removal for cleaner images, and an innovative AI photo editing feature that allows users to request edits simply by using natural language, new productivity functionalities in visionOS.

Image Playground updates

Apple is set to upgrade the Image Playground app, introducing higher-quality image generation, more artistic styles, better character consistency, and richer editing controls. The interface for creating new images will be simplified, offering fewer controls and a “describe a change” option for editing.

Additionally, we might see a suggested Genmoji feature that proposes custom emojis based on users’ media and text interactions. Users may also be able to generate AI wallpapers that reflect various themes and moods.

Apple Wallet

Notable updates are rumored to be coming to the Wallet app, particularly a new bill-splitting feature that will simplify sharing expenses among friends or family. Users will be able to photograph a receipt and generate payment requests to different parties effortlessly.

Alongside this, the Wallet app will also include a “Create a Pass” option that enables users to generate digital passes from physical items such as movie tickets, concert passes, or gym membership cards.

MacOS, iPadOS, visionOS, watchOS, and tvOS updates

Apple is expected to enhance its AI-powered Siri experience across its devices, as well as likely incorporate more AI features and stability updates.

If anything, 2026 has made clear that cybersecurity is no longer a background concern — it’s front and center, woven into almost every major story of the year. Yes, wars are still raging, the climate keeps worsening, and we’re seemingly one dodgy sneeze away from the next global pandemic.

But running beneath all of it is a digital current that touches everything: wars being fought on digital fronts as well as physical ones, governments weaponizing citizens’ own data against them, botnets quietly undermining democratic institutions, nation-state hackers targeting civilian infrastructure from power grids to water systems, and ransomware gangs holding companies and institutions hostage for massive payouts. The attacks are getting bolder, more destructive, and harder to contain.

As we’re halfway through this already horrendous year of digital attacks and hybrid warfare, we look at some of the worst hacks and breaches so far, and how they might affect us going forward.

Questions remain over DOGE’s massive swipe of Social Security data

A year on, after operatives with the Elon Musk-led band of government destroyers known as the Department of Government Efficiency (or DOGE) swept through and dismantled federal agencies from the inside out, we’re still learning about the data lapses that happened under their watch.

After DOGE entered the Social Security Administration, it remains unclear as to what happened with some of the nation’s most sensitive data, as lawsuits battle on in federal court. The most alarming whistleblower’s claim is that DOGE uploaded a live copy of the Social Security database to an unsecured third-party server, leading to a scramble to understand what was stored in it. This database allegedly contained the Social Security numbers and associated personal information of most living Americans.

In court filings, the Social Security Administration doesn’t know for sure what was on the server, but said that the DOGE signed an agreement with an outside political advocacy group under the guise of finding evidence of voter fraud, something that President Trump continues to claim without any evidence. The fears are that the database could be misused to target Americans for spurious reasons. 

Two of the top House Democrats investigating some of DOGE’s activities at the Social Security Administration said that the exposure of the government’s Social Security database “could very well be the largest data breach in our nation’s history.”

Hackers are increasingly targeting water systems and energy grids

A rash of cyberattacks across Europe targeting civilian energy and water supplies, like power plants and water dams, has set a troubling trend of late. Several hacks attributed to (or at least in part blamed on) Russia have risked real-world harm to communities and populations. 

Poland’s energy grid was targeted with computer-destroying malware at the tail end of last year, as well as a Swedish thermal plant and a Norwegian dam that spilled swimming pools’ worth of water. Hackers targeted Poland again earlier this year, this time its water treatment plants, showing that Russia’s hybrid war antagonism continues to extend beyond the digital realm.

Now, thanks to the recent war between the U.S. and Israel against Iran, there are warnings that Iranian hackers are targeting critical infrastructure in the United States. This includes privately owned water utilities, which remain a soft target for hackers, often lacking basic cybersecurity protections.

Iranian government hackers struck Stryker with a destructive device hack

Speaking of Iran, a cyberattack on a U.S. medical tech company, Stryker, in March saw Iranian hackers break in and remotely wipe tens of thousands of employee devices in one fell swoop, causing widespread disruption to the company’s operations for several days. 

The breach was a marked shift in Iranian hacking tactics at a time of ongoing war in the Middle East, with Iran moving from its typical focus of espionage and hack-and-leak operations in aid of the country’s political gains, toward actively causing destructive hacks in apparent retaliation for the war. The U.S. government attributed the hacking group behind the breach to an arm of Iranian intelligence. The breach ended up having a material impact on Stryker’s first-quarter earnings after regaining control of its systems.

Instructure among ShinyHunters’ disruptive hacking campaigns

The ShinyHunters continued their hacking campaigns, targeting dozens of companies with simple but highly effective voice phishing techniques. The English-speaking hackers are adept at tricking companies into turning over access to their internal systems by pretending to be IT support, or conversely, an employee who forgot their password.

Few know better than the toll a hack from the ShinyHunters can have than education tech giant Instructure. The hackers breached the company’s flagship learning management system Canvas to steal private data and personal information belonging to over 30 million students and staff. When the company didn’t pay the hackers’ ransom, the hackers broke in — again — and defaced the school’s login screens for Canvas, used by students to access their exam and coursework material. This second hack happened during school finals, disrupting exams for students across the United States. Instructure eventually paid the ransom, despite efforts by the FBI to dissuade the company from paying.

Instructure wasn’t the only company targeted by the ShinyHunters hackers by far. The gang has been behind some of the largest breaches by the number of records stolen, including some 40 million records from internet provider Charter and at least 6 million customer records from cruiseliner Carnival, among other victims in higher education, finance, and government.

The supply chain is under attack, targeting open source projects and big tech companies

A series of ongoing, concurrent, and occasionally overlapping attacks on open source developers have resulted in massive hacks targeting big tech companies and their customers. 

Some of the biggest names in security, including Aqua Security’s Trivy tool, Bitwarden, and Checkmarx, alongside other major open source projects, were compromised this year, allowing the hackers to steal passwords, credentials, and other sensitive tokens from the computers of anyone who installed a backdoored copy of the software, or their pre-installed software auto-updated to download the malware. 

These attacks used the stolen credentials to spread further, and opened the door to downstream compromises of big companies that rely on the targeted software, including AI giant OpenAI and web hosting company Vercel. With a new hack almost every week, the open source world remains a vulnerable target in the broader tech ecosystem. 

FBI’s surveillance system was breached, sparking a “major cyber incident“

The U.S. Federal Bureau of Investigation was forced to declare a “major cyber incident” in April, prompting a legally required disclosure with Congress, after identifying that one of its surveillance systems was compromised. According to reports, the breach potentially exposed phone numbers of targets under surveillance by federal agents. 

Chinese spies were accused of the breach of the unclassified network, which held sensitive information about the surveillance targets of wiretaps and other communication intercepts, such as pen register returns. By notifying lawmakers, the breach is likely to have met a bar of causing “demonstrable harm” to U.S. national security.

Hasbro’s hack has led to weeks of downtime

Toymaker giant Hasbro is the latest example of what happens when a large corporation is hit by a security incident and isn’t prepared for it. Weeks after discovering hackers in its systems in late March, the 103-year-old company remained largely offline, its website unavailable, and unable to serve its customers.

The company, which owns big name brands such as Transformers, Peppa Pig, and Dungeons & Dragons, has said little about the incident itself, what data was taken (if any), and whether it paid the hackers. But the disruption alone is likely to affect the company’s financials, which it was forced to delay, as the company scrambled to handle the incident. 

Hasbro said as of mid-May that the hackers are no longer in its systems and that its recovery was underway. But the financial costs of the breach and the knock-on effect to its business are likely to be realized in the coming months, and are expected to be substantial.

Millions of passports and driver licenses have been exposed galore

Over the past few months alone, there has been an uptick in major data exposures involving people’s sensitive government-issued identity documents, including passport and driver license scans left exposed to the web. From a hotel check-in system and a money transfer app to a prison payphone provider and a U.K. visa service, these services exposed over two million people’s personal documents that can be easily misused. Many were caused by simple security lapses that were easily avoidable with basic cybersecurity practices.

These massive data spills come at a time when closed-community apps and websites are increasingly leaning on “know your customer” checks to force users to verify their identity before being allowed in, and governments are pushing age-verification laws demanding similar identity checks from adults to access a vast swath of the internet. 

The logic goes that the greater the spills, the less effective these identity checking systems are, as they can be easily misused with a stolen or leaked passport or driver license. The further rollout of these ID-collecting systems will inevitably lead to more data breaches and security lapses.

A new variant of the Gafgyt botnet called C0XMO is targeting DD-WRT router firmware and can move to other device types with various CPU architectures.

The researchers found samples for ARM, MIPS, PowerPC, SuperH, x86, x86_64, and other architectures, featuring exploits for DVRs, routers, video management platforms, and Android-based devices.

The botnet was seen targeting a Japanese technology company, but researchers discovered that the source IP address was for a device located in Germany.

Fortinet researchers discovered C0XMO and highlighted its modular design, which allows operators to update its exploitation techniques, add/remove targeted architectures, and expand its lateral movement capabilities independently of the main payload.

Fundamentally, C0XMO remains a malware for launching distributed denial-of-service (DDoS) attacks and supports 19 methods, including UDP/TCP/SYN/ICMP floods, “ping of death,” NTP/Memcached amplification, Discord voice UDP floods, and Valve-specific floods.

According to the researchers, the C0XMO botnet malware is delivered by exploiting CVE-2021-27137, a buffer overflow vulnerability caused by insufficient user input. It can be leveraged without authentication and leads to executing arbitrary code.

Gafgyt scanner

For wider distribution, C0XMO downloads a Python script that installs additional packages such as ‘requests,’ ‘paramiko,’ and ‘beautifulsoup4,’ which are required for network scanning and communication, and for running activities over SSH and telnet protocols.

The scanner then uses worker threads to randomly scan internet-facing systems on common ports like 22 (SSH), 23 (Telnet), 80/443 (HTTP/HTTPS), 7547, 8080, 8443, 8888, and others.

After finding a target, the malware attempts to brute-force weak Telnet and SSH credentials, detects the CPU architecture, and deploys a compatible C0XMO binary.

The script contains almost two dozen functions for various tasks for scanning, exploiting HTTP and ADB-based vulnerabilities, detecting the CPU architecture, SSH/telenet login, and checking IP addresses. Its main purpose is to move laterally on the network.

Once it gains access to a device, the malware copies itself to hidden locations such as ‘/tmp/.sys,’ ‘/var/tmp/.sys,’ and ‘/dev/shm/.sys,’ and then creates cron jobs that relaunch it every 15 minutes. Also, shell startup files are modified to enable automatic execution.

Furthermore, C0XMO actively scans running processes to identify competitor botnet clients on the host, as well as red-team tools, programming tools, and network services that may interfere with its operation, and terminates them.

It does so by deleting binaries and removing their persistence mechanisms, including cron jobs, init scripts, system services, and shell profile entries.

After that, it connects to a hardcoded command-and-control (C2) address using a custom multi-stage handshake that includes magic strings and shared secrets, and then awaits commands.

The supported commands include heartbeat checks, starting and stopping scans, and launching DDoS attacks using one of the 19 supported methods.

The general recommendation for defending against C0XMO and other botnet malware is to keep devices up to date, use unique admin credentials, and disable remote access capabilities when not needed.

Fortinet describes C0XMO as having “a considerably more advanced architecture and feature set compared to earlier IoT botnets.”

The researchers note that the overall design of the malware indicates “a greater degree of operational sophistication and complexity than typical Gafgyt malware.”

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

• New York is close to a one-year data center moratorium
• The governor still needs to sign the bill into law
• Backers of the ban want to see more details on environmental impact

Public sentiment seems to have taken a turn against large data center developments, and the trend shows no signs of stopping. Now we might have the first state-wide ban of its kind in New York, after lawmakers passed a one-year moratorium (a temporary prohibition) on large data centers with a peak demand of 20 megawatts or more.

As The Guardian reports, while the New York State legislature has passed the moratorium, it’s not law yet: it still needs the signature of Governor Kathy Hochul, who hasn’t said one way or the other if she will approve the bill, and has until December to decide.

Apple’s first foldable iPhone may be just months away, but anyone hoping for a stealth black iPhone Fold may have to look elsewhere if the latest leak turns out to be accurate.

With the clock ticking down to an expected September unveiling, we’re seeing more and more iPhone Fold leaks by the day. The latest claims that even Apple doesn’t yet know what colors the device will come in.

Writing in a post to the Chinese social network Weibo, leaker Instant Digital hinted Apple is still deliberating whether to launch a black iPhone Fold. He even went so far as to wonder aloud whether Apple has a grudge against the color.

Apple has moved away from black in its premium iPhones of late. The iPhone 17 Pro and iPhone 17 Pro Max aren’t available in black, for example.

Building on 2025’s snub, the iPhone 18 Pro and iPhone 18 Pro Max are also expected to skip black. Instead, those models are expected to ship in Dark Cherry, Light Blue, Dark Gray, and Silver.

But all eyes are on the foldable iPhone right now, and Apple has a decision to make.

Thinking time is past

Apple’s reported indecision may explain the lack of concrete rumors around iPhone Fold colors. Reports continue to suggest a white model will be offered, with one other color available for buyers to consider.

With Samsung Display already lined up to produce the foldable display, Apple’s time has surely run out. Manufacturing tests were said to be already underway in April 2026.

We would have expected the iPhone Fold’s colors to have been set in stone before that testing phase.

There is one wild card to be considered, however. If Apple really is yet to choose a second color, it’s possible the iPhone Fold may miss the oft-rumored September/October release window.

It’s unclear how this would tie in with the April testing, though. If we take that report at face value, it seems more likely that the colors are locked in if the fall unveiling is to go ahead.

It’s worth noting that Instant Digital has consistently claimed the iPhone Fold would only be sold in two colors, with one being white.

No matter which colors the iPhone Fold (or is it iPhone Ultra?) comes in, we can expect it to be costly. Bloomberg’s Mark Gurman has hinted at a price north of $2,000. A previous Ming-Chi Kuo report had it costing as much as $2,500.

More images of a purported dummy unit of the iPhone Fold have appeared, helping solidify the appearance of the much-rumored model.

On June 1, an image circulated Weibo via a reputable leaker showing what seemed like a prototype or dummy unit for the iPhone Fold or Ultra. Days later, more shots have emerged.

Shared to X early on June 7, the images from Sonny Dickson outright describes the pictured item as an “iPhone Fold dummy unit.” There are four shots, showing the model in its opened and closed states.

The two open shots depict a “back” that looks like the previous image, with one half black to represent the external display. The other half is white with the camera bump to one side.

The other open image shows the large black screen, as well as the hinge on the top edge holding it all together.

The closed shots are unsurprising, with one showing just the black “screen” half that will be visible to users, and the other with the white camera-equipped back.

Just like the earlier photograph, the item certainly matches up to an earlier CAD drawing Dickson shared in March.

Limited colors

Dickson also adds a comment about the color options that users could expect this fall when the iPhone Fold ships. It’s not great news.

“It doesn’t look like Apple will offer multiple colors, with white currently appearing to be the only option,” Dickson writes on X.

This, too, lines up with a claim on Friday, when leaker Instant Digital hinted Apple was deliberating over whether to introduce a black colorway. Apple was apparently still trying to decide on what colors to use.

Sonny Dickson is one of the more reliable leakers, and has repeatedly been the source of images for future Apple products. However, in the age of easily accessible AI-generated images, 3D printing, and other ways to fake an image, there’s always a chance that they are fake items.

The shots are convincing and certainly go along with earlier rumors and leaks. But, as always, there’s no guarantee until Apple actually launches the device.

OPINION: I was on Facebook the other day, and something caught my eye: someone was using the fireplace to vent their portable AC out through the chimney. Genius, was my first reaction.

I live in a Victorian terraced house, which can get very hot in the summertime, and trying to get a portable AC unit near a window can be a real faff. So, using an open vent that’s there all of the time seems like a brilliant idea, and the unsightly hose can be tucked out of the way.

Only, the more I thought about it, the less this idea made sense. Despite finding people online who say that they’ve done this and it’s worked, there are definite issues that mean I would not do this.