Microsoft has attributed a recent Mastra AI supply chain attack that compromised more than 140 npm packages to the North Korean hacking group Sapphire Sleet, also known as BlueNoroff.

This attribution comes after Microsoft first disclosed earlier this week that attackers hijacked an npm maintainer account and used it to publish malicious package updates.

“Microsoft assesses with high confidence that this activity is attributable to Sapphire Sleet, a North Korean state actor that primarily targets the financial sector,” the company said in a June 19 update.

According to Microsoft, the attack began when threat actors compromised the npm maintainer account “ehindero,” which had publishing privileges across the Mastra package environment.

Using the account, the attackers published malicious updates for more than 140 packages in the @mastra scope that injected a malicious dependency named “easy-day-js”. This dependency is a typosquat of the legitimate and widely used dayjs JavaScript library.

When the compromised packages were installed, the malicious dependency executed a post-install hook that deployed a malware dropper on developers’ devices, ultimately aimed at stealing sensitive credentials, API keys, authentication tokens, and cryptocurrency wallets.

“Once installed, easy-day-js triggered a postinstall hook that executed an obfuscated dropper script, disabled Transport Layer Security (TLS) certificate verification, contacted attacker-controlled command-and-control (C2) infrastructure, downloaded a second-stage payload, and executed the payload as a detached hidden process,” explains Microsoft.

Cross-platform malware targets crypto wallets

The downloaded second-stage payload was a cross-platform information stealer designed to target Windows, Linux, and macOS systems

The implant collected information about the host, browser histories, installed applications, and running processes, and checked whether 166 cryptocurrency wallet browser extensions were installed, including MetaMask, Phantom, Coinbase Wallet, Binance Wallet, and TronLink.

The malware also used different persistence methods depending on the operating system, such as Windows Registry Run keys, macOS LaunchAgents, and Linux systemd services.

Microsoft says systems that communicated with the attackers’ command-and-control servers had follow-on activity that utilized tactics previously associated with Sapphire Sleet.

This includes the deployment of a PowerShell backdoor previously used by the group, additional persistence mechanisms, Microsoft Defender exclusions, and a malicious Windows service that granted SYSTEM privileges.

“The PowerShell backdoor, tradecraft, and C2 infrastructure have been used by Sapphire Sleet in other, prior campaigns,” Microsoft explained.

Sapphire Sleet is a North Korean state-sponsored threat actor known for cryptocurrency theft campaigns, malicious browser extensions, fake job offers, and software supply chain compromises designed to steal credentials and cryptocurrency assets.

Microsoft says the group was also responsible for a separate npm supply chain attack on the Axios HTTP client in April 2026.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

For those who want a career that encompasses all that is positive about the technology space and that leaves the world a more equitable place, Industry 4.0 is a gamechanger.

For many within Industry 4.0 type careers, there is often no one way to define or describe a role. With the advancement of working expectations and technologies, many roles have morphed into one another, to form hybrid jobs that cover many areas. That is certainly true of careers in sustainability that sit at the intersection of the business, environmental and tech landscapes. 

The professionals who operate within technology-driven sustainability-focused roles are often expected to wear many hats to address the problems of a modern era, in a modern way. 

With that in mind, what skills are needed for those who envision a career in a space where business acumen, tech-knowledge and a passion for a leaner, greener and cleaner world, merge? And what kind of companies have a need for a professional with this particular skillset?

Where to go?

When job hunting, it can be difficult to find an organisation that perfectly aligns with your professional or even personal goals, as well as one that is genuinely committed to making a significant and lasting change. For the most part companies will say and do the right things initially, but what is important is sourcing the organisations that have a history of blending their long-term sustainability and technology strategies, so you have evidence of their commitment. This might be in a large multinational or an SME – regardless, make sure you research a company and even ask about their policies and opportunities before fully committing to a role. 

It is also critical that, especially in the early days of your career, you don’t put yourself in a box because you can’t find the right title, or because the organisation itself isn’t in the sustainability space. The joy of working in this capacity is that you get to be the drive behind an organisation’s commitment to doing better. So roles in areas such as climate data science, renewable energy, AI solutions architecture, digital twins, additive manufacturing, smart manufacturing and more, in diverse companies, create opportunities to better align an organisation with future sustainability goals. It makes an impact. 

Round and round 

As with any job in an industry that depends on major technological achievement, popular in-demand skills include AI, machine learning, data analytics, 3D imaging, IoT and so on. But when you are working in a sustainability-driven Industry 4.0 role, there are additional abilities that are needed to make up a robust skillset. Many of those skills fall under what is known as the circular economy.

The circular economy is a system by which global production and consumption focuses on sustainable, less harmful practices such as sharing, leasing, reusing, repairing, refurbishing and recycling existing materials and products as long as possible. An item’s life cycle and potential for use is extended and waste is reduced to a minimum in this system.

To achieve a circular economy, companies and their employees need to rethink how they engage with supply chains, the manufacturing process, energy usage, waste disposal and other key areas to avoid the more wasteful linear economy that tends to adopt a ‘use it and throw it away’ kind of mindset. 

Skills to prioritise in this area include systems thinking, which is the ability to better understand how all parts of a value chain, the materials, supplies, consumption, waste recovery, policies and infrastructure work in tandem. 

Also, consider circular design skills, which enable a professional to design and develop materials and items that are durable, repairable and reusable, effectively undermining ‘planned obsolescence’, which is the practice of deliberately making something fragile, less-powerful or prone to wear and tear, so you have no choice but to replace it – often too soon. 

The voice and face

Another important element of careers in the sustainability and Industry 4.0 space, is the ability to advocate for the work itself and to show its value in a way that is measurable and irrefutable. 

As mentioned before, careers in this area are no longer ‘just one thing’, rather professionals cover strategy, operations, policy, consultations, finances and green technologies, often while managing teams and dealing with internal and external communications. 

With that in mind, professionals need to have a significant understanding of how the business works financially, how the budget can accommodate new green initiatives, how it might align regional climate-focused guidelines, as well as how to report and disseminate findings, outcomes and other relevant information. 

This may require a commitment to education, a focus on leadership and management skills, a study of specific frameworks, analytical skills and capability in public speaking and engagement. If you aim to work as a consultant for an organisation or with larger institutions and government bodies, presentation skills could be of use.

The thing about careers in this space is that there are so many opportunities for qualified and ambitious tech professionals to make their role sustainability focused. We have only just scratched the surface here, so if your job sits at that intersection, don’t be panicked about choosing a lane, forge your own course. 

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Security

Hunting and fishing license incident catches 3M residents

The Texas Parks and Wildlife Department (TPWD) says 3 million Texans had their data stolen following a breach at one of its suppliers.

People with state-issued hunting and fishing licenses are among those affected after attackers breached the vendor that handles license sales and copied customer data.

Details of victims’ driving license and passport numbers may be present in the leaked data. Basic personal information, such as email addresses, phone numbers, and residential addresses also leaked.

Social Security numbers (SSNs), financial data, or information relating to minors were not involved, according to the department’s disclosure.

According to a filing with the Office of the Attorney General, the attack on the unnamed vendor affected 3,087,721 Texans. The filing appears to contradict the department’s disclosure, noting that individuals’ names and SSNs were also involved.

Affected Texans were offered the usual one year of free credit monitoring services provided by Kroll, as long as they enroll by September 14.

A Kroll webpage dedicated to the incident reveals that an investigation has not determined when the breach took place. The department notified Texas Cyber Command on May 13, however.

“We recognize the seriousness of this issue and have identified and implemented additional security options to better protect customer information,” said TPWD. “Many of our staff are hunters and anglers and were affected by this incident. We are committed to continuing to work with the license system vendor to implement increased safeguards to prevent future incidents.”

TPWD said it is working with the affected vendor to introduce additional preventive measures, including enhanced monitoring and access controls. 

The org went on to say that new license sales currently scheduled for August will go ahead as planned, although the website used to purchase licenses was unreachable at the time of writing. ®

THX Ltd. has spent more than four decades teaching moviegoers to expect the room to move before the film even begins. Founded by George Lucas in 1983 and developed out of Lucasfilm’s push to improve theatrical sound and presentation, THX became inseparable from Tomlinson Holman’s work, James A. Moorer’s thunderous Deep Note, and the kind of pre-movie trailer that made weak subwoofers beg for mercy.

The company’s latest Deep Note trailer, “Spark,” is not just another nostalgia play from one of cinema’s most recognizable audio brands. Now operating under Razer ownership after the 2016 acquisition, THX is using “Spark” to connect its Lucasfilm-era legacy with the next phase of immersive entertainment, including HDR10+ video and Eclipsa Audio. For a logo that once told audiences the theater was properly calibrated, this is THX trying to make the same argument in a very different format war.

Pro Tip: The first THX Deep Note trailer debuted in 1983.

THX Deep Note “Spark” Updates a Familiar Cinema Ritual

“Spark” blends the nostalgia of THX’s Lucasfilm-era origins with a more modern visual and sonic presentation. The trailer reflects the company’s long-standing mission to help audiences experience movies, music, games, and home theater content closer to the way creators intended.

It also acknowledges THX’s role in raising theatrical presentation standards during the Star Wars era, when George Lucas and Tomlinson Holman pushed for better sound and picture quality in cinemas. More than four decades later, “Spark” gives the Deep Note a fresh identity while preserving the familiar slow build and signature crescendo that made the THX trailer part of the moviegoing experience.

“As entertainment evolves, so does the role THX plays in bringing a creator’s full vision to audiences,” said Tuyen Pham, chief executive officer of THX Ltd. and veteran immersive audio innovator. “This trailer honors our legacy while embracing a future for open technology format standards for broader access for creators and deeper enjoyment by the audience. By releasing the Trailer in HDR10+ and Eclipsa Audio, we are empowering more storytellers, artists, and technologists to build extraordinary experiences that reach fans exactly as intended—faithfully, powerfully, and without compromise, with technology accessible to all via open standards of excellence and fidelity.”

The artistic approach for “Spark” is intended to symbolize imagination taking shape as an audiovisual journey, beginning with a “spark” from THX’s early innovations and media playback standards. It celebrates the creative possibilities of today’s entertainment landscape across concert venues, cinemas, home theaters, gaming rooms, and mobile devices enjoyed with headphones.

“THX was built on the idea that technical rigor and artistic ambition go hand in hand,” said Grace Qaqundah, senior vice president, THX Ltd. “Spark is a tribute to our history and a beacon for what lies ahead. We are thrilled to share it with audiences around the world as a spark of what’s possible when imagination meets high fidelity.”

The Spark also marks the first THX trailer released in the new open standards HDR10+ video and Eclipsa Audio. This is a strategic movie by THX that illustrates their commitment to open standard technology ecosystems that enable broad creator adoption and high-fidelity experiences across theaters, home entertainment, gaming platforms, and certified devices. 

Who Supports HDR10+ and Eclipsa Audio?

Samsung has been one of the first major TV brands to support Eclipsa Audio, bringing the format to its 2026 TV and soundbar lineup. HDR10+ also has a much broader device footprint, with more than 22,000 certified products across categories including TVs, computer monitors, projectors, automotive displays, tablets, mobile phones, streaming devices, AVRs, and Blu-ray players. Supporting brands include Samsung, Panasonic, JVC, Xiaomi, TCL, Hisense, and Skyworth.

“Spark” is also expected to appear in THX Certified Cinemas in the second half of 2026, as well as on displays from THX brand partners and THX Certified devices.

The inclusion of both HDR10+ and Eclipsa Audio follows THX’s recent expansion of its audio/video technology laboratories in Asia. The company’s Shenzhen lab has been named an Authorized Test Center for both HDR10+ and Eclipsa Audio certifications for consumer electronics and home theater devices.

For more details, see our reference article: THX Expands Global Certification with New Shenzhen and Taipei Labs, Adds HDR10+ and Eclipsa Audio Testing.

The Bottom Line 

The THX Deep Note has been part of the cinema experience since 1983, when it debuted ahead of Star Wars: Episode VI — Return of the Jedi. That history matters because THX helped establish the idea that going to the movies should come with a higher standard for sound, picture, and presentation, not just a bigger screen and a sticky floor.

Since then, theater chains and studios have pushed premium formats such as IMAX, Dolby Cinema, ScreenX, RPX, and others, but the THX Deep Note still carries a very specific meaning for moviegoers. It is a signal that the room, the sound system, and the presentation are supposed to matter. “Spark” updates that ritual for today’s immersive cinema landscape while keeping the familiar build that tells audiences the outside world can wait for the next two hours.

THX says “Spark” is expected to debut in THX Certified Cinemas in the second half of 2026, along with appearances on displays from THX brand partners and THX Certified devices.

For more information: thx.com/deepnote/

Related Reading:

• Optical computing uses light instead of electricity to process complex data.
• Digital twin eliminates long waits for shared optical hardware.
• Virtual optical systems mirrored real hardware with remarkable accuracy.

Optical computing has emerged as a promising alternative to traditional electronic systems struggling with increasingly large-scale AI and deep learning workloads.

By harnessing the physical properties of light, including interference and diffraction, optical computing systems offer faster speeds, better energy efficiency, and stronger parallel processing capabilities.

Anyone who’s Googled themselves recently knows that it doesn’t quite hit the way it used to. Sure, there’s everything going on with Google search itself, but there’s also an inescapable feeling that web search isn’t the canonical source of information that it used to be, with just as many people learning about you and me from chatbots.

Thomas Dimson and Joey Flynn had a similar feeling, leading them to create In the Weights. The “weights” in question are the numerical parameters that shape an AI model’s training and output, so the website purports to measure how well “a model is able to recall someone without using tools like web search.”

“Being in the weights means your existence was deemed important in the process of creating superhuman artificial intelligence,” the website says.

To achieve this, In the Weights supposedly queries different models (including Grok, Gemini, multiple versions of GPT, Claude, and Llama, plus lesser known models) with a question similar to, “Who is ? Give up to 10 results, each with a short description and confidence.” It then “cluster[s] similar descriptions together and assign[s] a strength score.”

For example, this humble tech blogger received a strength score of 641, placing me in the top 6% of names. I was feeling pretty good until I saw that multiple TechCrunch colleagues scored even higher. And the leaderboard has been shifting as I write this post, with “Home Alone” star Macaulay Culkin currently in the top slot with a strength score of 988, followed by opera singer Luciano Pavarotti.

The results also show which models returned answers for a given name, and they highlight potential hallucinations — apparently GPT-5.4 Mini says that Anthony Ha is an “ambiguous name form that could refer to multiple people with the initials A.H.A.”

Asked why he built In the Weights, Dimson told TechCrunch via email that he and Flynn were looking to “get the creative juices flowing again” after leaving OpenAI (which they both joined through the acquisition of their design startup Global Illumination). 

Dimson said he was thinking about how “Google vanity searches are the wrong objective in 2026 as more traffic moves to LLMs” and about the fact that “so many lives are encoded somehow in a bunch of floating point numbers inside the AI brain.” He also said the direction of the site was “sealed” by a tongue-in-cheek blog post riffing on AI weights and Terry Bisson’s classic short story “They’re Made Out of Meat.”

“Reception has been insane so far, we thought this would be a mild curiosity but it seems like it has struck a nerve of wanting to see if you live forever in the super intelligence (the comparison factor doesn’t hurt either!)” Dimson added.

While I’m not as convinced that being “remembered” by a chatbot is a guaranteed ticket to immortality, I can’t deny that I find the results both intriguing and jealousy-inducing, especially since they’re codified in an easy-to-compare score. (AI critic Anthony Moser scoffed that this is “literally the same as asking 13 chatbots to tell you about yourself.”) Also helping: The fact that the site features a cute, Nintendo-inspired retro design.

Dimson said he plans to dig in further into why different models in the same series return different results, which models are biased towards different types of people, and which people “should have a Wikipedia article but don’t.”