Research and development engineer Romain Marchand of Paris headquartered Quarkslab obtained a telematic control unit (TCU) from a salvage yard in Poland… Marchand tore down the TCU, which is based on a Qualcomm system on a chip, and extracted the Linux-based file system from the Micron multi-chip package (MCP) which contained NAND-based non-volatile storage memory. The non-volatile storage contained sensitive information, including system configuration data and more importantly, logs that revealed the vehicle’s GPS positions over time.
None of that information was encrypted, Marchand told iTnews, which made it possible to collect and retrieve sensitive data of interest. What’s more, the global navigation satellite system (GNSS) logs with GPS positions covered the BYD’s full journey from the factory in China to its operational life in the United Kingdom, and to its final wrecking in Poland, Marchand explained in an analysis… The issue is not restricted to BYD, and Marchand added that the hardware architecture of the Chinese car maker’s TCU is broadly similar to what can be found in other brands.
Microsoft is warning that a recent Microsoft Edge browser update introduced a bug that breaks right-click paste in chats in the Microsoft Teams desktop client.
In an advisory published on April 14, Microsoft says users are reporting that they are unable to paste URLs, text, or images into Teams chats when using right-click context menus, with the “Paste” option greyed out.
To work around the bug, Microsoft says users can still copy and paste content using keyboard shortcuts: Ctrl + C and Ctrl + V on Windows, or Cmd + C and Cmd + V on macOS.
“Impacted users report that they are unable to copy and paste URLs, text, and images in Microsoft Teams desktop client chats, as the paste option appears greyed out when using the right-click dropdown menu method,” explains Microsoft.
“To bypass impact, we recommended that users attempt to copy the intended URLs, text, and images using Ctrl + C and paste using Ctrl + V for Windows, and corresponding Cmd + C and Cmd + V for Mac.”
Advertisement
Microsoft says the bug is caused by a recent browser update that introduced a code regression in Microsoft Edge, which Microsoft Teams uses for certain functionality.
Admins on Reddit and the Microsoft forums report that the problem is affecting users in corporate environments as well as individual users.
“I have multiple users on version 26072.519.4556.7438 experiencing this issue, including myself. Cannot right-click Paste, but CTRL+V and paste as text are allowed,” an admin posted to the Microsoft Forums.
Paste option in Microsoft Teams is greyed out
Other users said that reinstalling Teams or clearing the cache did not fix the problem.
Microsoft says it identified the cause and is rolling out a fix in stages while monitoring telemetry to confirm that systems are recovering.
Advertisement
As of the latest update on April 16, Microsoft has not provided an exact timeline for when the fix will be fully rolled out.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
Seattle Mayor Katie Wilson addressed concerns about a potential wave of new data centers in the city and raised the possibility of a moratorium, citing economic and environmental issues.
Wilson’s public statement Saturday followed a Seattle Times report April 10 that four companies have approached Seattle City Light about building five large-scale data centers with a combined peak demand of 369 megawatts, equal to roughly a third of Seattle’s average daily power consumption.
“I share community concerns about environmental justice, economic resilience, and impacts of increased costs for Seattle rate payers,” Wilson wrote on Facebook. “That’s why my team is working closely with Seattle City Light, City Council and stakeholders to identify a range of long-term policy approaches, including exploring a moratorium on siting new centers.”
Seattle already has about 30 data centers, but they’re relatively small. The proposed facilities would be the first at this scale in the city and could consume nearly 10 times more power than the existing ones at full capacity, according to the Seattle Times report.
The world’s biggest tech companies, including hometown tech giants Microsoft and Amazon, have been spending hundreds of billions of dollars building data centers to scale up artificial intelligence.
Advertisement
Those facilities have historically gone up in rural areas, but power availability has grown scarce in many markets, driving developers to look at cities with their own utility resources.
It’s not clear who the proposed data centers would be built for. Seattle City Light hasn’t disclosed the companies involved or proposed locations due to nondisclosure agreements.
Seattle City Light is rewriting its contract terms for large-load customers and plans to require data center operators to secure their own power generation and pay for infrastructure upgrades rather than passing costs to ratepayers. The companies are expected to decide in the next two to three months whether to formally apply for service.
Sometimes the best finds at AXPONA 2026 aren’t planned. I walked into Chesky Audio’s room chasing Schiit Audio gear in Room 709; there was plenty of it, including the Yggdrasil Singular DAC, Loki Max, Kara, and a pair of Tyr monoblocks driving the new Chesky LC2 loudspeakers, but no one from Schiit to talk shop. So I stayed put, listened, and let the room tell its own story.
That story changed fast when the pricing banner came into focus: $1,995. Not each. Per pair. In a show full of six-figure loudspeakers, the Chesky LC2 doesn’t just feel affordable; it feels like a direct challenge to how high-end audio defines itself.
And that’s where this gets more interesting. If high-end audio wants a future, it needs more designers like Lucca Chesky. He comes from a family name that carries real weight in the music world, but he’s not coasting on it. He’s studying engineering at Carnegie Mellon University, and it shows in how he approaches both design and people.
There’s no gatekeeping here, no “you don’t belong in this room” energy. The LC1 and now the LC2 are priced where actual listeners can engage, and he speaks about them in a way that makes you feel like you’re part of the conversation and not being lectured from behind a stack of gear you can’t afford.
Advertisement
The kid gets it. And judging by what I heard in that room, he’s not just talking a good game.
Admittedly, a $1,995 price tag only matters if the speakers can actually deliver. The original Chesky LC1 set a high bar, earning multiple “Best of Show” nods from the eCoustics team at previous events; something Chesky made no effort to hide with the awards laid out on the table. So yes, I was a bit late to the party.
Better late than never.
I stayed for several tracks to get a clearer sense of what the team had already heard in the Chesky LC1, and what that might mean for the new Chesky LC2. It didn’t take long to recognize a familiar foundation, but with more scale and a bit more weight behind it, suggesting this isn’t a departure so much as a more developed version of the same idea.
Advertisement
Chesky Audio LC2 Stand-mount Speakers with Schiit electronics at AXPONA 2026
An Affordable Speaker With Real Ambition
Much like the original Chesky LC1, the Chesky LC2 sticks to a compact two way monitor format. It pairs a dual chamber aperiodic 1 inch tweeter with a roughly 6.5-inch mid bass driver, both modified in house rather than pulled off a shelf. The familiar passive radiator approach is still here as well, now using larger 8-inch radiators on either side to extend low frequency output without relying on a traditional port.
Where things diverge, and where Chesky is clearly doing its own thing, is the cabinet. The front baffle is a 5/8-inch thick slab of machined aluminum, and the rest of the enclosure is 3D printed around that structure. It is an unusual approach, but the result is a cabinet that feels both rigid and relatively lightweight for its size. Each speaker measures roughly 13 x 9 x 13 inches and comes in just under 30 pounds.
It is also worth noting that these are not outsourced, mass produced boxes. Chesky Audio assembles, finishes, and tests the speakers in New Jersey before they ship. In a category where “designed here, built somewhere else” is the norm, these are actually made in the United States, and that still matters.
Advertisement. Scroll to continue reading.
Advertisement
Lucca Chesky is also quick to point out that the drivers are not an afterthought. The mid-bass unit uses a cast-basket high-definition design more commonly found in higher-priced speakers, and the tweeter follows that same philosophy. He stops short of naming suppliers, but the implication is clear this is not generic OEM hardware.
Schiit Audio stack powered the Chesky Audio LC2 Speakers at AXPONA 2026.
The crossover is designed in house, although Chesky remains somewhat tight-lipped on specifics. Instead of locking into a fixed number, the crossover point is described as falling somewhere in the 3 to 5 kHz range. On paper, the speaker is rated at 86 dB sensitivity with a 4 ohm impedance that does not dip below 3.1 ohms across a stated 40 Hz to 20 kHz frequency range.
That combination suggests an easy enough load for most modern amplifiers, whether it is a vintage Kenwood receiver, a newer NAD integrated, or even a well-sorted ST-70 style tube amp build. But if our experience with the Chesky LC1 taught us anything, it is that specs do not tell the whole story. The LC1 benefited from more power than you might expect, and giving it better amplification paid off.
Until we get the Chesky LC2 in for a full review, it is too early to say how closely it follows that pattern.
Chesky LC2 in a Real Room at AXPONA 2026
Sound wise, the Chesky LC2 delivers clean mid-bass with solid detail and impact for a speaker of this size, but sub-bass is limited. That is not a surprise given the form factor. In a nearfield setup such as a desktop or small studio, there is enough low end to get by without a subwoofer, but in a larger room, adding one would make sense.
Advertisement
The midrange is where things come into better focus. There is a clear emphasis on clarity and balance, which aligns with what you would expect from anything carrying the Chesky name. Vocals come through naturally without sounding nasal or forced, and strings have enough presence to avoid sounding thin. That is not always a given with compact speakers, where cabinet limitations can work against natural timbre. The construction here likely plays a role, but that is something that needs more controlled listening to fully evaluate.
The top end had good energy and dynamic presence, but this is where the limitations of the show environment start to creep in. Between room noise and less than ideal setup conditions, it would be premature to draw firm conclusions without spending more time with the speakers in a more controlled space.
The Bottom Line
I can see several use cases for the Chesky LC2. Those looking for unpowered monitors for nearfield use will find them easy to live with as a standalone pair, and they also make sense in smaller rooms where space is limited. For larger spaces or mixed use systems that pull double duty for music and home theater, Chesky offers two, three, and five speaker packages that can be built out as needed.
Adding a subwoofer would round things out in those scenarios. Models like the REL Tzero or SVS 3000 Micro R|Evolution come to mind as good matches, offering tight, controlled low end without taking over the room or the budget.
Advertisement
With that kind of setup, the LC2 starts to make a lot of sense for multi purpose spaces where flexibility matters just as much as performance.
Proof-of-concept exploit code has been published for a critical remote code execution flaw in protobuf.js, a widely used JavaScript implementation of Google’s Protocol Buffers.
The tool is highly popular in the Node Package Manager (npm) registry, with an average of nearly 50 million weekly downloads. It is used for inter-service communication, in real-time applications, and for efficient storage of structured data in databases and cloud environments.
In a report on Friday, application security company Endor Labs says that the remote code execution vulnerability (RCE) in protobuf.js is caused by unsafe dynamic code generation.
The security issue has not received an official CVE number and is currently being tracked as GHSA-xq3m-2v4x-88gg, the identifier assigned by GitHub.
Endor Labs explains that the library builds JavaScript functions from protobuf schemas by concatenating strings and executing them via the Function() constructor, but it fails to validate schema-derived identifiers, such as message names.
Advertisement
This lets an attacker supply a malicious schema that injects arbitrary code into the generated function, which is then executed when the application processes a message using that schema.
This opens the path to RCE on servers or applications that load attacker-influenced schemas, granting access to environment variables, credentials, databases, and internal systems, and even allowing lateral movement within the infrastructure.
The attack could also affect developer machines if those load and decode untrusted schemas locally.
The flaw impacts protobuf.js versions 8.0.0/7.5.4 and lower. Endor Labs recommends upgrading to 8.0.1 and 7.5.5, which address the issue.
Advertisement
The patch sanitizes type names by stripping non-alphanumeric characters, preventing the attacker from closing the synthetic function. However, Endor comments that a longer-term fix would be to stop round-tripping attacker-reachable identifiers through Function at all.
Endor Labs is warning that “exploitation is straightforward,” and that the minimal proof-of-concept (PoC) included in the security advisory reflects this. However, no active exploitation in the wild has been observed to date.
The vulnerability was reported by Endor Labs researcher and security bug bounty hunter Cristian Staicu on March 2, and the protobuf.js maintainers released a patch on GitHub on March 11. Fixes to the npm packages were made available on April 4 for the 8.x branch and on April 15 for the 7.x branch.
Apart from upgrading to patched versions, Endor Labs also recommends that system administrators audit transitive dependencies, treat schema-loading as untrusted input, and prefer precompiled/static schemas in production.
Advertisement
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
The first mission when it comes to this machine was to dump the ROMs, which have thus far not been preserved in any major archive. With that done, [beaumotplage] worked to hack a version of MAME that could emulate the Three Monitor Version’s unique mode of operation. As it turns out, each screen is driven by its own arcade board, with the three boards linked via C139 serial links. To emulate this, the trick was simply to write some C139 linkup code and run three versions of MAME all at once, letting them communicate with each other as the original boards would have. It’s a little janky in operation right now, but it does work!
You can download the hacked version of MAME for three-monitor operation here, though note that this does not include the ROM dumps from the machine itself. We look forward to seeing if the hardware ends up getting a full restoration back to operational standard, too.
Statistics from Google show a steady rise in global IPv6 usage, climbing from near zero in early 2012 to 50.1% on March 28, briefly surpassing IPv4. Although the milestone did not hold, usage now hovers between 45% and 50%. Read Entire Article Source link
Apple has secured a major victory for its redesigned smartwatches as per the latest decision from the US International Trade Commission. The federal agency ruled against reinstating an import ban on Apple Watches, allowing the tech giant to continue selling its devices with a reworked blood-oxygen monitoring technology.
The ITC decided to terminate the case and refer to a preliminary ruling from one of its judges in March that claimed that Apple’s redesigned smartwatches don’t infringe on patents held by Masimo, the medical tech company that has long been embroiled in lawsuits surrounding the Apple Watch. Apple thanked the ITC in a statement, adding that “Masimo has waged a relentless legal campaign against Apple and nearly all of its claims have been rejected.” We reached out to Masimo for comment and will update the story when we hear back.
The latest decision could offer some closure to the longstanding legal feud between Masimo and Apple. The patent battle dates back to 2021 with Masimo’s first filing against Apple that requested an import ban on Apple Watches. The ITC ended up ruling that Apple violated Masimo’s patents, resulting in the previous import ban and the Apple Watch maker redesigning the blood-oxygen reading feature in certain models. However, Masimo wasn’t satisfied with this conclusion and sought another import ban on the updated Apple Watch models. Now that the ITC has ruled against that, Masimo is left with the option to appeal the decision with the US Court of Appeals for the Federal Circuit.
While Masimo may currently be on the losing side of this legal battle, it’s confronting Apple on multiple fronts. In November, a federal jury sided with Masimo and ruled that Apple has to pay $634 million in a separate patent infringement case.
A judge has granted the makers of the “ICE Sightings – Chicagoland” Facebook group and the Eyes Up app a preliminary injunction to stop the Trump administration from coercing platforms to take these projects down. Judge Jorge L. Alonso of the United States District Court for the Northern District of Illinois found that the plaintiffs, Kassandra Rosado and Kreisau Group, are likely to succeed in their case, which alleges that the government suppressed protected speech under the First Amendment by strong-arming Facebook and Apple into removing ICE monitoring efforts.
Both Eyes Up and ICE Sightings – Chicagoland use publicly available information to keep tabs on ICE activity. But after pressure from Trump officials, they were removed from Apple’s App Store and Facebook, respectively. Similar apps including ICEBlock and Red Dot were also taken down from the App Store and Google Play. The lawsuit cites social media posts by former US Attorney General Pam Bondi and former Secretary of Homeland Security Kristi Noem that demanded and took credit for the removal of these apps. In a document filed on Friday, Alonso called these posts “thinly veiled threats.”
The Foundation for Individual Rights and Expression (FIRE), which is defending the plaintiffs, wrote in a post on X that it is “extremely encouraged by this ruling.” It continued, “Even though it’s not the end of the case, it bodes well for the future of our legal fight to ensure that the First Amendment protects the right to discuss, record, and criticize what law enforcement does in public.”
Not everyone had the money for the original Neo Geo Advanced Entertainment System when it released in the ’90s, but there’s still a chance to experience it as an adult with disposable income. SNK and Plaion Replai, who is also behind the all-black remake of the Commodore 64, announced a faithful remake of the high-end retro console, called the Neo Geo AES+.
To bring the original console into the modern day, the collaborating companies added HDMI compatibility for resolutions up to 1080p and DIP switches on the bottom of the console to allow for language selection, overclocking and switching display modes. Rounding out the upgrades, SNK and Plaion Replai included a permanent way to retain high scores on a memory card and a low-power usage mode. For the purists out there, the Neo Geo AES+ still works on those chunky CRT displays since it has the original AV output.
Preorders are currently open for two versions of the Neo Geo AES+, including an all-white 35th anniversary edition bundle that includes an Arcade Stick, a limited-edition Metal Slug game cartridge and a memory card, for $349.99. The standard edition in classic black will only come with an arcade stick, but will be available for $249.99. Coinciding with the console release, Replai Plaion will release 10 modernized game cartridges, including Metal Slug, The King of Fighters 2002 and other classics, for $89.99 each. If you think those prices are high, don’t forget the original Neo Geo AES’ release price was $649.99. The Neo Geo AES+ is set to start shipping on November 12.
You must be logged in to post a comment Login