The Russian hacker group Secret Blizzard has developed its long-running Kazuar backdoor into a modular peer-to-peer (P2P) botnet designed for long-term persistence, stealth, and data collection.
Secret Blizzard, whose activity overlaps that of Turla, Uroburos, and Venomous Bear, has been associated with the Russian intelligence service (FSB) and is known for targeting government and diplomatic organizations, defense-related entities, and critical systems across Europe, Asia, and Ukraine.
The Kazuar malware has been documented since 2017, and researchers found that its code lineage goes as far back as 2005. Its activity has been linked to the Turla espionage group working for the FSB.
In 2020, researchers exposed its deployment in attacks targeting European government organizations. Three years later, it was seen deployed in attacks against Ukraine.
Microsoft researchers analyzed a recent variant of Kazuar and observed that the malware now operates using three distinct modules: kernel, bridge, and worker.
The Kernel module is the central coordinator that manages tasks, controls other modules, elects a leader, and orchestrates communications and data flow across the botnet.
The leader is essentially one infected system within a compromised environment or network segment, which communicates with the command-and-control (C2) server, receives tasks, and forwards them internally to the other infected systems.
Non-leader systems enter “silent” mode and don’t communicate directly with the C2. This results in better stealth and reduced detection surface.
“The Kernel leader is the one elected Kernel module that communicates with the Bridge module on behalf of the other Kernel modules, reducing visibility by avoiding large volumes of external traffic from multiple infected hosts,” explains Microsoft.
The process for selecting the leader is internal and autonomous, using uptime, reboot, and interruption counts.
The Bridge module acts as the external communications proxy that relays traffic between the elected Kernel leader and the remote C2 infrastructure using protocols like HTTP, WebSockets, or Exchange Web Services (EWS).
Internal communications rely on IPC (inter-process communication), including Windows Messaging, Mailslots, and named pipes, blending well with normal operational noise. The messages are AES-encrypted and serialized with Google Protocol Buffers (Protobuf).
The Worker module performs the actual espionage operations, such as:
The collected data is encrypted, staged locally, and later exfiltrated through the Bridge module.
Microsoft underlines Kazuar’s versatility, which now supports 150 configuration options allowing operators to enable/disable specific security bypasses, perform task scheduling, time the data theft and size of exfiltration chunks, perform process injection, manage tasks and command execution, and more.
Regarding the security bypass options, Kazuar now offers Antimalware Scan Interface (AMSI) bypass, Event Tracing for Windows (ETW) bypass, and Windows Lockdown Policy (WLDP) bypass.
Secret Blizzard typically seeks long-term persistence on target systems for intelligence collections. The actor exfiltrates documents and email content that has political importance.
Microsoft recommends that companies focus their defense on behavioral detection rather than static signatures, as Kazuar’s modular and highly configurable nature makes the threat particularly evasive.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
It’s been a while since a horror series grabbed my attention, like really grabbed my attention. We’re living in an era where genre programming feels plentiful, yet formulaic — where the algorithm can overpower originality. It’s important to say that, because I’ve discovered a new horror show that, through its familiar-feeling aesthetic, feels fresh, original and requires my complete attention.
I’m talking about Widow’s Bay on Apple TV, and if this is the first you’ve heard of the series, the best way I can describe it is to ask, what if Parks and Recreation was created by Stephen King? If that question stopped you in your tracks, then you’re going to want to read what I have to say.
This is a show that blends the small-town sensibilities of The Andy Griffith Show with David Lynch’s Twin Peaks. It’s quaint like the beach scenes from Jaws; it’s terrifying like the shark scenes from, well, Jaws.
Bold statement, incoming: It’s the best new horror series on TV, and there’s nothing else on quite like it.
Read more: Apple TV: 16 Best Sci-Fi Shows You Should Stream Right Now
Matthew Rhys stars in Widow’s Bay on Apple TV.
Widow’s Bay follows Tom Loftis (Matthew Rhys), the mayor of the struggling coastal town, who works tirelessly to make it the next Martha’s Vineyard. No matter how hard he tries, though, the fishing village just can’t measure up to the iconic tourist attraction. Aside from the conflict and complications that come with working a municipal job such as this, Tom’s drive to successfully revamp the town is overshadowed by local legends of monsters, boogeymen and other such omens stemming from a centuries-long curse.
To delve deeper into these details would be to unleash major story spoilers and, since the series is still airing — new episodes hit Apple TV every Wednesday — I’d prefer not to ruin the experience for you. What I will say, though, is that Widow’s Bay should be a bigger part of the conversation. It’s a bona fide sleeper hit, and audiences should wake up and take notice.
If I were to categorize Widow’s Bay, I’d say it is a horror-comedy. But not in the overt, blood-spattered, wisecracking manner most horror-comedies behave. There’s a Twin Peaks/Picket Fences quality to the show that allows the humor to jump out and surprise you in the most unexpected places.
Kate O’Flynn, Matthew Rhys and Stephen Root star in Widow’s Bay on Apple TV.
While the comedy isn’t really laugh-out-loud funny — it’s way more peculiar and quirky than anything — there have been a few moments where I’ve cackled uncontrollably at the stuff playing out on screen. You can tell there’s a deep understanding of the horror genre and its tropes from those behind the scenes making this show, which leads to smart choices and moments that feel like inside-baseball winks at the audience.
Widow’s Bay is in on the joke, and that’s what makes it so good.
The Apple TV series hails from creator and writer Katie Dippold, who cut her teeth on Parks and Recreation, which makes complete sense when you dip into this show. She’s enlisted directors like genre faves Ti West and Hiro Murai to contribute their visual sensibilities to the mix.
When it comes down to it, though, the real standout elements of Widow’s Bay are its cast. Matthew Rhys, who showcased his insidious side in Netflix’s The Beast in Me last year, flips expectations and leans into some big underdog energy as the town’s mayor. The comedy that arises from his bewilderment isn’t overt because his internal conflict stems from deep-seated pain and the denial that accompanies it. This combination, along with his drive to make the town better, is the right formula to make the viewer root for him and go on this wild ride.
Stephen Root is a pleasure to watch as Wyck, the hardened fisherman who carries the history of the island on his back. I mentioned Jaws earlier, and several elements throughout the series honor the classic film. Root’s performance is one of them as he dives into the Quint-like quirks that drive Wyck, and he’s so good here that it’d be worth watching the series just for him.
Kate O’Flynn stars in Widow’s Bay on Apple TV.
That said, it’s Kate O’Flynn’s Patricia who steals the show. The awkward town hall assistant is the energetic middle ground between Tom and Wyck, and her work in the series is star-turning. Patricia has layers beneath his grumpy exterior that command the screen — whether she’s hosting a Wiccan death party, running for her life in the middle of the night or holding a shotgun to a monster’s burnt ashes.
Oh, and there are monsters. Widow’s Bay has an assortment of creepy threats from ghosts to killer clowns, to an undead pilgrim and a murderous boogeyman I alluded to above.
Reading that above sentence can make this article sound like the show just throws an assortment of scary monsters at the screen to see what sticks. Let’s be real: there are moments when it feels that way, but the series sprinkles its lore throughout the episodes, pointing to a deeper curse that has plagued this island for centuries.
Widow’s Bay is an amalgamation of so many genre elements and references to other things that, in the wrong hands, it could easily come off as formulaic. But it isn’t. This is a show that feels familiar but remains fresh. It’s scary like Stephen King at his best; it’s creepy like a ghost story at a campout. Through it all, it’s a surprisingly fun ride.
A BCG survey of 625 CEOs and board members found that 61% of chief executives believe their boards are rushing AI transformation. Three-quarters of board members rate their AI knowledge as adequate, but nearly 40% of CEOs disagree, and more than half say hype is distorting boardroom judgment.
TL;DR
Sixty-one per cent of chief executives say their boards are pushing AI transformation too fast, according to a global survey of 625 leaders published by Boston Consulting Group. The research, titled Split Decisions, polled 351 CEOs and 274 board members at companies with at least $100 million in annual revenue and found a consistent pattern: boards and CEOs agree that AI matters, but disagree on how quickly it should be deployed, how well boards understand it, and how much of a CEO’s job now depends on delivering returns from it.
The findings land at a moment when AI FOMO has become a dominant force in corporate strategy. More than half of the CEOs surveyed said that hype around artificial intelligence is distorting their boards’ judgment, and nearly 40 per cent said their boards lack an informed view of how AI is reshaping growth strategy. One in three said their board overestimates the human capabilities that AI can replace.
The survey’s most striking finding is the disconnect between how board members rate their own AI knowledge and how their CEOs rate it. Three-quarters of board members said their AI understanding is on par with or ahead of their peers. CEOs were far less impressed. The implication is that many boards are making consequential decisions about AI strategy on the basis of knowledge their chief executives consider inadequate.
BCG’s Julie Bedard, a managing director and partner, said the gap can be closed if CEOs take direct responsibility for board education. Rather than delegating AI briefings to a chief technology officer or an outside consultant, she argued, CEOs should personally lead upskilling sessions that demonstrate what current tools can and cannot do, and should frame AI in terms that distinguish between tasks where the technology substitutes for humans and tasks where it complements them.
That distinction is more important than it sounds. Boards that treat AI as a wholesale replacement for human labour are likely to push for faster, broader deployment than the technology can support. Boards that understand AI as a complement to human work are more likely to approve investments that are scoped to realistic outcomes. The survey suggests that too many boards are in the first camp, and that the consequences of FOMO-driven investment decisions in AI are becoming harder to ignore.
The survey also exposed a gap in how CEOs and boards perceive accountability for AI results. CEOs estimated that 35 per cent of their performance evaluation now depends on delivering AI-related returns on investment. Board members put the figure at 27 per cent. The eight-percentage-point difference suggests that CEOs feel more pressure to show AI results than their boards realise they are applying.
This matters because it shapes behaviour. A CEO who believes more than a third of their evaluation hinges on AI outcomes has a strong incentive to prioritise AI projects, even if those projects are premature or poorly scoped. A board that believes the figure is lower may not understand why its CEO is resisting calls to move faster, or may underestimate the operational risk of accelerating deployment to meet perceived expectations.
Judith Wallenstein, BCG’s managing director and senior partner who leads its global CEO Advisory practice, said CEOs need to bring their boards along on the same learning journey they have taken, but compressed and focused on building genuine understanding rather than surface-level awareness. The engineering and operational realities of AI deployment are considerably messier than the boardroom presentations that often precede investment decisions.
It is worth noting what the research does not cover. The survey does not measure whether the CEOs who say their boards are rushing are themselves correct in their caution, or whether some boards are right to push harder. It is possible that in certain industries, faster AI adoption is exactly the right strategy and that CEO resistance reflects organisational inertia rather than sound judgment. The data captures a perception gap, not a verdict on who is right.
The survey also does not break down results by industry, geography, or company size beyond the $100 million revenue threshold, which limits the conclusions that can be drawn about specific sectors. A board pushing AI transformation at a financial services firm faces a very different risk profile from a board doing the same at a manufacturing company, and the survey treats both identically.
What the research does establish is that the most senior leaders at large companies are not aligned on the most consequential technology investment of the current era. Approximately 80 per cent of both CEOs and board members agreed that prospective board candidates should be required to demonstrate a measurable understanding of how AI can reshape their industry, a finding that suggests both groups recognise the knowledge gap even if they disagree on its severity.
The deeper issue the survey raises is whether traditional board governance is suited to decisions about AI at all. Boards typically meet a handful of times per year, rely on management presentations for information, and are composed of members whose primary expertise may lie in finance, regulation, or sector-specific operations rather than technology. That structure worked well when the pace of technological change allowed for quarterly deliberation. It is less clear that it works when the questions that matter most about AI require technical fluency that most board members do not have.
BCG’s recommendation, that CEOs should personally educate their boards, is practical but also reveals the problem. If the chief executive is the primary source of a board’s AI understanding, the board’s ability to independently evaluate the CEO’s AI strategy is compromised. The survey does not propose a solution to this structural tension, but it does make the tension visible.
For companies trying to scale AI in 2026, the message is that alignment at the top is not optional. Boards that push too fast risk approving projects that fail to deliver returns. CEOs that move too slowly risk losing competitive ground. And for both groups, the temptation to let AI substitute for clear thinking rather than support it is a risk that no survey can fully quantify.
Make no mistake: Americans hate data centers.
A recent poll from Gallup shows 70 percent of Americans oppose a data center in their local area, including 48 percent who are strongly opposed. That 70 percent number is tied to several concerns, environmental questions and quality of life chief among them, and it’s up 18 percent (!) in just two months, when Gallup asked the same question in March.
Nonetheless, data centers keep going up at a rate that is nothing short of astonishing.
According to one estimate, more than 4,000 data centers have already been built across the country. More than 2,000 that are currently under construction.
That alone shows just how quickly artificial intelligence, workforce automation, and the data centers that power these new technologies are becoming one of the can’t-miss issues in our current political landscape. And still, President Donald Trump and the White House have seemingly chosen to stand aside on AI regulation.
On the Democratic side, it’s an open question what comes next. Politicians like Sen. Bernie Sanders (I-VT) have called for a nationwide moratorium on data centers in order to institute more consumer protections. Others, like Sen. Ruben Gallego (D-AZ), are less definitive: He told me recently that artificial intelligence is a “necessary evil” of our modern age, and building data centers is part of that equation.
With all that uncertainty, producer Kasia Broussalian and I decided to sort through the mess ourselves. We headed to Vineland, a city in southern New Jersey where a new data center is under construction.
We talked to homeowners who live near the data center and a Democrat running on an AI reform platform, and went to a town hall to hear from community members who wanted to voice their concerns. One person brought up rising electricity bills, while another said the data center has made it impossible for her to sell her home. Many had a general anxiety about the global rise of AI.
However, the most universal complaint was not technically about artificial intelligence at all. It was about a political process that residents said did not include them. At the town hall, people said they were shocked by the data center’s initial construction, and want more transparency about relationships between elected officials and these big tech companies.
They also urged politicians to act proactively, rather than waiting for a crisis before imposing regulation. It wasn’t just that they didn’t like the data center itself: They were upset at how it seemed like a physical manifestation of whose interests are prioritized in politics.
Read on for what some of those town hall attendees had to say, lightly edited for length and clarity. As always, there’s much more in the full show, so listen to America, Actually wherever you get your podcasts or watch it on Vox’s YouTube channel.
How many of you right now feel like you got information about the data center before the construction started?
Can someone raise their hand and just tell me what their biggest concern was once they started hearing about it?
Angela Bardoe, Cumberland County, New Jersey, resident: Well, when I saw it, I thought it was the ugliest thing I’ve ever seen. So, that part of East Island is beautiful farmland — was beautiful farmland — but then of course I’ve thought about a lot of my friends that live out that way and how it was going to impact their everyday life.
Most people live there because they love the farmland.
Now I know about the structure, I know about kind of energy concerns. I wanted to ask about AI generally, like how many of you would say that your concerns about this data center are tied to larger concerns about AI and kind of some anxiety around that.
Fred Barsuglia, Clayton, New Jersey, resident: The internet brought us the best of the world and the worst in the world. AI is going to do the same thing. It’s already begun. I scroll through Facebook and there’s AI all over the place. Some of it’s cute little bunnies and cats, but a lot of the other stuff, you know, is bad.
Again, our government is very slow to react. There has to be some regulations.
Where would you now put this on your scale of issues?
There’s so much happening right now, whether it be war in Iran or tariffs or just generally. I wonder where data centers and this specific local reality maps onto your importance of issues.
Angela: I would say most of the topics fall into two categories. Is it benefiting people, or is it benefiting the elite and the money that’s going into their pockets? We see people trading before the war’s announced and they’re benefiting from it. And I just find it all very disgusting.
Louise Thigpen, Cumberland County resident: They’re gambling.
Angela: Yeah. I mean, they’re gambling insider information.
I hear what you’re saying.
On one hand there’s, there’s a kind of politics way of thinking about this in one bucket or another, but you’re like, it actually feels like in general, they’re not responding to you the regular person, and that’s across a lot of issues.
Angela: Well, yes. That’s how I see it.
Fred: I feel the same way. It’s because everything relates from the top down and what we’re getting from the top has spread all the way to the local level.
Louise: And it isn’t good.
Thank you all for entertaining our questions. It’s illuminating to hear the way these issues are connected for people. And I think just this general sentiment that folks feel unheard.
Louise: And we don’t feel that way. We are that way.
OpenAI has signed deals with fintech startups, tech giants and even Disney, but it’s breaking new ground by announcing a “world’s first partnership” with the country of Malta. In a post on its website, OpenAI said that it would provide ChatGPT Plus for one year to every Maltese resident or citizen.
“Malta is the first country to launch a partnership of this scale because we refuse to let our citizens stay behind in the digital age,” Silvio Schembri, Malta’s minister for Economy, Enterprise and Strategic Projects, said in a statement. “We are putting our people at the very forefront of global change.”
For the approximately 574,250 residents living in Malta, they’ll have to complete a course developed by the University of Malta before launching the ChatGPT Plus subscription, which costs $20 a month in the US. The course teaches the basics of AI, but also how to use the technology responsibly, whether it’s at home or at work. Any interested Maltese residents will also need to have an active eID account from the European Union to claim the subscription. According to OpenAI, the first phase of the program will launch this month, with the Malta Digital Innovation Authority managing the distribution to eligible participants. OpenAI added that the program will scale up once more Maltese residents or its citizens abroad complete the course.
While OpenAI kicks off a new program in Malta, it’s putting a pause to its Stargate data center plans in the UK. The project was designed to assist the UK with building out AI infrastructure, but attributed high energy costs and regulatory issues with the latest stoppage.
Rivian’s founder is running three companies with $12.3B raised. Mind Robotics just hit $1B at a $3.4B valuation.
RJ Scaringe has raised more than $12.3 billion across three startups, and the pace is accelerating. The Rivian founder and CEO, who holds a doctorate in mechanical engineering from MIT, is now simultaneously running an electric vehicle manufacturer, an autonomous micromobility company, and an industrial AI robotics startup, each attracting capital at a speed that would be remarkable for any single venture.
The latest data point arrived this week when Mind Robotics, Scaringe’s industrial robotics company, closed a $400 million round led by Kleiner Perkins, bringing its total funding to more than $1 billion and its valuation to $3.4 billion. The venture arms of Volkswagen and Salesforce also participated. Mind Robotics was founded in 2025, initially as an internal Rivian project called “Project Synapse,” and has raised $115 million in seed funding, $500 million in a Series A in March, and now $400 million more in under two months. The company is building AI-powered robots designed to handle the dexterous, reasoning-intensive manufacturing tasks that conventional factory automation cannot, using Rivian’s own production lines as a live training environment.
Scaringe’s second venture, Also, is an electric micromobility company spun out of Rivian in 2025. It has raised more than $300 million, including a $200 million Series C led by Greenoaks in March that valued the company at over $1 billion. DoorDash invested alongside a multi-year commercial agreement to deploy Also’s purpose-built autonomous small EVs for last-mile delivery. The company’s product lineup includes a $3,500 e-bike and a four-wheeled cargo EV designed to fit in a bike lane.
The overwhelming majority of the $12.3 billion, more than $11 billion, went into Rivian itself, most of it between 2018 and the company’s blockbuster IPO in November 2021. Rivian was founded in 2009 as Mainstream Motors and operated in near-obscurity for nearly a decade before revealing its R1T truck and R1S SUV prototypes at the 2018 Los Angeles Auto Show. The money followed quickly: Amazon led a $700 million round in early 2019, Ford invested $500 million, and by the end of that year Rivian had closed four funding rounds. A $2.5 billion raise in July 2020 and a $2.65 billion raise six months later preceded the IPO, which generated nearly $12 billion in gross proceeds at $78 per share and briefly valued the company at more than $100 billion.
Today, Rivian’s market capitalisation stands at approximately $18.2 billion, a significant decline that reflects the broader struggles of the EV sector. But the company continues to attract major partnerships. Volkswagen has overtaken Amazon as Rivian’s largest shareholder through a $5.8 billion software joint venture, and Uber struck a deal worth up to $1.25 billion for up to 50,000 autonomous Rivian R2 robotaxis across 25 cities by 2031.
What makes Scaringe unusual is not just the quantity of capital but the breadth. Supersized seed rounds have become more common in recent years, but they have generally gone to defence tech or AI startups founded by former OpenAI or Anthropic employees, not to electric micromobility or industrial robotics. Eclipse, one of Scaringe’s biggest backers and a lead investor in both Also and Mind Robotics, credits his combination of engineering depth and product instinct. Jiten Behl, partner at Eclipse and a former Rivian executive, described Scaringe’s ability to communicate a vision without overselling as “an art.”
The comparison to other serial entrepreneurs who have raised billions across multiple ventures, Elon Musk, Sam Altman, Palmer Luckey, is inevitable but imprecise. Multiple investors told TechCrunch that Scaringe’s distinguishing quality is the absence of self-promotion. “It’s not about him,” one insider said. “When you talk to him, he has enthusiasm about the product that is completely external.” Joe Fath, also at Eclipse, noted that Scaringe “has the rare combination of being a truly great engineer while also having an exceptional instinct for product design,” a pairing he described as “incredibly uncommon.”
The question that follows from $12.3 billion across three companies, all run by the same person, is whether Scaringe can sustain the pace. He travels between Palo Alto, Irvine, Rivian’s factory in Normal, Illinois, and a second factory under construction in Georgia. Mind Robotics is scaling rapidly, Also is preparing to deliver its first US products in 2026, and Rivian is ramping the R2 SUV while navigating a hostile tariff environment that has seen at least a dozen EV models cancelled or paused this year.
The industrial robotics market is attracting capital at an extraordinary rate, with companies from 1X to Unitree to Foundation Industries all raising hundreds of millions for physical AI systems. Mind Robotics’ pitch, that it has access to a live high-volume factory floor for training data, gives it a structural advantage most competitors lack. Whether that advantage translates into a durable business depends on execution at a scale that even Scaringe has not yet attempted.
Behl framed the question differently. “The big question is, how much can he do?” he said. “That’s a question that already assumes he’s reaching his limit. The thing is, he doesn’t look at it that way.“
Four chainable OpenClaw flaws dubbed “Claw Chain” let attackers weaponise the agent’s own sandbox. Patches are live.
Cybersecurity researchers at Cyera have disclosed four vulnerabilities in OpenClaw that, when chained together, allow an attacker to steal sensitive data, escalate privileges, and establish persistent control over a compromised host. The flaws, collectively dubbed “Claw Chain,” affect OpenClaw’s OpenShell managed sandbox backend and its MCP loopback runtime. All four have been patched in OpenClaw version 2026.4.22.
The attack chain works in four stages. First, a malicious plugin, prompt injection, or compromised external input gains code execution inside the OpenShell sandbox. Second, two of the vulnerabilities, CVE-2026-44113 and CVE-2026-44115, are exploited to expose credentials, secrets, and sensitive files. Third, CVE-2026-44118 is used to obtain owner-level control of the agent runtime by exploiting an improperly validated ownership flag. Fourth, CVE-2026-44112, the most severe of the four with a CVSS score of 9.6, is used to plant backdoors, modify configuration, and establish persistence outside the sandbox.
The most architecturally interesting flaw is CVE-2026-44118, which stems from OpenClaw trusting a client-controlled flag called senderIsOwner without validating it against the authenticated session. Any non-owner loopback client could impersonate an owner and gain control over gateway configuration, cron scheduling, and execution environment management. The fix, according to OpenClaw’s advisory, involves issuing separate owner and non-owner bearer tokens, with senderIsOwner now derived exclusively from the authenticating token rather than from a spoofable header.
The two TOCTOU (time-of-check/time-of-use) race conditions, CVE-2026-44112 and CVE-2026-44113, allow attackers to bypass sandbox restrictions and redirect file writes or reads outside the intended mount root. CVE-2026-44115 exploits an incomplete allowlist by embedding shell expansion tokens inside a heredoc body, enabling execution of commands that would otherwise be blocked at runtime.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
What makes Claw Chain particularly concerning is that each step looks like normal agent behaviour to traditional security controls. “By weaponizing the agent’s own privileges, an adversary moves through data access, privilege escalation, and persistence, using the agent as their hands inside the environment,” Cyera said. The attack broadens blast radius while making detection significantly harder, because the malicious actions are indistinguishable from the legitimate operations the agent is designed to perform.
This is not the first time OpenClaw’s security has come under scrutiny. In January, a critical remote code execution vulnerability (CVE-2026-25253) allowed any website a user visited to silently connect to the agent’s local server through an unvalidated WebSocket, chaining a cross-site hijack into full code execution. A Koi Security audit of ClawHub, OpenClaw’s skill marketplace, found 341 malicious entries out of 2,857 available skills, with attacks designed to steal credentials, open reverse shells, and hijack agents for cryptocurrency mining.
Nvidia addressed some of these structural security concerns in March with NemoClaw, an enterprise layer that adds sandbox orchestration, privacy guardrails, and security hardening on top of OpenClaw. The product was built in partnership with Cisco, CrowdStrike, Google, and Microsoft Security. But NemoClaw operates at the infrastructure level, not the application level, and the Claw Chain vulnerabilities sit inside OpenClaw’s own sandbox implementation, meaning even NemoClaw-hardened deployments would have been affected before the patch.
The scale of the exposure is significant. OpenClaw has more than 3.2 million users, is integrated with ChatGPT subscriptions through OpenAI, and has been adopted as an enterprise platform by Nvidia (NemoClaw) and Tencent (ClawPro). A significant portion of the installed base is running older, unpatched versions, and attackers have been targeting known vulnerabilities in versions prior to 2026.1.30 since at least February.
Security researcher Vladimir Tokarev has been credited with discovering and reporting the issues. Users are advised to update to version 2026.4.22 immediately. The broader lesson is one the AI agent industry has been slow to internalise: when an autonomous agent has access to files, credentials, APIs, and network resources, compromising the agent is functionally equivalent to compromising the user. Traditional perimeter security was not designed for a world in which the most privileged entity inside the environment is software that executes instructions from external sources.
Claw Chain is unlikely to be the last vulnerability disclosure of this kind. It may, however, be the one that forces the industry to treat AI agent security with the same rigour it applies to operating systems and cloud infrastructure, rather than as an afterthought bolted onto a product that was never designed to be this important.
This week on the GeekWire Podcast: As the Musk v. OpenAI trial heads to the jury, we dig into what Microsoft’s internal board memos and executive testimony revealed about the origins of the company’s massive bet on AI, and why this case matters beyond the billionaire drama.
Plus, Howard Schultz, a former Washington governor, and the tech community weigh in on whether Seattle is squandering its edge as an innovation capital.
Finally, the GeekWire Trivia Challenge explores the modern mysteries of Microsoft’s naming conventions. And in the opening, Todd owes John and the United Kingdom an apology.
RELATED STORIES AND LINKS
With GeekWire co-founders Todd Bishop and John Cook
Subscribe to GeekWire in Apple Podcasts, Spotify, or wherever you listen.
AndaSeat is primarily known for its broad range of gaming chairs – and, more recently, the launch of its very first standing desk. And though it wasn’t evident at the time, it was a clear signal of intent: the company is spreading its wings from gamer-focus to home office furniture as a whole.
Ahead of this interview, a representative told me, “In terms of office furniture, we’ve been placing increasing emphasis on how products fit into more compact, multi-functional environments – where a single chair can support both focused work and more relaxed, recreational use.”
Professionals shift posture constantly; our chairs move with them.
At AndaSeat, we view the transition from the racing cockpit to the home office as a natural evolution of ‘intensity.’ Whether you are in a high-stakes 5v5 match or a back-to-back marathon of video calls, the physiological toll on the body is remarkably similar: static muscle strain and spinal fatigue.
Our DNA allows us to translate high-performance features into the professional space in three key ways:
Dynamic Support: Our Auto-Tracking Lumbar systems (as seen in the Phantom 4) are designed for ‘Active Sitting.’ Professionals shift posture constantly; our chairs move with them, ensuring the lower back is never left unsupported.
Structural Durability: Our 100% Seamless Steel Frames – a standard from our racing days – provide a level of long-term structural integrity that typical office chairs lack, ensuring the ergonomic ‘geometry’ of the chair doesn’t sag over years of use.
Adaptive Recovery: Gaming requires rapid movement and deep focus. We apply this to office use through high-density molded foam and multi-angle tilt mechanisms, allowing a professional to transition instantly from ‘focus mode’ at 90° to ‘recovery mode’ at 120° for a mental break.
A superior home office setup should be treated as a Performance Ecosystem rather than just a collection of furniture.
A superior home office setup should be treated as a Performance Ecosystem rather than just a collection of furniture. Based on our R&D, we follow four core principles:
The 90-90-90 Rule: Your elbows, hips, and knees should all maintain approximately a 90-degree angle. This is only possible with highly adjustable gear, such as desks with millimetric height precision and 4D/5D armrests that align perfectly with the desk surface to prevent carpal tunnel strain.
Visual Ergonomics: Eye fatigue is the ‘silent’ productivity killer. A good setup uses Mechanical Spring Monitor Arms to ensure the top third of the screen is at eye level, preventing ‘tech-neck’ from looking down.
Movement-First Design: The best posture is the next posture. We advocate for Sit-to-Stand transitions. Alternating between sitting and standing every 45–60 minutes boosts circulation and cognitive function.
Zonal Organization: A clean space equals a clean mind. Integrated cable management (like the ‘Zero Cable’ system in our Xtreme desks) removes visual clutter, which research shows directly reduces cortisol levels and increases focus.
With our new mesh chair designs, such as the X-Air Series Pro, we are tackling the ‘thermal and pressure’ challenges of long-duration sitting. While leather offers a premium feel, mesh allows for high-performance breathability, which is critical for regulating body temperature during 8+ hour sessions.
We apply our core principles here through:
Variable Tension Zones: Not all parts of your back need the same support. Our mesh is engineered with different tension levels—firmer at the lumbar for stability and more flexible at the upper thoracic to allow for natural shoulder movement.
Pressure Distribution: Long hours of sitting lead to ‘hot spots’ on the thighs. We use a waterfall seat edge design combined with high-elasticity mesh to reduce pressure on the popliteal fossa (the area behind your knees), maintaining healthy circulation.
Mechanical Precision: We integrate our racing-grade aluminum alloy components into the mesh frame. This ensures that even though the material is flexible, the structural geometry remains rigid, preventing the ‘slouch’ effect that occurs in lower-quality mesh chairs over time.
The home office will evolve from a workstation into a Wellness Hub.
The boundary between ‘office’ and ‘home’ has permanently blurred, and our design philosophy has shifted toward ‘Seamless Versatility.’
Aesthetic Integration: We are moving away from the aggressive ‘gamer’ aesthetic toward a more refined, minimalist industrial design. Our Kaiser 4 and Xtreme desks feature clean lines and premium textures (like sustainable leather and carbon fiber) that complement a modern living room or bedroom rather than clashing with it.
Space Efficiency: In a home environment, space is a premium. This has led us to develop modular and compact solutions, such as our L-shaped standing desks and monitor arms that reclaim desk real estate.
The Future Evolution: We see the future moving toward ‘AI-Enhanced Ergonomics.’ We are exploring furniture that doesn’t just sit there but actively monitors your health—desks that remind you to stand based on your heart rate or chairs that adjust their tension based on your fatigue levels. The home office will evolve from a workstation into a Wellness Hub.
The paradox of ergonomics is that ‘proper posture’ isn’t a frozen state – it’s a fluid one.
The paradox of ergonomics is that ‘proper posture’ isn’t a frozen state – it’s a fluid one. A chair that forces you into a single position, no matter how ‘correct’ that position is, will eventually cause muscle fatigue.
At AndaSeat, we achieve this balance through Reactive Support Geometry. Instead of a rigid backrest, we use systems like our 6D Armrests and Gas-Spring Pop-out Lumbar (in the Kaiser 4). These components don’t just stay in place; they have a degree of ‘give’ and adjustability that follows the micro-movements of your skeleton.
For example, when you lean forward to type, the lumbar support maintains contact, and when you pivot to look at a second monitor, the armrests sync with your elbows. By reducing the physical effort required to maintain support during movement, we naturally guide the body back to a neutral spinal alignment without the user feeling ‘locked in.
The ‘six-month wall’ is a real phenomenon in budget furniture. In ultra-cheap models, corners are cut in places the eye can’t see, but the body eventually feels.
The ‘Invisible’ Frames: Many cheap chairs use thin, 1.2mm plywood or stapled elastic bands for support. After six months, these materials lose their tension, causing the seat to sag and your pelvis to tilt incorrectly. We use a 2mm thick, 22mm wide seamless steel frame to ensure the chair’s ‘skeleton’ remains identical from day 1 to year 10.
Motor Longevity & Stability: In low-cost standing desks, manufacturers often use single-motor systems with high-friction plastic glides. Initially, they seem fine, but after a few hundred cycles, the ‘wobble’ becomes unbearable at standing heights, and the motor’s internal gears begin to grind. Our Xtreme Series uses industrial-grade lifting columns tested for 25,000+ cycles to ensure millimetric stability even under full load.
Foam Density: Cheap chairs use ‘recycled’ or low-density foam that feels soft at first but ‘bottoms out’ quickly. Our Re-Dense Molded Foam is designed to maintain 90%+ of its shape even after years of 8-hour daily use.
We perform tests that would destroy standard office furniture.
We love that you tested the Xtreme desk in a high-traffic cafe – it perfectly mirrors our philosophy that furniture should be ‘industrial strength’ for the home.
Because we own our entire supply chain and a CNAS-certified testing lab, we perform tests that would destroy standard office furniture:
The 100,000-Cycle Abrasion Test: We don’t just test our PVC leather for feel; we subject it to 100,000 friction cycles at varying temperatures to ensure no cracking or discoloration.
Uneven Load Impact: For desks, we simulate ‘accidental’ stress—like someone sitting on one corner of the desk while the motor is running. We test the sensors and structural integrity to ensure the frame doesn’t torque or bend.
The Salt Spray & Humidity Chamber: Since we ship globally, we put our steel components in high-humidity salt chambers to simulate coastal environments, ensuring our anti-corrosion coating prevents rust for years. Having our own facility means we don’t just ‘meet’ BIFMA or ISO standards; we set our own ‘AndaSeat Standard’ which is often 20-30% more rigorous, allowing us to offer industry-leading warranties with total confidence
For the home office, my team and I tested the best standing desks and the best office chairs – and for gamers, we’ve reviewed all the best gaming chairs and the best gaming desks.
The Linux 7.1 kernel has added new documentation clarifying what qualifies as a security bug and how AI-assisted vulnerability reports should be handled. Phoronix reports: Stemming from the recent influx of security bugs to the Linux kernel as well as an uptick in bug and security reports from discoveries made in full or in part with AI, additional documentation was warranted. Longtime Linux developer Willy Tarreau took to authoring the additional documentation around kernel bugs. To summarize (since the documentation is a bit too lengthy for a Slashdot story), the AI-assisted vulnerability reports should “be treated as public” because such findings “systematically surface simultaneously across multiple researchers, often on the same day.” It adds that reporters should avoid posting a reproducer openly, instead “just mention that one is available” and provide it privately if maintainers request it. The guidance also tells AI-assisted reporters to keep submissions concise and plain-text, focus on verifiable impact rather than speculative consequences, include a thoroughly tested reproducer, and, where possible, propose and test a fix.
As for what qualifies as a security bug, the documentation says the private security list is for “urgent bugs that grant an attacker a capability they are not supposed to have on a correctly configured production system” and are easy to exploit, creating an imminent threat to many users. Reporters are told to consider whether the issue “actually crosses a trust boundary,” since many bugs submitted privately are really ordinary defects that belong in the normal public reporting process.
All the new documentation can be read via this commit.
Noble Audio is using CanJam Singapore 2026 to introduce the FoKus Apollo Pro, a limited run version of its hybrid wireless headphone platform. Building on the original FoKus Apollo, the Apollo Pro adds upgraded acoustic tuning, more premium fabrics and finishes, new voice prompts, and updated ear pads with two new color choices.
However, its unique driver configuration remains the key point. Most premium wireless headphones focus on ANC, app features, battery life, and codec support, but Noble is leaning harder into acoustic design with a hybrid driver platform that combines dynamic and planar magnetic technology in a wireless over-ear portable design.
Debuting May 16th and 17th, the FoKus Apollo Pro is aimed at listeners who want a more refined version of the Apollo concept. However, its limited run release suggests Noble is testing new tuning before committing to a full production roll-out, since the original Apollo model has been quite popular and won numerous industry awards.
At the core of the FoKus Apollo Pro is Noble’s hybrid driver configuration, which pairs a dynamic driver with a planar magnetic driver in each earcup. The design is intended to combine the bass weight and impact typically associated with dynamic drivers with the speed, clarity, and detail retrieval often associated with planar magnetic designs.
The Apollo Pro also introduces updated acoustic tuning intended to improve tonal balance, clarity, and overall presentation. Noble says the changes deliver deeper and tighter bass, improved detail retrieval, and a more open soundstage. Combined with Noble’s wireless platform and upgraded construction, the Apollo Pro is positioned as a more refined version of the Apollo for both home and portable listening.
Noble has also updated the Apollo Pro’s materials and finishing details, with changes focused on appearance, comfort, and portability.
The Apollo Pro uses Italian Alcantara on the headband, revised gunmetal accents, upgraded fabric cabling, and new ear pad materials. Noble says the more breathable fabric on the ear cushions is intended to reduce heat buildup during longer listening sessions.
The packaging has also been made more compact, giving the Apollo Pro a more travel friendly footprint while preserving the premium presentation expected from a limited run release.
Apollo Pro also introduces Voice Prompt functionality, replacing traditional notification tones with spoken voice confirmations for key functions and mode changes, including ANC activation and other onboard controls.
Powered by the Qualcomm QCC3084 chipset and compatible with the Noble FoKus companion app, the Apollo Pro combines high-end wireless audio performance with everyday usability and customization. With the Noble FoKus App (iOS, Android), users can manage playback settings, EQ adjustments, and access additional headphone functionality.
Wireless support includes LDAC, AAC, aptX, aptX HD, and SBC Bluetooth codecs, giving the Apollo Pro broader compatibility across Android, iOS, and other Bluetooth sources.
Pro Tip: The Apollo Pro also provides wired connectivity via an included 3.5 mm cable with 6.3 mm and 4.4mm adapters.
| Noble Model | FoKus Apollo Pro (2026) | FoKus Apollo (2024) |
| Product Type | Wireless Headphones | Wireless Headphones |
| Price | $699 | $649 |
| Drivers | 40mm dynamic driver (bass)
14.5mm planar magnetic driver (mids/treble) |
40mm dynamic driver (bass)
14.5mm planar magnetic driver (mids/treble) |
| Bluetooth Chipset | Qualcomm QCC3084 | Qualcomm QCC3084 |
| Bluetooth Version | 5.3 | 5.3 |
| Audio Codecs | LDAC, AAC, aptX, aptX HD, SBC | LDAC, AAC, aptX, aptX HD, SBC |
| Noise Cancellation | Hybrid ANC technology, up to -35dB. | Hybrid ANC technology -20dB to -35dB |
| Microphones | 3 microphones per side (integrated) + detachable boom microphone | 3 microphones per side (integrated) + detachable boom microphone |
| Frequency Response | 10 Hz – 40 kHz | 10 Hz – 40 kHz |
| Impedance | 32 Ohms | 32 Ohms |
| Connectivity | Bluetooth 5.3, 3.5mm wired input, USB-C | Bluetooth 5.3, 3.5mm wired input, USB-C |
| Pro-Specific Upgrade Enhancement Materials | Premium Italian Alcantara on the headband Refined, more breathable, replaceable synthetic goatskin earpads |
Frame Material: Anodized Aluminum Earpads Memory foam Korean Protein leather, replaceable |
| Design | Gunmetal Grey finish on the faceplate and frame, with a lighter, more durable anodized aluminum frame | Aluminum cups, aluminum gimbals, a steel headband, and comfortable, replaceable protein leather/memory foam ear pads |
| Tuning | Refined acoustic tuning for enhanced audio performance | Not Indicated |
| Battery Life | Up to 80 hours (ANC off) 60 hours (ANC on) at 50% volume. |
Up to 80 hours (ANC off) 60 hours (ANC on) at 50% volume. |
| Included Accessories | Compact carry case Detachable boom mic 3.5mm cable 6.3mm adapter 4.4mm adapter Airplane adapter |
EVA Carrying Case Detachable boom mic 3.5mm cable 6.3mm adapter Airline Adapter |
The FoKus Apollo Pro gives Noble a more serious foothold in full size wireless headphones by leaning on something most rivals are not offering: a hybrid dynamic and planar magnetic driver platform inside a Bluetooth headphone. Add LDAC, AAC, aptX, aptX HD, and SBC support, upgraded materials, revised tuning, Italian Alcantara, more breathable ear pads, and limited run positioning, and this becomes more than a cosmetic Apollo refresh.
What appears to be missing is the broader ecosystem strength of Apple, Sony, Sonos, Bowers & Wilkins, and Bose. Those brands bring deeper app integration, stronger ANC reputations, spatial audio platforms, and mainstream retail muscle. Noble’s play is different: better driver story, enthusiast credibility, premium materials, and a more focused sound-first approach.
The Noble FoKus Apollo Pro is being shown at CanJam Singapore, May 16-17, 2026. Global availability is available at NobleAudio.com and selected retailers for $699 USD / £649 / €749. However, these may not stick around long as only a limited production run was announced — not a permanent addition to the lineup.
The original Noble FoKus Apollo is available for $649 at Amazon.
BloFin War of Whales 2026 Grand Prix opens registration for $5M trading championship
Coffee Break: Travel Steam Iron
Weekend Open Thread: Theory – Corporette.com
What to expect when you’re expecting a budget
What to Know Before Buying a Curling Wand or Curling Iron
E-Estate Announces 1 Year Live: Washington DC Summit as Real Estate Tokenization Enters Its Next Phase
Auto Enthusiast Carves Functional Two-Stroke Engine from Solid Metal
Tech Moves: Microsoft AI leader jumps to OpenAI; former AI2 exec joins Meta; and more
GM Agrees To Pay $12.75 Million To Settle California Lawsuit Over Misuse Of Customers’ Driving Data
CZ says US crypto rivals tried to block Trump pardon
GM agrees to $12.75M California settlement over sale of drivers’ data
Bitcoin Suisse expands with Digital Asset License and Investment Business Act Registration Approval in Bermuda
Pakistan to enter Chinese capital market as war inflation bites
Google’s Gemini AI Predicts Incredible Solana Price by the End of 2026
Bitcoin Suisse expands with Digital Asset License and Investment Business Act Registration Approval in Bermuda
Sky News Presenter Says Keir Starmer Is Not Waving But Drowning
Hacker Drains $5.9M From Ethereum Liquidity Provider TrustedVolumes
H&R Real Estate Investment Trust (HR.UN:CA) Q1 2026 Earnings Call Transcript
Amazon Sundays: Spring Glassware & Vases
Prime Video’s Forgotten but Brilliant 2-Part Horror Anthology Is a Perfect Binge
You must be logged in to post a comment Login