Six weeks ago, AirTrunk did not operate in India. Now it wants to spend $30 billion there.

The Blackstone-backed hyperscale data centre operator announced on Thursday that it plans to invest more than INR 3,000 billion ($30 billion) in India by 2030, building over 5 gigawatts of digital infrastructure capacity across multiple states and union territories. The figure represents planned spending, not committed capital, and the four-year timeline leaves considerable room for adjustment. Still, if executed, the programme would rank among the largest digital infrastructure commitments in the country’s history.

Prime Minister Narendra Modi publicly welcomed the commitment, saying it would strengthen India’s position as a global hub for cloud computing and AI. The endorsement followed meetings between AirTrunk founder and CEO Robin Khuda and federal and state government officials in Maharashtra and Andhra Pradesh.

From zero to $30 billion in six weeks

AirTrunk entered India in April through the acquisition of Lumina CloudInfra, which gave it a 600-megawatt development pipeline across Mumbai, Chennai, and Hyderabad. The new $30 billion plan represents a dramatic escalation of that position.

The centrepiece is a 3GW campus at the Raigad Penn Growth Centre on the outskirts of Mumbai, for which AirTrunk has signed a letter of intent for land allotment with the Maharashtra government. According to a single industry report, that project alone carries an estimated price tag of $21 billion, though the figure has not been confirmed by AirTrunk or the Maharashtra government.

“Capital is mobile, and India is creating the conditions for it to thrive,” Khuda said. “India is taking a top-down approach to AI with clear government-led initiatives, a world-class talent pool, and massive availability of renewable energy.”

Why India, why now

India’s data centre market has been accelerating since 2024, but the pace of new commitments in 2026 has been extraordinary. Google has pledged $15 billion for a southern Indian data centre hub. Microsoft has committed $17.5 billion. Amazon is targeting up to $35 billion by 2030. The Adani Group has reportedly outlined a $100 billion programme through 2035, including a 5GW renewable-powered hyperscale platform, though those figures come from industry reports rather than a formal company commitment.

The government has matched the private capital with policy. India’s February budget introduced a 20-year tax holiday through 2047 for foreign technology firms using Indian data centres for global cloud services. The IndiaAI Mission has received approximately £1 billion ($1.2 billion) in funding, and the India Semiconductor Mission has been backed with approximately £7.5 billion ($9 billion).

AI-related colocation leasing more than doubled to 348MW in the past year, now accounting for nearly 20% of total demand. Between March 2025 and April 2026, operators announced roughly 30 large projects adding about 3.5GW of planned capacity across the country. Schneider Electric expects its India data centre business to become its single largest unit within three to five years.

Blackstone’s hyperscale bet

AirTrunk is the vehicle through which Blackstone is making its largest infrastructure play in the Asia-Pacific region. The private equity giant acquired AirTrunk in December 2024 for an implied enterprise value of over A$24 billion ($16 billion), alongside Canada Pension Plan Investment Board, which took a 12% stake. It was the largest data centre transaction in history at the time.

Blackstone has since been expanding AirTrunk’s footprint aggressively. The platform now spans more than 3GW of operating and planned capacity across 20 campuses in six regions: Australia, Singapore, Japan, Malaysia, Hong Kong, and India. Separately, Blackstone is seeking up to $1.75 billion in a NYSE IPO for its Digital Infrastructure Trust, packaging hyperscaler-leased AI data centres as a public REIT.

The India push fits a clear pattern. Blackstone had already committed approximately $11 billion to Indian data centres through Lumina before the AirTrunk acquisition. The new $30 billion figure nearly triples that exposure.

The execution question

The numbers are staggering, but so is the gap between announcements and operational capacity. India’s total live IT capacity exceeded 1.6GW by the end of 2025, the product of years of cumulative buildout. Just 371MW was added in 2025 alone. AirTrunk’s proposed 5GW, combined with the commitments from Google, Microsoft, Amazon, and Adani, would require India to build more capacity in the next four years than it has built in its entire history, several times over.

The discussions between Khuda and government officials reportedly focused on precisely the bottlenecks that could slow that buildout: access to reliable and cost-effective power, renewable energy, sustainable water supply, talent development, streamlined approvals, and coordination between state and federal governments on strategic infrastructure.

India is not the only country chasing hyperscale AI infrastructure investment. Malaysia, Saudi Arabia, and several European nations are offering competing incentive packages. AirTrunk itself recently expanded its Malaysian platform to over 700MW. The $30 billion figure signals intent, but the timeline to 2030 leaves room for the kind of recalibration that large infrastructure programmes routinely undergo.

What is not in question is the direction of travel. Whether the final number is $30 billion or something smaller, India is rapidly becoming one of the world’s primary construction sites for the physical infrastructure that AI requires. The question is whether the country’s grid, water supply, and planning systems can keep pace with the capital flooding in.

Meta’s AI support agent bound recovery emails to accounts for whoever asked, and SOCs never saw an alert. An authorized agent writes a log of legitimate transactions, so nothing in the detection stack fired. Attackers asked the bot to make the change, took the one-time code it sent, and ran the password reset, 404 Media reported.

No malware, no stolen credentials, and no prompt injection in the sense most security teams drill for. The agent did exactly what Meta built it to do. That is what should keep a security operations leader up at night: The takeover did not break a control; it rode one that was already trusted.

What a SOC needs is a way to walk each recovery path through an audit grid with its AI build team before the next renewal closes. The AI Authority Audit Grid at the end of this article maps every authentication write a support agent can make on the recovery path, what Meta’s incident proved about each one, why it stays dark to the SOC, and the control that closes it.

The agent is an authorized actor, so the SOC reads the takeover as routine traffic

From inside the detection stack, the attack produced no signal the stack could read. The agent binds a new email, then resets the password, and identity and access management logs both writes as an authorized actor, so each lands in the authentication state as a legitimate transaction. No anomalous login, no failed-auth spike, nothing for EDR or DLP, no SIEM rule to match, because nothing in the sequence looks like an attack. The takeover lived inside the trust boundary the stack assumes is safe. There is no foothold to find, because the agent was the foothold, and it was supposed to be there.

The chain was almost insulting in its simplicity. Brian Krebs documented the version pro-Iran hackers posted to Telegram on May 31. The attacker switched on a VPN to appear in the victim’s region, sidestepping Instagram’s location alarms, then asked the support assistant to add a new email and send a verification code, as the BBC confirmed from the same recordings. The bot complied, sending the one-time code straight to the attacker, Gizmodo reported. The reset finished and the owner was locked out, in minutes. The exploit failed against any account with MFA enabled, according to Krebs.

The hijacked accounts were not soft targets. They included Sephora, U.S. Space Force senior enlisted leader Chief Master Sergeant John Bentivegna, researcher Jane Manchun Wong, and a dormant Obama White House handle that briefly posted a defaced image, according to 404 Media. Meta disputes the Obama account, according to TechCrunch, and called claims that leaders’ accounts were breached “completely false,” according to the BBC. The rest stand.

MFA held. The recovery path beside it did not.

The detail that decided who survived was narrow. Krebs reported the attack failed against any account with multifactor authentication, even SMS. The recovery path beside it was the gap. When that path asked for a selfie video, attackers ran the target’s public photos through an AI video generator and submitted the clip, which Meta accepted as valid identity verification, gHacks reported. Either way the failure was the recovery door, not the login door MFA guards.

That makes this an architecture problem, not a Meta problem. MFA gates the login path for owner and attacker alike, but the recovery path runs beside it, built to relax the usual checks because it exists for the moment a user has lost the normal way in. Meta put an agent on that path with write access to authentication state and no deterministic check between a convincing request and a committed change. Authorization cannot live inside the model, because a conversational system can be talked into skipping a check. It has to live outside the model, in a gate the agent cannot reason its way past. Security researchers have a name for this pattern, the confused deputy, a trusted system tricked into spending its privileges on an attacker’s behalf.

This is not the last support agent that will hand over an account. Ian Goldin, a threat researcher at Lumen’s Black Lotus Labs, told Krebs on Security that AI bots are as easy to social engineer as the human agents they replace, and just as eager to help. “AI chatbots create interesting new attack surface, and we’re likely going to see a lot more of these kinds of attacks,” Goldin said. Every enterprise wiring an agent into a recovery, provisioning, or password flow is shipping the same write access Meta did.

Simon Willison, who coined the term prompt injection, put it plainly on his blog. “Meta really did wire their support system into an AI chatbot that had the ability to fast-forward through the entire account recovery process,” he wrote. “This one hardly even qualifies as a prompt infection. Don’t wire your support bot up to allow one-shot account takeovers.” The attacker never tricked the agent. The attacker asked, and the agent had untrusted input, write access, and a way to execute, all at once.

OWASP named this class before Meta shipped it, as Excessive Agency at LLM06 and Identity and Privilege Abuse at ASI03 in the Agentic AI Top 10. The warning label was on the box: Meta pushed the assistant to every Facebook and Instagram account in March, according to 404 Media, with the power to reset passwords and handle recovery, the product page promising “solutions, not just suggestions” under the line “account security and recovery.” Meta gave the agent the power and never built the gate to govern it.

The AI Authority Audit Grid

Security operations leaders need to run this against their own support agent before the next renewal closes. Each row is an authentication write the agent makes on the recovery path, with what Meta proved, why your stack misses it, and the control that closes it.

The fix is not bolting yet another MFA prompt onto the login screen. The people who survived Meta’s incident were the ones who already had that control in place.

The fix is pulling authorization out of the recovery path’s honor system and putting it behind a gate that does not move just because a prompt sounds convincing. Build the agent so the SOC sees every write it makes, and so any write that changes who owns an account cannot commit without a check that the model does not control.

Meta just showed what happens when the most trusting employee on the team is also the one holding the keys. The next agent like that is already reading your intellectual property and financials.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today that hackers are now actively exploiting a recently patched high-severity SolarWinds Serv-U flaw to crash servers.

Serv-U is the company’s Windows and Linux file transfer software that offers Managed File Transfer (MFT) and FTP server capabilities, which allow users to securely exchange files via HTTP/HTTPS, FTP, FTPS, and SFTP.

SolarWinds released Serv-U 15.5.4 Hotfix 1 on Thursday to patch this denial-of-service vulnerability (tracked as CVE-2026-28318) and said it stems from an uncontrolled resource consumption weakness.

“SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate,” the company said.

Remote attackers can exploit the security flaw without privileges in low-complexity attacks that don’t require user interaction.

SolarWinds also advised admins who can’t immediately deploy the patch to limit access to known addresses and to block any POST request containing “content-encoding,” since the vulnerable Serv-U service does not require this functionality.

The Internet intelligence platform Shodan currently tracks over 12,000 Serv-U servers exposed online, and Internet security watchdog Shadowserver just over 3,100, but there is no information on how many have already been patched.

​Days after SolarWinds addressed the vulnerability, CISA flagged it as exploited in the wild and added it to the Known Exploited Vulnerabilities Catalog, ordering all Federal Civilian Executive Branch agencies to patch their servers against ongoing attacks by June 19, as mandated by Binding Operational Directive (BOD) 22-01.

While BOD 22-01 applies only to U.S. government agencies, the cybersecurity agency also urged all network defenders, including the private sector, to secure their networks against ongoing CVE-2026-28318 attacks as soon as possible.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” CISA warned. “Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.”

In recent years, multiple cybercrime and state-backed hacking groups have targeted vulnerabilities in Serv-U to steal sensitive corporate and customer data.

For instance, the Clop ransomware gang exploited a Serv-U remote code execution vulnerability (CVE-2021-35211) to breach corporate networks in a 2021 campaign. DEV-0322 Chinese hackers also deployed CVE-2021-35211 exploits in zero-day attacks starting in July 2021.

More recently, in June 2024, cybersecurity companies GreyNoise and Rapid7 tagged a Serv-U path-traversal vulnerability (CVE-2024-28995) as actively exploited.

Over the past several years, CISA has tagged 11 vulnerabilities across various SolarWinds products as actively exploited in attacks, one of which has also been abused by ransomware gangs.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Deep Robotics just released a video showcasing the enhanced skills of their DR02 humanoid in public. The machine is seen darting across an uneven field of grass, leaping over minor obstructions, bounding up massive concrete steps with little loss of steam, and even standing upright while carrying a fire extinguisher behind it.

The DR02 was created from the ground up by the company’s engineers to be a durable piece of equipment, and it shows. It’s a behemoth, standing 175 centimeters (5′ 7″) tall and weighing 65 kilos (143 pounds). One of the most notable aspects of this design is its IP66 waterproofing, which means it can endure dust and water. So, if you need a robot that can operate in situations that would send a human running for cover, this one has you covered. It can readily withstand rain, humidity, and dusty conditions that would be inconvenient for even the toughest humans, and to give you an idea of how durable it is, the DR02 can function in temperatures ranging from -20 to +55 degrees Celsius.

Unitree R1 Humanoid Robot (Red, R1 Air)

• Three models, one lightweight platform R1 Air (20 DOF, monocular camera), R1 (26 DOF, binocular camera, head+waist joints), and R1 Edu (26 DOF…
• Easy setup – no coding required for basic use Unbox, power on, and start. Manual teaching feature: physically pose the robot, and it replays the…
• More DOF = more expressive movement 26‑DOF models (R1 / R1 Edu) add head and waist articulation for smoother dance and running. For safety reasons…

The DR02 walks at a constant 1.5 meters per second (3.4 miles per hour), but it can quickly accelerate to 4 meters per second (8.9 miles per hour) for a short sprint. The robot can also navigate steep slopes of up to 20 degrees and operate well on uneven terrain. When it comes to lifting, each arm can manage 10 kilograms (22 pounds), which is very respectable, especially when you see it smoothly carrying a decent-sized mounted fire extinguisher.

The DR02 is powered by a small 275 TOPS computer on board that can read data from a LiDAR sensor, depth sensors, and a variety of wide-angle cameras. This enables it to develop real-time maps of its surroundings and change leg placement on the fly, whether it’s switching from grass to concrete or avoiding an unexpected impediment. The machine also features Deep Robotics’ J60, J80, and J100 joints, all of which are totally custom-built to provide a ton of torque and precision while keeping balanced even while carrying a load or scrambling over rough terrain.

One of the DR02’s most appealing features is its modularity, as the arms, legs, and forearms are all simply removable, allowing you to rapidly replace them if a problem arises. There is no need to transport the entire system back to the workshop for repairs; field personnel can do the job on the spot, and as a result, Deep Robotics is eyeing DR02 for real-world applications, including checking high-voltage lines, responding to emergencies, hauling gear in difficult terrain, and mapping out security patrol routes.

Even while it is still a prototype, and a very costly one at $200,000, it’s clear where this thing is going; with each tweak, it progresses from a lab toy to a legitimate tool you can use to get serious work done in places where you wouldn’t want to send a human. We still need to hear back from Deep Robotics on a few critical issues, such as how long the battery will survive and how customizable the design is.
[Source]

Having entered the consumer PC silicon market at Computex 2026 with the RTX Spark superchip, Nvidia CEO Jensen Huang has confirmed the platform extends well beyond its first chip, with successor architectures already in planning under the internal codenames N2X and N3X.

Huang confirmed this during a Q&A session with Tom’s Guide at Computex 2026, where he also clarified that the current chip carries the N1X designation because a smaller companion variant, referred to internally as N1, is also in Nvidia’s product pipeline.

The RTX Spark platform itself launched with considerable hardware ambition, combining up to 20 Arm CPU cores with a Blackwell GPU carrying 6,144 CUDA cores and up to 128GB of unified LPDDR5X memory, a specification that Nvidia has positioned against Apple Silicon and Qualcomm’s Snapdragon X platforms in the premium Windows on Arm segment.

If they don’t get you online, they’ll try in person. A data-theft and extortion gang has targeted “dozens” of banks, law firms, and other professional services companies in the US from January through May, using fake help desk calls and other social-engineering techniques to gain access to corporate IT environments, according to Google’s Mandiant incident response team. 

And when those remote-deception methods don’t work, the criminals sometimes show up at victims’ physical offices, posing as IT technicians, and attempt to steal sensitive files using thumb drives.

Google’s threat hunters track the extortion threat group as UNC3753, while other analysts call it Luna Moth, Chatty Spider, and Silent Ransom Group. The crew has been around since 2022, originally using fake software renewal emails and other billing lures, typically with PDF attachments containing phone numbers for attacker-controlled call centers, as their means of gaining initial access to corporate networks.

Beginning around March 2025, the crims shifted tactics and started posing as IT help desk staff.

“While UNC3753 primarily relies on digital vectors, GTIG assesses that associated threat actors have also attempted direct data theft using physical, in person access,” Google incident responders and researchers Chad Reams, Tufail Ahmed, Keith Knapp, Ashley Frazer, and Tyler McLellan said in a Friday blog.

The authors also pointed to a May FBI alert to corroborate this in-person tactic. 

According to the feds, Silent Ransom Group crooks have been walking into law firms’ physical offices as recently as this spring. Once they are on-site, they claim to be IT support staff needing to image a device or create local backups for security reasons. If that line works, they plug a thumb drive into the victim’s computer and steal data the old-fashioned way.

“Although limited forensic evidence and the absence of a subsequent extortion attempt prevent formal attribution, GTIG assesses that these physical intrusions are likely associated with UNC3753 based on structural, timeline, and targeting overlaps,” the blog said.

Google won’t say how many dozens of firms have been targeted in these attacks, or how many ended in the data thieves paying a visit to the victims’ locations. 

“While we can’t share additional details regarding specific investigations, Mandiant CTO Charles Carmakal notes that this tactic has been observed over the years,” a spokesperson told The Register. “Mandiant has investigated various matters where adversaries planted insiders, bribed employees, or physically entered buildings to facilitate cyberattacks.”

Another noteworthy thing about UNC3753’s attacks: they are very fast. In many of Mandiant’s investigated incidents, the entire operation from initial contact to data extortion occurred in just one day. “Recently, Mandiant observed data searches, staging, and theft initiated in under an hour,” the threat analysts warned. 

These intrusions typically begin with an invoice-themed email – but these don’t usually contain any malicious links or attachments. The email’s sole purpose is to give the miscreants a plausible reason to follow up via phone, so that the recipient is more likely to believe the call is legitimate.

Most of the crew’s entry mechanisms involve voice-phishing, using a method that has worked so well for other groups like ShinyHunters and Scattered Spider over the past few years. 

UNC3753 calls organizations’ employees directly and purports to be a help desk worker or member of the security team. The criminals say they need the target’s help addressing a security issue or aiding with a corporate data migration project, and convince the individual to join a screen-sharing session via Zoom, Microsoft Terminal Services, Microsoft Teams, or Quick Assist. 

In one such intrusion, using Teams to gain access to the victim’s computer, the attacker jumped on five separate calls with the same target over a three-day period, we’re told.

And in more than one incident that Mandiant responded to, UNC3753 established Zoom sessions directly on targets’ personal laptops, using these machines to access corporate virtual desktop infrastructure (VDI) using native client platforms, such as Windows 365 or Citrix clients. 

Once they’re in the corporate systems, the intruders map local directories and network drives, and target specific legal and document storage repositories. The crooks also use very-specific keyword searches to find sensitive folders containing tax logs (Forms W-2, W-9, and 1099), audit files, corporate client agreements, and Social Security numbers, before staging this data for exfiltration.

UNC3753 uses several methods to sneak the data out of the corporate IT environment without setting off any security alarm bells, including using portable versions of free Windows file manager WinSCP or another open source filesystem like Rclone. 

The crew has also been known to log into a file-sharing account from the victim’s browser and upload the stolen files that way – or even instruct the victims to send the files to an attacker-controlled email address.

After stealing the data, they send the extortion email, usually within 30 minutes of exiting the victim’s environment, and set a three-day deadline to respond and begin the negotiation process. “We hope to find a financial solution that will be acceptable for both parties,” reads one such extortion email.

It continues:

In case of ignorance or no agreement, We will notify your employees, partners and customers, after which We will publish your data. You will receive claims from individuals, and legal entities for information leakage and breach of contracts, your current deals will be terminated. Journalists and others will dig into your documents, finding inconsistencies or violations in them. Your organization will lose its reputation, shares will fall in price, and your organization will be forced to close.

Stay safe, friends

In the Friday report, Google’s threat hunters list IP addresses and other indicators of compromise, including these phishing domains that UNC3753 uses in its social-engineering attacks, all designed to look like the target organization’s help desk: -itdesk[.]com, -it[.]com, and -helpdesk[.]com.

The security shop also suggests a range of things companies can do to avoid falling victim to this group and other voice-phishing scams or physical office intrusions.

Some of the physical controls include requiring visitors to display official credentials and photo identification, and mandating front-desk staff log all visitor IDs before granting access. Also, check pre-scheduled work orders to ensure the “technician” at the front desk is who they say they are, and make sure any visiting technical service workers are always accompanied by a corporate, in-office supervisor.

Because the bulk of these intrusions occur without any physical entry into the office, however, companies should also implement remote access conditional access policies to ensure only corporate-owned devices can authenticate to any VDIs or VPNs. Plus, block the installation and execution of unauthorized remote monitoring and support utilities. ®