The TeamPCP hacker group is threatening to leak source code from the Mistral AI project unless a buyer is found for the data.
In a post on a hacker forum, the threat actor is asking $25,000 for a set of nearly 450 repositories.
Mistral AI is a French artificial intelligence company founded by former researchers from Google’s DeepMind and Meta, which provides open-weight large language models (LLMs), both open source and proprietary.
In a statement to BleepingComputer, Mistral AI confirmed that hackers compromised a codebase management system after the Mini Shai-Hulud software supply-chain attack.
The incident started with the compromise of official packages from TanStack and Mistral AI through stolen CI/CD credentials and legitimate workflows.
Then it spread to hundreds of other software projects on the npm and PyPI registries, including UiPath, Guardrails AI, and OpenSearch.
“They [the hackers] contaminated some of our SDK packages for a brief period,” the company said.
TeamPCP claims to have stolen nearly 5 gigabytes “of internal repositories and source code” that Mistral uses for training, fine-tuning, benchmarking, model delivery, and inference in experiments and future projects.
“We are looking for $25k BIN or they can pay this and we will shred these permanently, only selling to the best offer and limited to one person, if we cannot find a buyer within a week we will leak all of these for free to the forums,” the hackers said.
The threat actor appears open to negotiations, stating that the asking price is flexible and that interested buyers are free to submit what they believe is a fair offer for the 450 repositories offered for sale.
Mistral AI told BleepingComputer that the TeamPCP managed to contaminate some of the company’s software development kit (SDK) packages.
In an advisory published earlier this week, the company said that the breach occurred after a developer device was impacted by the TanStack supply-chain attack.
However, Mistral states that the forensic investigation determined that the impacted data was not part of the core code repositories.
“Neither our hosted services, managed user data, nor any of our research and testing environments were compromised,” Mistral told BleepingComputer.
Earlier today, OpenAI also confirmed that the TanStack supply-chain impacted systems of two of its employees who had access to “a limited subset of internal source code repositories.”
A small set of credentials was stolen from the repositories, but the investigation found no evidence that they were used in additional attacks.
OpenAI responded by rotating the code-signing certificates exposed in the incident and warning macOS users that they must update their OpenAI desktop apps before June 12, or the software may fail to launch and stop receiving updates.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
Bolt has partnered with China’s Dongfeng Motor Group to roll out electric vehicles on its ride-hailing platform in South Africa, starting in Cape Town. The Estonian company claims more than 50% market share in the country after investing roughly $180 million. The deal pairs Dongfeng’s Box hatchback and 007 sedan with Bolt’s driver network as rising fuel prices make EVs increasingly attractive for ride-hailing economics.
TL;DR
Bolt Technology, the Estonian ride-hailing company that has spent roughly $180 million building a dominant position in South Africa, has struck a deal with China’s Dongfeng Motor Group to roll out an electric-vehicle fleet in the country. The partnership will start in Cape Town, with Dongfeng’s Box hatchback and its more premium 007 sedan available to riders through Bolt’s platform. A fleet management company called Yugo Rides will operate the vehicles.
The deal is a bet on two converging forces: rising global demand for Chinese electric vehicles and the economic pressure that elevated fuel prices, driven in part by the Iran conflict, are placing on ride-hailing drivers across emerging markets. Simo Kalajdzic, who manages Bolt’s South African operations, said the company is taking a phased approach to the rollout because of infrastructure constraints, particularly the need for sufficient charging stations.
Bolt claims more than 50% of the ride-hailing market in Africa’s largest economy, a figure that, if accurate, would make South Africa one of the few markets globally where Uber is not the leading platform. The company has invested about $180 million in building out the local business and says South Africa consistently ranks among its top 10 markets worldwide. Kalajdzic described the country as a “strong strategic priority.”
That investment is part of a broader expansion that now spans more than 50 countries and 850 cities. Bolt, which offers ride-hailing, food delivery, and scooter rentals, earned a €7.4 billion valuation in a 2022 funding round after raising €628 million from Sequoia Capital, Fidelity Management, and other investors. It has since moved into East Asia by launching in Taiwan and entered Canada under a sub-brand called Hopp. It also launched scooters in Washington, DC.
The logic behind electrifying a ride-hailing fleet in South Africa is straightforward but not simple. Fuel costs are among the largest expenses for drivers on any ride-hailing platform, and the oil price increases linked to the Iran conflict have made that burden heavier. Electric vehicles offer substantially lower per-kilometre running costs, which in theory should improve driver earnings and make the platform more attractive to new drivers.
The constraint is infrastructure. South Africa’s charging network remains sparse compared with those in Europe or China, and the country’s electricity grid has historically been unreliable, though load-shedding has eased in recent months. Bolt’s phased approach, starting in Cape Town, which has better charging infrastructure than most South African cities, suggests the company is aware that scaling an EV fleet will take time.
Dongfeng, for its part, gains a distribution channel in a market where Chinese manufacturers are increasingly competitive but have not yet established the consumer brand recognition that BYD and others have built in Europe and Southeast Asia. Partnering with a ride-hailing platform lets Dongfeng put its vehicles in front of millions of riders without needing to build a retail network from scratch.
The South Africa deal arrives as Bolt weighs an initial public offering. Kalajdzic said the company will “consider options, when market conditions are right,” a formulation that venture-backed companies typically use when an IPO is being planned but not yet committed to. Bolt’s €7.4 billion private valuation dates from 2022, and market conditions for ride-hailing IPOs have shifted considerably since then, not least because Uber’s own stock has demonstrated the difficulty of sustaining high multiples in the sector.
The Dongfeng partnership could serve a dual purpose in that context. Demonstrating the ability to electrify its fleet in a key market would strengthen Bolt’s narrative for public investors, particularly those focused on environmental, social, and governance criteria. It would also help differentiate Bolt from the company whose shadow it has always operated in: Uber has invested heavily in autonomous vehicles but has been slower to electrify its conventional fleet in emerging markets.
Whether the economics work at scale remains to be seen. The deal is small, a phased rollout of two Dongfeng models in a single city, and Bolt has not disclosed the financial terms of the partnership or the number of vehicles involved. But it signals a strategic direction that, if it succeeds, could be replicated across Bolt’s African and emerging-market footprint. For a company that built its position by being cheaper and faster than Uber in markets the American company treated as secondary, electrification is a logical next step.
Hackers have injected credential-stealing malware into newly published versions of node-ipc, a popular inter-process communication package, in a new supply chain attack targeting npm.
The node-ipc package is a Node.js module that enables various processes to communicate through all forms of sockets, including Unix, Windows, UDP, TLS, and TCP.
Despite the maintainer publishing in March 2022 weaponized versions that targeted Russia and Belarus-based systems with a data-overwriting module, in protest to the Russian invasion of Ukraine, the package still has more than 690,000 weekly downloads on npm.
The recent supply-chain attack was detected by multiple application security companies, including Socket, Ox Security, and Upwind, who confirmed the following three versions as malicious:
The malicious code hides inside the CommonJS entrypoint (node-ipc.cjs) and executes automatically whenever applications are loaded.
The malware is heavily obfuscated and fingerprints infected systems, collects environment variables and sensitive local files, compresses the stolen data into archives, and exfiltrates it through DNS TXT queries.
The latest compromise appears to be the work of an external actor who compromised the account of an inactive maintainer named ‘atiertant.’
According to the researchers, the infostealer injected in the new node-ipc versions collects the following types of information from compromised systems:
The malware skips files larger than 4 MiB and avoids scanning .git and node_modules directories to increase efficiency and reduce operational noise on the host.
A notable operational characteristic is the use of DNS TXT queries instead of conventional HTTP-based command-and-control (C2) traffic for data exfiltration. The attackers use a fake Azure-themed domain (sh[.]azurestaticprovider[.]net:443) as a bootstrap resolver, transmitting the data to ‘bt[.]node[.]js’ with query prefixes like xh, xd, and xf.
According to Socket, exfiltrating a 500 KB compressed archive could generate roughly 29,400 DNS TXT requests, helping the traffic blend into normal DNS activity.
Prior to submission, the malware stores collected data in temporary compressed tar.gz archives, which are deleted after exfiltration to reduce forensic traces.
The malware does not establish persistence or download any secondary payloads, so the operation appears focused on rapid credential theft and exfiltration.
Potentially impacted developers should immediately remove the affected versions, rotate exposed secrets and credentials, and inspect lockfiles and npm caches.
Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.
This guide covers the 6 surfaces you actually need to validate.
The Alienware 15 is available in several hardware configurations, with both AMD and Intel CPU options, along with multiple generations of Nvidia GeForce RTX GPUs. A configuration featuring an AMD Ryzen 5 220 processor and a GeForce RTX 4050 graphics card starts at $1,300, while the most expensive Intel-based model…
Read Entire Article
Source link
Lenovo has introduced a new budget gaming monitor in China under its Lecoo branding, and on paper, it looks like serious value for money.
The new Lecoo N2757Q combines a high refresh rate and 1440p resolution with a relatively low price tag, targeting gamers who want smooth performance without spending much.
At the centre of the package is a 27-inch Fast IPS panel with a 2560 × 1440 resolution and a native 200Hz refresh rate. The refresh rate can even be pushed slightly higher to 210Hz via overclocking, putting it firmly in competitive gaming territory. This is especially true for fast-paced FPS and RTS titles where frame smoothness matters more than anything else.
Lenovo also claims a 1ms (GTG) response time, aiming to reduce motion blur during high-speed gameplay. Colour performance sits in the mid-to-upper range for a budget display with 121% sRGB coverage and 96% DCI-P3; decent for everyday gaming and content consumption, but it’s not aimed at professional colour work.
Brightness peaks at 400 nits, which allows the monitor to meet the HDR400 standard. That won’t deliver true HDR impact compared to higher-end panels, but it should still offer a noticeable boost in contrast and highlights over standard SDR displays. Lenovo is also highlighting built-in game modes, designed to optimise visuals for different genres like shooters and strategy games.
On the connectivity side, there’s nothing flashy, but the monitor is practical. It includes two DisplayPort 1.4 ports and two HDMI 2.1 ports. This allows multiple devices to stay connected at the same time without constant swapping.
Elsewhere, the Lecoo N2757Q comes with an adjustable stand, VESA mount support, and a fairly minimal design. It keeps things simple rather than aggressive or overly “gamer-focused”.
The most striking part of the package, though, is the price. Lenovo has launched the Lecoo N2757Q in China at CNY 799 (around $118). This undercuts many 1440p high-refresh monitors currently on the market.
There’s no word yet on international availability, and given the Lecoo branding’s limited global presence, it’s unclear if this ultra-budget 200Hz monitor will ever leave China. Still, on specs alone, it’s one of the more aggressive value plays in the gaming display space right now.
Interested in taking some wild new 3D printing features for a test drive? preFlight is free and open source slicer that brings a host of processing improvements as well as fascinating new features and interesting twists on old ones. There are almost too many to list, so here are a few that caught our eye.
Want to mix and match different support types on the same object? No problem. How about use Nip & Tuck seams to better hide where layers start and stop? You can emboss images directly onto print surfaces with a real-time preview and use smart bridging for counter-bored holes. We particularly like the ability to preview a sliced object from the side instead of just by layer. That’s not all, either.
Those features alone are pretty intriguing, but there’s one in particular that is particularly relevant to creating stronger parts. Interlocking Perimeters increases layer bonding to increase object strength. Unlike brick layers, which staggers layers vertically, interlocking perimeters plays with spacing and compression to increase bonding in the Z axis while keeping layer heights constant. This is possible thanks in part to the greater control offered by Athena, the new perimeter generator.
There are plenty more features — like a full Python runtime embedded directly into the slicing pipeline, and a host of export pathways — so check out the GitHub repository for added detail and let us know in the comments if you give it a try.
OpenAI is rolling out a preview of a new personal finance feature inside of ChatGPT. Starting today, Pro users in the US can connect their financial accounts to ChatGPT in order to get more personalized advice from the chatbot.
To hear OpenAI tell it, every month more than 200 million users already turn to ChatGPT for guidance on managing their money. By building a framework that allows those people to connect their accounts to its servers, ChatGPT can go from offering generic advice to helping those same users take actions that more directly improve their lives. The integration is made possible through a partnership OpenAI has signed with Plaid, which offers connections to more than 12,000 financial institutions, including banks like Citi and Chase, in addition to services like Affirm and Robinhood.
To begin using the new integration, find the “Finances” section inside of ChatGPT’s sidebar or write a prompt along the lines of “@Finances, connect my accounts.” ChatGPT will guide you through the process of importing your financial information through Plaid. The chatbot will then start building a visual dashboard, like the one you see in the screenshot OpenAI provided. The process of generating a visual representation of your finances may take a few minutes. From there, you can select one of the starter prompts or ask your own questions.
Understandably, some people may be hesitant to share their financial information with ChatGPT. OpenAI is looking to address those concerns by limiting the scope of what its chatbot can see. According to the company, ChatGPT can only read your balances, transactions, investments and liabilities through Plaid. It cannot see full account numbers or make changes to your accounts through the system.
Additionally, the company says users can disconnect their financial accounts from ChatGPT at any time, and any memories the chatbot saves about your financial situation can be seen or deleted directly from the Finances section of the app. ChatGPT cannot access these memories when using the temporary chats feature. Lastly, OpenAI’s data controls settings apply to the new experience, so if you’ve already dug into those, your prompts and other information won’t be used by the company to train future models.
According to an OpenAI spokesperson, work on the feature began before the company’s recent acquisition of fintech startup Hiro, which offered an AI-powered financial planning tool for consumers. The company hopes to bring this new experience to more users, including Plus subscribers, in the future. “We’re starting with a preview to a smaller group so we can learn from real-world use, improve the experience, and expand thoughtfully,” OpenAI said.
You probably flash new firmware on a variety of devices regularly, even though that’s rare for non-technical types. But what about your hard drive firmware? Most of us don’t want to touch our operating drives, so unless you are dealing with surplus drives or have a special project in mind, you may not think much about the firmware running your spinning rust storage. [I Code 4 Coffee] uses hard drives in an unusual way to exploit Xbox 360s, and wound up reverse engineering some drive firmware with an eye to making changes.
The analysis started with three hard drives and an SSD. Looking for people who’ve done similar work wasn’t as productive as you might think. There isn’t much call for modifying hard drive firmware, and what data there is can be outdated.
One thing that was available was firmware dumps taken with a PC-3000 data recovery tool. What follows is a deep dive down the hard drive rabbit hole. There are backdoor vendor commands and connections to the diagnostic RS-232 port on some drives. You can find the technical artifacts on GitHub.
We learned a few things, and we bet you will too. Another way to get into the hard drive’s firmware is via JTAG.
Given the upfront cost of a car, some of the biggest car brands have been known to hand out perks as added incentives to buy. And before you figure you’ve heard it all before, these special offers go beyond the standard checklist of benefits (like a warranty or free roadside assistance options). Like Ford, for example. When you drive off the lot in one of their vehicles, Ford tacks on several nice little bonuses you might not even realize you have.
Some of these perks are meant to save you time. Others are meant to save you money. No matter what, though, they all make owning a Ford just that much sweeter. We’ve put together the four coolest below, plus instructions on how to make the most of them (if you haven’t already). Pick one or two to take advantage of, or get your money’s worth and start enjoying all four.
It’s one of the biggest hassles associated with vehicle maintenance: actually getting the car to the dealership. Ford seems to understand this, as many of their dealerships offer a complimentary Pickup & Delivery service. Instead of rearranging your entire day around an oil change or warranty repair, you can just schedule a service appointment at the dealership and have your vehicle picked up directly from your home or office.
A technician will pick up your car from your place, take it to the dealership for servicing, and bring it back once the work is done. If your local dealership is participating, it’s all done completely free of charge. (Although you still have to pay for the repair and parts costs, of course.) The program covers both warranty work and customer-pay repairs. As long as your car’s drivable and hasn’t been involved in an accident, you can take advantage of Pickup & Delivery.
Alongside the Pickup & Delivery perk, Ford’s complimentary Mobile Service program makes dealership maintenance even easier. Rather than having to drive to the service center (or have the Ford dealership come pick up the car and bring it back), Ford Mobile Service will send a dealership technician straight to your home or work. The tech will then handle the on-site maintenance tasks.
The service itself is totally complimentary for Ford owners through participating dealerships. (As mentioned above, you still have to pay for the actual maintenance task itself.) The list of services available through Ford Mobile Service is a lot more extensive than you might expect, as well. They can do oil and filter changes, brake services, battery replacements, tire rotations, wiper replacements, fluid checks, filter replacements, lamp and bulb service, software updates, accessory installations, and diagnostic scanning, all right there in your driveway or parking spot.
Another nice perk of owning a Ford: The “Phone As A Key” feature in the FordPass app. This perk lets owners of select Ford vehicles use their smartphone in place of a traditional key fob. Once you’re paired with your vehicle, you can lock and unlock the doors, start the engine, and control several other functions directly through the app. You can also roll windows up or down, honk the horn, and open the trunk, no separate physical key required.
It’s all done via Bluetooth Low Energy, which means it’ll work within a range of roughly 30 to 50 meters. Passive entry functions specifically will only work within about two meters. (That’s nothing out of the ordinary for other keyless entry systems you might’ve used before.) All in all, Ford lets you pair up to four Phone As A Key setups per vehicle. As long as you have iOS 16 or later or Android 8.0 or later, you can store your car keys on an iPhone or Android.
If you own a Ford, you might not realize you’re sitting on a heap of rewards points. Ford owners receive tens of thousands of points for getting the car in the first place, then add to that grand total with maintenance visits, accessory purchases, and other Ford transactions. More specifically, it’s 31,000 points for gas, diesel, or hybrid vehicle purchases or leases, or 22,000 for an EV purchase.
For many drivers, those many points can cover your first few oil changes. Depending on your driving habits and service intervals, that could be the first year and a half to two years of ownership. (This writer was personally able to stretch it to two years.) Of course, you don’t have to spend them on that. Points can also be redeemed for accessories and connected services like Ford BlueCruise. It’s not unlike airline rewards systems, in a way: It pays you to stay within Ford’s broader service ecosystem.
Boston-based robotics startup Automated Tire this week unveiled an AI-powered robotic tire-changing platform called SmartBay that can not only change tires, but also do associated tasks, such as wheel balancing and vehicle inspections. The robot uses computer vision and machine learning to perform the tasks and does not need any…
Read Entire Article
Source link
EA has released two new The Sims 4 kits inspired by the hit Netflix romance series Bridgerton.
The Masquerade Ball Bundle is available May 14 across all platforms and features two kits: the Lady Bridgerton’s Masquerade Ball Fashion Kit and Lady Bridgerton’s Masquerade Ballroom Kit.
Three exclusive items will be available as part of the bundle and are themed after specific Bridgerton characters, such as The Bridgerton House Gazebo from the iconic Benedict and Sophie’s encounter, Francesca’s Bridgerton House Piano, and a Bundle of Joy Bassinet for Penelope and Colin’s baby.
“With the Masquerade Ball Fashion Kit, one may don suave tailcoats, dazzling gowns, and accessories worthy of the season’s most talked about affair: from Sophie’s Lady in Silver dress, paired with shoes and mask, to Benedict’s effortlessly styled look that is sure to invite intrigue,” EA said.
“Adorn oneself further with Lady Bridgerton’s opulent mask and tiara, or command the room in Queen Charlotte’s striking Celestial Wig and gown. These ensembles are plucked straight from the grandest ballrooms of the ton themselves.”
Meanwhile, the Masquerade Ballroom Kit offers new build items to recreate the Bridgerton household, such as crystal chandeliers, opulent florals, a dance floor, wallpaper, and more.
The Lady Bridgerton’s Masquerade Ball Bundle, which includes both kits, will be available May 14 through August 14 for $9.99 as a limited-time offer. Both kits can also be bought individually at $6.99 each.
Alongside the bundle release, from now through July 7, a free masquerade multi-week login event will allow players to claim over 22 items including a new trait.
The event officially kicked off on May 12, so the first batch of rewards is available right now. Week 2 begins on May 19, followed by week 3 on May 26, and week 4 on June 2.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
The best gaming consoles
Weekend Open Thread: Marianne Dress
Coffee Break: Travel Steam Iron
What to Know Before Buying a Curling Wand or Curling Iron
What to expect when you’re expecting a budget
Auto Enthusiast Carves Functional Two-Stroke Engine from Solid Metal
Politics Home Article | Starmer Enters The Danger Zone
Ignore market noise, India’s long-term story intact, say D-Street bulls Ramesh Damani and Sunil Singhania
GM Agrees To Pay $12.75 Million To Settle California Lawsuit Over Misuse Of Customers’ Driving Data
CZ says US crypto rivals tried to block Trump pardon
PROS explodes 48% as Upbit and Bithumb listings ignite demand
GM agrees to $12.75M California settlement over sale of drivers’ data
YNW Melly Denied Bond Again Ahead Of Double Murder Retrial
Kraken Parent Seeks OCC Charter, Signaling Regulated Banking Access
Bitcoin Suisse expands with Digital Asset License and Investment Business Act Registration Approval in Bermuda
Why Nathan Mackinnon Remains the Hart Trophy Favourite over Connor McDavid and Nikita Kucherov | NHL
Bethenny Frankel Says She Loves ‘Torturing’ Men
After Waka Waka, Shakira now drops first teaser for FIFA WC 2026 song | FIFA World Cup 2022
Solana UFO Meme Coins Surge After Pentagon Reveals Alien Files
Pakistan to enter Chinese capital market as war inflation bites
Young and the Restless Next Week: Cane & Matt Both Arrested in Shocker!
![No Money [ DJ BEN RMX ]](https://wordupnews.com/wp-content/uploads/2026/02/1770218101_maxresdefault-80x80.jpg)
You must be logged in to post a comment Login