Experts from Accenture discuss Generating Impact, the organisation’s latest AI research report.

For many organisations in the process of implementing and using artificial intelligence (AI), despite best efforts there is often a gap between the adoption of advanced technologies and their overall impact within a company. 

Recently, Irish technology consulting company Accenture released the Generating Impact: Turning frontier AI capabilities into frontline productivity and growth in Ireland report. The research explored how AI is still, in a sense, in its infancy when it comes to workplace proliferation and the transformation of the working environment. 

In gathering the data for its report, Accenture surveyed more than 2,000 UK- and Ireland-based employees between February and March of this year, as well as 510 business executives from mid-market and large enterprises during the same period. 

The report gauges where Ireland stands currently, the factors holding back organisations and the steps companies will need to take to bridge the growing divide between AI potential and performance. 

At a recent AI Futures Forum event, Liam Connolly, the managing director for AI and data at Accenture in Ireland, said: “18 months ago, 40pc of all working hours in Ireland could be augmented by AI. 

“Today, that number is 82pc. The challenge that organisations are seeing is they’re not seeing the impact. Only one in 10 organisations have embedded AI into their core operations and are actually seeing real value.”

He added: “The research is basically built all around the gap between adoption and impact, and we cover that across several dimensions. One is strategy, two is work itself, three is the workforce, four is digital core, and then finally then it’s all about safety and security.”

Transformative skills

Accenture’s research found that AI has begun to reshape the skills being prioritised in the modern working landscape. Namely, evidence suggests that the demand for routine, structured cognitive skills is on the decline, while AI-related skills are among the fastest growing in terms of what is sought after.  

Other skills considered to be of value were firmly rooted in people-centric capabilities, such as skill in people management, judgement, compliance, quality assurance, control and domain-specific process execution. 

Commenting on the skills that are becoming vital to the proper implementation and adoption of AI, Aisling Campbell, a human resources lead for Accenture in Ireland, said: “The skills that are really important today to stay on top of the technological transformation of the workplace are, first of all, knowing the technology and having the skills to use that technology and to use it with confidence as well. 

“But also what I think is very important is the ability to learn and unlearn what we know as well, and being able to constantly evolve and adapt our learning and being able to stay ahead of what is coming, not just already here, but what is coming as well in technology developments.”

Campbell noted the importance of not treating AI as a standalone technology within an organisation’s business operations; rather, it should be viewed as critical that it is an accessible and understood resource throughout a company.

“In Accenture, AI is core to our business strategy. It doesn’t belong to one particular function. It’s not being done in a silo. It’s core to our business structure and our business strategy, and with that in mind, we are bringing our people on a journey to be the most AI-enabled workforce,” she said. 

“In many organisations, teams already exist of humans and agents, and as we go forward, it’s really important that we keep focused on inclusion, collaboration and what that looks like in this new world as well.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Threat actors targeting cryptocurrency wallets have been distributing clipboard-stealing malware with self-spreading capabilities and using the Tor network to conceal communication.

The campaign has been active since at least February and relies on LNK (shortcut) files on USB drives to push clipper malware that monitors clipboard contents and replaces cryptocurrency wallet addresses with ones controlled by the attacker.

Additionally, it monitors for seed phrases and private keys, and can capture screenshots that are exfiltrated over Tor.

Infection and worm propagation

Microsoft says that the infection process starts with the victim opening the LNK file, triggering the malware on the USB drive. Additional payloads are staged from a .ONION address.

A local scan searches for document files on the system. When such files are found, the malware hides the originals and replaces them with malicious shortcuts bearing the same names. This causes the malware to execute when users attempt to open the documents.

The worm creates a scheduled task that monitors for newly connected USB storage devices. When a removable drive is connected, the malware it copies itself to the device and creates additional malicious shortcut files.

Data stealer

The stealer component in the malware executes after checking that Task Manager is inactive, establishing communications with the command-and-control (C2) host using a Tor executable (ugate.exe).

Every half a second, the malware checks the clipboard for the following data:

• 12-word BIP39 seed phrases
• 24-word BIP39 seed phrases
• Ethereum private keys
• Bitcoin WIF keys
• Bitcoin legacy, P2SH, Bech32, and Taproot wallet addresses
• Tron wallet addresses
• Monero wallet addresses

The targeted addresses are chosen based on their starting digits or characters to partially resemble the attackers’ wallet addresses, to lower the chance of the user discovering the fraud at a quick glance.

Apart from monitoring the clipboard, the malware also captures five screenshots of the victim’s screen every ten seconds and sends them to the C2 using the curl tool.

According to Microsoft, there is also support for remote code execution, which can be triggered by a C2 EVAL instruction. Specifically, the malware downloads JavaScript content into a file named ‘cfile,’ and executes it on the infected machine.

The researchers say that the strongest indicators of an infection are behavioral rather than signature-based, and recommend monitoring for process activity on wscript.exe and cscript.exe, unexpected launches of curl, PowerShell, and cmd.exe, along with unusual child processes.

Also, connections to ‘localhost:9050’ and Tor proxy activity are red flags associated with this campaign.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Recently I placed an empty cardboard box in the center of my preschool classroom of 4-year-olds. No label. No instructions. No purpose given. A few years ago, that simple box would have instantly transformed into something magical — a castle, a race car, a pirate ship, a cozy home for tiny animals. Instead, my students stood around it, waiting. One finally asked, “What is it supposed to be?”

In that moment, I realized something deeper than a simple change in play had occurred. When a box is no longer a castle, it isn’t just imagination that is missing, it is wonder. And in a world filled with screens, schedules and endless stimulation, wonder no longer appears on its own. It must now be intentionally restored.

Children today are just as bright, curious and capable as ever. What has changed is the way they engage with the world. Many of my students now hesitate to begin open-ended play without direct instruction. They wait for something to be defined for them instead of defining it themselves.

I often see children repeating lines from television shows or mimicking characters from online videos instead of creating their own stories. The pause before pretend play is longer. The ideas come slower. The confidence to imagine feels weaker.

This is not a sign of laziness or lack of intelligence. It is simply a reflection of the environment they are growing up in, one that is fast paced, highly structured and heavily influenced by screens. When children spend more time consuming content than creating it, the part of the brain responsible for imagination gets less opportunity to grow. Like any skill, imagination weakens when it is not practiced regularly.

Ready-Made Creations

Technology is not the enemy. Screens can teach, connect, entertain and inform. Many children learn letters, numbers, languages and songs through digital tools. But when screens begin to replace play instead of supporting it, something essential begins to disappear.

Screens provide ready-made worlds: characters, voices, sounds, colors and stories are already created. There is nothing left for the child to imagine. They move from being creators to being viewers.

In the past, boredom often led to creativity. A child with “nothing to do” would invent something. A stick became a wand. A blanket became a cape. A cardboard box became a castle. Today, even a few seconds of boredom is quickly filled with a device.

The silence that once gave birth to imagination is replaced by noise, movement and constant stimulation. Over time, children become more comfortable being entertained than entertaining themselves. Wonder does not disappear; it simply falls asleep.

Why Wonder Matters

Imagination is not just child’s play. It is essential to development. When children pretend, they practice:

• communication and language

• emotional expression

• empathy and understanding

• planning and problem-solving

• cooperation and negotiation

• confidence and independence

Wonder teaches children how to think, not just what to think. In a world that demands creativity, adaptability and emotional intelligence, imagination is not optional. It is foundational.

Restoring Wonder — Together

The responsibility to protect imagination does not belong to teachers alone. Nor does it belong only to parents. It lives in the space between them.

Restoring wonder in children requires partnership. When home and school move with the same intention, magic begins to return. Children feel safe enough to imagine freely again. Imagination does not return because we demand it. It returns when the adults in a child’s life agree to protect the space for it together. Here are simple yet powerful ways families and educators can work together:

• Make space for unstructured play. Children need time with no agenda, no instructions, and no screen. Even thirty minutes a day can make a difference.

• Offer open-ended materials. Boxes, fabric, paper, paint, blocks, tape, water, and natural items invite imagination far more than expensive, pre-designed toys.

• Let boredom exist. When a child says “I’m bored,” it is not a problem to fix. It is an invitation to imagine. Instead of offering a screen, try asking: “What could you do?”

• Ask open-ended questions. Instead of correcting, wonder with them: “What is this becoming?” Who lives here?” “What happens next in your story?”

• Create screen-free moments. Choose a time each day when screens are put away. Protect it as imagination time.

• Communicate across home and school. A simple conversation with the teacher helps: “What is my child interested in lately?” “What do you see them creating in class?” “How can we support that at home?”

A Quiet Call Back to Wonder

The world is louder now. Faster. More digital than ever before. But a box is still a box. A child is still a child. And inside every child, a castle is still waiting to be built.

Wonder is not gone. It is waiting.

Waiting for silence. Waiting for time. Waiting for trust. Waiting for space.

Perhaps the real question is not what children have lost, but what we, as adults, are willing to return to them. And maybe the moment we choose to slow down, to listen, and to leave a box unlabeled, we will begin to see castles rising again.

Adobe is making one of its biggest bets yet on AI-powered creativity. The company has announced a major expansion of its creative agent across Firefly and Creative Cloud, introducing AI assistants capable of handling complex, multi-step workflows across applications, including Photoshop, Premiere Pro, Illustrator, InDesign, and Frame.io.

The move positions Adobe’s AI agent as a central layer connecting every stage of the creative process, from brainstorming and content generation to editing and final production. Rather than simply generating images or text, Adobe’s vision is to create an assistant that can understand a creator’s goal and execute a series of actions across multiple tools.

According to Adobe, creators will be able to describe what they want to achieve in natural language while the AI handles repetitive tasks behind the scenes. The company says the goal is to let creators spend less time on technical workflows and more time focusing on creative decisions.

Firefly gets smarter with new AI-powered creative tools

Adobe is also expanding the capabilities of Firefly, its AI-powered creative platform, with several new tools aimed at creators, marketers, and small businesses.

One of the biggest additions is AI-powered brand kit generation. Users can describe their brand style, colors, and identity, and Firefly will automatically generate logos, color palettes, and branding assets that can be reused across projects.

The platform can also create short product videos from static images, automatically edit clips into rough video cuts, generate storyboards from ideas, and even turn those storyboards into videos.

Adobe is also previewing a redesigned Firefly creative AI studio experience that combines content generation and editing within a single workspace. The new experience introduces “Elements” and “Projects,” allowing creators to save characters, locations, objects, and other assets for reuse across multiple projects while maintaining visual consistency.

The upgraded Firefly experience is currently available in private beta through a waitlist.

AI assistants are coming to Creative Cloud apps

Beyond Firefly, Adobe is embedding AI assistants directly into several Creative Cloud applications.

In Photoshop, users can request actions such as replacing backgrounds, resizing assets for different platforms, or organizing complex layer structures. Illustrator users can automate repetitive production tasks such as creating multiple design variations, reorganizing layers, and checking files for print issues.

Premiere Pro’s AI Assistant focuses on video workflows, helping editors organize footage, rename clips, identify interview segments, place markers, and even assemble rough cuts automatically.

InDesign users can apply branding updates across layouts, while Frame.io gains AI tools for managing creative assets, tracking feedback, and organizing project revisions.

Adobe says the expansion reflects how creators are increasingly embracing AI in their workflows. According to the company’s latest creator survey, 75 percent of creators now consider AI an important or essential part of their work. However, 85 percent also believe the final creative decisions should remain in human hands.

That philosophy appears central to Adobe’s strategy. Rather than replacing creators, the company wants its AI agents to function as creative collaborators that handle the busy work while leaving artistic judgment to the people behind the projects.

The Gentlemen ransomware-as-a-service (RaaS) is actively developing and maintaining a suite of endpoint detection and response (EDR) killers to help affiliates evade detection in attacks.

The gang employs a collection of EDR-killing tools, most notably a utility that researchers dubbed GentleKiller. The tool has at least eight variants and impersonates various legitimate security products, including Kaspersky, Valorant, Javelin, and WatchDog.

The gang is using a suite of EDR killers, the most frequently used being a custom tool that researchers named GentleKiller, which has at least eight variants impersonating various legitimate products.

An EDR killer is typically used to disable defenses in the early phases of an attack, and in ransomware incidents, they ensure that data theft or encryption processes run unencumbered.

These tools work by leveraging the ‘bring your own vulnerable driver’ (BYOVD) technique to elevate privileges and disable security engines.

According to ESET researchers, each GentleKiller variant uses different vulnerable drivers to achieve kernel-level privileges. However, they all share common strings, identical code obfuscation techniques, and similar process-killing logic and targeting scope.

The analysis of the variants indicates that the framework is designed to allow easy driver swaps or weaponization of newly disclosed flaws without requiring major code changes.

ESET states that GentleKiller targets more than 400 processes associated with approximately 48 security vendors/products, such as Microsoft, CrowdStrike, SentinelOne, Palo Alto, Sophos, Trend Micro, ESET, Bitdefender, McAfee/Trellix, and Kaspersky.

The binaries for the EDR killer tool are protected by the commercial Enigma and Themida packing and code-protection tools. ESET notes that the threat actor also uses stolen digital signatures from legitimate software, although they are invalid.

Although GentleKiller is a standardized tool used in Gentlemen ransomware attacks, ESET reports that the threat group’s collection of EDR killers also incorporates at least three external tools:

• HexKiller, previously used by the Warlock gang
• ThrottleBlood, linked to MesudaLocker and DragonForce attacks
• HavocKiller, also seen in ransomware operations

Gentleman RaaS may have added them for redundancy, attribution complexity, or for use in specific cases where the effectiveness of GentleKiller might be limited.

Additionally, ESET documented the use of OxideHarvest, a Rust-based credential-stealer tool that the researchers believe, based on the programming language choice, was developed externally.

The researchers’ analysis indicates that Gentlemen ransomware picks targets based on the configuration of their FortiGate endpoints. This is particularly interesting given the recent discovery of “FortiBleed,” a collection of nearly 74,000 FortiGate VPN credentials.

The Gentlemen RaaS previously compromised the Romanian energy provider Oltenia and has been linked to a SystemBC proxy malware botnet with over 1,570 hosts, believed to be corporate victims.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Long trips into the backcountry or extended stays at a campsite often hit the same wall once phones, laptops, and cameras start running low. Most standard power banks simply run out of capacity or lack the wattage to charge current electronics at a reasonable rate. Jackery designed the Explorer 240D, priced at $129 (was $179), to tackle just those scenarios, with a focus on real-world portability and convenience.

The unit has an impressive 256 watt-hours of energy stored within it, but it weighs only 4.85 pounds. That means it has the power of several ordinary power banks combined, all wrapped up in a compact body that fits easily into a backpack or the side of a vehicle. One of the reasons it’s so svelte is that it lacks a traditional AC inverter, so it’s lighter and smaller than comparable models with wall outlets.

Sale

Jackery Explorer 240D Power Bank, 80,000mAh LiFePO4 Battery Portable Power Station, 200W DC Output,1-Hour…

• 𝐌𝐢𝐠𝐡𝐭𝐲 𝐏𝐨𝐰𝐞𝐫 𝐢𝐧 𝐎𝐧𝐞. The Jackery Explorer 240D portable power station packs 256Wh of energy…
• 𝐌𝐮𝐥𝐭𝐢-𝐮𝐬𝐞 𝐒𝐭𝐫𝐚𝐩 & 𝐔𝐒𝐁-𝐂 𝐂𝐚𝐛𝐥𝐞. The Explorer 240D Power Bank Station includes a…
• 𝐔𝐥𝐭𝐫𝐚-𝐥𝐢𝐠𝐡𝐭𝐰𝐞𝐢𝐠𝐡𝐭 & 𝐏𝐨𝐫𝐭𝐚𝐛𝐥𝐞. Engineered for ultimate portability, the…

A thick braided USB-C cable links directly to the unit while also serving as a high-power charging line and carrying handle. This means that users can take the unit by the cable and sling it over their shoulder, or clutch it while moving between the tent and the picnic table, eliminating the need to hunt around in the backpack for the proper cord at the wrong time. At 140 watts, the connection can sustain fairly demanding devices such as laptops without ever being a limiting issue.

Three USB-C ports and one USB-A port are lined up on the front panel, and they can deliver a total of 200 watts of electricity at once. That means a laptop can charge swiftly from one port while phones and tablets continue to charge without noticeably slowing down. There’s a little front display that shows you how much power you have left and how long it will last, allowing you to plan the rest of your day.

Recharging the unit is rather flexible, providing a wide range of scenarios that you may encounter on the road or trail. Dual-input AC charging can charge it from empty to 80 percent in roughly an hour, with the extra benefit of being able to charge gadgets at the same time using the pass-through feature, but if you’ll be off-grid for an extended period of time, you can also utilize solar input to recharge the unit’s battery. If you’re on the go, vehicle charging makes it simple to recharge between destinations, or you may connect it to another power source via USB-C.

If you intend to use it for camping, the 240D is an excellent choice because it can easily recharge a laptop many times, keep your phone and tablet charged for days on end, power your camera or drone during a shoot, and even support a Starlink Mini for extra connectivity. It’s all thanks to the LiFePO4 battery inside, which can withstand high temperature swings, which is useful because the device is frequently left lying in a tent overnight or riding around in a truck bed during shoulder seasons. Combine that with some solid safety measures and a lengthy cycle life, and you should expect the battery to last for years of frequent usage.

Most singles looking for love aren’t interested in building a romantic connection with an AI chatbot. 

A new study from Match Group, the dating company behind popular dating apps like Tinder and Hinge, found that nearly half (47%) of the roughly 1,000 people ages 18-39 it surveyed “view AI in romantic contexts negatively.” And it’s a hard pass for most singles if you’re interested in AI companion apps, like Kindroid and Replika. Two in five singles aged 18 to 39 refuse to date someone who uses these apps, including over half (51%) of women aged 18 to 24, according to Match Group’s findings.

Finding love with AI can be tricky, whether you’re using AI to keep you from saying the wrong thing to a new connection, spruce up your dating profile or act as your soulmate to help you practice for the big moment (which we don’t advise, more on which below).

Despite all the ways you can use AI on the dating scene, singles have some serious concerns. Most singles in the survey said they use AI for everyday productivity tasks, but when it comes to dating, the bots can’t tag along for the ride. Most want purely human connections. 

Most singles don’t want someone interested in an AI companion

AI is creeping into personal relationships more than in the past. Imagine going to ChatGPT to decide who is right in an argument with your spouse. Or even dating a bot. It’s not far-fetched when there are AI apps that resemble personal relationships. Some even have avatars. 

The Match Group survey found that dating an AI bot is a no-go for singles — 4 to 1 opposed. The survey found that only 12% of singles have tried companion apps in the past three months — mainly to try something new, not as a substitute for finding love. Most used them for boredom and entertainment (45%), and roleplay and simulation (43%). Fewer used AI to build a genuine connection (38%) or process emotions (26%). 

Instead of relying on bots, singles are getting advice from friends and family (60% respectively), whereas only 20% are using AI. That’s not surprising, considering a study published in March in the journal Science found AI is more likely to agree with you and less likely to help with things like repairing relationships. The study shows you may depend on AI more instead. 

Michael Salas, a relationship therapist, agrees that seeking advice from family and friends rather than AI is a better move. Salas tested using AI on a complicated situation he was having with a friend, and the bot’s response may surprise you. 

“It told me this friend clearly didn’t care about me. Verbatim, it told me this,” says Salas. “This wasn’t something I was even questioning, and I know it was wrong. When I told it that, it immediately course-corrected, told me I was right, and shifted to a new framework. That’s not wisdom.” 

Salas advises being careful when using AI in dating. “I think you really have to be careful because it will take liberties and give advice that is incorrect or unwarranted. Save that for actual people who know you. Ask them instead.” Instead, Salas recommends using AI for editing and generating ideas, like ways to show someone you care — not as a substitute for humans. 

Using AI for dating has limitations

Match found that most (74%) singles ages 18 to 39 use AI tools, such as ChatGPT, regularly. And 69% use AI for productivity tasks like summaries, problem solving and writing content. Most find their use of AI positive across several use cases. But not when it comes to finding love. 

There are some exceptions. Over half (64%) can see AI helping them find love, like helping keep a conversation going and building a stronger profile (27%), starting a conversation (26%) and planning a date (27%). Some AI features already lean toward those preferences, like Tinder’s AI-powered matching to get connection suggestions based on your interests and camera roll (if you allow it). And there are date-planning apps, like the Date Idea Generator and My Spicy Vanilla. And Hinge debuted Convo Starters to ease the pressure of sending the first message. 

It all still boils down to how comfortable singles feel about using AI to help with matchmaking. Based on Match Group’s survey findings, the percentage using AI assistance remains below half across many use cases, making it clear that most people don’t want bots meddling in their love lives. 

It’ll be interesting to see how Match Group alters or creates AI features for its dating apps in the future based on these findings and how singles respond. Match Group didn’t immediately respond to a request for further comment. 

Security researchers have published a new unpatchable SecureROM exploit for Apple’s A12 and A13 chips, extending public BootROM exploitation beyond the devices affected by checkm8.

Security firm Paradigm Shift disclosed the unpatched exploit, called usbliter8, on June 18. It achieves code execution through a flaw in Apple’s USB boot process.

The vulnerability affects devices powered by Apple’s A12 and A13 chips, including the iPhone XS, iPhone XS Max, iPhone XR, and iPhone 11 lineup. Several iPad models and Apple Watch devices powered by S4 and S5 chips are affected as well.

• 11-inch iPad Pro (1st generation)
• 11-inch iPad Pro (2nd generation)
• 12.9-inch iPad Pro (3rd generation)
• 12.9-inch iPad Pro (4th generation)
• Apple Watch SE (1st generation)
• Apple Watch Series 4
• Apple Watch Series 5
• iPad (9th generation)
• iPad (8th generation)
• iPad Air (3rd generation)
• iPad mini (5th generation)
• iPhone 11
• iPhone 11 Pro
• iPhone 11 Pro Max
• iPhone SE (2nd generation)
• iPhone XR
• iPhone XS
• iPhone XS Max

While the issue focused on devices like iPhones, iPads, and Apple Watches with DFU mode the Studio Display, HomePod mini, and second-generation Apple TV 4K are technically also using these vulnerable chipsets. There’s also mention that A12X and A12Z could have technical support for this issue, but isn’t implemented, so those 2018 and 2019 iPad Pro models could also be included here.

Usbliter8 combines a hardware flaw in a USB controller with the way security protections are configured on affected devices. The attack works through Device Firmware Update mode, better known as DFU mode.

Successful exploitation gives researchers control before iOS even starts loading. The exploit also enables boot-chain compromise and custom USB request handling.

The exploit can boot modified iPhone software that wouldn’t normally be allowed to run. Paradigm Shift’s reporting is serious because the vulnerability exists in SecureROM, the first code that runs when an iPhone starts up.

SecureROM verifies Apple’s software before the rest of the operating system loads and serves as the foundation of the device’s security model. Apple can patch flaws in iOS, iPadOS, and watchOS through software updates.

A proper Setup transaction consists of two packets sent by the host. Image credit: Paradigm Shift

The code is built into the chip itself and can’t be replaced after manufacturing. Affected devices will remain vulnerable unless users replace them with newer hardware.

Usbliter8 doesn’t affect A14 chips or newer generations because later versions of SecureROM appear to configure hardware protections differently. A11-based devices also avoided the vulnerability because their USB driver resets memory addresses in a way that prevents the attack.

Why the exploit matters

Apple’s security architecture checks each stage of the startup process before handing control to the next one. A successful SecureROM exploit can bypass some of those checks and gain access at the earliest stage of device startup.

SecureROM code can’t be updated after manufacturing, so access gained through usbliter8 can survive software updates, device restores, and firmware revisions. Persistent access at the SecureROM level separates usbliter8 from a typical software vulnerability.

The exploit doesn’t give attackers unrestricted access to user data. Apple’s Secure Enclave Processor remains separate from the vulnerability and provides an additional security boundary.

The correct register values overwrite the ones the researchers corrupted. Image credit: Paradigm Shift

Usbliter8 doesn’t directly compromise the Secure Enclave. The exploit could still expand the range of attacks available against other parts of Apple’s platform.

The exploit also faces practical limitations. Researchers must have physical access to a device and use USB connectivity and DFU mode to carry out the attack.

A new chapter after checkm8

The disclosure draws comparisons to checkm8, the SecureROM exploit that affected Apple devices powered by A5 through A11 chips. Checkm8 became one of the most influential iPhone exploits because it targeted immutable BootROM code and can’t be patched through software updates.

Like checkm8, usbliter8 targets the earliest stages of Apple’s boot process. The exploit also can’t be fully fixed through software updates.

Apple hasn’t faced a public BootROM exploit affecting A12 and A13 devices since checkm8 targeted earlier hardware generations. Usbliter8 changes that with a working exploit for both chip families.

Much of the technical paper focuses on techniques used to bypass security protections on newer Apple hardware. Those efforts ultimately led to successful code execution on supported devices.

Public SecureROM exploits affecting A12 and A13 devices have been rare, making usbliter8 a notable addition to Apple’s security history.

Paradigm Shift disclosed the findings to Apple Product Security before publication and coordinated the release with Apple. Apple hadn’t publicly commented on the research at the time of publication.

How to stay safe

The practical risk from usbliter8 remains limited because the exploit requires physical access to a device and the use of DFU mode over USB. Most users are unlikely to encounter that threat model during normal use.

Installing security updates, using a strong passcode, and avoiding unattended devices won’t patch the SecureROM vulnerability. The measures can still make it harder for an attacker to gain the physical access required to exploit usbliter8.

Users concerned about long-term exposure can reduce their risk by upgrading to hardware powered by Apple’s A14 chip or newer. The exploit described in the research does not affect those devices.

Some of the SpaceX investors on Kahlon’s ledger are easy to identify: the Indian politician Abhishek Singhvi; Betsy DeVos, the former US secretary of education; a British Virgin Islands company owned by Indonesian billionaires. But others on the list are shell companies whose ultimate owners remain hidden.

One such company is a Delaware LLC called HAL9001 Partners Fund I, which invested roughly $10 million in a SpaceX fund in 2020. The incorporation documents for HAL9001 were signed by the venture capitalist Roman Sobachevskiy. The Treasury Department recently fined a company that was co-owned by Sobachevskiy hundreds of millions of dollars for managing a different investment on behalf of a sanctioned Russian oligarch. Sobachevskiy has not been personally accused of wrongdoing.

A Tomales Bay Capital spokesperson said that the oligarch “had no involvement with the investment.” Sobachevskiy did not respond to questions, including who put up the money for the SpaceX investment.

The records also shed some light on the connections between SpaceX and Qatar. Funds affiliated with Bracket Capital—an investment firm with offices in Los Angeles, London, and Qatar—invested about $48 million through a series of deals from 2017 through 2020, the documents show. Bracket has money from the Qatari royal family, according to an email that Kahlon sent to SpaceX’s CFO. The ledger also lists Doha, Qatar, as the address for a mysterious entity called AM FIG Cayman Limited, which invested around $10 million in 2020.

The documents do not specify whether the Bracket investments were made on behalf of the royal family or some other client. In 2021, as Kahlon was soliciting backers for yet another SpaceX deal, he texted a Bracket employee: “At the end we can just send Yalda to talk to big guy. We need a bail out lol.” (Yalda Aoukar is Bracket’s co-founder. It’s unclear whether the “big guy” refers to a member of the royal family and what Kahlon meant by “a bail out.”)

Bracket did not respond to requests for comment.

The investments covered in the ledger were tiny percentages of SpaceX but would have generated windfalls. The company’s valuation has exploded in recent years, from $33.3 billion in 2019 to $2.7 trillion as of Wednesday morning.

Last year, ProPublica reported on SpaceX’s unusual approach to accepting money from Chinese investors. According to testimony from the Delaware case, the company allowed Chinese investors to buy stakes in SpaceX so long as the money was routed through the Cayman Islands or other offshore secrecy hubs.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

Security firm Sentinel One has a deeper dive into CVE-2025-20701 here.

Heinze and Steinmetz said last year that the full chain of attacks gave attackers the ability to do other malicious things, including retrieving call history and contacts, and even calling arbitrary numbers. Many of those capabilities are dependent on the specific devices being paired, since the functionality built into them differs from platform to platform.

Devices affected by the Airoha vulnerabilities are by no means alone. In January, researchers disclosed WhisperPair, a series of vulnerabilities that allows an attacker to hijack Bluetooth devices connected through Google Fast Pair, a proprietary protocol belonging to the company. Besides eavesdropping, attackers can exploit the WhisperPair flaws to geolocate devices. The vulnerabilities affect more than a dozen devices from 10 manufacturers, including Sony, Nothing, JBL, OnePlus, and Google itself.

There are few, if any, reports of Bluetooth vulnerabilities like these being actively exploited in the wild. The complexity of such attacks is often high, and an attacker has to continually stay within Bluetooth range of a target while utilizing the exploit. People who think they may be targeted by such attacks should turn off Bluetooth in devices whenever they’re not needed, and remain aware of the risks when Bluetooth is enabled.