A few months after its initial launch, Amazon has recently unveiled the Kindle Scribe Colorsoft in a brand new fetching Fig shade that’s proved especially popular.
In fact, the Fig-colour Kindle Scribe Colorsoft is so popular that it’s becoming increasingly difficult to get our hands on the e-reader, with shipping delays stretching well beyond the typical delivery windows we’d expect from Amazon.
At the time of writing, new orders for the Fig iteration in the US are expected to arrive anywhere between mid-April to mid-May. However, you can get your hands on the standard Graphite finish which is currently still in stock within the US. This suggests that the issue really only affects the newer colour option, rather than the entire product line.
Such differences in availability often point to supply constraints or production adjustments, particularly when a new finish launches after the initial release and demand shifts toward the latest variant.
Advertisement
Kindle Scribe Colorsoft in Fig. Image Credit (Amazon)
Advertisement
It’s worth noting that at the time of writing, neither the Fig nor Graphite Kindle Scribe Colorsoft has officially launched in the UK. In addition, neither iterations are even available to pre-order, as the product page just states the e-reader is “coming soon”. Instead, you can opt into receiving an email to get notified on when the product will be available to buy.
Delays highlight uneven availability
The Kindle Scribe Colorsoft was initially only available in a Graphite option until Amazon recently introduced the new Fig finish, which seemingly appears to have drawn a considerably higher demand than anticipated. Either that, or the Fig shade has encountered production challenges soon after release.
However, delays tied to a specific colour variant are not uncommon, as sometimes manufacturing complexity or material sourcing can affect certain finishes differently than standard models.
In addition, the extended wait times also suggest that supply has not yet caught up with demand, especially as colour e-paper devices remain a relatively new category with more limited production scale compared to traditional e-readers.
Advertisement
Essentially, customers are left choosing between faster delivery by opting for the Graphite version, or waiting considerably longer to nab the Fig iteration instead.
Advertisement
This situation leaves buyers choosing between faster delivery with the Graphite version or waiting longer to secure the Fig model.
Same hardware, different buying experience
Following on from the above, it’s worth noting that both versions of the Kindle Scribe Colorsoft share the same core hardware, including an 11-inch colour e-paper display based on Kaleido 3 technology, which combines standard black-and-white clarity with lower-resolution colour output.
The device also integrates a redesigned front-light system and a textured display surface that improves writing feel, placing it closer to digital notebooks than traditional e-readers focused only on reading.
Advertisement
Storage options and connectivity remain consistent across variants, with support for Wi-Fi, Bluetooth audio, and bundled stylus input, which reinforces that the delay relates to availability rather than product capability.
Amazon has not provided a detailed explanation for the extended shipping times on the Fig model, but current delivery estimates suggest that availability may stabilise later in the Spring.
Advertisement
If you are exploring other options, our Best Kindle 2026 roundup highlights the top-performing e-readers available today.
Whether you’re an experienced vinyl collector or just getting started on your journey, we recommend the Audio-Technica AT-LP120XUSB. This excellent record player comes with great connectivity and a built-in phono preamp, and it has the backing of one of the biggest players in home and professional audio. You can currently pick up the LP120XUSB for just $398 on Amazon, a $51 markdown from the usual price.
Courtesy of Audio Technica
The AT-LP120XUSB features basically everything you could want from a modern, upgraded turntable. The built-in phono preamp lets you easily swap the turntable from your headphones to your speakers without any extra steps or hardware, or you can disable it if you’d prefer to use an existing dedicated preamp. The direct-drive motor should be longer lasting and more consistent than belt-driven options, while handling 33⅓-, 45-, and 78-rpm vinyl.
It also features adjustable dynamic anti-skate control, an S-shaped tonearm for better balance, and quartz speed lock for perfect playback. If you don’t like the components, Audio-Technica turntables are impressively modular, so you can swap out parts and tweak to get everything dialed in for your favorite album. The included cartridge is a Dual-Magnet AT-VM95E, a great starting point for any listener, with the option to upgrade to any of the other VM95 series cartridges.
One feature that you aren’t likely to find on every turntable is a USB connection. While it might seem odd at first, this important plug lets you pipe the audio from your favorite records to your computer, letting you back them up for archival purposes, or taking that special live album that isn’t on streaming services with you to work. Of course it has traditional RCA jacks as well for hooking it up to the rest of your home audio system, if you already have a set of bookshelf speakers or a high-end headset you prefer.
Blake Resnick, founder and CEO of Brinc Drones, with the company’s new Guardian public safety drone in Seattle. (GeekWire Photo / Kurt Schlosser)
Brinc Drones founder and CEO Blake Resnick has a big vision for what the company’s largest-ever drone can accomplish.
“To replace the police helicopter,” Resnick said with a smile when asked about his goal for the device. “And to build the most capable 911 response drone ever.”
The Seattle-based maker of first-responder drones for police, fire and other emergency services unveiled its new Guardian drone during a celebration at its also newly revealed headquarters and factory in the Queen Anne neighborhood on Tuesday.
“Getting this out is a big deal for me,” Resnick said. “I’ve wanted to build this product for the better part of a decade, it’s just taken a while to build up the organizational capacity to really do that. It feels great to finally be here.”
Guardian is the world’s first Starlink-connected drone. An integrated panel on top of the device gives the drone unlimited range anywhere in the world, maintaining a reliable data link when traditional cellular or terrestrial infrastructure is unavailable.
Advertisement
The drone can also be paired with Guardian Station, a robotic charging nest that automatically swaps batteries and helps the drone quickly redeploy to a new mission without having to wait for any charging downtime.
Other features and highlights include:
Flight time: 62 minutes.
Range: Up to eight miles, versus three miles for current systems.
Top speed: 60 mph.
Cameras: Two 4K cameras with 640x optical zoom; two 1280-resolution HD thermal cameras with 64x total zoom (largely lossless).
Autonomy: Integrates with computer-aided dispatch; can auto-launch on 911 call with GPS coordinate.
Guardian’s imaging capabilities are designed to provide crystal-clear visuals day or night. The drone also features a built-in laser rangefinder, a speaker that’s three times louder than a police siren, and a ballistic parachute with its own technology for independent deployment in an emergency.
The same robotic system that is used to swap batteries can be used to load different payloads onto Guardian, such as a defibrillator for a heart attack victim, a flotation device for someone who is drowning, or emergency medication such as Narcan for an overdose victim.
A closer look at the camera technology on the Guardian from Brinc Drones. (Brinc Drones Photo)
Guardian measures 75 inches wide when fully unfolded and weighs 38.6 pounds, with a max takeoff weight of 48.6 pounds.
Guardian has about 900 current customers, most of which are in the U.S. Resnick points to a huge market ahead of 20,000 police departments, 30,000 fire departments, and 80,000 police and fire stations. If half of those buildings have $100,000 response drones and recharging pods on the roof, he thinks Brinc will be very successful.
Advertisement
A new police helicopter can cost upwards of $4 million. Add in thousands of dollars per flight hour, engine maintenance, fuel costs, etc., and Resnick is bullish about Guardian’s potential to be called on to chase a stolen car or zoom in on a burning building.
“When you compare the cost, we’re in a different universe,” he said.
A massive heat wave has broken heat records in 14 states, including Arizona and California, reaching up to 112 degrees Fahrenheit in some areas. Now it’s creeping eastward, according to the National Weather Service.
The heat wave is continuing its journey through the Midwestern United States and is projected to affect anywhere from one-quarter to one-third of the 48 mainland states, National Weather Service meteorologist Gregg Gallina told The Associated Press. The highest temperatures recorded today are in Arizona, New Mexico and Texas — what the National Weather Service refers to as the Southern Rockies region. But the hot air is on the move.
The reason these high temperatures persist is the “heat dome” phenomenon, in which high pressure prevents hot air from rising, trapping it in a bubble above a region. As the dome of pressure moves, so too does the hot air — and right now, it’s barreling east.
Advertisement
The states that will be smothered by the heat dome in the coming days include those in the Southern and Central Plains regions. This means residents of Texas, Colorado, Oklahoma, Kansas and Nebraska can expect to sweat as the heat blankets them on its eastbound journey.
What the heat dome means for climate change and our health
According to Climate Central, the US has experienced rising blackout rates over the past 20 years, largely due to weather-related issues and an aging electrical grid.
As of August 2025, the US Environmental Protection Agency states that heat is the leading weather-related cause of death in the US. The World Health Organization reports that between 2000 and 2019, about 489,000 heat-related deaths occurred each year.
Fortunately, humidity levels are not as high during a summer heat wave. As humidity can contribute to dehydration, body strain and breathing difficulties, lower humidity makes this heat dome somewhat less dangerous for workers in affected areas.
Advertisement
The World Weather Attribution, an initiative formed by international climate change researchers and climate scientists, determined that the heat dome would be “virtually impossible without human-induced climate change.”
In a world where weather events like these cease to be impossibilities, you’ll want to prepare for future heat waves properly. Here’s how to stay safe during the heat dome.
It might be too late to install a heat pump for this current heat dome weather event, but this energy-efficient HVAC addition can save you a pretty penny and make your home more comfortable during future heat waves.
Advertisement
Joe Giddens/PA Images/Getty Images
How to prepare for the heat dome before it hits your state
There’s nothing you can do to beat the heat outside, aside from following heat safety best practices. You’ll just need to stay hydrated, wear breathable, light-colored clothing and wait out the potentially dangerous heat dome, which is expected to dissipate by the end of next week when April begins. But you can do things to batten down the hatches before the sweltering heat reaches your home.
Even if you don’t have much prep time, a couple of small items can make your home safer (and far more comfortable). Cooling towels, portable fans and countertop ice makers are must-haves during a heat wave, especially if you aren’t looking to crank the thermostat down and spend a pretty penny.
Heat waves are also extremely costly due to the sheer amount of energy used — it’s expensive to stay cool. Depending on your living situation, though, you might want to invest in heat pump installation. These HVAC system additions are extremely energy efficient, which means you can keep more money in your pocket while beating the heat.
During the middle of the heat wave, when everyone has their AC running, there’s also the potential for an early brownout (a temporary drop in electrical voltage, causing lighting to dim) or even a blackout (a complete loss of power). It’s common to feel helpless during power outages, but you can get ahead of the curve by preparing a summer blackout kit with portable chargers and alternative light sources before the heat wave hits.
Advertisement
Even if the historic heat wave doesn’t hit your home, these tips will help you prepare as the summer season bears down on the US in a couple of months.
Epic Games, the gaming giant behind Fortnite, is laying off 82 employees at its Bellevue, Wash.-based office, according to a WARN notice filed with Washington state regulators.
Epic announced Tuesday that it is laying off 1,000 employees across the company, or about 20% of its workforce, citing reduced engagement with Fortnite.
“This layoff, together with over $500 million of identified cost savings in contracting, marketing, and closing some open roles puts us in a more stable place,” Epic Games CEO Tim Sweeney said in the announcement. He cited challenges including tougher cost economics, slowing console sales, and competition “against other increasingly-engaging forms of entertainment.” He noted that the layoffs are not related to AI.
Epic has 349 employees in the Seattle region, according to LinkedIn. The company opened an office in Bellevue more than a decade ago. It previously laid off 39 employees in 2023 at its Bellevue office.
“Market conditions today are the most extreme we’ve seen since those early days, with massive upheaval in the industry accompanied by massive opportunity for the companies that come out as winners on the other side,” Sweeney wrote in his announcement.
Several tech companies have cut staff in the Seattle area this year, including Amazon, Expedia, T-Mobile, Smartsheet, Atlassian, MicroVision, and others. Many corporations are slashing headcount to address pandemic-fueled corporate “bloat” while juggling economic uncertainty and impact from AI tools.
Over the years, the iPhone has evolved into the perfect everyday carry gadget. You could always make phone calls or text with it, but now you can record high-quality videos using its industry-leading camera system or play AAA titles like “Death Stranding” on the go. Despite the hardware continually improving, it’s the software that unlocks most of what the iPhone lets you do.
The App Store is home to almost two million apps, and it’s pretty easy to find a tool that does exactly what you’re looking for. Anything your iPhone can’t do out of the box, third-party app developers have likely already built a solution for it. That said, as time has passed, Apple’s own library of apps and services has grown.
The iPhone comes preloaded with essentials like Phone, Messages, Camera, and Clock — but it also has a handful of lesser-known apps tucked away on other pages. Some of them are mundane productivity-oriented offerings like Keynote, Pages, or Numbers — but we’re about to highlight five interesting apps by Apple you should try using on your iPhone.
Advertisement
Passwords
Adnan Ahmed/SlashGear
As our lives continue to move online, the number of credentials we create and manage also keeps on increasing. Using the same password across all your accounts is a terrible idea — but so is jotting them down on a piece of paper or an unencrypted notes app. There are several password managers out there, but if you primarily use Apple devices, you don’t need to chip in extra for a subscription to a third-party service anymore. The built-in Passwords app acts as a secure vault where you can store your login details.
Starting with iOS 18, any password you save will be automatically added to the Passwords app. It can also help you create stronger passwords. Saved credentials will then pop up when you try logging in to a website or app on your iPhone. You might need to enable Password AutoFill for this to work. To do so, navigate to Settings > General > AutoFill & Passwords, and flick the toggle on.
Advertisement
You will find all saved passwords within the app, which is guarded by Face ID or Touch ID on launch. The app also lets you manage Apple Passkeys, which offer a more secure and faster form of authentication. The Passwords app alerts you to any security concerns as well. For instance, there’s an orange exclamation icon for reused passwords and a red one for those that have appeared in password breaches.
Advertisement
Apple Games
Adnan Ahmed/SlashGear
Modern iPhones ship with some of the fastest mobile processors. The A19 Pro found in the iPhone 17 Pro family features a six-core CPU, 12GB of RAM, and a GPU powerful enough to run console-quality games. The previous few generations of flagship iPhones have also been advertised with gaming in mind. Popular AAA titles available for the iPhone include “Red Dead Redemption” and “Alien: Isolation,” but modern games like “Genshin Impact” are also a great measure of how capable the iPhone has become. Consequently, you may have noticed an Apple Games app on your device, which now comes preinstalled with iOS 26.
This is not to be confused with Apple Arcade, which is a paid subscription service that unlocks a catalog of games in the App Store. Instead, the Apple Games app acts more like a game launcher and curator — much like Steam on Windows computers. The “Library” tab displays all currently and previously installed games on your iPhone, with a quick shortcut to launch them. Tapping on a game will expand its page with additional information like recent updates, achievements, or ongoing in-game events.
The “Friends” tab lets you invite friends to play multiplayer titles like “Call of Duty: Mobile” together. You can also challenge your friends in supported games. If you have an Apple Arcade subscription, you can navigate to it faster using the Apple Games app. The “Home” tab lets you jump into recently played titles more quickly and lets you discover new games.
Advertisement
Journal
Adnan Ahmed/SlashGear
The Notes app on your iPhone does a really good job of letting you quickly jot down thoughts, make lists, or even create well-formatted documents on the go. It has good integration with Apple Intelligence’s Writing Tools, and you can even lock sensitive notes using Face ID or a passcode. While you could totally use it for journaling, Apple actually added a purpose-built solution for that. The Journal app comes preinstalled and offers a better interface for keeping a log of your memories.
You can create as many entries as you want and complement them with images, videos, audio snippets, and location details to add more context to your memories. The Journal app uses on-device machine learning to suggest content when you create new entries. This usually includes photos of a recent outing, which your iPhone recognizes as a notable event worth remembering. It can even suggest people you’ve hung out with.
We’ve covered the Journal app for iPhone in slightly more detail before, but it has since received a fresh coat of paint with the Liquid Glass design in iOS 26. You can also create separate journals for different aspects of your life. Once you’ve populated enough entries, the search function makes it easy to dig up old memories. All data within the Journal app is encrypted when your device is locked, but you can also add another layer of authentication to prevent those around you from peeping at your entries.
Advertisement
Apple Invites
Adnan Ahmed/SlashGear
Those who attend or throw a lot of parties know how the most chaotic part is planning and organizing the entire event. Sure, a curated text invitation containing details of the event and the location of the venue sent via iMessage often does the trick, but there’s got to be a more elegant way of doing it. That’s exactly what Apple Invites set out to solve. It’s a relatively new inclusion, and unlike other services on the list, it isn’t pre-installed on the iPhone — though you can grab it for free via the App Store.
Apple Invites lets you create, manage, or join invitations to events. You can invite people using their email address or share a joinable link. The app lets you create visually pleasing cards, with Apple Intelligence integration that lets you create images on the fly. You can add details about the venue, the day, and the time, and the app will lay out all the information neatly for all attendees to see. Though you can join invitations for free, you do need an iCloud+ subscription to create and send out invites.
Apple Invites works on Android and the web as well. The app features deep integration with Apple Music and allows you to create a shared playlist with other members. Participants can also chime in on the shared album and dump all photos from the day. This is a less messy version of spamming group chats with images.
Advertisement
Measure
Adnan Ahmed/SlashGear
Beyond apps for communication, gaming, and productivity, the iPhone comes preloaded with a few utilitarian services as well. Apps like Clock, Calendar, and Voice Memos are frequently used, but did you know you could also use your iPhone as a measuring instrument? The Measure app lets you use your iPhone’s camera and AR features to measure objects with surprisingly good accuracy.
The built-in Measure tool is as interesting as utility apps get. Any iPhone running iOS 12 or newer can be used as a measuring tool. Your iPhone can also automatically display measurements for rectangular objects when it detects them. For every other object, you can start a manual measurement by tapping the “+” button and panning your iPhone around.
Advertisement
There is better accuracy on iPhones with a LiDAR sensor. Guides appear on the edges of objects, making it easier for you to measure them more precisely. Once you’re done measuring, you can tap on the shutter button. This will save the image in your gallery with the measurements annotated. The app serves two functions — everything we’ve highlighted above falls under its measurement mode. If you switch to the “Level” tab, you can use your iPhone as a spirit level as well. This mode lets you check how horizontal a surface is.
Most carpenters and woodworkers find themselves with the problem of disposing of all the sawdust they create when performing their craft. There are lots of creative solutions to this problem, such as adding it compost, using it as groundcover in a garden, adding it as filler in a composting toilet, or pressing it into bricks to burn in a stove. All of these have their uses, but involve either transporting the sawdust somewhere or performing some intermediate step to process it. [Greenhill Forge] wanted to make more direct use of it so he built this stove which can burn the sawdust directly and which provides enough heat for his woodshop.
The design is based on one which is somewhat common in Japan and involves building a vessel with a central tube for airflow, with the sawdust packed around it. The tube is made from a hardware cloth or screen to allow air to reach the sawdust. The fire is lit from the top, closed, and then allowed to burn through the stack. [Greenhill Forge] welded the entire stove from various pieces of sheet metal and bar stock, with a glass plate at the top of the stove to close off the fire and a baffle to control the airflow and rate of burn.
Initially, [Greenhill Forge] thought that the fire would burn from the top down, but this turned out to create a smoldery, messy fire instead of a hot, clean burn. Eventually, though, an ember fell down to the bottom and let the stack burn from the top up, and then it started generating serious heat. He estimates that with around 5 kg of sawdust burning for three hours that it’s about equivalent to a 6 kW stove. While a woodworker might not have enough sawdust to run this stove every day, it could be good to have on hand to use once every few weeks when the sawdust builds up enough. [Greenhill Forge] has been hard at work building unique wood burning stoves lately, like this one we recently featured which generates and then uses charcoal as fuel.
Apple may be planning one of the biggest changes to Siri since the voice assistant launched more than a decade ago. According to a report on Tuesday from Bloomberg, Apple is testing a standalone Siri app, a redesigned interface and a new “Ask Siri” button that would make the assistant more visible and useful across the Apple ecosystem, as part of a broader AI reboot.
According to the Bloomberg report, the new Siri experience is expected to be introduced at Apple’s Worldwide Developers Conference on June 8 and would arrive as part of iOS 27, iPadOS 27 and MacOS 27 later this year. The report says Apple is testing out a new Siri that would make the assistant feel more like a standalone AI chatbot — think ChatGPT or Claude — rather than the current built-in tool.
The latest report builds on earlier Bloomberg reporting from January, which said Apple planned to revamp Siri into its first real AI chatbot to better compete with OpenAI and Google.
Advertisement
For Apple, the move would mark another attempt to reset expectations around its AI strategy after repeated delays to its more advanced Siri ambitions. Apple had previewed a more personalized Siri at WWDC 2024, but the broader rollout has slipped, and Bloomberg’s new report suggests the company is now aiming for a more sweeping relaunch in iOS 27 instead.
Apple has not publicly announced these iOS 27 features, so plans could still change before WWDC.
An Apple representative didn’t immediately respond to a request for comment.
PTC Inc. is warning of a critical vulnerability in Windchill and FlexPLM, widely used product lifecycle management (PLM) solutions, that could allow remote code execution.
The security issue, identified as CVE-2026-4681, could be leveraged through the deserialization of trusted data.
Its severity has prompted emergency action from German authorities, with the federal police (BKA) reportedly sending agents to affected companies to alert them to the cybersecurity risk.
Fix under development
There are no official patches available, but PTC states that it is “actively developing and releasing security patches for all supported Windchill versions” to address the issue.
Advertisement
According to the vendor, the flaw impacts most supported versions of Windchill and FlexPLM, including all critical patch sets (CPS) versions.
Until patches become available, system administrators are recommended to apply the vendor-provided Apache/IIS rule to deny access to the affected servlet path. PTC noted that the mitigation does not break functionality.
The same mitigation should be applied to all deployments, including Windchill, FlexPLM, and any file/replica servers, not just internet-facing systems. However, PTC advises prioritizing mitigations on internet-facing instances.
If mitigation is not possible, the vendor recommends temporarily disconnecting the affected instances from the internet or shutting down the service.
Advertisement
IoCs available
The company says that it has not found any evidence that the vulnerability is being exploited against PTC customers. However, PTC published a set of specific indicators of compromise (IoCs) that include a user agent string and files.
Additionally, the bulletin lists detection advice, including checks for webshells (GW.class, payload.bin, or dpr_.jsp files), suspicious requests with patterns such as run?p= / .jsp?c= combined with unusual User-Agent activity, errors referencing GW, GW_READY_OK, or unexpected gateway exceptions.
“Presence of the GW.class or dpr_<8-hex-digits>.jsp on the Windchill server indicates the attacker has completed weaponization on the system prior to conducting remote code execution (RCE)” – PTC
Additionally, in an email to customers seen by BleepingComputer, the company said that “there is credible evidence of an imminent threat by a third-party group to exploit the vulnerability.”
Advertisement
According to Heise, BKA officers were dispatched over the weekend to alert companies nationwide of the risk of CVE-2026-4681, even some that did not use any of the affected products.
The German outlet reports that the BKA woke up system administrators in the middle of the night to hand them a copy of PTC’s notification, and also alerted the state criminal investigation offices (LKA) in various federal states.
This unusual and urgent response by the authorities has sparked concerns that CVE-2026-4681 may be exploited or is likely to be exploited soon.
Given that PLM systems are also used by engineering firms in weapons system design, industrial manufacturing, and critical supply chains, the authorities’ response could be justified on grounds of protection from industrial espionage and other national security risks.
Advertisement
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
Amazon has just completed the acquisition of Fauna Robotics, the New York based startup that has been quietly developing a compact household humanoid called Sprout. The team of around 50 is folding into Amazon’s Personal Robotics Group, though Fauna will continue to operate under its own name as an Amazon company, though financial terms were not disclosed.
Fauna Robotics was founded in 2024 by a small group of engineers from Meta and Google alongside Rob Cochran, with Josh Merel joining as a co-founder. The company raised at least $30 million from backers including Kleiner Perkins, Quiet Capital, and Lux Capital, and its ambition was clear from the beginning: to build robots that people actually want to have around them.
Sleek & Durable Design: Standing at 132cm tall and weighing only approx. 35kg, the G1 is constructed with aerospace-grade aluminum alloy and carbon…
High Flexibility & Safe Movement: Boasting 23 joint degrees of freedom (6 per leg, 5 per arm), it offers an extensive range of motion. For safety, it…
Smart Interaction & Connectivity: Powered by an 8-core high-performance CPU and equipped with a depth camera and 3D LiDAR. It supports Wi-Fi 6 and…
Sprout is a compact and surprisingly personable little machine, standing just 3.5 feet tall and weighing 50 pounds. It walks on two legs, can pick up small objects, and is capable of getting itself up from a seated position to move around the room. Early footage shows it pulling off the Twist and the Floss with surprising fluency, which tells you something about the kind of robot Fauna had in mind. At $50,000 it is not built for heavy industrial work, but rather for the everyday household tasks that nobody particularly enjoys, picking up toys, grabbing groceries from the pantry, that sort of thing.
Part of what makes Sprout so interesting is how accessible it is on the software side, making it a practical platform for testing ideas in real world environments rather than controlled factory settings. That openness has attracted researchers and labs interested in how robots might fit into everyday life, whether that is a family home or a student dorm. And unlike the large warehouse dwelling humanoids that dominate the industry right now, Sprout is small enough to feel genuinely approachable in ordinary situations.”
Amazon already has a significant robot presence in their warehouses, with over a million of them in operation. They purchased Kiva Systems in 2012 and transformed it into the foundation of their modern fulfillment centers. On the consumer side, a few years ago, they debuted Astro, a rolling house robot that may not have taken off. They just acquired Rivr, a Swiss company working on four-legged delivery assistants. Amazon is increasingly focusing on robotics outside of the warehouse. [Source]
In an email, Aikido researcher Charlie Eriksen said the canister was taken down Sunday night and is no longer available.
“It wasn’t as reliable/untouchable as they expected,” Eriksen wrote. “But for a while, it would have wiped systems if infected.”
Like previous TeamPCP malware, CanisterWorm, as Aikido has named the malware, targets organizations’ CI/CD pipelines used for rapid development and deployment of software.
“Every developer or CI pipeline that installs this package and has an npm token accessible becomes an unwitting propagation vector, Eriksen wrote. “Their packages get infected, their downstream users install those, and if any of them have tokens, the cycle repeats.”
Advertisement
As the weekend progressed, CanisterWorm was updated to add an additional payload: a wiper that targets machines exclusively in Iran. When the updated worm infects machines, it checks if the machine is in the Iranian timezone or is configured for use in that country. When either condition was met, the malware no longer activated the credential stealer and instead triggered a novel wiper that TeamPCP developers named Kamikaze. Eriksen said in an email that there’s no indication yet that the worm caused actual damage to Iranian machines, but that there was “clear potential for large-scale impact if it achieves active spread.”
Eriksen said Kamikaze’s “decision tree is simple and brutal.”
Kubernetes + Iran: Deploy a DaemonSet that wipes every node in the cluster
Kubernetes + elsewhere: Deploy a DaemonSet that installs the CanisterWorm backdoor on every node
No Kubernetes + Iran: rm -rf / --no-preserve-root
No Kubernetes + elsewhere: Exit. Nothing happens.
TeamPCP’s targeting of a country that the US is currently at war with is a curious choice. Up to now the group’s motivation has been financial gain. With no clear connection to monetary profit, the wiper seems out of character for TeamPCP. Eriksen said Aikido still doesn’t know the motive. He wrote:
While there may be an ideological component, it could just as easily be a deliberate attempt to draw attention to the group. Historically, TeamPCP has appeared to be financially motivated, but there are signs that visibility is becoming a goal in itself. By going after security tools and open-source projects, including Checkmarx as of today, they are sending a clear and deliberate signal.
The hack that keeps on giving
Last week’s supply-chain compromise of Trivy was made possible by a previous compromise of Aqua Security in late February. Although the company’s incident response was intended to replace all compromised credentials, the rotation was incomplete, allowing TeamPCP to take control of the GitHub account for distributing the vulnerability scanner. Aqua Security said it was performing a more thorough credential purge in response.
You must be logged in to post a comment Login