The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks.

Tracked as CVE-2026-20253, this security flaw affects Splunk Enterprise (versions 10.2.0 to 10.2.3 and 10.0.0 to 10.0.6) and allows remote attackers without privileges to create or truncate arbitrary files on vulnerable devices via a PostgreSQL sidecar service endpoint.

“The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials,” the Splunk security team said in a security advisory published last week.

On June 12, days after Splunk released security patches, WatchTowr published a technical write-up, shared proof-of-concept exploit code, and warned that the flaw can be abused for remote code execution attacks.

On Wednesday, June 18, Splunk updated its advisory, urging customers to patch their systems as soon as possible due to evidence of in-the-wild exploitation.

“In June 2026, the Splunk Product Security Incident Response Team (PSIRT) became aware of limited exploitation of this vulnerability. Splunk strongly recommends that customers upgrade to a fixed software release to remediate this vulnerability,” it said.

Internet security watchdog group Shadowserver tracks over 1,400 Internet-exposed Splunk instances, most of them from North America (952) and Europe (223). However, there is no information on how many of them are vulnerable to ongoing attacks targeting the CVE-2026-20253 flaw.

On Thursday, CISA confirmed that threat actors are now actively abusing the CVE-2026-20253 vulnerability in attacks and ordered Federal Civilian Executive Branch (FCEB) agencies to patch their Splunk instances by Sunday, as mandated by Binding Operational Directive (BOD) 26-04.

Issued last week, CISA’s BOD 26-04 requires U.S. government agencies to prioritize patching based on each vulnerability’s risk of exploitation.

“This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise,” the cybersecurity agency said yesterday. “Stakeholders are responsible for evaluating each asset’s internet exposure and ensuring adherence to BOD 26-04 patching guidelines.”

Splunk also shared mitigation measures for admins who can’t immediately patch vulnerable systems, advising them to disable the PostgreSQL sidecar service to remove the attack surface.

However, it also warned that disabling PostgreSQL would break Edge Processor, OpAmp, or SPL2 data pipelines on affected instances.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Over the course of three days, Jacob Crowe walked 26 miles across Chicago in super-humid heat and rainy mornings, engaging in hundreds of virtual battles. Alongside tens of thousands of other players, he sought the rarest Pokemon, particularly Shiny variants.

“It makes it better to do it as a group together,” Crowe said of the crowds that gathered to play the mobile game as part of Pokemon Go Fest.

I was there, too, among those thousands, draining my phone battery out in the sun while catching hundreds of virtual creatures in Grant Park and other parts of the city.

During that mass gathering in early June, the game I’d been playing alone for the past year suddenly felt like a gigantic concert packed with fans as obsessed as I am. Or even more so. 

I hadn’t expected that. True, when Pokemon Go launched in 2016, it was a mobile gaming sensation. Phones in hand, players descended on parks and other public spaces to catch all those pocket monsters, in the form of augmented reality animations. For a while, it felt like everybody was playing Pokemon Go.

But then, as crazes do, Pokemon fever cooled down. People moved on. I stopped playing the game regularly not long after it debuted. 

Turns out the enthusiasm has been simmering all along, and it just takes something like Go Fest to bring things to a boil.

The event had been expected to attract 40,000 people per day. But according to the enthusiast site GoNintendo, more than twice that many (90,000) tickets were sold for the Grant Park event (players entered and left at staggered times), and over 717,000 players in Chicago were recorded catching nearly 62 million Pokemon during citywide play. Six couples got engaged at the event, proving that Pokemon Go may be a stealth dating app.   

Pokemon Go Fest 2026 was special because it marked the 10th anniversary of the game and the ninth anniversary of the first Go Fest, which also took place in Chicago. And it coincided with a Pokemon Fossil Museum exhibit at Chicago’s Field Museum, which provides a spectacularly detailed history of Pokemon evolution, complete with gigantic skeletons, remains trapped in amber and a very robust gift shop.

The weekend also included a US Men’s National Soccer Team match and a half-marathon. So many fans attended the various events that gameplay was suspended in some areas, including at the Field Museum.

Welcome back to Pokemon Go

Last year, I picked the game back up with some family members. Those of us who’d abandoned it came back with fierce devotion.

So much had been added to the game since I last played it — from trading with other players (even remotely) to user-generated routes to large-scale raids that sometimes require more than a dozen players. 

At first, the changes were overwhelming, but the experienced group I joined gave helpful advice. At the same time, online videos, Wiki pages and some Google searching provided answers to the obstacles I encountered.

The game became a daily habit for our group. We exchanged gifts, traded lucky Pokemon and did lots and lots of walking. Pokemon Go Fest provided a great excuse to meet up, eat lots of local food, and play a game together we’d all been enjoying separately.

We bought one-day passes for the Grant Park 10th anniversary event and secured tickets to the Fossil Museum exhibit. Upon arrival in Chicago, we saw Pokemon fans everywhere, some wearing Eevee hats or Gengar shirts, toting Pikachu backpacks or doing full-blown cosplay.

Age didn’t seem to matter. Boomers, Gen Z players, little kids, they all had their phones out, spinning PokéStops and waiting to capture some rare mega Pokemon characters.

Playing Pokemon Go with friends and strangers

When Niantic created Pokemon Go, it emphasized the game’s real-world aspects. Niantic’s founder, John Hanke, who also helped create Google Maps and Google Earth, told me last year when I covered its sale (Pokemon Go and other Niantic games were acquired by Scopely) that the game focused on encouraging players to venture outside and explore.

Even playing Pokemon Go outside, however, can be isolating. You’re looking at your phone and dealing with virtual characters or remote players, not interacting with the people around you.

That wasn’t the case at Go Fest. 

With tens of thousands of locals and travelers all around us, we were suddenly in a very large club. Strangers who saw us playing at the coffee shop asked what we’d caught so far. Passersby yelled, “Great outfit!” to my sister-in-law, Linh Gallaga, for her Sylveon cosplay. Some pointed and smiled at the Excavator Pikachu keychain plushies we picked up at the Field Museum and wore out in public.  

Within our small group, meanwhile, we traded Pokemon, bought virtual supplies, strategized to maximize our game objectives and shared news updates. I spent about $30 on microtransactions, like premium raid passes and extra storage to hold more items and more captured Pokemon. Some in my group spent hundreds of dollars in preparation for Go Fest.

In search of Mega Pokemon characters

Our group had two leaders: One was Linh, who kept us in the loop about social media posts. The other was Jacob Crowe, who toted up those 26 miles of walking that weekend (and who’s also an in-law of mine, a little more removed). He’s so dedicated to the game that he participated in 225 group raid battles to capture Mewtwo, one of the major Mega Pokemon characters at Go Fest.

The goal wasn’t just to catch Mewtwo, but to capture its rare variations, such as a perfect-stat one, called a Hundo. Capture one that’s both a Hundo and also a Shiny variant, and you’ve got yourself a coveted Shundo Mewtwo — and a lot of jealous fellow players. A version of Mewtwo featuring a Chicago backdrop was also highly sought after.

Crowe and his wife, Maria, drove from Indianapolis, where they’d participated in local Pokemon raid events, but nothing like this.

“I knew it would be a lot of people, but I didn’t know it would be that many people,” he told me. 

He spent 18 hours each day playing Pokemon Go. He says he had a great time and wants to do it again. 

It was Crowe who led our group to a 5 a.m. “Raid Train” at Lincoln Park, ahead of the official Go Fest event at Grant Park we’d be participating in later. As soft rain started falling, we wandered the park, capturing all the Pokemon that we could and watching players trade and join raid battles. This wasn’t the main event. It was a social gathering and a preview of the big show to come later that day.

“Hundo! I got a Hundo!”

I wasn’t expecting to experience cognitive dissonance when I arrived at Grant Park with my group, but it happened as soon as I saw a gigantic pink inflatable Jigglypuff near the large park fountain. In the game, I think of Jigglypuff as tiny; here, the Pokemon was easily 10 feet tall.

Throughout the park, team banners, lures and spinning Pokestops were blown up to huge proportions, dotting a vast expanse with colorful landmarks.

We snapped photos and started preparing our virtual supplies. A cloudy morning quickly gave way to a hot day. Once gameplay began, we saw people walking around with tiny umbrellas attached to their phones, both to reduce glare on their screens and to keep their devices from overheating in the sun.

Challenges required moving from zone to zone and completing tasks such as capturing 20 different kinds of Pokemon in a single area. Raid battles to catch bigger, stronger Pokemon were constant.

Pokemon theme music blasted across the park. People walked, swiping their screens to toss Poké Balls as they went. One half of a couple near us shouted, “Hundo! I got a Hundo!” and the two embraced as if they’d just found out they were having a baby.

We walked and walked and caught and caught until the finale: a big group battle with hundreds of players together trying to defeat Mega versions of Mewtwo. 

Everyone fighting did so as part of a “Unity Raid.” Part of the battle required players to raise their phones up into the air and then bring them swinging down. 

When the mega raid was over, the crowd let out a loud, “Wooooo!” It was over. We were each left to attempt to capture the prize with our allotted premiere Pokeballs. We all caught our Mewtwos.

Pokemon at the museum

We kept raiding and trading over the evening and the next day, but our next big event was a visit to the Fossil Museum.

Chicago’s Field Museum of Natural History is a real museum, with exhibits of actual fossils, but for the event, curators set up fossil exhibits of the various Pokemon characters. And they took their job seriously.

Far from a simple one-room pop-up, the carefully arranged exhibit features detailed descriptions and full skeletons of Pokemon characters, plus other artifacts like fossilized (fake) poop and Pokemon insects trapped in amber.

I felt bad for the parents of little kids who had to straddle the line between telling them that this exhibit isn’t real and letting those kids enjoy an incredibly imaginative presentation.

The exhibit was followed by a robust gift shop featuring only Pokemon merchandise and open exclusively to attendees. There was a five-item limit, and the hot item, limited to one per purchase, was an Excavator Pikachu plush. 

The exhibit runs through April 2027.

Pokemon Go Fest players: “They’re all so friendly”

By the end of the weekend, we were all exhausted. We were mentally and physically drained, like our phone batteries, from staring at our screens and keeping track of all our Shiny acquisitions.

We were amateurs, though. David Barnwell, an attendee who owns a dog-boarding business near Akron, Ohio, has been to Go Fest events with his wife in cities including Seattle, Miami and New York. He’s always been a collector, and says Pokemon Go’s focus on acquisition appeals to him. And he loves meeting different people who are into the game.

“We’re always amazed at the different kinds of people that you would never expect to be playing Pokemon Go that show up, and they’re all so friendly,” Barnwell said. 

But he also feels things have changed since last year’s Pokemon Go acquisition.

For one thing, Barnwell said, there aren’t any never-before-seen Pokemon released during the event anymore. And the event is more spread out, with citywide challenges that make it less centralized. 

“That’s really annoying. We liked it when it was all accessible by foot,” he said. “I appreciate you’re trying to get different people in different parts of the city or whatever it is you’re thinking you’re trying to do, but we don’t like that at all.”

His family’s attendance at future Go events will depend on whether the host city is one they want to visit. Tokyo, a return to Seattle and an event near the Grand Canyon are on their wish list.

As for our group, we’re already talking about hitting Go Fest next year, but it will also depend on everybody’s schedules and where the US event lands next. For the time being, we plan to keep playing and tending to our growing Pokemon collections. 

Microsoft has confirmed a confusing Windows bug that causes different filenames to appear in the confirmation dialog when deleting a file from the Recycle Bin.

“When permanently deleting a single item from the Recycle Bin, the confirmation dialog displays the internal Recycle Bin filename (for example, $Rxxxxx.ext) instead of the original filename,” the company explained in a Thursday update to the Windows release health dashboard.

“The Recycle Bin itself correctly displays the original filename, and restoring the item also restores it using the original filename.”

While Microsoft didn’t share how widespread this known issue is, it said that it affects all supported Windows releases across both client and server platforms after installing the June 2026 security updates.

The complete list of affected Windows versions includes:

• ​Client: Windows 11, version 26H1; Windows 11, version 25H2; Windows 11, version 24H2; Windows 11, version 23H2; Windows 10, version 22H2; Windows 10 Enterprise LTSC 2021; Windows 10 Enterprise LTSC 2019; Windows 10 Enterprise LTSB 2016,
• ​Server: Windows Server 2025; Windows Server 2022; Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012.

Microsoft said that its engineers are working on a fix for this bug, which will ship to affected systems in a future Windows update.

However, while a fix is not yet generally available, Microsoft added that a temporary workaround is available for businesses that will reach out to its Business Support team.

“A workaround is available for affected devices. To apply this workaround in your organization and mitigate the issue, please contact Microsoft’s Support for business,” it noted.

Earlier this week, Microsoft confirmed another issue that blocks third-party apps from launching Word, Excel, PowerPoint, Access, and other Office applications (or from opening documents) on Windows systems after installing the June 2026 updates.

More recently, on Thursday, it also fixed a known issue that caused the June 2026 security updates to fail on Windows Server 2016 systems that didn’t have the May KB5087537 security update installed.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Advertisement

Get the whitepaper

With electricity costs soaring, home batteries have never looked so attractive. Whether you want to store the excess generated by your solar panels or simply buy electricity at the cheapest possible rate to use later when power is most expensive, a home battery can help. It’s never been easier to get a home battery installed, but this rapidly expanding market can be confusing, and there are several things to consider before you buy.

I’ve spent months researching home batteries, chatting to folks who use them, and then having one installed myself, and I have tips for anyone interested in getting a home battery of their own.

Why Would You Want a Home Battery?

There are several reasons you might want to invest in a home battery, and they are not mutually exclusive:

• You want to store excess power from your solar panels.
• You want to live off-grid.
• You want to guard against power outages.
• You want to buy electricity at a cheap rate and store it for use later.

Home batteries are a win-win, potentially benefiting power companies too, because battery storage is an essential part of grid balancing and can help manage and make the most of the intermittent power generated by renewables (solar, wind, waves).

How Do Home Batteries Work?

Photograph: Simon Hill

A home battery is like a big power bank for your home. But rather than lithium-ion, they tend to be lithium iron phosphate (LFP or LiFePO₄), because it is safer, more durable, and less prone to thermal runaway. In other words, less likely to overheat and burst into flames. There are a few manufacturers working with sodium-ion (Na-ion) batteries, which are potentially cheaper, more environmentally friendly (they don’t require lithium), and perform better in the cold, but they are also larger and don’t last as long.

Home battery technology is often the same as you’ll find in electric vehicles. Some folks have even suggested employing EV batteries as home batteries. But there are potential issues with that, not least finding your car battery drained in the morning. EVs are also driving the technology forward toward solid-state batteries, which are smaller for the same capacity, safer as they don’t have liquid electrolytes inside, and longer lasting.

Many home batteries come in modular systems, so you can add the capacity you want, but they require an inverter to convert the DC (direct current) power stored to AC (alternating current) power you can use. Folks with solar panels, or those who plan to add them in the future, should opt for a hybrid inverter, which can also convert the power from the panels for use or storage.

Inverters have different power ratings in kilowatts (kW) that dictate how much power you can draw at any given moment. Households with modest needs may get by with a 3.6-kW inverter, but that limits your continuous draw to 3.6 kW. They usually have a peak load capability that goes higher, enabling you to pull more for a brief period. If you have high-demand appliances like an EV charger or heat pump, you will want at least 5 kW, and folks with larger demands or larger batteries will want to go higher (6 to 10 kW).

What Should I Look For?

There are several things to watch out for when buying a home battery:

• Capacity: Measured in kilowatt-hours (kWh), this tells you how much total energy the battery can hold.
• Power output: Measured in kilowatts (kW), this shows how much energy the battery and inverter can deliver at any moment.
• Depth of discharge: This is how much of the battery’s capacity you can safely use without damaging it.
• Efficiency: This is the percentage of the power you put into the battery that you can actually use, because some energy is always lost in the storage process.
• Warranty: This is a guarantee about the minimum performance you can expect before a battery degrades (they all degrade over time), and it’s often stated in years and charging cycles (whichever comes first). For example, EcoFlow promises at least 70 percent capacity after 15 years or 6,000 charging cycles.

How Much Home Battery Do You Need?

EcoFlow via Simon Hill

It can be tricky to calculate how much battery capacity you need, and it depends on your use case. If you want to guard against outages or live off-grid, you must consider how much power you use over time and also the sum of your maximum power usage at any given moment to ensure your capacity in kWh and output in kW are enough. If the output is not high enough you may not be able to run power-hungry appliances at the same time, so you’ll have to think about how you use your power.

For folks like me, simply looking to buy at a cheaper rate to use when power is more expensive, any capacity will benefit you. But if you have a cheap six-hour rate overnight, for example, then you ideally want it to last for the other 18 hours. It makes sense to get as much as you can up-front because the installation costs are high. Even adding to modular systems later often requires professional installation to avoid voiding your warranty.

Do You Need Upgrades or Permission?

The home battery will connect to your main electrical panel via a cable, and it may require some upgrades. There was no room on my fuse board when I got a home battery installed, so they had to install a second breaker box.

Some inverters may require permission from your electric distribution utility or local distribution company. Here in Scotland, the distribution network operator must approve your inverter, but you can install and then notify up to 3.6 kW, whereas larger inverters require prior approval.

OFFBEAT

Stop Killing Games campaign suffers setback as European Commission favors industry code of conduct over legal obligation

The Stop Killing Games movement was dealt a blow this week after the European Commission decided not to propose a legal obligation to keep video games playable after they are no longer commercially available.

Users of licensed software that depends on online components may also find this development of interest – more on that later.

The grievance concerns online video games that become unplayable when publishers shut down the servers they run on. Almost 1.3 million grumpy gamers signed a petition calling for publishers to ensure games enjoy an afterlife, leading to a public hearing in the European Parliament.

It’s a contentious issue. On one hand, customers who have purchased a game might feel aggrieved when it is rendered unplayable by a commercial decision. On the other, publishers argue that shutting down services must be an option when a game is no longer commercially viable.

A middle path would be a patch that lets the game run standalone, or releasing software so enthusiasts can host their own.

Ross Scott, founder of the Stop Killing Games movement, told The Register: “The behavior of the Commission seems to go beyond simply disagreeing this is a problem that needs solving. On the contrary, they haven’t clarified how the law views this situation and are trying to pass the ambiguity off to individual nation states. This is a recipe for policy fragmentation, which is under the Commission’s charter to prevent.”

Scott added that the group was not calling for “endless support” for online games. “All we can say is the Commission appears to have an agenda independent of the initiative’s request and their charter.”

Business is not a game

Software shutouts are a depressingly familiar scenario for users. Licensed software can stop working or suffer reduced functionality when online services are lost. A recent example is the impending demise of Microsoft Office 2019 for macOS, which will reach the end of the road in July due to a certificate expiration. If the application cannot reach the licensing servers, users can’t edit or save documents – rendering it mostly useless.

Scott told us the group was focused on video games for the time being because “they have an almost unique place under the law.”

“EU court rulings consider them more than ‘just’ software due to all the copyrighted content contained within them and thus subject to more laws than just those that pertain to software.”

The European Commission cited existing intellectual property protections for creators and publishers as one reason not to propose new rules. It also noted that EU consumer law already provides some safeguards. “Video game providers must inform consumers about the duration and the conditions for terminating the contract before the consumers sign up for the video game,” it said.

Instead, the Commission said it would work with the industry to draw up a code of conduct.

Stop Killing Games posted on X: “This decision is not unexpected. But we were prepared. Hence, we’re pushing forward with @Europarl_EN amending #StopKillingGames to the Digital Fairness Act.”

In other words, the next step is to try to get the group’s suggestions into the Digital Fairness Act, a legislative proposal by the European Commission, which, according to Scott, “coincidentally is an excellent fit for it.” ®

The UK has recently announced that, from Spring 2027, all those under 16 years old will be banned from accessing certain social media platforms.

This, pretty unsurprisingly, has been met with mixed reactions as many parents, guardians, teachers and even under-16s have praised the ban. On the other hand, some have criticised the ban as, to them, it simply makes “no sense”. 

Whatever your stance on the social media ban is, we’ve rounded up everything you need to know, from what platforms will be included and how the ban will be enforced. We should disclaim that the ban isn’t expected until next year, so there’s still a lot of unanswered questions.

For more, visit our overview on the social media ban while our very own Dave Ludlow has given his two cents on the ban.

The UK government is planning to ban social media for those aged under 16. This means that although under-16s will still have general access to the internet, and can read the news, research topics and play games, they won’t be able to use platforms like Instagram, YouTube, TikTok, Snapchat, Facebook and X. At the time of writing, we don’t know whether that list is exhaustive, or if the government will eventually include more platforms to the ban list.

Advertisement

You’d be right in thinking this sounds familiar, as the government has stated that it’s using the “same model” as Australia’s social media ban which was implemented back in December 2025.

The purpose of the social media ban is partly in response to a national consultation which showed an “overwhelming public demand for action”. According to the consultation, the vast majority of parents and under-16s alike agreed that social media platforms shouldn’t be used by young people.

Advertisement

According to the government, the social media ban will be implemented in Spring 2027 after the first set of regulations are laid out by the end of the year. At the time of writing, there haven’t been any specific dates provided. 

Judging from the fact sheet on gov.uk, it would be fair to say that the details haven’t been formalised yet. Instead, the government states that it plans on following Australia’s ban, whose model included “platforms like Instagram, YouTube, TikTok, Snapchat, Facebook and X”. We’d assume that YouTube Kids will still be available for under 16s, but the government hasn’t confirmed this just yet.

Advertisement

What about WhatsApp and other messaging apps?

The government has stated that it does not “intend” for messaging services to be included in the social media ban, which is likely to be a relief for parents who are concerned about keeping in touch with kids while they’re out and about. However, it has currently only mentioned Whatsapp and Signal, and fails to explain whether the likes of Telegram will be banned. 

We also wonder whether Messenger will be banned too. Yes, you need a Facebook account to initially set-up the tool, but you can technically still use it even if you deactivate your account.

It seems that the main method of enforcing the social media ban will be via age verification, with stronger requirements needed for age checks on platforms. Ofcom is said to be setting out different options for effective forms of age verification that are “accurate, robust, reliable and fair”. However, the government hasn’t provided any further details on what those verifications will look like. 

Advertisement

Adults won’t need to do checks, as many already have a social media account that’s been open for more than 16 years (what a way to make us feel old), has a credit card connected or is linked to an email address that’s already passed age verification in other ways. If those steps fail to prove an age, then apparently a simply face scan should verify a person’s age.

What does the ban mean for parents and children?

For children, the ban has been hailed by the government as “kickstarting a cultural shift”, and is promised to give kids their childhoods “back” as there will be less time for scrolling and “more time for play”.

However, those slightly older children who have grown up with social media platforms and will soon lose access may struggle to get used to the so-called “new normal”. There’s even, at the time of writing, a petition calling for the social media ban to be stopped which has over 208,000 signatures. 

Advertisement

Advertisement

Essentially, people are clearly divided by the ban as although the harms of social media are widely acknowledged, many hail it a useful tool to stay in contact with friends and family. 

Otherwise, the government has assured parents that, as of right now, they don’t have to do anything and they will be provided with further detail ahead of the changes in 2027. For now, it’s advisable that parents start taking steps with their children to discuss the upcoming ban and explain why the government is implementing it.

What about 16 and 17-year olds?

Being 16 or 17 years old has always been a difficult age to navigate, and it seems the social media ban will feel similar. While 16 and 17 year olds will be able to access social media, the government plans to ban live streaming and stranger communication for those ages.

Advertisement

This follows a smartphone and tablet ban in classrooms.

You’ve probably used VLC Media Player, the free video player with the orange traffic-cone icon — it’s been downloaded more than 6 billion times. But according to its lead developer, Jean-Baptiste Kempf, robots will soon be almost as ubiquitous as his open source video software.

Convinced that “hundreds of millions of robots and drones” will be roaming the streets in a few years, this French serial entrepreneur and open-source legend has been building Kyber, an infrastructure layer for controlling remote devices in real time. Its core software is an SDK that synchronizes video, audio, sensor data, and control inputs with minimal latency.

This lines up well with the rise of physical AI, and it’s part of why the Paris-based startup was able to raise a $5 million round led by Lightspeed, which has also backed Anthropic and Mistral AI. “Physical AI is only as good as the underlying systems running it,” the American VC firm wrote in a LinkedIn post announcing its investment.

Kyber’s potential applications go well beyond AI, though. Kempf told TechCrunch the platform is built for “all the use cases where the person who’s operating is not in the same place as the compute, which is not in the same place as the action.”

Remote control is one half of the equation; speed is the other — and it’s what inspired the startup’s name, a nod to the lightsaber crystals in Star Wars. “If you control things in the real world, every millisecond matters,” Kempf said.

Kyber’s approach to eliminating lag is rooted firmly in video-streaming technology. The company started as a side project Kempf built while CTO at cloud gaming startup Shadow, and its early focus on streaming makes the VLC connection an easy one to draw. But IoT expertise matters just as much for optimization — tuning performance to a device’s available compute, at scale — the other core piece of what Kyber does.

Kempf says other companies with the resources and the need have already built similar software for their own use cases, like remote driving. “But the largest fleets today have maybe 2,000 or 3,000 vehicles. Imagine you need to manage millions of them; that’s not the same thing.”

That jump in scale also raises the stakes on observability — knowing systems are actually working will matter even more when AI agents, not people, are managing entire fleets and networks. Even at much smaller scale, though, there’s a real benefit: not needing to physically reach every device just to push a software update, for example.

That range — from a handful of devices to millions — means Kyber’s user base will likely span far more companies than will ever become paying customers. True to Kempf’s roots, the core project is open source, while the company sells a productized version to enterprise customers. And it’s not just software: like Palantir and others, Kyber also offers hands-on, custom deployment through forward-deployed engineers, or FDEs.

FDEs make up a large part of Kyber’s team, which currently numbers 25 full-time staffers. The startup is headquartered in Paris but has offices in San Francisco and Singapore to support what it expects will be a global client base across a variety of industries. The company says it is already in commercial deployment with customers in defense, telco, robotics, and AI.

To focus its efforts, Kyber has been prioritizing three segments: robotics, drones of every kind, and remote IT access, where demand has been particularly strong. In that last segment, Kempf says Kyber aspires to be more than just a Citrix challenger — but even that comparison alone points to a sizable total addressable market.

Remote IT access isn’t exactly glamorous, but Kempf seems energized by the problem — and Kyber’s careers page hints at why: “The companies that tried to solve it spent years and tens of millions building custom solutions they’ll never share. We’re building the version everyone else can use.”

Sony has filed a PSN login patent, first spotted by RespawnFirst, that would pull the DualSense controller into the sign-in process. A PlayStation console would start the request, then the controller would help confirm that the account holder is close enough to approve access.

For players, the appeal is easy to see. PSN account abuse can lead to unauthorized purchases, lost access, and attempts to resell established accounts. Sony already offers 2-step verification and passkeys, but this idea adds a hardware check to the login chain.

How would the controller approve access

The patent describes a handoff that begins at the console. A PS5 or another PlayStation system would send a sign-in request, then the controller would scan for a nearby device such as a smartphone. The diagrams show the console, controller, and account screen as separate parts of the same approval flow.

The controller could use Bluetooth, NFC, proximity sensors, light, sound, or haptic feedback to make contact. After the nearby device responds, credentials would move through the controller and return to the console so the sign-in can finish.

Why would passkeys need backup

Passkeys already give PlayStation users a cleaner way to sign in with a stored credential, including through the PlayStation app. Sony’s patent changes the burden on an attacker. A stolen login becomes harder to use if the console also expects a specific controller to join the process.

There’s a tradeoff, and it isn’t small. A lost, broken, or unavailable DualSense could become a lockout risk unless Sony builds in another way to get back in. The filing doesn’t confirm whether current controllers would support the system, or whether it would require future hardware.

Where could the weak spot remain

The harder PSN security problem may sit outside the console. Attackers can exploit account recovery by persuading customer support to provide sensitive account access using limited details.

That leaves Sony with two jobs if this ever becomes real. The controller check would need to be convenient enough for regular players, and account recovery would need tougher guardrails. Until then, the PSN login patent is worth watching, but it shouldn’t be treated as a full answer to account theft.