A private tutor who charged money to take dozens of exams for students and submit coursework for them “has been jailed for three years,” reports the BBC, “after his scam earned him £300,000.”
Shahid Adnan completed assignments and online tests for more than 120 students at Liverpool John Moore’s University, the Crown Prosecution Service said. The 43-year-old, of Lysander Close, Liverpool, was caught in February 2023 after a student handed in a USB drive containing suspicious coursework to Dr Tom Berry of the university’s school of computer science and mathematics. Berry’s checks revealed the drive was used by Adnan with documents linked to a company he set up called Study Sharp Ltd.
Excel spreadsheets containing details of other students, their study modules, coursework due dates, and their personal login credentials were also found. Further checks confirmed suspicions that Adnan was accessing the university’s network to submit fraudulent work and sit examinations on behalf of students… [I]nvestigations led police to believe Adnan may have been doing work for 124 students at universities all over the world.
The BBC also interviewed detective sergeant Adam Dagnall from Merseyside Police’s cybercrime unit, who said Adnan was living a lavish lifestyle “well beyond” his stated occupations as a private tutor and Amazon delivery driver. His bank accounts held more than £2m ($2,645,100 USD).
Meta is betting on India for WhatsApp’s next chapter, naming entrepreneur Kunal Shah to lead the messaging app and succeed Will Cathcart, who is stepping down after nearly seven years at the helm to take on a new product-building role at the company.
The move comes alongside a Meta-led $900 million financing for Indian fintech giant CRED, structured through a combination of primary and secondary share purchases. The deal will make Meta a minority investor in the CRED, which said Shah will step down as chief executive while retaining his personal shareholding.
India is WhatsApp’s largest market, with more than 500 million users accounting for a significant share of the app’s global base of over three billion people. The country has also emerged as a key battleground for Meta’s ambitions in business messaging and digital payments, areas seen as critical to WhatsApp’s next phase of growth.
Cathcart, who has led WhatsApp since 2019, oversaw a period of rapid expansion that helped the service become one of the world’s most popular messaging apps, including with more than 100 million users in the United States. Under his leadership, WhatsApp expanded beyond private messaging with the launch of products such as Communities, Channels, and AI integrations, while deepening its focus on business messaging.
But efforts by WhatsApp to push into digital payments have delivered mixed results. While WhatsApp Pay gained traction in India, the service struggled to replicate the scale and engagement achieved by local rivals such as PhonePe and Google Pay, leaving significant room for growth in one of the world’s largest payments markets.
Meta is betting that Shah’s experience building a consumer internet company in India can help unlock WhatsApp’s next phase of growth.
In a statement, CEO Mark Zuckerberg said Shah had built CRED into “one of India’s most important technology companies” and brought the “builder mentality and global perspective” needed to run the world’s largest messaging app.
The appointment comes as Meta seeks to expand WhatsApp’s business beyond messaging, particularly in areas such as payments, commerce and business communications. India, as WhatsApp’s largest market, has been central to those efforts.
In 2018, Shah founded CRED, a fintech platform with 17 million monthly active users, after earlier building FreeCharge, one of India’s early digital payments startups. Beyond his operating roles, he has become one of India’s most prominent startup investors, backing more than 250 companies and serving in advisory and industry leadership positions across the country’s technology and financial services sectors.
Meta’s investment values CRED at about $4.5 billion on a post-money basis. The startup was last valued at about $3.6 billion in a funding round in May 2025, below its peak valuation of $6.4 billion in 2022. Before its Series F round, the company had raised more than $1 billion from investors.
As part of the transition, Miten Sampat, who has overseen strategy and finance at CRED since 2020, will take over as interim chief executive with immediate effect. Shah will retain his shareholding in the company after stepping away from day-to-day operations.
CRED said its board and leadership team were working on a longer-term management structure as the company prepares for an eventual initial public offering, with the fresh capital expected to support growth across its payments, lending, insurance, and wealth businesses.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
Sila raised its first round of funding in September 2011 — the same month solar power manufacturer Solyndra went bankrupt, sullying the sustainability sector.
But the California-based startup developing high-performance battery materials kept plugging away, and eventually batteries started booming as EV sales and concerns about the lack of domestic battery production accelerated in the U.S.
Last fall, Sila began manufacturing material in Moses Lake, Wash., at the first automotive-scale, silicon-anode plant for both the company and the nation.
“With something like this, you just keep plugging away at it,” said Gene Berdichevsky, Sila’s CEO and co-founder. “And you ride the waves.”
Keep reading to learn more about Berdichevsky’s sustainability journey. His quotes have been edited for clarity and length.
What was the moment you realized you had to work in energy?
In my freshman year, I discovered the Stanford Solar Car team. We were student-run group, and the group was building a solar-powered electric car for a race that would go 2,300 miles from Chicago to L.A., and I started participating. It was very little adult supervision, lots of students. And I fell in love with energy, like everything energy. It’s really at the foundation of civilization. And what was super interesting to me is it felt like there was still so much opportunity to make an even better energy system.
What gives you the most hope for the planet?
The creativity of people and the opportunities for science and technology to solve impossible problems. It wasn’t that long ago that the world faced a choice between depopulation or starvation, as the world was thought to not have enough resources for the food needed for a few billion people. But crop science solved it. The same can be said as we face energy challenges today — and I believe material science can solve it.
What’s your biggest concern when it comes to addressing climate change?
You cannot cut your way to solving climate change, yet that is often the temptation and the rhetoric. The only way we will solve climate change is by harnessing scientific breakthroughs, technology, and the power of markets to make the clean option simply the better, more economical option.
What’s the biggest misconception about building an energy company?
In the end, there is no such thing as a billion-dollar energy company. When you start an energy company from zero, you have to understand what it takes to succeed at a $10 billion or $100 billion scale and stay rooted in the long term because that’s the minimum threshold to have an impact on the world of energy — and nothing smaller will survive.
What’s one habit you’ve changed personally because of sustainability concerns?
None. I drive an EV because they are more fun to drive — but they happen to be clean. When I travel internationally, I try to fly on 787’s because they’re designed for more passenger comfort — and they happen to be more efficient. When I travel in major cities, I take the metro because it’s faster to get around. Let’s make the cleaner option simply the better one.
Coffee with any energy leader, past or present — who do you pick?
Nikola Tesla and George Westinghouse. The scientist and the entrepreneur responsible for transforming our world and making electricity flow as freely as water in our lives. While Thomas Edison was the stronger businessman, Tesla was so ahead of his time, and his partnership with Westinghouse created the competition with Edison that revolutionized our world.
What impact do you hope your work has in 20 years?
A better energy foundation for the world. Oil, coal, and gas have created immense prosperity and transformed our society for the better in the 20th century. But an even better, more resilient, lower-cost, and cleaner energy foundation is possible with batteries, geothermal, and renewables. That is the path to yet more prosperity for the world in the 21st century — and it requires innovation, commercialization, and incredible scaling. My hope is for Sila to play an important part in that energy foundation.
OpenAI’s books show zero debt and just $46mn of quarterly capital spending. The catch, reported by The Information: around $665bn of commitments sitting just off the balance sheet, now heading for regulators’ desks.
On paper, OpenAI looks like a lean software business. The reality is far heavier.
As at 31 March, the ChatGPT maker had zero debt and less than $750mn of lease liabilities, according to The Information, which reviewed its financial statements. Its capital spending for the quarter came to just $46mn. That is less than Salesforce, a company that merely sells software.
For one of the most hardware-hungry businesses in tech, those are remarkable numbers.
The spending has not vanished. It has moved off the balance sheet.
OpenAI carries around $665bn of purchase commitments that do not show up as debt. Most of it is compute: long-term deals to rent the data centres and chips its models run on.
The company leans on Microsoft, Oracle, Amazon and joint ventures such as Stargate and Fluidstack for that capacity. The obligations are real and enormous. They simply do not appear where investors usually look.
The structure raises a second question. Who sits on the other side of these deals?
About 72 per cent of OpenAI’s cost of revenue flows to related parties such as Microsoft. Microsoft is both a major backer of the company and one of its key suppliers.
That kind of concentration invites scrutiny over conflicts of interest. It is exactly the sort of arrangement that public-market regulators tend to probe.
This is landing as OpenAI prepares to go public. It filed confidentially with the SEC on 8 June, a week after rival Anthropic, with Goldman Sachs and Morgan Stanley leading the deal.
The filing valued OpenAI at about $852bn. Analysts think a debut could push it past $1tn, perhaps this autumn. It follows SpaceX, which listed in June in the largest IPO on record.
The filing also hands financial regulators their first proper look at OpenAI’s accounting and its tangle of business relationships.
None of this would matter if the growth were already there. It is not.
OpenAI projects advertising revenue rising from $2.4bn this year to $102bn by 2030, when ads would be more than a third of its sales. Ad group WPP expects the entire AI search and chatbot ad market to be worth about $101bn in 2030. That figure already includes Google.
In short, OpenAI is forecasting that it can capture, on its own, a whole market the rest of the industry will be fighting over.
The cash, meanwhile, keeps pouring out. OpenAI spent about $34bn last year and burned through $3.7bn in the first three months of 2026 alone.
A clean balance sheet usually reassures investors. This one may do the opposite. Zero debt means little when $665bn of commitments sit just out of frame. Sceptics already warn that an OpenAI stumble could ripple across the whole AI supply chain.
Ireland takes over the EU Council presidency on 1 July with a tech-heavy legislative agenda, but its economy depends on the very companies those rules target. Two firms, understood to be Apple and Microsoft, paid 40 per cent of all Irish corporate tax in 2024.
TL;DR
Ireland takes over the rotating presidency of the Council of the EU on 1 July, inheriting a legislative agenda that includes proposals to curb Europe’s reliance on American tech, simplify the bloc’s digital rulebook, decide whether to ban children from social media, and overhaul telecom regulations. The country holding the presidency is supposed to act as an honest broker, finding common ground among 27 member states rather than advancing its own interests.
That role is complicated when the broker’s economy runs on the companies being regulated. Sixteen of the world’s 20 largest tech firms reportedly operate hubs in Ireland, and more than 100,000 people work in the sector.
Ireland’s fiscal watchdog, the Irish Fiscal Advisory Council, warned earlier this year that just two companies, understood to be Apple and Microsoft, paid almost 40 per cent of all corporate tax in Ireland in 2024. That amounted to roughly €11 billion, with a third firm, understood to be Eli Lilly, bringing the share to 46 per cent.
The 💜 of EU tech
The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!
“It’s widely acknowledged, including by the Irish Fiscal Advisory Council, that Ireland is too reliant on Big Tech firms,” said Michael McNamara, the liberal MEP who co-led the European Parliament’s package to roll back elements of the AI Act. He said Ireland needs to be “clear-eyed about the pressures that will come during the Presidency” from companies headquartered in Dublin.
Ireland’s presidency agenda runs through the same regulatory territory where it has faced sustained criticism. The Irish Data Protection Commission, the body responsible for policing GDPR compliance by tech firms that base their European operations in Dublin, has been accused of being too lenient on enforcement and of allowing a revolving door between the regulator and the private sector.
The Irish Council for Civil Liberties has called for Ireland to recuse itself from all digital files during the presidency. Lynn Boylan, a left-wing MEP from the opposition party Sinn Féin, said Ireland’s economic model is “deeply tied to keeping a small number of overwhelmingly American tech corporations comfortable,” creating an “obvious conflict.”
Tech firms made their priorities clear in a public consultation Ireland held ahead of the presidency. CCIA Europe, the Big Tech lobby group, called for Ireland to “double down” on simplifying tech rules and “firmly reject” sovereignty provisions that could exclude foreign firms.
Meta urged Ireland to “adopt a leadership position in shaping Europe’s digital agenda,” calling for a “complete overhaul” of the bloc’s digital rules and a “pause on implementation” of new regulations. It also said Ireland should bring its “unique relationship with the U.S.” to the fore during the presidency.
Bram Vranken, a researcher at the transparency group Corporate Europe Observatory, said that while companies lobby every country holding the presidency, “in the case of Ireland they know they have more leverage.” Irish officials pointed to the fact that they published all lobby submissions received during the consultation as evidence of transparency.
Ireland’s defenders point to its track record. During its last presidency in 2013, Ireland pushed GDPR negotiations so hard that diplomats from other member states slept in tents to maximise negotiating time, earning praise from then-Justice Commissioner Viviane Reding.
Two EU diplomats, granted anonymity to speak candidly, told Politico that Ireland had been “very fair” and “very professional” on previous digital files. Niamh Smyth, Ireland’s minister of state for artificial intelligence, rejected the idea that Big Tech’s presence would compromise the presidency.
“We have had many presidencies before, and we have always done our job well and done it objectively,” Smyth told Politico. Billy Kelleher, a liberal MEP from the governing Fianna Fáil party, added that Ireland should “not be embarrassed about being a success story.”
Whether simplification tips into deregulation will define how the presidency is judged. The question for the next six months is whether Dublin can separate what is good for its economy from what is right for the bloc.
This post is brought to you in paid partnership with YARBO.
If you’ve been pricing out a robot mower for a genuinely large property, Prime Day just made the math easier. The YARBO Robot Lawn Mower Pro is down to $4,999 on Amazon (from a $5,999 list price), a $1,000 Prime Day saving on a machine built for yards most robot mowers can’t touch. At that price and that capability, this is the kind of purchase that changes how an entire weekend gets spent, and the RTK and AI vision navigation underneath means there’s no perimeter wire to bury, which is the install headache that defines most of the category.
A robot mower for a large property earns its keep differently than a small-yard model does. Where a basic unit taps out at a fraction of an acre and needs a boundary wire trenched around the lawn, the YARBO Pro is rated for up to 6 acres and skips the wire entirely, using RTK positioning and AI vision to map and navigate. For a property that size, that distinction is the difference between a gadget and an actual labor replacement.
The modular design is what makes this worth caring about beyond mowing season. The Pro is built as a year-round yard-care platform rather than a single-season mower, so the same base robot is designed to take on other tasks as the seasons change rather than going into storage in October. Dual motors deliver up to 2500W peak power, the 20-inch cutting width covers ground quickly, and a 120-minute runtime lets it work through large sections on a charge.
The practical control side holds up too. The cutting height adjusts from 0.8 to 4.0 inches for everything from a tight finish to longer grass, and the smartphone app handles scheduling, remote operation, and RTK positioning with privacy protection built in. It’s positioned for both residential and commercial use, which tracks given the acreage it’s rated for.
A $1,000 Prime Day saving on any single item is significant, and on a large-acreage robot mower it brings a genuinely capable machine to $4,999. Comparable wire-free robot mowers built for multi-acre properties sit at or above this price, often before any sale, and the YARBO Pro’s RTK navigation and modular platform keep it competitive with anything aimed at yards this size. For a property where the alternative is a riding mower plus the hours to run it, the value calculation shifts quickly.
The YARBO Robot Lawn Mower Pro at $4,999 is the big-ticket Prime Day buy that’s hard to talk yourself out of if you’ve got the acreage to justify it. The wire-free RTK navigation, 6-acre coverage, modular all-season design, and app control add up to a machine that earns its price in reclaimed weekends, and the $1,000 day-one Prime Day saving makes this the moment to commit if a robot mower has been on the list.
Every year in the hi-fi and home cinema world there are trends – some you see from the start of the year, others start to develop over the course of a few months.
This type of convergence can almost be an act of serendipity – all these products launching around the same time – what could have kick-started this or any trend?
Let’s take a look at active, also known as powered speakers. They are starting to pop up with unerring regularity.
We’ve had Ruark Audio’s five-star powered speakers. We’ve also had the launch of Cambridge Audio’s L/R S (with more to come), KEF has launched a few active/powered speakers in the last few years, there are new models from Tangent, Triangle, Elipson, Kanto, Klipsch, Edifier – and this is just the beginning.
Hi-Fi has struggled to attract the attention of a younger generation glued to smartphones, tablets and other mobile devices. Hi-Fi can seem hoary and stuffy compared to the worlds that mobile devices can offer.
Some hi-fi brands have taken the route of headphones to entice people not au fait with hi-fi. Speaker brands such as Bowers & Wilkins, Dali, Focal and others have invested big-time in headphones (or head-fi) as a gateway to hi-fi, but is it actually a gateway? Do people jump from headphones to hi-fi? Let’s say I’m not too sure.
But we’ve seen a renaissance of vinyl. There’s been a resurgence in CD, and even cassette tapes have enjoyed a few days in the sun, while wired headphones continue to drum up positive publicity.
But proper – or trad hi-fi – still struggles for some traction and momentum. The appeal it has is men of a certain age who like to decamp to their den to listen to music in peace.
But active and powered speakers could change that outlook.
For one, hi-fi takes up space. Who has space these days? Everyone wants to move to a bigger house for more space, and everyone wants to move to a smaller house because it’s less expensive. What’s something that’s the best of both worlds – saving space, still offering a good experience but ultimately provides convenience?
Well that could be active/powered speakers.
The amplification, in some cases the streaming and processing, can be done with just two boxes rather than many. But more than that, they’re multi-purpose in use.
I’m currently testing a pair of KEF and Edifier speakers, both of which come with HDMI eARC to connect to a TV, making them potential soundbar replacements. Other models have a built-in phono stage to connect directly to a turntable. USB means you can plug your music in that way.
And then there’s the wireless support. Some cheaper options will make do with just Bluetooth, but active speakers with Wi-Fi open the world to the likes of Spotify Connect, Tidal, Qobuz etc – high quality music streaming services that you just need to tap a few buttons to get started.
Hi-Fi sound, but without the faff. You can see the appeal, and why brands seem to have set their stall up in this area of the market.
The great thing about active and powered speakers is that they can fit within your current set-up rather than having to buy certain products to create a system.
While traditional hi-fi offers outright performance, especially if you know what you’re doing, knowledge can also be a bit of a bugbear. Not everyone knows what they’re doing or can be bothered to find out either.
This is why the convenience of powered speakers is useful. The plug-and-play mentality, of reducing the number of steps and therefore complexity, is one I’d reckon has wide appeal.
Everyone likes to listen to good music – if you don’t, I fear you might be a miserable so–and–so–and a pair of speakers that can do that without sacrificing much in the way of performance has got to be worth pursuing.
But convenience is only great if you can afford it. At the low end you might consider £400 rather expensive – especially if you’re the type of person for whom a £70 Bluetooth speaker is you pushing the boat out. £400 (sorry, £399) has become the first boundary marker. You’ll find a decent experience for less, but you won’t find better for less.
It’s when we start to go up through the price bands that I can see things start to stall. Yes, Wi-Fi is a ‘good thing’ to have, but eyebrows start to raise when you see those models pushing £1000 if not more. And then we have your ‘posh’ active speakers, models that stretch the asking price to £2000+, despite not offering a feature set that’s markedly different from a pair of actives half the price. And in some cases, a performance that doesn’t quite live up to the premium billing.
So while this emergence of active and powered speakers is very much ‘good’, it’s also susceptible to money. It is also something of a lifestyle choice. People like listening to music, but how they do so is different. Not everyone wants to be tied to a desktop or their living room. They like to take their music with them.
So while this emergence/growth of the active/powered is a good thing and may lower the barrier and make hi-fi more accessible, the biggest obstacle active speakers face is not in terms of perception. The biggest obstacle that active speakers, and hi-fi in general faces, is that it has, in a way, been superseded by something in plain view.
Like a riddle; what can you use at home and outside of it? What comes in different forms that allows you to listen to audio however you like? What’s the device tied to you in a very personal way?
What hi-fi has to overcome is the unassailable might of headphones, which has pretty much replaced traditional hi-fi. And I for one can’t see that happening anytime soon. Is the active/powered speaker doomed? Of course not, but maybe this sudden gold rush won’t necessarily result in the riches hi-fi brands hope it will.
Airbus has unveiled a version of its popular H145 helicopter that flies completely without a pilot. The new U145 removes the cockpit to create space for cargo and mission equipment while adding full autonomy through sensors and artificial intelligence.
Designers at Airbus Helicopters began with the H145, a helicopter that has already been used in EMS, law enforcement, and offshore work across the world. They built on the core H145 structure, with the same twin engines and performance as the original. You can’t disagree with over 1,800 of these things flying about, as that’s 8 million plus hours of real-world testing, indicating the U145 has a solid base on which to build reliability.
Sale
Airbus made the most significant change in the front, removing the cockpit and installing large clamshell doors, a fold-down loading table, and a reinforced cargo deck while leaving the regular rear doors and side doors intact. This converts the nose of the vehicle into the main loading area, making it easy to transport large, heavy items in rugged or remote regions.
The power is still provided by two Safran Arriel 2E engines, although they are now fully digitally controlled. The maximum takeoff weight remains at 3,800 kg, and like with all H145s, it is known for being extremely quiet and environmentally friendly. The U145 relies only on sensors and artificial intelligence. Sensors send data into AI algorithms, allowing the aircraft to fly autonomously and complete any mission required. Airbus designed this thing without considering a human crew because the entire concept revolved around it flying on its own.
Cargo delivery is the primary use for both civilian and military users, but the modular design allows it to be utilized for disaster relief, firefighting, surveillance, and even armed scouting. Airbus is also considering employing the U145 as a “mothership” for launching air-launched effects with MBDA, and there is considerable work being done on crewed and uncrewed teaming.
This is the second time Airbus has converted a crewed helicopter into an unmanned system; the VSR700, based on the Cabri G2, has been operational with the French navy for some time. Lessons from that experiment helped them improve the U145 significantly. The first test flights will take place later in 2026, with a safety pilot on board, and it should be ready for operation in the early 2030s. Airbus will collaborate with some specialist partners to improve autonomous capabilities and expand the entire ecosystem for uncrewed aerial aircraft across Europe.
[Source]
Threat actors are increasingly turning massive infostealer-derived credential collections into searchable underground services, allowing buyers to request credentials for a specific company, platform, domain, geography, or account type.
Flare researchers analyzed 470 underground forum posts published between January 2025 and June 2026, across different sources, related to actors offering to search for and extract stolen credentials from their databases. The dataset included advertisements, reposts, buyer feedback, pricing references, and disputes around quality and validity.
The findings show a dedicated service layer sitting between infostealer infections, raw logs trading and account takeover activity. The profile of the threat actors who offer these services is divided between the Malware-as-a-Service (MaaS) providers and the MaaS consumers.
In many cases, they function as credential brokers or data processors, monetizing the vast number of logs and their ability to search, filter, format, and deliver targeted results from large stolen credential collections.
Analysis of 470 underground posts illustrates a pinpointed service that offers targeted extraction, filtering, deduplication, formatting, and freshness, from large infostealers databases containing tens of billions of lines. It is functioning as an alternative to combo lists, where instead of purchasing a bulk dump, buyers query a seller’s existing data and receive only the results that match their target.
The market overlaps with the Initial Access Broker (IAB) ecosystem, but is not identical to it, when the common output formats included URL:LOGIN:PASS, MAIL:PASS, LOGIN:PASS, PHONE:PASS, MAIL:PHONE, and MAIL:LOGIN.
Interestingly buyer feedback showed there’s a gap between what is advertised and the actual results in terms of in reality the volume is lower, the credentials are often invalid, duplicated and generally usable.
The “search your target” market sits in the middle of the account takeover chain.
First, infostealers infect devices and collect credentials, cookies, autofill data, and browser artifacts. Then logs are aggregated and inserted into private clouds, ULP databases, public dumps, or exchange-based collections. Next, the “search-service” threat actors extract rows based on buyers’ requests. Buyers then validate the credentials and use them for account takeover, fraud, spam, phishing, crypto theft, or corporate intrusion.
This means the sellers in this dataset are often neither the first nor final step. They are the processing layer that turns stolen credential noise into targeted attack material.
From a threat intelligence framework perspective, this service model represents a practical example of T1589.001 (Gather Victim Identity Information: Credentials), where adversaries actively research and acquire credentials prior to exploitation, and potentially T1650 (Acquire Access), given that some sellers deliver results indistinguishable from direct access provisioning.
From GitHub access sales to leaked vendor repositories, the warning signs exist — they’re just buried in forums and marketplaces most teams aren’t watching.
Flare surfaces them before they become incidents.
Much like in the DDoS market, where the buyer submits a domain and the service provider attacks it, the service is duplicated and offers the same pipeline.
A buyer sends a target
The seller returns matching credentials
That target can be a company domain, login URL, ecommerce site, gaming platform, application, geographic market, or a list of emails. The output is usually delivered in formats such as URL:LOGIN, URL:LOG, MAIL, LOGIN, PHONE, or other combinations depending on the request.
Several sellers in the underground specify the size of their database as a selling point. One actor advertised an “ULP 5kkk+ lines” database (5,000,000,000), quick access within 10–15 minutes, daily updates, and sources that allegedly included private logs, private clouds, personal streams, and public data. Another actor promoted a 10kkk+ line, 1TB+ URL:LOG database, while others claimed access to collections ranging from hundreds of millions to tens of billions of records.
The size of the database isn’t the only selling point. Threat actors also indicate other capabilities, as part of their sales pitch. The sellers are also advertising their search capabilities, freshness, formatting, and relevance.
Some offer simple domain extraction, while others offer more customized services, such as extracting email accounts for a requested shop, website, app, or game. De-facto, attackers are advertising their technical capabilities of indexing data inside databases, updating and enabling quick and convenient search on it.
As an example, one of the sellers advertised that customers could submit a request for only $20 per request, and add additional payment based on the returned results.
The dataset also showed more advanced forms of credential enrichment. One actor claimed access to separate email, password, login, phone, and URL:Login collections, and described how those records could be combined.
For example, a buyer with only an email list could request matching login pairs, or a buyer looking for a specific geography could receive results built from country codes, domains, URLs, cities, and password patterns.
This further indicates that threat actors are using data best practices (e.g. labeling, slicing), much like ordinary legitimate businesses around the world.
Customer feedback indicates that the sellers are over-promising and under-delivering. They claim that some sellers aren’t credible. Some claim that the credentials are invalid, and sellers answer in return that they didn’t ever check if the credentials were valid. Some said that this is the same data that appears in large combo lists published for free across the underground.
Others claim that these databases contain many duplications (one even claimed that out of 3,000 records only 200 were unique).
While the concept of large combo lists or aggregated credential files, isn’t new. This service is still something unique that can eventually, if operated correctly, put a lot of businesses and organizations at risk.
Over the past several years, infostealer families and log marketplaces produced enormous quantities of records that include browser-stored credentials, cookies, autofill data, and device information. These collections are constantly growing and create a challenge for buyers to sort it out for profit.
The operation to more easily extract value was an opportunity for commercialization. Therefore, a buyer who usually has a specific pinpointed goal can save time and money with this service.
The “search your target” market is often tied to a general search for an email or business or person, the validity and “freshness” of access isn’t guaranteed, and you are basically paying for search, find, and results. This market partially overlaps with the initial access broker’s (IAB) market.
When buyers are looking for access to corporate VPNs, SaaS platforms, email accounts, cloud environments, admin panels, or remote access systems, the output can become initial access if these markets overlap.
Nevertheless, the IAB market is often more expensive, prestigious and serves as a “white glove service” when they sell validated access, which often can bypass MFA, and ultimately get into an organization.
The “search your target” market shows that attackers no longer need to manually process massive dumps to find what matters. They can outsource that work to sellers who specialize in turning noisy credential collections into focused target lists. For defenders, the challenge is to identify and close those exposed paths before a buyer turns them into access.
Flare helps by giving security teams visibility into these underground markets and by monitoring exposed employee credentials, corporate domains, login portals, SaaS applications, and related indicators across deep and dark web sources.
This allows organizations to detect when their access points appear in credential collections or search-service advertisements, prioritize the most relevant exposures, and respond faster with password resets, session revocation, MFA enforcement, and investigation of possible account misuse.
Sponsored and written by Flare.
In a nutshell: Obsidian, the developer behind some of the best RPGs of all time, is being sued. A class-action lawsuit has been filed against the Fallout: New Vegas maker over allegations that it violated California wage and hour laws.
The case, Victoria Turner v. Obsidian Entertainment, was originally filed in Orange County Superior Court in October 2025. It appears to have gone largely unnoticed until Reddit user macken_zee highlighted the docket and court documents on the r/pcgaming subreddit. An amended complaint was filed on January 12, 2026.
Turner is listed in The Outer Worlds 2 credits as a QA lead. The filing seeks to represent current and former nonexempt employees who worked for Obsidian in California from October 9, 2021, through the date of class certification. It also seeks to certify a separate group of employees who left the company from October 9, 2022, onward.
The complaint alleges that Obsidian “engaged in a systematic pattern of wage and hour violations under the California Labor Code and Industrial Welfare Commission Wage Orders.”
Those alleged violations include failing to pay all minimum and overtime wages, failing to pay wages owed when employees left the company, failing to pay wages on time during employment, denying lawful meal and rest breaks or compensation in place of them, failing to reimburse necessary business expenses, and failing to provide accurate itemized wage statements.
The lawsuit seeks monetary relief for affected workers, including unpaid wages, unreimbursed expenses, interest, benefits, attorneys’ fees, costs, and penalties.
Obsidian said that it denies “generally and specifically, each and every allegation.” In a response filed in March, the studio asked for the complaint to be dismissed in its entirety with prejudice.
The company also laid out 38 points in its defence. Among them, Obsidian argues that the complaint does not state sufficient facts to support valid claims, and that Turner and any proposed class members “consented to and/or acquiesced in the alleged conduct.”
Reddit users have been arguing over whether California employees can waive meal and rest break protections. Others have urged caution, noting that complaints and responses in wage suits can contain broad, boilerplate allegations and defenses long before the facts are tested.
There has been little movement in the case since Obsidian’s March response. The suit remains pending
Getty already struck a similar deal with Perplexity AI.
Getty Images has announced a multi-year partnership with OpenAI that will bring its licensed content libraries to the AI company. The agreement means Getty’s content will appear in OpenAI search and ChatGPT.
“High‑quality, licensed visual content makes AI‑powered search and discovery more useful and more trustworthy,” Getty CEO Craig Peters said in a statement. “This partnership with OpenAI reflects a shared recognition of that, and together we will deliver richer visual experiences to ChatGPT users.”
Getty, until recently, had taken a strong stance against working with AI companies. In September 2022, Getty banned all AI-generated art from its library. A few months later, it sued Stability AI, alleging copyright violations — a notion that was rejected late last year.
A year after its AI-generated art ban, Getty announced its own generative AI tool, trained on its library and powered by NVIDIA’s Edigy AI model. Each of the resulting images came with a royalty-free license.
But in October 2025, Getty signed a deal with Perplexity AI, allowing the latter’s AI search and discovery tools to access Getty’s library. Critically, the release stated that “Perplexity will be making improvements to how it displays imagery, including image credit with a link to source, to better educate users on how to use licensed imagery legally.” Perplexity has faced suits around alleged illegal use of copyrighted materials.
Notably, Getty hasn’t shared any details on whether its images will be used in AI training, although its deal with Perplexity doesn’t allow for it.
Weekend Open Thread: Miami – Corporette.com
The Adder At The Heart Of Intel’s 8087 FPU
Renter of Home in Anne Heche Crash Denies Settlement With Son
Soccer-U.S. defends Iran World Cup travel restrictions, says discussions ongoing
Wall Street Week Ahead: Investors see Micron earnings as pulse check of AI rally momentum
BBC Reporter Discusses Cross Party Criticism Of Trumps Iran Deal
HIVE shares jump as $220M AI deal speeds Bitcoin mining pivot
Jake Chervinsky accuses CME of protecting derivatives monopoly
Can Charles Hoskinson Really Rescue Cardano?
FIFA World Cup 2026: Canada beat 9-men Qatar 6-0 to register first ever win | FIFA World Cup 2026
MHP SE 2026 Q1 – Results – Earnings Call Presentation (OTCMKTS:MHPSY) 2026-06-20
Brexit cost 6% of UK economy, Bank of England company data suggests
Anthropic’s Dario Amodei Urged AI Unity at G7, Even as US Banned His Models
Microsoft accidentally kills epic Outlook email threads
Robinhood opens AI-powered trading to all users, sending HOOD stock past $100
Weeks Of In-The-Field Testing And A Verdict
Andy Burnham and the meaning of Makerfield
Adobe adds its AI assistant to Premiere, Illustrator and InDesign
Signal’s Meredith Whittaker says AI chatbots ‘are not your friends’ and calls Copilot agents a backdoor
Iren (IREN) Stock Surges on Jefferies Buy Rating: AI Infrastructure Play Gains Momentum
You must be logged in to post a comment Login