Google is making Gemini’s personalized AI image generation free for all eligible users in the United States, removing a paywall that had restricted the feature to Plus, Pro, and Ultra subscribers since its launch in April. The expansion, announced on Sunday, lets any US user aged 13 or older generate images informed by their Google account data, while editing capabilities remain limited to users 18 and older. The move opens one of Gemini’s most distinctive features to the app’s broader user base, which reached 900 million monthly active users at Google I/O last month.

The feature is built on Nano Banana, Google’s native image generation model for the Gemini family, and draws on the Personal Intelligence framework that connects Gemini to a user’s Gmail, Google Photos, YouTube, Search, and other first-party apps. In practice, that means users can ask Gemini to generate images that reflect their actual interests and context without spelling everything out in the prompt. Google says connecting apps is opt-in and that the AI does not train on personal data.

Google first added Nano Banana image generation to Personal Intelligence in April, initially rolling it out to paid subscribers in the US before expanding to India and Japan. Making the feature free removes the last barrier between Google’s massive data advantage and the hundreds of millions of Gemini users who were previously limited to text-only personalization. Free-tier users will receive limited quotas before reverting to the original Nano Banana model, according to Google.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The competitive logic is clear. ChatGPT’s image generation has driven significant engagement for OpenAI, and Apple Intelligence is weaving on-device AI across the iPhone ecosystem. Google’s counter is to lean into what no competitor can easily replicate: the depth and breadth of personal data across Gmail, Photos, Drive, Calendar, Maps, Search, and YouTube.

Connecting all of that to a capable image generator creates a personalization advantage that is difficult to match without equivalent data reach. OpenAI and Apple would need to build or acquire comparable cross-product data pipelines to offer anything similar.

The privacy trade-off remains the obvious tension. Europe was excluded from the initial Personal Intelligence rollout and has not been added since, suggesting Google anticipates regulatory friction under GDPR and the AI Act. For users who opt in, a “sources” button shows which personal data informed each generated image.

Dropping the paywall is the latest step in a broader push Google outlined at I/O 2026, where it also announced the Spark autonomous agent, Daily Brief morning digest, and a price cut that brought the Ultra tier from $250 to $100 per month. The pattern is consistent: expand the free tier to grow the user base, then upsell power users on higher quotas and exclusive features. Whether personalized AI image generation proves sticky enough to justify the data access it requires will depend on whether users see value in images that know who they are, or whether the novelty fades once the initial curiosity passes.

Chamath Palihapitiya, best known for his venture capital firm Social Capital and the All-In podcast, announced Monday that the AI coding startup he founded raised a sizable Series A.

The company, 8090 Labs, closed a $135 million round led by Salesforce Ventures with participation from Jeffrey Katzenberg’s WndrCo, David Sacks’ Craft Ventures, fellow All-In hosts and “besties” David Friedberg’s The Production Board and Jason Calacanis’ Launch, as well angel investors like Palo Alto Networks CEO Nikesh Arora and Quora CEO Adam D’Angelo.

Palihapitiya founded 8090 Labs in January 2024 to offer an AI coding agent specifically for corporate programming teams. Its product, Software Factory, helps corporate coders use AI to build production-quality software, not just vibe-coded prototypes, with all the controls enterprises need, such as audit trails, the company promises.

With the raise, Palihapitiya also announced on X that he will lead the startup as CEO, rather than just serving as a board member.

He said the AI rush today feels like the rise of social media in his career as an early exec at Facebook, long before it became Meta. “Since I left Facebook, I was waiting for a moment like this to return to a full-time operating role,” he wrote. “I am convinced that what we are building now is even more important, so there was no decision to make except to be all in.”

Apple is famous for keeping future iPhones under lock and key. This time, however, the leak didn’t come from a case maker or an overenthusiastic tipster. According to Reuters, confidential files linked to the iPhone 18 Pro have surfaced on the dark web following a cyberattack on Tata Electronics, one of Apple’s most important manufacturing partners in India.

The leak goes far beyond a few blurry photos

Reuters reports that the leaked archive includes supplier lists, internal component maps, engineering documents, and photographs of iPhone 18 Pro units undergoing drop testing. Several of the files reportedly carry Apple’s confidential markings and internal codenames consistent with the iPhone 18 Pro program, though Reuters notes it could not independently verify every document in the archive.

Perhaps even more concerning than the images themselves is the information surrounding them. The leaked documents reportedly map hundreds of individual iPhone components to the companies that manufacture them, revealing details Apple has historically kept closely guarded. Such information could give competitors, counterfeiters, and even suppliers a clearer picture of Apple’s supply chain and sourcing strategy.

The files are believed to be part of a much larger breach claimed by the ransomware group World Leaks, which allegedly published more than 200,000 files stolen from Tata Electronics. Following the incident, Tata tightened access to sensitive internal systems, hired a global cybersecurity consultant to conduct a forensic investigation, and is working with Apple on additional security measures.

This is bigger than an iPhone leak

The funny thing is that the iPhone 18 Pro photos aren’t really the biggest story here. Apple product leaks happen every year. What’s far more unusual is seeing the company’s supply chain exposed in this level of detail. Apple spends years negotiating supplier relationships and deliberately avoids revealing who makes specific components inside its devices, making that information arguably more valuable than a picture of an unreleased phone.

The breach also comes at a sensitive time for Apple as it continues shifting more iPhone production from China to India, with Tata playing a central role in that strategy. Whether the leaked files ultimately prove authentic or not, the incident is a reminder that in today’s tech industry, protecting the supply chain can be just as important as protecting the product itself.

The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server.

NAIC is a U.S. insurance regulatory organization present in all 50 states. The organization identified on June 11 that its PeopleSoft system had been accessed by an unauthorized party and discovered that “an unauthorized third party gained access to a portion of our IT systems.”

ShinyHunters claimed the attack and leaked the stolen data after the organization refused to pay a ransom.

NAIC responded to the threat actor’s leak and addressed some of the claims. The organization says that the hackers accessed and, in some cases, stole already publicly available statutory financial reports, credit rating agency data, outdated logs, and configuration information.

According to NAIC, the investigation found no evidence of personally identifiable information (PII) or financial data having been exposed and directly disputed the threat actor’s earlier claims that they compromised critical insurance regulatory platforms like SERFF (System for Electronic Rate and Form Filing), OPTins (Online Premium Tax for Insurance), and SBS (State-Based Systems).

The incident had operational consequences, with credit rating agencies temporarily suspending data feeds and the NAIC pausing investment designation work, but there are significant discrepancies between the hackers’ claims and the organization’s findings.

In an announcement updated on June 25, ShinyHunters claims to hold 3.1 TB of data corresponding to 105,000 files stolen from NAIC’s systems:

• INSData and Vision servers
• 264,000 insurer regulatory filing PDFs between 2017 and 2024
• 2,000 customer/order/payment records
• 45,000 rating agency files
• AWS infrastructure configs
• Stored credentials for SERFF, OPTins, and UCAA production environments

The hackers also noted in the update that a previous summary of the stolen data was exaggerated due to using AI hallucinations when evaluating the files.

However, according to the threat actor, the latest published inventory was validated by a human reviewer and should be considered accurate.

NAIC stated that all affected systems have now been remediated and that they are implementing additional defenses to prevent future attacks.

ShinyHunter’s hacking spree using the zero-day (CVE-2026-35273) in the PeopleSoft enterprise system has allegedly impacted more than 100 organizations.

BleepingComputer reported about the threat actor’s zero-day attacks before Oracle disclosed the security issue publicly. Both cloud and on-premises Oracle PeopleSoft customer instances were targeted in breaches that left behind extortion demands signed by ShinyHunters.

The hackers told us that most of the targeted organizations were in the education sector and had been previously extorted by the threat actor.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

WhatsApp username reservations are now open globally. While you still need a phone number to create an account, usernames let you start conversations without sharing your phone number. 

Claiming yours would take less than a minute, but only when you go in with all the details. 

What should you know before reserving your username?

Your username must be between 3 and 35 characters and must comply with WhatsApp’s policies. Beyond those limits, you’re mostly free to choose what you like.

WhatsApp has already reserved certain handles for top celebrities, VIPs, and verified organizations, so those names are locked. 

If nothing clicks, WhatsApp’s built-in generator can suggest unique handles.

How do you actually reserve your username?

Go to Settings > Account > Username on the latest version of WhatsApp. Thereafter, you can enter your desired username, and the app will tell you whether it is available. The app will also give you suggestions regarding available usernames. 

As seen in the screenshot, you can also use your Instagram or Facebook username. 

Once you select one, it will be linked to your WhatsApp account and will appear when the feature goes live later this year. If the option isn’t visible, hang tight. WhatsApp is rolling this out region by region and will notify you in the app when it arrives in your country. 

When it does, anyone messaging you for the first time won’t see your phone number, as long as you’ve enabled your username. For extra protection, you can also set an optional username key that contacts will need in addition to your handle to message you.

If you change your mind later, WhatsApp will also let you change or remove your username. 

The importance of usernames

WhatsApp usernames follow a pattern set by Signal, which added phone-number-free contact discovery in 2024. Telegram has also had this feature for years. 

The addition addresses one of WhatsApp’s longest-standing privacy gaps. Sharing your contact information in the app has always required handing over your phone number, making it harder to maintain separation among personal, professional, and public connections.

Apple’s iOS 26.5.2 update adds a variety of fixes to keep your data safe while browsing the web. Here’s what you need to know and why you should update.

On Monday, just under a month after releasing iOS 26.5.1, Apple made iOS 26.5.2 available for download. The update contains more than 25 different security enhancements, and over 15 of them are related to WebKit.

Notably, Apple patched two WebKit vulnerabilities that used maliciously crafted web content to disclose sensitive information. One of the vulnerabilities, a cross-origin issue, was resolved with improved tracking of security origins, while the other security issue was addressed with validation improvements.

iOS 26.5.2 also prevents sensitive data from being leaked when an iOS user visits a webpage. Apple addressed a permissions issue with additional restrictions. Similarly, Apple has added enhanced checks to prevent malicious websites from processing restricted web content outside the sandbox.

Another now-patched WebKit Storage vulnerability let malicious websites silently hijack clipboard data, affecting the text users were copying and pasting. iOS 26.5.2 resolves this issue through improvements to state management.

Multiple now-resolved WebRTC and WebKit issues allowed maliciously crafted websites to cause unexpected Safari and process crashes, along with memory corruption. All of these vulnerabilities have been addressed with the iOS 26.5.2 update.

Additionally, Apple fixed three kernel-related issues. One of the vulnerabilities, which was addressed with improvements to input sanitization, let apps leak sensitive kernel states. The other two kernel-related issues let apps cause an unexpected system termination and let them write or corrupt kernel memory.

Overall, though, iOS 26.5.2 mostly includes WebKit-related fixes, which will undoubtedly make web browsing safer on an iPhone. Unlike other iOS releases, Monday’s software update doesn’t include fixes for vulnerabilities that were used in targeted attacks.

Even so, AppleInsider recommends installing the iOS 26.5.2 update to ensure your devices have the latest security enhancements. Unlike the iOS 27 developer betas, which may contain bugs, glitches, and performance issues, iOS 26.5.2 is an update that should be installed by all users.

Arena, the crowdsourced AI leaderboard that started as a UC Berkeley research project in 2023, has reached 100 million dollars in annualized revenue just eight months after launching its first commercial product. The platform is best known for letting users compare two anonymous AI model responses side by side and vote on which is better. More than 10 million of those evaluations have now been submitted.

The revenue comes from AI Evaluations, a paid service Arena introduced in September that gives model labs and enterprises detailed performance analytics drawn from its community of users. By December, the service had reached 30 million dollars in annualized revenue. It has more than tripled since then.

There is a caveat in the headline number. While Arena describes the figure as ARR, CEO Anastasios Angelopoulos told TechCrunch that customers pay for consumption, meaning the revenue is not recurring in the traditional SaaS sense. “A lot of people don’t even understand that our business is making any money at all, they still see us as like an open-source project,” he said.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Arena has no direct competitor left standing. Yupp, the only other crowdsourced AI model-picking startup, shut down in March after raising 33 million dollars from a16z crypto’s Chris Dixon. Angelopoulos said Arena competes “for the same dollar” as human labeling companies like Mercor, Surge, and Scale AI, all of which help model makers refine their AI during post-training.

That market is growing fast. Handshake’s annualized revenue from AI training nearly doubled from 550 million dollars in January to nearly one billion dollars by April, according to The Information. Mercor’s annualized revenue also topped one billion dollars earlier this year, though a supply chain breach has since complicated its relationship with key clients including Meta.

Arena was co-founded by Angelopoulos and Wei-Lin Chiang, both postdoctoral researchers at UC Berkeley, along with Ion Stoica, the UC Berkeley professor and Databricks co-founder who advised the project before it incorporated in April 2025. The company raised 150 million dollars in a Series A round in January at a valuation of nearly two billion dollars, bringing its total funding to 250 million dollars from investors including Felicis, Andreessen Horowitz, Kleiner Perkins, and Lightspeed.

The platform now ranks AI models across text, coding, vision, and image generation, as well as complex agent workflows through a recently introduced Agent Mode. Its leaderboard has become the de facto scorecard for frontier AI models, with labs from OpenAI to Anthropic to Google routinely citing Arena rankings in their own launch announcements. Turning that influence into a 100 million dollar business in under a year suggests that evaluating AI may be nearly as lucrative as building it.

OS PLATFORMS

Polished Mandriva descendant still makes room for PCs the 64-bit world has left behind

Mageia 10 marks 15 years since the distribution’s first release in June 2011. The project began the previous year as a fork of Mandriva, itself formerly known as Mandrake Linux. We last looked at Mageia alongside the other Mandrake descendants in 2022.

What sets Mageia apart from OpenMandriva Lx, PCLinuxOS, and Russia’s ROSA Linux is its continued support for 32-bit x86 PCs. Its GNOME and KDE Plasma live images are available only for x86-64, while the Xfce edition comes in both x86-64 and x86-32 versions.

There is also a “Classic Installer” ISO, which lets you choose your own desktop from nine different desktop environments, plus another 16 window managers, as detailed in the release notes. Both the standard GNOME session and GNOME Classic are available, while Liquidshell provides a lightweight alternative to KDE Plasma.

Mandrake Linux started out in 1998 as an easier version of Red Hat Linux using the new KDE desktop, which, at that time, Red Hat refused to incorporate due to concerns over the licence of KDE’s Qt toolkit. Nearly three decades later, Mageia remains an RPM-based distro. Version 10 offers two RPM package-management tools: Mageia’s urpmi command and DNF. urpmi also has its own graphical wrapper called Rpmdrake, but Fedora’s dnfdragora is an optional install. Since RHEL and the RHELatives, Fedora, SUSE and openSUSE all use RPM as well, packages of big-name apps such as Google Chrome are available – but Mageia is a different distro, whose common ancestry dates back more than 25 years, and packages for Fedora or openSUSE may not install or work correctly. It comes with Flatpak preinstalled, although no Flatpak applications are installed by default. As with other niche distros, Flatpak may help when you can’t find a native package of something. For those with the 32-bit edition, though, we suspect that few Flatpaks support that architecture.

Mageia 10 is a polished, friendly graphical Linux, built from recent components such as kernel 6.18. True, it does feel a little old-fashioned in some ways: for instance, it uses separate root and user accounts – although sudo is installed, it’s not configured for use. However, it’s a solid choice if you want to get away from the Debian/Fedora mainstream – and if you have a capable 32-bit machine, like a Windows 10 32-bit box, or some other need to run a 32-bit OS such as specific hardware support, then this is one of the best choices around today.

The Welcome screen is rich and very helpful, offering the ability to install extra apps, switch repositories, and more. Alongside it is the Mageia Control Center, which can manage most aspects of the OS without going near a command line. The distro is also well documented, with a substantial Mageia wiki.

It does use systemd, but, even so, it’s relatively lightweight. In our testing on a 32-bit VirtualBox VM, the Xfce edition used just 633 MB of RAM at idle, which is low by modern standards, and 7.8 GB of disk space. If you choose the KDE Plasma desktop, you get Plasma 6.5.5 with a choice of X11 or Wayland. The installation occupies about the same amount of disk space, although the RAM usage rises sharply: about 1.7 GB at idle. Xfce has an unusual GNOME 2-style two-panel setup, while the Plasma layout is clean and simple. We installed the Liquidshell desktop to have a look, but it’s very basic and rather clunky. 

Mageia forked from Mandriva in 2011, before the company closed down, while OpenMandriva did so afterwards. They are still quite similar distributions, though, and we really wish that the two teams could settle their differences and merge the distros. Either way, Mageia’s 32-bit edition is an increasingly rare offering in an increasingly 64-bit world, which might win it some new admirers. ®