Over the last several years, fusion power has gone from the butt of jokes — always a decade away! — to an increasingly tangible and tantalizing technology that has drawn investors off the sidelines.

The technology may be challenging to master and expensive to build today, but fusion promises to harness the nuclear reaction that powers the sun to generate nearly limitless energy here on Earth. If startups are able to complete commercially viable fusion power plants, then they have the potential to upend trillion-dollar markets.

The bullish wave buoying the fusion industry has been driven by three advances: more powerful computer chips, more sophisticated AI, and powerful high-temperature superconducting magnets. Together, they have helped deliver more sophisticated reactor designs, better simulations, and more complex control schemes.

It doesn’t hurt that, at the end of 2022, a U.S. Department of Energy lab announced that it had produced a controlled fusion reaction that produced more power than the lasers had imparted to the fuel pellet. The experiment had crossed what’s known as scientific breakeven, and while it’s still a long ways from commercial breakeven, where the reaction produces more than the entire facility consumes, it was a long-awaited step that proved the underlying science was sound.

Founders have built on that momentum in recent years, pushing the private fusion industry forward at a rapid pace.

Commonwealth Fusion Systems

Commonwealth Fusion Systems (CFS) has raised about a third of all private capital invested in fusion companies to date. Its latest round, which closed in August, added $863 million to its coffers, bringing its total raised near $3 billion.

CFS’s Series B2 came four years after its $1.8 billion Series B, which helped catapult the company into the pole position. Since then, the startup has been hard at work in Massachusetts building Sparc, its first-of-a-kind power plant intended to produce power at what it calls “commercially relevant” levels. 

Sparc’s reactor is a tokamak design, which resembles a doughnut. The D-shaped cross section is wound with high-temperature superconducting tape, which, when energized, generates a powerful magnetic field that will contain and compress the superheated plasma. Heat generated from the reaction is converted to steam to power a turbine. CFS designed its magnets in collaboration with MIT, where co-founder and CEO Bob Mumgaard worked as a researcher on fusion reactor designs and high-temperature superconductors.

The Massachusetts-based CFS expects to have Sparc operational in late 2026 or early 2027. Later this decade, the company says it will begin construction on Arc, its commercial power plant that will produce 400 megawatts of electricity. The facility will be built near Richmond, Virginia, and Google has agreed to buy half its output.

CFS is backed by a long list of investors, including Breakthrough Energy Ventures, The Engine, Bill Gates, and others.

TAE Technologies

Founded in 1998, TAE Technologies (formerly known as Tri Alpha Energy) was spun out of the University of California, Irvine by Norman Rostoker. It uses a field-reversed configuration, but with a twist: after the two plasma shots collide in the middle of the reactor, the company bombards the plasma with particle beams to keep it spinning in a cigar shape. That improves the stability of the plasma, allowing more time for fusion to occur and for more heat to be extracted to spin a turbine. 

In December 2025, TAE announced that it would merge with President Donald Trump’s social media company, Trump Media & Technology Group. The all-stock transaction would value the combined company at $6 billion. TAE would receive $200 million plus another $100 million upon filing paperwork with the Securities and Exchange Commission. TAE CEO Michl Binderbauer will serve as co-CEO of the combined company alongside Devin Nunes, who had been sole CEO of Trump Media.

The fusion startup had previously raised $150 million in June from existing investors, including Google, Chevron, and New Enterprise. Before the merger, TAE had raised a total of $1.79 billion, according to PitchBook.

Helion

Of all fusion startups, Helion has the most aggressive timeline. The company plans to produce electricity from its reactor in 2028. Its first customer? Microsoft.

Helion, based in Everett, Washington, uses a type of reactor called a field-reversed configuration, where magnets surround a reaction chamber that looks like an hourglass with a bulge at the point where the two sides come together. At each end of the hourglass, the reactor spins the plasma into doughnut shapes that are shot toward each other at more than 1 million mph. When they collide in the middle, additional magnets help induce fusion. When fusion occurs, it boosts the plasma’s own magnetic field, which induces an electrical current inside the reactor’s magnetic coils. That electricity is then harvested directly from the machine.

The company most recently raised $465 million in June in a Series G that valued the company at $15.5 billion. Its previous round, announced in January 2025, totaled $425 million. Altogether, Helion says it has raised $1.5 billion. Investors include Sam Altman, SoftBank Vision Fund 2, Reid Hoffman, KKR, BlackRock, Peter Thiel’s Mithril Capital Management, and Capricorn Investment Group.

Pacific Fusion

Pacific Fusion burst out of the gate with a Series A that topped $1 billion, the startup has told TechCrunch. That’s a whopping sum even among well-funded fusion startups. The company will use inertial confinement to achieve fusion, but instead of lasers compressing the fuel, it will use coordinated electromagnetic pulses. The trick is in the timing: All 156 impedance-matched Marx generators need to produce 2 terawatts for 100 nanoseconds, and those pulses need to simultaneously converge on the target.

The company is led by CEO Eric Lander, the scientist who led the Human Genome Project, and president Will Regan. Pacific Fusion’s funding might be massive, but the startup hasn’t gotten it all at once. Rather, its investors will pay out in tranches when the company achieves specified milestones, an approach that’s common in biotech.

Shine Technologies

Shine Technologies is taking a cautious — and possibly pragmatic — approach to generating fusion power. Selling electrons from a fusion power plant is years off, so instead, it’s starting by selling neutron testing and medical isotopes. More recently, it has been developing a way to recycle radioactive waste. Shine hasn’t picked an approach for a future fusion reactor, instead saying that it’s developing necessary skills for when that time comes.

The company has raised a total of $1 billion, according to PitchBook. Investors include Energy Ventures Group, Koch Disruptive Technologies, Nucleation Capital, and the Wisconsin Alumni Research Foundation. The company most recently raised a $240 million round in February led by NantWorks with participation from investors including Deerfield Management, Fidelity Management & Research Company, Oaktree Capital Management, Pelican Energy Partners, and the Sumitomo Corporation of Americas.

General Fusion

Now in its third decade, General Fusion has raised over $600 million. The Richmond, British Columbia-based company was founded in 2002 by physicist Michel Laberge, who wanted to prove a different approach to fusion known as magnetized target fusion (MTF). Investors include Jeff Bezos, Temasek, BDC Capital, and Chrysalix Venture Capital.

In a General Fusion’s reactor, a liquid metal wall surrounds a chamber in which plasma is injected. Pistons surrounding the wall push it inward, compressing the plasma inside and sparking a fusion reaction. The resulting neutrons heat the liquid metal, which can be circulated through a heat exchanger to generate steam to spin a turbine.

General Fusion hit a rough patch in spring 2025. The company ran short of cash as it was building LM26, its latest device that it hoped would hit breakeven in 2026. Just days after hitting a key milestone, it laid off 25% of its staff. CEO Greg Twinney penned an open letter pleading for funding from investors. 

In August, they delivered somewhat, injecting $22 million in a pay-to-play round that one investor called “the least amount of capital possible” to keep General Fusion afloat. Then in November, securities filings in Canada revealed that the company had raised $51.1 million in SAFE notes from nearly 70 investors, the Globe and Mail reported. Altogether, it has raised $612 million, according to PitchBook.

In January, General Fusion said it would go public via a reverse merger with a special purpose acquisition company. Assuming the deal closes as planned, General Fusion could bring in an additional $335 million.

Inertia Enterprises

Only one fusion experiment, the National Ignition Facility (NIF), has surpassed scientific breakeven, and the chief scientist of that endeavor, Annie Kircher, is part of Inertia Enterprises founding team. She’s joined by Mike Dunne, a Stanford professor, and Jeff Lawson, who co-founded Twilio and currently owns The Onion. In April, the startup signed three agreements to commercialize the technology developed at the NIF.

Inertia plans to use lasers to bombard fusion fuel pellets, an inertial confinement design that echoes the one Kircher successfully used at the NIF. Inertia Enterprises emerged from stealth in February with $450 million in Series A funding in a round led by Bessemer Venture Partners with participation from GV, Modern Capital, Threshold Ventures, and others.

Focused Energy

Germany-based Focused Energy is another fusion startup that traces its lineage to the National Ignition Facility (NIF). In addition to using laser pulses to compress a fuel target, the company has hired Debbie Callahan as its chief strategy officer. Callahan helped design the fuel target at NIF. Her job at Focused Energy will be to figure out how to turn the NIF’s painstakingly crafted fuel target into something that can be mass manufactured at a rate of nearly 1 million per day.

Focused Energy raised an oversubscribed $240 million Series A in June, bringing its total private capital raised to $400 million. The company has also received $200 million in grants. Investors include the German Federal Agency for Breakthrough Innovation (SPRIND), Prime Movers Lab, and the utility RWE, which has granted Focused Energy access to a decommissioned nuclear fission power plant it operates.

Tokamak Energy

Tokamak Energy takes the usual tokamak design — the doughnut shape — and squishes it, reducing its aspect ratio to the point where the outer bounds start resembling a sphere. Like many other tokamak-based startups, the company uses high-temperature superconducting magnets (the rare earth barium copper oxide, or REBCO, variety). Since its design is more compact than a traditional tokamak, it requires less in the way of magnets, which should reduce costs. 

The Oxfordshire, U.K.-based startup’s ST40 prototype, which looks like a large, steampunk Fabergé egg, generated an ultra-hot, 100-million degree Celsius plasma in 2022. Its next generation, Demo 4, is currently under construction and is intended to test the company’s magnets in “fusion power plant-relevant scenarios.” Tokamak Energy raised $125 million in November 2024 to continue its reactor design and expand its magnet business. In April, the startup said it would be supplying magnets for the U.K.’s STEP Fusion program, a government program that is working toward a spherical tokamak-based power plant.

In total, the company has raised $336 million from investors, including Future Planet Capital, In-Q-Tel, Midven, and Capri-Sun founder Hans-Peter Wild, according to PitchBook.

Zap Energy

Zap Energy isn’t using high-temperature superconducting magnets or super-powerful lasers to keep its plasma confined. Rather, it zaps the plasma (get it?) with an electric current, which then generates its own magnetic field. The magnetic field compresses the plasma to about 1 millimeter, at which point ignition occurs. The neutrons released by the fusion reaction bombard a liquid metal blanket that surrounds the reactor, heating it up. The liquid metal is then cycled through a heat exchanger, where it produces steam to drive a turbine.

The startup announced a partial pivot in April, saying it will pursue a hybrid power plant that employs both nuclear fusion and fission. It also hired a new CEO, Zabrina Johal, who has expertise in the fission industry. Zap claims the move will help it bring in revenue earlier than fusion alone.

The Everett, Washington-based company has raised $327 million, according to PitchBook. Backers include Bill Gates’ Breakthrough Energy Ventures, DCVC, Lowercarbon, Energy Impact Partners, Chevron Technology Ventures, and Bill Gates as an angel.

Type One Energy

Stellarator startup Type One Energy is planning to build a fusion reactor on the site of a retired Tennessee Valley Authority (TVA) coal power plant. The magnetic confinement device is expected to generate 350 megawatts of electricity, and the company hopes to bring it online by the mid-2030s.

Unlike other fusion startups, Type One plans to sell key technology to organizations like the TVA, allowing them to build, own, and operate the equipment, similar to how many fossil fuel power plants are developed today. Type One has raised $269 million to date, including an $87 million equity round in advance of a $250 million Series B that the company is currently raising.

Proxima Fusion

Most investors have favored large startups that are pursuing tokamak designs or some flavor of inertial confinement. But stellarators have shown great promise in scientific experiments, including the Wendelstein 7-X reactor in Germany.

Proxima Fusion is bucking the trend, though, having attracted a €130 million Series A that brings its total raised to more than €185 million. Investors include Balderton Capital and Cherry Ventures.

Stellarators are similar to tokamaks in that they confine plasma in a ring-like shape using powerful magnets. But they do it with a twist — literally. Rather than force plasma into a human-designed ring, stellarators twist and bulge to accommodate the plasma’s quirks. The result should be a plasma that remains stable for longer, increasing the chances of fusion reactions.

Kyoto Fusioneering

With all the startups pursuing fusion power, it was perhaps inevitable that another would pop up to develop components that round out a power plant. The so-called balance of plant, or the parts that sit outside the reactor, range from gyrotrons that heat plasma to heat extraction systems to harvest power from fusion reactions to turn it into electricity. 

Kyoto Fusioneering has made an early bet that if even one fusion startup succeeds in generating enough power to sell to the grid, that the industry will need a supplier for the balance of plant and the expertise to integrate it into whichever fusion technologies win out.

Venture capitalists appear to agree, having invested $191 million in Kyoto Fusioneering. Investors include 31Ventures, In-Q-Tel, JIC Venture Growth Investments, Mitsubishi, and Sumitomo Mitsui Trust Investment.

Marvel Fusion

Marvel Fusion follows the inertial confinement approach, the same basic technique that the National Ignition Facility used to prove that controlled nuclear fusion reactions could produce more power than was needed to kick them off. Marvel fires powerful lasers at a target embedded with silicon nanostructures that cascade under the bombardment, compressing the fuel to the point of ignition. Because the target is made using silicon, it should be relatively simple to manufacture, leaning on the semiconductor manufacturing industry’s decades of experience.

The inertial confinement fusion startup is building a demonstration facility in collaboration with Colorado State University, which it expects to have operational by 2027. Munich-based Marvel has raised a total of $162 million from investors including b2venture, Deutsche Telekom, Earlybird, and HV Capital with Taavet Hinrikus and Albert Wenger as angels.

Thea Energy

Thea Energy is betting its pixel-inspired magnets will help it build a stellarator for less money. Stellarators can keep plasmas burning for long periods of time — a boon when it comes to running a commercial power plant — but to do so, they require twisty magnetic fields. Most stellarators build magnets that mimic that complex shape, but Thea Energy thinks that by wreathing its doughnut-shaped reactor in dozens of smaller magnets, it can use control software to create the necessary kinks.

In May, Thea raised $100 million in a Series B led by the U.S. Innovative Technology Fund, just over two years after a $20 million Series A. Across all rounds, the startup has raised $130 million in private capital. Other investors include Prelude Ventures, Lowercarbon Capital, Hitachi Ventures, and Emerald Technology Ventures.

First Light Fusion

Unlike many other fusion startups, First Light Fusion doesn’t use magnets to generate the conditions necessary for fusion. Instead, it follows an approach known as inertial confinement, in which fusion fuel pellets are compressed until they ignite. 

But even then, First Light doesn’t hew to orthodoxy. Most attempts at inertial confinement use lasers to do the dirty work, following the lead of the National Ignition Facility, which produced a groundbreaking experiment in 2022. Rather, First Light fires a projectile at a target using a two-stage gun; the first stage uses gunpowder to fire a plastic piston that compresses hydrogen to 145,000 psi, which then launches the projectile. The target is designed to amplify the force of the impact so it compresses the fuel to the point of ignition.

In March 2025, First Light announced that it would not pursue building its own power plant, instead offering its core technologies to other companies to build one. A spokesperson for First Light said that it is planning to build “pulsed power capability that would act as our demonstrator plant but would have other science and defense applications.” In other words, the company was dropping its plans for a power plan in a quest for revenue.

Based in Oxfordshire, U.K., First Light has raised $108 million from investors including Invesco, IP Group, and Tencent, according to PitchBook.

Xcimer

Though nothing about fusion can be described as simple, Xcimer takes a relatively straightforward approach: follow the basic science that’s behind the National Ignition Facility’s breakthrough net-positive experiment and redesign the technology that underpins it from the ground up. The Colorado-based startup is planning to build a 10-megajoule laser system, 5x more powerful than the NIF setup that made history. Molten salt walls surround the reaction chamber, absorbing heat and protecting the first solid wall from damage. In June, Xcimer turned on Phoenix, a prototype system that it says is the most powerful privately owned laser in the world.

Founded in July 2022, Xcimer has raised $100 million from investors, including Hedosophia, Breakthrough Energy Ventures, Emerson Collective, Gigascale Capital, and Lowercarbon Capital.

This story was originally published in September 2024 and will be continually updated.

Companies that pushed hardest to adopt generative AI are now contending with a problem the technology was supposed to prevent: their work is getting worse. Two articles published by Harvard Business Review this month describe a feedback loop in which AI-generated low-quality output degrades the information companies rely on to make decisions, a phenomenon the authors call “knowledge decay.”

The June 2026 HBR article, written by Oxford operations management professor Matthias Holweg and Babson College professor Thomas Davenport, argues that the damage goes beyond individual errors. When employees use AI to produce work that looks polished but contains mistakes or lacks substance, colleagues downstream waste time verifying, correcting, or redoing it. As those errors compound across teams and departments, the organisation’s collective knowledge base deteriorates.

The term for this low-quality AI output already has a name. BetterUp Labs and Stanford’s Social Media Lab coined “workslop” in a September 2025 HBR article to describe AI-generated content that masquerades as good work but lacks the substance to advance a task. Their survey of 1,150 US full-time workers found that 41 percent had received workslop in the preceding month, with each incident requiring an average of one hour and 56 minutes to sort out.

The financial cost is significant. Using respondents’ self-reported salaries and time estimates, the researchers calculated that workslop costs roughly $186 per worker per month. For a company of 10,000 employees, that translates to more than $9 million annually in lost productivity, a figure that does not account for the downstream effects on morale and trust.

Those social costs may matter more than the financial ones. In the BetterUp-Stanford survey, 53 percent of workers who received workslop said they were annoyed, 42 percent viewed the sender as less trustworthy, and roughly half considered the colleague less creative, capable, or reliable than before. A third said they were less likely to want to work with that person again.

The broader productivity picture is no more encouraging. A July 2025 MIT Media Lab report found that 95 percent of organisations saw no measurable return on their generative AI investments, despite billions in spending. Goldman Sachs reached a similar conclusion in March 2026, finding no meaningful relationship between AI adoption and productivity gains at the economy-wide level, even as 70 percent of S&P 500 management teams discussed AI on earnings calls.

The knowledge decay problem is distinct from the familiar complaint that AI hallucinates. Hallucinations are factual errors in AI output. Knowledge decay describes what happens to an organisation when those errors, and the broader pattern of low-effort AI-generated work, accumulate over months.

Workers stop trusting internal documents. Processes built on unreliable information produce unreliable results. Institutional memory thins as employees lean on AI rather than developing expertise themselves.

Holweg and Davenport warn that the hiring process has been particularly damaged. AI-generated resumes flood recruiters, AI-generated job listings mislead candidates, and AI-powered screening tools filter out qualified applicants. The result, as HBR puts it, is that trust in the hiring process has sunk to “all-time lows for both job seekers and recruiters.”

The worker backlash is already measurable. A 2026 survey of 2,400 workers across the US, UK, and Europe found that 29 percent admit to actively sabotaging their employer’s AI strategy by ignoring guidelines, refusing training, or deliberately skewing performance data. Among Gen Z workers, that figure rises to 44 percent, driven largely by fear of job displacement.

This resistance sits alongside a broader pattern of AI-justified layoffs that often lack clear evidence that AI systems actually replaced the eliminated roles. The tech sector recorded more than 95,000 job cuts across 247 events in 2026, with nearly half attributed to AI, even though analysts have questioned whether many of those companies had mature AI implementations capable of absorbing the work.

The irony is that fixing the workslop problem requires exactly the kind of labour AI was supposed to reduce. Business leaders must now invest in verification processes, quality standards, and human oversight to ensure AI-generated content meets the bar, work that consumes the time of actual employees. HBR’s prescription amounts to building a new layer of human checking around AI output, which undermines the efficiency argument that justified adoption in the first place.

Both HBR articles draw a distinction between indiscriminate AI mandates and targeted use. The June article notes that proprietary models trained on company-specific data can add genuine value, while public LLMs applied to tasks they are poorly suited for produce “generic prose that often contains mistakes.” Companies that froze hiring citing AI productivity gains are now discovering that the gains may be illusory if the quality of the work degrades faster than the headcount shrinks.

The knowledge decay concept reframes the AI productivity debate. The question is no longer just whether AI makes individual tasks faster, but whether the cumulative effect of widespread AI use makes an organisation’s decision-making better or worse. HBR’s answer, for companies that adopted AI without quality controls, is that it makes it worse.

Holweg and Davenport’s credentials lend the argument weight, but it is worth noting that the knowledge decay framework has not yet been tested through controlled empirical studies. The concept synthesises existing evidence rather than presenting new data, and the BetterUp-Stanford workslop survey relies on self-reported estimates of time lost. How accurately workers gauge time spent on rework is an open question.

Still, the pattern is consistent across multiple sources. Goldman Sachs, MIT, BCG, and now two separate HBR articles from different research teams arrive at variations of the same conclusion: most companies are not getting what they expected from generative AI, and the ones that pushed hardest may be paying the highest hidden cost.

Attackers are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin that exposes API keys, OAuth tokens, and detailed system configuration data to anyone who sends a single unauthenticated HTTP request. Wordfence, the WordPress security firm owned by Defiant, says it has blocked more than 17 million exploit attempts targeting the flaw since activity began in early May 2026. The plugin is installed on approximately 100,000 WordPress sites.

The vulnerability, tracked as CVE-2026-4020 and rated 5.3 on the CVSS scale by Wordfence, affects all versions of Gravity SMTP through 2.1.4. A patch was released in version 2.1.5 on 17 March 2026, but exploitation did not begin until roughly two months later, suggesting attackers reverse-engineered the fix or discovered the flaw independently after the patch drew attention to it.

The root cause is a REST API endpoint registered at /wp-json/gravitysmtp/v1/tests/mock-data with a permission_callback function that unconditionally returns true. That means no authentication check runs before the server processes the request. When an attacker appends the query parameter ?page=gravitysmtp-settings, the plugin’s register_connector_data() method populates internal connector data, and the endpoint returns approximately 365 KB of JSON containing the site’s full system report.

The exposed data includes API keys, secrets, and OAuth tokens for every email integration configured in the plugin. Gravity SMTP supports Amazon SES, Google, Mailjet, Resend, and Zoho, and credentials for any of these services appear in the response if they have been configured. An attacker who obtains those credentials can send email on behalf of the compromised site, a capability that is useful for phishing campaigns and business email compromise.

The system report also contains the WordPress version, PHP version and loaded extensions, the web server version, the document root path, the database server type and version, all active plugins with their version numbers, the active theme, and database table names. That information gives attackers a detailed map of the site’s software stack, significantly reducing the reconnaissance effort required to plan follow-on attacks against known vulnerabilities in specific plugin or server versions.

“The exposure of live third-party API credentials means an attacker could abuse the site’s connected email services, while the detailed system report significantly lowers the effort required to plan further attacks against the site,” Wordfence researchers wrote in their advisory.

Exploitation volume spiked sharply around 6 June 2026, with Wordfence blocking more than 4 million requests in a single day on 7 June. The attack traffic has originated primarily from a cluster of IP addresses that Wordfence published for administrators to add to blocklists. The key indicator of compromise is requests to /wp-json/gravitysmtp/v1/tests/mock-data in web server access logs, particularly those containing the ?page=gravitysmtp-settings query parameter.

CrowdSec, the open-source threat intelligence platform, independently corroborated the timeline. It deployed detection for CVE-2026-4020 on 22 May and observed the first real-world exploitation on 27 May. By 1 June, the activity had been classified as background noise, indicating it had been integrated into automated scanning routines that sweep WordPress sites at scale.

The speed at which exploitation was industrialised reflects a broader pattern in WordPress plugin security. The flaw requires no authentication, targets a widely installed plugin, and returns high-value data in a single GET request, making it trivial to automate. WordPress’s plugin ecosystem has faced repeated supply chain compromises in 2026, including an attack in which 30 plugins purchased on Flippa were backdoored and lay dormant for eight months before activation.

The Gravity SMTP vulnerability is distinct from those supply chain attacks in that it does not involve malicious code injected by a compromised developer. It is a straightforward coding error, a permission callback that should have verified the requesting user’s credentials but instead returned true for every request. The simplicity of the flaw makes its survival through development, review, and release notable.

The exposure of API credentials is particularly dangerous because those credentials often persist even after the plugin is updated. Updating to version 2.1.5 closes the vulnerable endpoint, but it does not revoke or rotate the API keys that may have already been harvested. Credential theft through software flaws is an accelerating problem across the industry, with recent research showing that exposed API credentials are exploited within minutes of discovery.

Wordfence’s advisory urges site owners running a vulnerable version of Gravity SMTP who have configured third-party email integrations to assume compromise. The recommended remediation is to update the plugin to version 2.1.5 or later, then immediately rotate all API keys, secrets, and OAuth tokens configured in the plugin’s email connectors. Administrators should also review server log files for requests from the published attacker IP addresses.

The CVE was published on 31 March 2026, two weeks after the patch shipped. Despite the three-month window between patch availability and peak exploitation, many sites remain vulnerable. The gap between when patches become available and when organisations deploy them is one of the most persistent problems in software security, and WordPress plugins are especially prone to it because many site operators do not monitor plugin changelogs or enable automatic updates.

Wordfence also issued a separate advisory this week for CVE-2026-8713, a critical unauthenticated arbitrary file-deletion vulnerability in the Avada Builder plugin, which is installed on approximately one million WordPress sites. That flaw allows attackers to delete files on the server through a path traversal bug, and deleting wp-config.php can revert a site to its initial setup state, potentially enabling a full takeover.

A patch for the Avada Builder flaw is available in version 3.15.4, and no active exploitation of CVE-2026-8713 has been observed yet.

Wordfence did not attribute the Gravity SMTP exploitation to a specific threat actor or group. The pattern of mass scanning from a small cluster of IP addresses is consistent with opportunistic credential harvesting rather than targeted intrusion, though the stolen credentials could be sold or shared with more sophisticated operators for follow-on attacks.

Recorded from the show floor at AXPONA 2026, Lenny Coco of Mobile Fidelity Distribution discusses why vinyl still holds relevance in a digital first world, and how it fits alongside modern streaming habits. The conversation avoids framing the formats as competitors and instead looks at how each serves a different role for listeners, with Coco offering his perspective as both an industry insider and music fan. In the end, the focus stays on what matters most: the connection to the music, regardless of how it is delivered.

Sponsors: Thank you SVS for sponsoring this episode, along with Audeze for supplying all guests LCD-S20 Headphones, and Loewe and T10 Bespoke for sharing lounge space at AXPONA 2026.

This episode was recorded on April 12, 2026 (the third day of AXPONA 2026).

Where to listen:

On the Panel:

AXPONA 2026 Podcasts:

Related Links:

Credits:

• GPD launches Panther Lake Mini PC with powerful integrated graphics
• Core Ultra X7 358H delivers near RTX 3050M graphics performance
• MCIO 8i connection brings high-bandwidth external GPU expansion support

GPD has introduced its new Panther Lake Mini PC with Intel’s Core Ultra processors, combining compact dimensions with desktop-focused connectivity options.

The base configuration uses the Core Ultra 7 356H processor, while the step-up variant deploys the Core Ultra X7 358H CPU with a superior Arc B390 integrated graphics.

Japan and Tunisia lock horns in a Group F-defining World Cup 2026 match at Estadio BBVA in Monterrey, Mexico. Tunisia find themselves staring down the barrel after a bitter opening round defeat that led to an emergency replacement in the dugout, while Japan seek to get on the front foot early.

A new coach in the middle of a high-stakes tournament is never good news, but the Tunisian FA had seen enough with a 5-1 loss to Sweden to replace Sabri Lamouchi with former Saudi Arabia boss Herve Renard. The Eagles of Carthage went undefeated in the CAF qualifiers, scoring 22 goals without conceding a single one, but now face an uphill task if they’re to make it out of the group for the first time.

The Mac lock screen has always felt a little underused. You see the time, your wallpaper, and not much else. macOS already supports desktop widgets, but once your Mac is locked, that extra information disappears.

WidgetScreen is trying to fix that in a pretty simple way. The free Mac app, made by UK computer science student Sam Cook, adds glassy widgets to the lock screen so you can quickly check things like the weather, clock, calendar, battery, music playback, countdowns, and system information.

The app is intentionally limited to the lock screen. The widgets appear when the Mac is locked and disappear when the user signs in, so they do not compete with macOS desktop widgets.

What does WidgetScreen actually do?

WidgetScreen is built for quick glances. You can arrange widgets on a grid, resize them, choose frosted or clear glass styles, change units and time format, and decide which display they appear on.

Claude Guillemot, one of five brothers who co-founded Ubisoft in 1986, has died in a plane crash near the coastal town of La Baule in western France. He was 69. Guillemot and a flight instructor from Rennes were both killed when their twin-engine Cessna 421 crashed in a field near La Baule aerodrome on the afternoon of 19 June.

French authorities confirmed that the aircraft was on fire when emergency crews reached the scene. Guillemot, a member of a local flying club, had departed Rennes and was travelling to an aviation gathering that was expected to draw more than 100 aircraft to the area. The cause of the crash has not been determined, and an investigation is underway.

Ubisoft confirmed the death in a statement, saying the company was “deeply saddened to learn of the death of Claude Guillemot.” The five Guillemot brothers, Claude, Yves, Michel, Christian, and Gérard, founded Ubisoft on 28 March 1986 in the Brittany village of Carentoir. What began as a software distribution business grew into one of the largest video game publishers in the world, behind franchises including Assassin’s Creed, Far Cry, Just Dance, and the Tom Clancy series.

Claude served as Executive Vice President in charge of operations at Ubisoft and sat on the company’s board of directors. His brother Yves remains chairman and chief executive of Ubisoft, which employs roughly 19,000 people across more than 40 studios worldwide.

Outside Ubisoft, Claude was chairman and CEO of Guillemot Corporation, the family’s publicly traded holding company that owns Thrustmaster, a major manufacturer of gaming peripherals including racing wheels, flight sticks, and controllers, and Hercules, which makes audio and DJ equipment. Guillemot Corp reported revenue of €197.7 million in its most recent fiscal year.

The Guillemot family’s grip on Ubisoft has been a recurring topic in the gaming industry. Despite holding roughly 11% of outstanding shares, the family maintains control through France’s Florange Act, which grants double voting rights to long-term shareholders. In 2022, Tencent, the Chinese conglomerate that has aggressively expanded its gaming portfolio, invested approximately €300 million in Guillemot Brothers Limited, the family’s private holding company, acquiring a 49.9% economic stake while receiving only 5% of voting rights.

That deal was widely interpreted as a defensive move, allowing the Guillemots to maintain control of Ubisoft while keeping Tencent’s influence capped. Tencent also holds a direct stake of approximately 9.46% in Ubisoft and invested €1.16 billion in Vantage Studios, a new Ubisoft subsidiary created in 2025 to manage the company’s biggest franchises. The question of whether Tencent and the Guillemot family would eventually pursue a full buyout has lingered for years, with no deal materialising as of June 2026.

Ubisoft has faced significant headwinds in recent years, including studio closures, layoffs affecting hundreds of employees, and a corporate restructuring that split the company into five creative divisions. The successful launch of Assassin’s Creed, a franchise that has expanded beyond games into film and television, helped stabilise the company after a difficult 2024, with Assassin’s Creed Shadows surpassing five million players within four months of its March 2025 release.

Claude Guillemot’s death comes at a particularly complex moment for the family business he helped build. Ubisoft is navigating activist investor pressure, an ongoing strategic partnership with Tencent, and a broader gaming industry contraction that has seen tens of thousands of jobs eliminated across the sector since 2023.

He is survived by his brothers and his family. French media reported that tributes from the gaming industry and the Brittany business community began arriving within hours of the announcement.

Asked about the privacy implications of chatbots like ChatGPT and Claude, Signal President Meredith Whittaker answered, “These are not your friends. These are not conscious beings. These are not sentient interlocutors.”

Whittaker made those comments in a broader interview with Bloomberg about policy, privacy, and Signal. She acknowledged that she uses AI tools “to format a document here and there,” but insisted, “I don’t ask them questions. I’m very serious about my thinking and writing, and I don’t want the process of working through an idea […] to be foreclosed or eclipsed by the response of a system that’s averaging what’s already out there.”

As for Microsoft AI CEO Mustafa Suleyman’s prediction that users could let Microsoft Copilot handle all their Christmas shopping this year, Whittaker argued this scenario — where Copilot is eavesdropping on the family group chat to determine who wants want — means giving it “access to my credit card, my browser, my Signal, the ability to message my siblings on my behalf, my home address [and] my calendar.”

“What you’ve just described is a system with very pervasive access across multiple applications and services,” Whittaker said. “In the context of Signal, it would constitute a kind of a backdoor.”

Movie studios keep hunting for ways to make a trip to the theater feel essential again. Sony Pictures landed on one clear path with its next Spider-Man film. The studio worked directly with CJ 4DPLEX to present Spider-Man: Brand New Day in SCREENX, a format built to spread the action beyond the front screen and across the side walls of specially equipped auditoriums.

Audiences who choose this version enter rooms where specific scenes continue to play out on the walls next to them. The primary story remains front and center on the enormous screen in front, but there are supplementary shots playing out to the left and right. The combination of the two produces a very broad, all-encompassing perspective that immerses you in the action rather than making you a distant spectator.

Sale

Anker Nebula P1i Portable Projector with WiFi and Bluetooth by soundcore, Flippable Design,1080P FHD, 4K…

• Flippable Audio Magic: Rotate the 20W (2 x 10W) Dolby Audio speakers 90° side to side or 200° up and down for sound that follows your vibe, perfect…
• True Brightness, Real Clarity: Enjoy lifelike details with TÜV‑certified 380 ANSI lumens and 1080p Full HD resolution that make every movie night…
• Designed for Consistent Viewing: All‑glass lenses and fully sealed optical engine resist dust and wear, keeping every frame crisp and clear even…

SCREENX is powered by a multi-projection system, with one projector handling the main screen and additional ones dealing with the side walls. The photos are all aligned using smart techniques like as warping correction and edge blending, resulting in a seamless image despite the fact that the walls are at an angle to the main surface. There are no special glasses required, which is a plus. The extra content is kept under control since it only appears at specified points in the film, rather than running throughout.

SCREENX has been widely used by filmmakers since it first appeared in films rather than only advertisements a few years ago. The amount of extra content on the side walls has been progressively expanding. Some films may only open the walls for a few twenty or thirty minute portions, but newer films can keep them open for an hour or more. Extra material is typically created from existing film or digital elements added later in the editing process.

However, Spider-Man: Brand New Day takes a different approach to the situation. CJ 4DPLEX despatched a crew to the set while the main crew was filming. That team took specialized photographs for the side walls, and this is the first time the format has had unique on-set photography generated particularly for it from the start of a major studio film until its release. Director Destin Daniel Cretton puts it simply: CJ 4DPLEX and their team came in to shoot content for the SCREENX auditoriums.

Jun Bang, the CEO of CJ 4DPLEX, described it as an advancement of the overall SCREENX concept. They collaborated closely with Sony Pictures and Cretton, utilizing their proprietary tools to greatly expand the visual possibilities. The goal was to ensure that they preserved the director’s vision while also immersing the audience in the story, action, and Spider-Man world.