Robotics specialist Unitree has been making waves with its humanoid robots, and a new video shows its impressive G1 bipedal bot dealing with incredibly cold conditions.

In a video showing the G1 trudging through deep snow, Unitree describes the feat as “the world‘s first autonomous walking challenge for humanoid robots in a -53.32°F (-47.4°C) extreme weather environment.”

The stunt took place in China’s Altay region, about 1,500 miles (2,400 km) northwest of Beijing, where Unitree’s snowbot trudged through deep snow to mark out the Olympic rings in celebration of Friday’s Winter Olympics opening in Italy.

It’s not clear how long the robot walked for, or how many times its battery needed to be swapped out, but during the course of its sub-zero slog it managed to create an image 100 meters wide and 186 meters long.

Still, the fact that it managed to function at all in such frigid conditions is clearly impressive. Icy temperatures can freeze batteries, stiffen joints, or shut down electronics, but the G1, apparently assisted by its puffer jacket that possibly came with some internal heating, managed to stay alive in the challenging setting.
​
​The successful demonstration offers a glimpse at how the G1, or robots like it, could one day be deployed for tasks like search and rescue in polar environments, or even operate in faraway places like Mars where average temperatures reach around -76°F (-60°C).

China-based Unitree has emerged as one of the leading players in the increasingly competitive humanoid robotics sector. The G1 robot, which stands at 4 feet 4 inches (132 cm), also has a remarkable ability to regain control if it takes a tumble, and can apparently perform a number of household chores, too.

While many challenges lie ahead for robotics firms when it comes to readying humanoid robots for specific roles that can be performed consistently, reliably, and truly independently, this year is shaping up to be an exciting one in the sector.

If there’s one thing that Dyson knows, it’s how to make hugely powerful motors for cordless vacuum cleaners. The Dyson Gen5detect is the most powerful cordless vacuum cleaner that it has made yet. Putting this cleaner through our tests, we measured it at a massive 369AW on maximum power – the highest, by far, that we’ve ever seen from a cordless cleaner.

Otherwise, it runs at 30AW on its gentle power mode (good for dusting) and 75AW on medium. Well, kind of. As with previous Dyson vacuums, the Gen5detect has a piezo sensor for detecting dust, adjusting its power automatically based on how much dirt it has encountered. In automatic mode, the vacuum ups and downs its power on the fly, so that you get the best clean without having to worry about which power mode you’re in.

Cleverly, the LCD on the back shows the amount of dust being picked up, as well as the battery life remaining in minutes and seconds.

For hard floors, there’s an additional tool, the Fluffy Optic head, which uses a green laser to highlight dust. It works brilliantly, making it easy to see where you have and haven’t cleaned.

On maximum power, we found that this cleaner could collect grains of rice from more than 3cm away. If you’ve got the hand tools attached, this means you can quickly collect dust or suck it out of hard-to-reach areas.

Moving on to our regular tests, we found that this cleaner picked up 98.25% of dust on carpet, which is the best result that we’ve ever seen from a cordless cleaner. Edge performance was the same: 95.3% of dust collected. Hard floor collection was at 100%.

Moving to the anti-tangle tests with human hair, the Dyson Gen5detect refused to get any hair caught up in its brushes.

The only slight issue we encountered was when using the vacuum cleaner on a rubber-backed mat. Here, the Dyson Gen5detect produces too much power and suctions itself to the ground, stopping the brush bar from moving. We had to manually dial down the power. Still, it demonstrates just how powerful this cordless cleaner is.

Measuring battery life in auto mode, we found that the cleaner lasted 26m 13s. Given that you can clean thoroughly with a single pass, that’s more than enough time to tackle an entire home in one go.

Arguably, most people will find that the cheaper Dyson V15 Detect will suit their needs, but if you have the cash and want the absolute best, there’s no other cordless vacuum cleaner that comes close to this one for power.

[GizmoThrill] shows off a design for an absolutely gorgeous, high-fidelity replica of the main character’s helmet from the video game Satisfactory. But the best part is the technique used to create the visor: just design around a cheap set of full-face “sunglasses” to completely avoid having to mold your own custom faceplate.

One of the most challenging parts of any custom helmet build is how to make a high-quality visor or faceplate. Most folks heat up a sheet of plastic and form it carefully around a mold, but [GizmoThrill] approached the problem from the other direction. After spotting a full-face sun visor online, they decided to design the helmet around the readily-accessible visor instead of the other way around.

The first thing to do with the visor is cover it with painter’s tape and 3D scan it. Once that’s done, the 3D model of the visor allows the rest of the helmet to be designed around it. In the case of the Satisfactory helmet, the design of the visor is a perfect match for the game’s helmet, but one could easily be designing their own custom headgear with this technique.

With the helmet 3D printed, [GizmoThrill] heads to the bandsaw to cut away any excess from the visor, and secure it in place. That’s all there is to it! Sure, you don’t have full control over the visor’s actual shape, but it sure beats the tons and tons of sanding involved otherwise.

There’s a video tour of the whole process that shows off a number of other design features we really like. For example, metal mesh in the cheek areas and in front of the mouth means a fan can circulate air easily, so the one doesn’t fog up the inside of the visor with one’s very first breath. The mesh itself is concealed with some greebles mounted on top. You can see all those details up close in the video, embedded just below.

The helmet design is thanks to [Punished Props] and we’ve seen their work before. This trick for turning affordable and somewhat gimmicky sunglasses into something truly time-saving is definitely worth keeping in mind.

HP and Redington have just announced the inauguration of a new Centre of Excellence (CoE) in Chennai, India, aimed at accelerating the adoption of digital printing technologies in the country. The facility is intended to support the evolving needs of India’s print and manufacturing ecosystem by offering hands-on access to advanced digital printing solutions.

The Centre of Excellence was inaugurated in the presence of customers, industry partners, and solution vendors, with senior leadership from both HP and Redington in attendance. According to the companies, the initiative reflects a continued focus on skill development, technology adoption, and innovation within the Indian digital printing industry.

Focus on Training, Demonstrations, and Consulting

Spread across 20,000 square feet, the Chennai-based CoE is designed as a comprehensive hub for technology demonstrations, professional training, process optimisation, and industry consulting. The facility will allow customers to experience HP’s digital printing solutions in real-world scenarios, while also running education programs for brands and print buyers to help them better understand and adopt digital printing workflows.

Pawan Chauhan, Country Business Manager for HP Industrial and Inkjet Business Solutions in India,
“The launch of the Centre of Excellence reflects our long-term commitment to the Indian digital printing ecosystem and our focus on building skills for the future of work and driving innovation. It is also a moment to celebrate 21 years of trust and collaboration between HP and Redington.”

From Redington’s perspective, the Centre of Excellence is positioned within a broader shift toward flexible, digital-first manufacturing platforms. V.S. Hariharan, Group CEO of Redington Limited, said the initiative will help deepen customer engagement, expand solution-led offerings, and accelerate the adoption of advanced digital printing technologies, including HP Indigo and HP’s industrial 3D printing solutions.

A developer gets a LinkedIn message from a recruiter. The role looks legitimate. The coding assessment requires installing a package. That package exfiltrates all cloud credentials from the developer’s machine — GitHub personal access tokens, AWS API keys, Azure service principals and more — are exfiltrated, and the adversary is inside the cloud environment within minutes.

Your email security never saw it. Your dependency scanner might have flagged the package. Nobody was watching what happened next.

The attack chain is quickly becoming known as the identity and access management (IAM) pivot, and it represents a fundamental gap in how enterprises monitor identity-based attacks. CrowdStrike Intelligence research published on January 29 documents how adversary groups operationalized this attack chain at an industrial scale. Threat actors are cloaking the delivery of trojanized Python and npm packages through recruitment fraud, then pivoting from stolen developer credentials to full cloud IAM compromise.

In one late-2024 case, attackers delivered malicious Python packages to a European FinTech company through recruitment-themed lures, pivoted to cloud IAM configurations and diverted cryptocurrency to adversary-controlled wallets.

Entry to exit never touched the corporate email gateway, and there is no digital evidence to go on.

On a recent episode of CrowdStrike’s Adversary Universe podcast, Adam Meyers, the company’s SVP of intelligence and head of counter adversary operations, described the scale: More than $2 billion associated with cryptocurrency operations run by one adversary unit. Decentralized currency, Meyers explained, is ideal because it allows attackers to avoid sanctions and detection simultaneously. CrowdStrike’s field CTO of the Americas, Cristian Rodriguez, explained that revenue success has driven organizational specialization. What was once a single threat group has split into three distinct units targeting cryptocurrency, fintech and espionage objectives.

That case wasn’t isolated. The Cybersecurity and Infrastructure Security Agency (CISA) and security company JFrog have tracked overlapping campaigns across the npm ecosystem, with JFrog identifying 796 compromised packages in a self-replicating worm that spread through infected dependencies. The research further documents WhatsApp messaging as a primary initial compromise vector, with adversaries delivering malicious ZIP files containing trojanized applications through the platform. Corporate email security never intercepts this channel.

Most security stacks are optimized for an entry point that these attackers abandoned entirely.

When dependency scanning isn’t enough

Adversaries are shifting entry vectors in real-time. Trojanized packages aren’t arriving through typosquatting as in the past — they’re hand-delivered via personal messaging channels and social platforms that corporate email gateways don’t touch. CrowdStrike documented adversaries tailoring employment-themed lures to specific industries and roles, and observed deployments of specialized malware at FinTech firms as recently as June 2025.

CISA documented this at scale in September, issuing an advisory on a widespread npm supply chain compromise targeting GitHub personal access tokens and AWS, GCP and Azure API keys. Malicious code was scanned for credentials during package installation and exfiltrated to external domains.

Dependency scanning catches the package. That’s the first control, and most organizations have it. Almost none have the second, which is runtime behavioral monitoring that detects credential exfiltration during the install process itself.

“When you strip this attack down to its essentials, what stands out isn’t a breakthrough technique,” Shane Barney, CISO at Keeper Security, said in an analysis of a recent cloud attack chain. “It’s how little resistance the environment offered once the attacker obtained legitimate access.”

Adversaries are getting better at creating lethal, unmonitored pivots

Google Cloud’s Threat Horizons Report found that weak or absent credentials accounted for 47.1% of cloud incidents in the first half of 2025, with misconfigurations adding another 29.4%. Those numbers have held steady across consecutive reporting periods. This is a chronic condition, not an emerging threat. Attackers with valid credentials don’t need to exploit anything. They log in.

Research published earlier this month demonstrated exactly how fast this pivot executes. Sysdig documented an attack chain where compromised credentials reached cloud administrator privileges in eight minutes, traversing 19 IAM roles before enumerating Amazon Bedrock AI models and disabling model invocation logging.

Eight minutes. No malware. No exploit. Just a valid credential and the absence of IAM behavioral baselines.

Ram Varadarajan, CEO at Acalvio, put it bluntly: Breach speed has shifted from days to minutes, and defending against this class of attack demands technology that can reason and respond at the same speed as automated attackers.

Identity threat detection and response (ITDR) addresses this gap by monitoring how identities behave inside cloud environments, not just whether they authenticate successfully. KuppingerCole’s 2025 Leadership Compass on ITDR found that the majority of identity breaches now originate from compromised non-human identities, yet enterprise ITDR adoption remains uneven.

Morgan Adamski, PwC’s deputy leader for cyber, data and tech risk, put the stakes in operational terms. Getting identity right, including AI agents, means controlling who can do what at machine speed. Firefighting alerts from everywhere won’t keep up with multicloud sprawl and identity-centric attacks.

Why AI gateways don’t stop this

AI gateways excel at validating authentication. They check whether the identity requesting access to a model endpoint or training pipeline holds the right token and has privileges for the timeframe defined by administrators and governance policies. They don’t check whether that identity is behaving consistently with its historical pattern or is randomly probing across infrastructure.

Consider a developer who normally queries a code-completion model twice a day, suddenly enumerating every Bedrock model in the account, disabling logging first. An AI gateway sees a valid token. ITDR sees an anomaly.

A blog post from CrowdStrike underscores why this matters now. The adversary groups it tracks have evolved from opportunistic credential theft into cloud-conscious intrusion operators. They are pivoting from compromised developer workstations directly into cloud IAM configurations, the same configurations that govern AI infrastructure access. The shared tooling across distinct units and specialized malware for cloud environments indicate this isn’t experimental. It’s industrialized.

Google Cloud’s office of the CISO addressed this directly in their December 2025 cybersecurity forecast, noting that boards now ask about business resilience against machine-speed attacks. Managing both human and non-human identities is essential to mitigating risks from non-deterministic systems.

No air gap separates compute IAM from AI infrastructure. When a developer’s cloud identity is hijacked, the attacker can reach model weights, training data, inference endpoints and whatever tools those models connect to through protocols like model context protocol (MCP).

That MCP connection is no longer theoretical. OpenClaw, an open-source autonomous AI agent that crossed 180,000 GitHub stars in a single week, connects to email, messaging platforms, calendars and code execution environments through MCP and direct integrations. Developers are installing it on corporate machines without a security review.

Cisco’s AI security research team called the tool “groundbreaking” from a capability standpoint and “an absolute nightmare” from a security one, reflecting exactly the kind of agentic infrastructure a hijacked cloud identity could reach.

The IAM implications are direct. In an analysis published February 4, CrowdStrike CTO Elia Zaitsev warned that “a successful prompt injection against an AI agent isn’t just a data leak vector. It’s a potential foothold for automated lateral movement, where the compromised agent continues executing attacker objectives across infrastructure.”

The agent’s legitimate access to APIs, databases and business systems becomes the adversary’s access. This attack chain doesn’t end at the model endpoint. If an agentic tool sits behind it, the blast radius extends to everything the agent can reach.

Where the control gaps are

This attack chain maps to three stages, each with a distinct control gap and a specific action.

Entry: Trojanized packages delivered through WhatsApp, LinkedIn and other non-email channels bypass email security entirely. CrowdStrike documented employment-themed lures tailored to specific industries, with WhatsApp as a primary delivery mechanism. The gap: Dependency scanning catches the package, but not the runtime credential exfiltration. Suggested action: Deploy runtime behavioral monitoring on developer workstations that flags credential access patterns during package installation.

Pivot: Stolen credentials enable IAM role assumption invisible to perimeter-based security. In CrowdStrike’s documented European FinTech case, attackers moved from a compromised developer environment directly to cloud IAM configurations and associated resources. The gap: No behavioral baselines exist for cloud identity usage. Suggested action: Deploy ITDR that monitors identity behavior across cloud environments, flagging lateral movement patterns like the 19-role traversal documented in the Sysdig research.

Objective: AI infrastructure trusts the authenticated identity without evaluating behavioral consistency. The gap: AI gateways validate tokens but not usage patterns. Suggested action: Implement AI-specific access controls that correlate model access requests with identity behavioral profiles, and enforce logging that the accessing identity cannot disable.

Jason Soroko, senior fellow at Sectigo, identified the root cause: Look past the novelty of AI assistance, and the mundane error is what enabled it. Valid credentials are exposed in public S3 buckets. A stubborn refusal to master security fundamentals.

What to validate in the next 30 days

Audit your IAM monitoring stack against this three-stage chain. If you have dependency scanning but no runtime behavioral monitoring, you can catch the malicious package but miss the credential theft. If you authenticate cloud identities but don’t baseline their behavior, you won’t see the lateral movement. If your AI gateway checks tokens but not usage patterns, a hijacked credential walks straight to your models.

The perimeter isn’t where this fight happens anymore. Identity is.

Ransomware operators are hosting and delivering malicious payloads at scale by abusing virtual machines (VMs) provisioned by ISPsystem, a legitimate virtual infrastructure management provider.

Researchers at cybersecurity company Sophos observed the tactic while investigating recent ‘WantToCry’ ransomware incidents. They found the attackers used Windows VMs with identical hostnames, suggesting default templates generated by ISPsystem’s VMmanager.

Diving deeper, the researchers discovered that the same hostnames were present in the infrastructure of multiple ransomware operators, including LockBit, Qilin, Conti, BlackCat/ALPHV, and Ursnif, as well as various malware campaigns involving RedLine and Lummar info-stealers.

ISPsystem is a legitimate software company that develops control panels for hosting providers, used for the management of virtual servers, OS maintenance, etc. VMmanager is the company’s virtualization management platform used to spin up Windows or Linux VMs for customers.

Sophos found that VMmanager’s default Windows templates reuse the same hostname and system identifiers every time they are deployed.

Bulletproof hosting providers that knowingly support cybercrime operations and ignore takedown requests take advantage of this design weakness. They allow malicious actors to spin up VMs via VMmanager, used for command-and-control (C2) and payload-delivery infrastructure.

This essentially hides malicious systems among thousands of innocuous ones, complicates attribution, and makes quick takedowns unlikely.

The majority of the malicious VMs were hosted by a small cluster of providers with a bad reputation or sanctions, including Stark Industries Solutions Ltd., Zomro B.V., First Server Limited, Partner Hosting LTD, and JSC IOT.

Sophos has also discovered a provider with direct control of physical infrastructure named MasterRDP, which uses VMmanager for evasion and offers VPS and RDP services that do not comply with legal requests.

According to Sophos, four of the most prevalent ISPsystem hotnames “account for over 95% of the total number of internet-facing ISPsystem virtual machines:”

• WIN-LIVFRVQFMKO
• WIN-LIVFRVQFMKO
• WIN-344VU98D3RU
• WIN-J9D866ESIJ2

All of them were present either in customer detection or telemetry data linked to cybercriminal activity.

The researchers note that while ISPsystem VMmanager is a legitimate platform for virtualization management, it is also attractive to cybercriminals due to “its low cost, low barrier to entry, and turnkey deployment capabilities.”

BleepingComputer has contacted ISPsystem to ask if they are aware of the large-scale abuse of VM templates and their plans to address the issue, but a statement wasn’t available by publishing time.

Modern IT infrastructure moves faster than manual workflows can handle.

In this new Tines guide, learn how your team can reduce hidden manual delays, improve reliability through automated response, and build and scale intelligent workflows on top of tools you already use.

Advertisement

Get the guide

We speak to CREW CEO, Niamh Costello, as it announces what it describes as ‘Ireland’s first-ever creative economy summit’, Edge26, in May.

CREW (Creative Enterprise West) is a relatively young innovation and enterprise hub based out of Galway, but it has serious global ambitions to grow start-ups and scale-ups in the digital creative sector, according to its CEO, Niamh Costello.

With its current home in Atlantic Technological University (ATU) School of Creative Arts and Media, CREW was founded as a not-for-profit organisation by the Western Development Commission and ATU, with funding support from Enterprise Ireland.

“That covers anything from film and TV, animation, immersive content creation, music technology, digital design – it’s quite broad in terms of its coverage,” Costello tells me when I ask what’s meant by the ‘digital creative sector’. “We support start-ups in these sectors – we have run a lot of incubation programmes – with identifying their product market fit, their audience, commercialisation, investment, getting going and then scaling, of course.”

The hub opened its doors back in April 2024 and launched its strategy in May of last year, focused on strengthening the digital creative start-up ecosystem within the west and the north-west of Ireland and helping those companies to connect, scale and collaborate, says Costello. “While we’re Galway based, we do have a regional and national remit in terms of our agreement with Enterprise Ireland as well,” she adds, so the hub works with IADT, University of Galway and ATU among others.

Today there are about 85 people based out of the CREW hub and last year some 38 companies went through five incubation programmes there, according to Costello.

Edge26

Now CREW is setting its sights on creating an annual international event that will bring together the entire creative enterprise sector in Galway in May 2026, Edge26. With a tagline of ‘Where creative industries, technology and enterprise converge’, Costello says it will be the first event of its kind in Ireland.

“We are focusing on the fact that we’re on the edge of Europe, we’re on the Atlantic edge, and that we can grow a creative industry sector from here to be globally significant,” says Costello, who is busy curating the speaker roster when we speak, for the event which will take place in the brand new Dexcom Stadium in Galway.

“The creative industries can be quite fragmented,” she says. “You have a number of different departments, you have a number of different agencies that are supporting across the various different sub-sectors, and in each of these sub-sectors there are very strong industry representative bodies and conferences, but there was no overarching event that was bringing together all of the different groups within the commercial creative industries.

“We want to look at where we are now within the west and the north-west of Ireland and Ireland as a whole, where the opportunities are. I mean, the speed of change, it’s the same in tech, it’s so rapid, with AI in creative industries for example. There’s so much opportunity, but there’s also a lot of challenges.”

Costello is aiming to bring everyone across the sector together, from policymakers to investors, start-ups to small- and medium-sized enterprises (SMEs), in one room to talk about these very challenges and opportunities, what needs to happen and “what we can do to deliver on the huge potential for growing the sector”.

There will be an immersive technologies zone, an expo of creative technologies, activities and networking for start-ups and plenty of policy discussions, says Costello. “Of course we will have the great international speakers too, but overall it’s really about collaboration and trying to bring everybody together.”

Edge26 takes place on 21 May 2026 at the Dexcom Stadium in Galway.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.