The iPhone 18 Pro is still a few months away, however a new leak suggests one of its biggest upgrades may already be taking shape.

According to respected Weibo leaker Setsuna Digital, Apple’s 2026 flagship is expected to receive a major camera upgrade.

Supply chain information reportedly points to noticeable hardware changes inside the phone. In addition, the leak backs up several earlier rumours. These suggest Apple is preparing a more substantial camera overhaul for the iPhone 18 Pro and iPhone 18 Pro Max that can could make the best camera phones around.

The biggest clue is the phone’s thickness. Recent dummy models have already suggested that Apple’s next Pro iPhones could be around 2mm thicker than their predecessors. Setsuna Digital now claims the camera system is the main reason why.

Exactly what’s changing remains unclear. Yet the leading theory is the addition of a variable aperture system. If accurate, it would give photographers greater control over depth of field and light intake. This change would bring the iPhone camera experience closer to dedicated cameras. It’s a feature that’s appeared on a handful of Android phones over the years, but Apple has yet to implement it on an iPhone.

Two years ago, Netflix dramatically let me down. As a massive anime fan, I tuned into the first season of their live-action Avatar: The Last Airbender remake and was horrifically disappointed within minutes. In fact, the most positive critique you could give it is that it was better than the live-action movies, which are widely considered to be garbage.

Why? The action was all there, but the heart of Aang’s story wasn’t. Spectacular VFX tried to cover up the hollow, mundane narrative underneath. In fact, to quote a fantastic jaw-dropping writer called Jasmine Valentine: “There’s little room to learn, with life-changing realizations made in a ridiculously short amount of time. If a tale can’t be paid its due diligence in a certain remit, should we even bother at all?”

New details have been revealed on how hackers exploited a Cisco Catalyst SD-WAN vulnerability tracked as CVE-2026-20245 in zero-day attacks to create rogue root accounts on targeted devices.

The CVE-2026-20245 vulnerability is a high-severity command injection flaw in Cisco Catalyst SD-WAN Manager (vManage), Controller (vSmart), and Validator (vBond) that allows authenticated attackers to execute arbitrary commands as root by uploading a crafted file.

Cisco said the vulnerability stemmed from insufficient validation of user-supplied input and could be exploited by authenticated attackers with local access to affected devices.

When Cisco disclosed the flaw earlier this month, the company warned that it had been exploited in a limited number of attacks but did not provide any details.

Cisco only stated that successful exploitation allowed attackers to gain root privileges and that some incidents involved unauthorized configuration changes being pushed to edge devices.

The company released security updates and urged customers to upgrade to fixed software versions, stating that no workarounds were available.

New exploitation details emerge

In a report published today, Mandiant revealed that CVE-2026-20245 was exploited as a privilege-escalation vulnerability after attackers had already gained access to targeted SD-WAN devices.

According to the researchers, the intrusion began with unauthorized SD-WAN peering connections observed on a service provider’s infrastructure.

Beginning in March 2026, the threat actor established new rogue peer connections and authenticated to affected SD-WAN Manager devices using the vmanage-admin account.

Mandiant believes the rogue peering may have been created by exploiting previously disclosed Cisco SD-WAN authentication bypass zero-days, CVE-2026-20127 and CVE-2026-20182, though the exact method remains unclear.

After gaining access, the attackers changed the default admin account password, logged in to the SD-WAN Manager web interface, and extracted configuration information for edge devices, controllers, and SD-WAN templates.

Mandiant says the attackers subsequently restored the admin account to its original password after completing their activity, likely to reduce detection.

The researchers say the attackers then exploited CVE-2026-20245 through a tenant-upload feature in the SD-WAN command-line interface by uploading a malicious CSV file named “evil_tenant.csv.”

“CVE-2026-20245, a vulnerability reported to Cisco by Mandiant, exists in the command-line interface (CLI) of Cisco Catalyst SD-WAN Controllers that could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system,” explains Mandiant.

Mandiant says the malicious payload first created backups of system configuration files, including /etc/passwd and /etc/shadow, before creating a new account named “troot” with root-level privileges.

The attackers then used the Linux “su” command to switch from the compromised administrative account to the newly created root account, giving them full control over the device.

Mandiant says the attackers heavily relied on anti-forensic tactics to evade detection.

This includes backing up configuration files before modifying them and then restoring them after exploitation. They also cleaned up traces of exploitation by deleting the malicious CSV payload, removing temporary files created during the attack, and erasing evidence of the rogue root account.

The researchers also observed the execution of a validation script to confirm that all traces of the compromise had been removed from the device. 

Mandiant says some rogue peering activity observed in March 2026 occurred on systems that were not vulnerable to any of the previously disclosed authentication-bypass flaws.

Cisco told the researchers that the breach did not involve CVE-2026-20182 and said it was possible the attackers used certificates stolen during a previous compromise to regain access to devices.

Mandiant has published indicators of compromise, attacker IP addresses, and guidance to help organizations determine whether they were compromised.

Organizations should collect diagnostic data from SD-WAN devices, check for signs of unauthorized peering connections, and upgrade to the latest software releases if they have not already done so.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

A 21-year-old using the alias “Snoopy” was sentenced to 18 months in prison for his role in hacking DraftKings accounts in the November 2022 cyberattack.

In December 2025, the man, Nathan Austad of Minnesota, pleaded guilty to conspiracy to commit computer intrusion, admitting that he and co-conspirators compromised 60,000 DraftKings user accounts.

During the attack, the hackers added payment methods under their control to 1,600 accounts and stole $600,000.

DraftKings is a fantasy sports and sports betting platform where users can build teams of real-world athletes and compete for cash prizes based on their performance in actual sporting events.

In November 2022, DraftKings disclosed that hackers accessed customer accounts through credential stuffing attacks that exploited weak passwords or reused login credentials.

At the time, DraftKings reported that less than $300,000 had been stolen from affected customers. A month later, the company disclosed that 67,995 customer accounts had been compromised in the attack.

In May 2023, U.S. authorities charged Joseph Garrison for his role in the scheme, accusing him and his co-conspirators of selling access to hacked DraftKings accounts through online marketplaces such as the “Goat Shop.”

In January 2024, prosecutors charged additional suspects for the cyberattack, including Kamerin Stokes (“TheMFNPlug”) and Nathan Austad (“Snoopy”).

Austad reportedly operated his own shop where he sold access to stolen accounts and also used other platforms for the same purpose.

“AUSTAD directly controlled and profited from his own shop, which was named after the character Snoopy from the Peanuts comic strip,” the U.S. Department of Justice says.

The DoJ’s press release does not disclose the amount the hackers earned from selling access to the compromised accounts, but notes that Austad’s cryptocurrency accounts received approximately $465,000 in assets.

The U.S. DoJ also mentions direct messages that Austad sent to his co-conspirators, in which he openly admitted to perpetrating fraudulent activity and warned others to prepare.

Joseph Garrison received an 18-month imprisonment sentence in January 2024, while Kamerin Stokes received a 30-month sentence in April 2026.

In addition to the prison sentence, Austad received three years of supervised release and was ordered to pay $463,684 in forfeiture and $1,327,061 in restitution.

Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

Get the whitepaper

Micron Technology posted fiscal third-quarter revenue of nearly $42bn, quadrupling from just over $9bn a year earlier and beating Wall Street estimates by a wide margin. The results, reported on Tuesday, confirm that the company riding the AI memory boom hardest is the one whose stock has already climbed roughly 700 percent over the past year.

Adjusted earnings came in above $25 a share, compared with analyst expectations of roughly $21. GAAP net income exceeded $28bn, or nearly $25 a share, up from just under $2bn in the year-ago quarter. Gross margins hit above 81 percent, up from 69 percent in the prior quarter and 27 percent a year earlier.

The headline number is revenue growth. Micron brought in nearly $42bn against a consensus estimate of roughly $36bn, driven almost entirely by surging demand for high-bandwidth memory, the stacked DRAM chips that sit next to GPUs inside AI accelerators built by Nvidia and Google. HBM has become the binding constraint on AI infrastructure expansion, and Micron is one of only three companies in the world that can make it.

CEO Sanjay Mehrotra said Micron can currently fulfil only between half and two-thirds of customer demand for HBM. The company’s entire 2026 HBM supply is sold out under multi-year contracts, and it has collected $22bn in customer cash deposits, essentially prepayments from hyperscalers desperate to lock in supply.

Micron’s next-generation HBM4 chips are ramping what the company described as twice as fast as the previous HBM3E generation. HBM4 revenue has already exceeded one billion dollars. The technology is essential for the latest accelerators from Nvidia and Google, where memory bandwidth rather than raw compute increasingly determines inference throughput.

The forward guidance was equally aggressive. Micron projected fiscal fourth-quarter revenue of approximately $50bn, plus or minus one billion, against analyst estimates of roughly $44bn and a year-ago figure of just over $11bn. The company raised its full-year capital expenditure forecast to more than $25bn, up from a previous target of $20bn, to expand production capacity for HBM and advanced DRAM.

Micron’s market capitalisation crossed one trillion dollars on 26 May, making it the latest memory chipmaker to reach that threshold as the AI-driven memory supercycle reshapes valuations across the semiconductor industry. The stock’s roughly 700 percent gain over the past year reflects a market that is pricing memory not as a cyclical commodity but as structural AI infrastructure.

The company said it expects the total addressable market for HBM to grow at a compound annual rate of roughly 40 percent through 2028, rising from approximately $35bn in 2025 to around $100bn. Micron plans to return 100 percent of excess free cash flow to shareholders, a commitment enabled by the cash deposit programme that reduces the capital risk of its expansion.

There are caveats worth noting. Micron remains the smallest of the three HBM suppliers, behind SK Hynix and Samsung, and its share of Nvidia’s HBM4 allocations is the thinnest of the trio. The broader memory market is also shifting, with Chinese manufacturers like CXMT expanding aggressively into consumer DRAM segments that the Big Three have deprioritised in favour of AI chips.

Memory pricing is cyclical by nature, and the current supercycle depends on hyperscaler capital expenditure continuing at its current pace. If AI infrastructure spending slows or HBM supply catches up with demand, the margins that Micron reported this quarter would compress rapidly. The 81 percent gross margin is historically extraordinary for a memory company and reflects shortage economics as much as product superiority.

For now, the numbers speak for themselves. Revenue that quadruples in a year, margins that triple, and a guidance print that exceeds estimates by more than $6bn are not normal results for any company, let alone one that was losing money two years ago. Micron’s earnings confirm that the AI memory shortage is intensifying, not easing, and that the companies making the chips inside AI accelerators are capturing value at a rate the market is still recalibrating to price.

Anthropic has accused Alibaba of waging the largest distillation campaign yet against a US AI company, telling senators and White House officials that operators linked to Alibaba’s Qwen AI lab used nearly 25,000 fraudulent accounts to extract Claude’s capabilities between April and June. The letter, a copy of which was seen by Bloomberg, described nearly 29 million exchanges with Claude targeting software engineering and agentic reasoning, the model’s most commercially valuable skills.

The accusation marks the first time Anthropic has named a major Chinese technology conglomerate as the source of a distillation attack. Previous allegations in February targeted smaller Chinese AI startups, including DeepSeek, MiniMax, and Moonshot AI, which Anthropic said had collectively generated more than 16 million exchanges through about 24,000 fake accounts. The Alibaba campaign alone exceeded the combined volume of all three earlier efforts.

Distillation is the practice of feeding carefully constructed queries to a frontier AI model, collecting its responses, and using those responses to train a cheaper rival system that approximates the original’s capabilities. The White House flagged the technique as a national security concern in April, when OSTP Director Michael Kratsios published a memo committing the government to share intelligence with US AI labs about foreign distillation campaigns. Anthropic said in its letter that the Alibaba campaign took place after the Kratsios memo, in defiance of the administration’s warnings.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

Alibaba had no comment on the allegations. An Anthropic spokesperson declined to discuss specifics but emphasised the importance of combating distillation through coordinated action between government and industry.

Alibaba’s American depositary receipts fell more than three percent on the news, dropping below $100 in afternoon trading on Wednesday. The stock decline adds to a difficult period for the company in Washington, where it faces pressure on multiple fronts.

The Pentagon added Alibaba to its Chinese military companies blacklist on 8 June, a designation Anthropic cited in its letter. Alibaba sued the Defense Department this week to win removal from that list, calling the label baseless and arguing it has no military affiliation. The distillation accusation now opens a second front, framing Alibaba not just as a company with alleged military ties but as an active participant in what Anthropic calls the systematic theft of American AI capabilities.

In its letter, Anthropic warned that adversarial distillation lets Chinese labs replicate frontier AI at a fraction of the training cost, and that models built this way often lack safety guardrails. The company urged the Trump administration to clarify antitrust guidelines so US labs can share more information about distillation attempts, reiterated its support for export controls on advanced AI chips, and called for penalties against firms that use the technique.

Lawmakers are moving in parallel. Senators Bill Hagerty and Andy Kim plan to introduce an amendment to must-pass defence legislation that would blacklist or sanction any Chinese firm found to be improperly accessing US AI model output. A related bipartisan bill in the House, backed by Representatives Bill Huizenga and Sydney Kamlager-Dove, is also being considered, though whether either proposal survives to the final version of the defence bill is uncertain.

The timing is sensitive for Anthropic as well. The company, now valued at $965bn after a $65bn Series H round, filed confidentially for an IPO this month and is preparing for a listing that could come as soon as this autumn. US officials have estimated that unauthorised distillation costs Silicon Valley labs billions of dollars, and the threat of cheaper imitation products from China that siphon away customers is a material risk for a company heading to public markets.

Anthropic’s calls for government support may not find a fully receptive audience, given that the company is embroiled in a separate dispute with the Trump administration over export controls imposed on its Fable 5 and Mythos 5 models less than two weeks ago. Commerce Secretary Howard Lutnick signed an order blocking foreign nationals from accessing those models, citing security concerns, and Anthropic disabled them to comply. Even after meetings between the company’s technical staff and White House officials, little progress has been made to restore service.

The result is a company caught between two fronts of its own. Anthropic needs the government to crack down on Chinese labs extracting its technology, but it is simultaneously fighting the same government’s decision to restrict its own products. The letter to senators is an attempt to separate the two issues, arguing that protecting US models from distillation and allowing those models to be deployed commercially are complementary rather than contradictory goals.

Whether Washington agrees will shape both the regulatory environment for US AI companies and the competitive dynamics of the industry’s most consequential rivalry. Anthropic has now named four Chinese labs as distillers of its technology, with the Alibaba accusation by far the largest in scale. If the legislative proposals gain traction, the consequences could extend well beyond Anthropic’s models to the broader question of how the US enforces an intellectual property border around AI systems that exist as software, not hardware, and that can be copied over the internet through nothing more than a well-crafted prompt.

Looking for the most recent Mini Crossword answer? Click here for today’s Mini Crossword hints, as well as our daily answers and hints for The New York Times Wordle, Strands, Connections and Connections: Sports Edition puzzles.

Need some help with today’s Mini Crossword? It’s not terribly tough, though I always hate it when two clues rely on each other, like 4-Across and 7-Across do today. Read on for all the answers. And if you could use some hints and guidance for daily solving, check out our Mini Crossword tips.

If you’re looking for today’s Wordle, Connections, Connections: Sports Edition and Strands answers, you can visit CNET’s NYT puzzle hints page.

Read more: Tips and Tricks for Solving The New York Times Mini Crossword

Let’s get to those Mini Crossword clues and answers.

Mini across clues and answers

1A clue: Texter’s “Wow!”
Answer: OMG

4A clue: With 7-Across, something often marked with a star in elevators
Answer: FIRST

7A clue: See 4-Across
Answer: FLOOR

8A clue: Currency of Ireland and Italy
Answer: EURO

9A clue: Went illegally fast
Answer: SPED

Mini down clues and answers

1D clue: Not working
Answer: OFF

2D clue: A marathon has a little over 26
Answer: MILES

3D clue: Airline boarding section
Answer: GROUP

5D clue: Feeling it the next day
Answer: SORE

6D clue: Walked
Answer: TROD