The Miasma malware campaign poisoned more than 20 legitimate npm package versions used by the Leo Platform and RStreams ecosystems. Microsoft Threat Intelligence said the June 24 attack used a compromised maintainer account named czirker to publish malicious updates in a coordinated automated operation.
StepSecurity and Sonatype reported that the Leo Platform wave used an install-time toolkit tied to prior Miasma activity, with payloads aimed at developer workstations and CI runners. Reported targets include GitHub tokens, npm publishing credentials, cloud credentials, package registry credentials, SSH keys, shell history, and CI/CD environment variables.
Featured source: The Register , Sonatype , StepSecurity .
Other Stories
Samsung will charge for SmartThings API access
Samsung said it will introduce dedicated paid commercial API tiers and a $4.99 monthly plan for non-commercial individual developers using the SmartThings API, with rollout starting in October 2026. The company said free access will remain available through Q3 and that it will not begin applying new usage limits or phasing out free access until October 2026.
Filed from: The Verge , SmartThings .
GitHub publishes Copilot agentic-harness benchmark results
GitHub published benchmark results for the agentic harness used across GitHub Copilot CLI, the Copilot app, Copilot code review, and other GitHub and Microsoft surfaces. The post says GitHub compared the same models and benchmark tasks against model-vendor harnesses across SWE-bench Verified, SWE-bench Pro, SkillsBench, TerminalBench, and an internal Windows-container benchmark, with the GitHub harness reporting similar task-resolution rates while using fewer tokens across most configurations.
Filed from: GitHub Blog .
Microsoft extends Windows 10 security updates to October 2027
Microsoft updated its Windows 10 Extended Security Updates policy to run consumer ESU coverage through October 12, 2027, adding a year to the previous end date. Microsoft Support describes ESU as a way for enrolled Windows 10 PCs to keep receiving critical and important security updates after regular support ended on October 14, 2025.
Filed from: Ars Technica , Microsoft Support .
Patronus AI raises $50 million and previews Digital World Model
Patronus AI raised a $50 million Series B round to build simulated environments for testing and training AI agents, with Greenfield Partners leading and Lightspeed Venture Partners, Notable Capital, Datadog, Samsung, Gokul Rajaram, Factorial Capital, and AI-lab leaders participating. The company also previewed its first Digital World Model, described as a language-diffusion world model for predicting environment behavior and steering agent actions across digital workflows.
Filed from: TechCrunch , Patronus AI .
Apple raises Mac and iPad prices as memory costs climb
Apple raised prices across much of its hardware lineup, including Macs, iPads, Apple TV, HomePod, and Vision Pro, while leaving the iPhone line unchanged in the reported update. Ars Technica reported that the entry MacBook Neo moved from $599 to $699, the iMac from $1,299 to $1,499, and the M5 MacBook Pro from $1,699 to $1,999.
Filed from: Ars Technica , The Verge .
General Intuition raises $320 million for game-trained AI agents
General Intuition raised $320 million at a $2.3 billion valuation to scale AI models trained from gameplay data. TechCrunch reported that the round was led by Khosla Ventures and included General Catalyst, Jeff Bezos, Eric Schmidt, Nico Rosberg, and researchers from Google DeepMind and MIT, with the company planning to spend most of the round on compute capacity and to broaden API availability by the end of the summer.
Filed from: TechCrunch , General Intuition .
Netris raises $15 million Series A from Andreessen Horowitz
Netris raised a $15 million Series A round led by Andreessen Horowitz for network automation software used by AI neocloud operators. The company said its NAAM platform is used across more than 35 live AI clusters and that it saw 800 percent ARR growth over the last 12 months.
Filed from: TechCrunch , Netris .
Commerce blocks Polestar’s U.S. sales from model year 2027
The U.S. Commerce Department declined to authorize new Polestar imports from model year 2027 under connected-vehicle rules covering automakers with Chinese links. Polestar told Ars Technica it would keep selling existing stock and supporting customers through its service network, and Ars noted that Commerce had authorized Volvo to import model-year 2027 vehicles weeks earlier.
Filed from: Ars Technica , The Verge .
Gaslight macOS malware targets AI-assisted analysis
Gaslight, a newly documented Rust-based macOS implant, embeds prompt-injection text meant to mislead AI-assisted malware analysis. SentinelOne said the sample contains a 3.5 KB Markdown-fenced payload with 38 fabricated system messages, and the report also describes Telegram-based command and control, a credential and session-data stealer, persistence through a LaunchAgent, and a Python collection chain.
Filed from: TechRadar , SentinelOne .
Klue says Icarus is deleting stolen customer data as another group threatens victims
Klue told customers it was still communicating with the Icarus hacking group after a June 12 breach, while a second group was threatening Klue customers directly, according to TechCrunch. The company previously said attackers used a 2022 third-party credential from a limited pilot and then stole customer OAuth tokens.
Filed from: TechCrunch , RH-ISAC .
Google Finance leaves beta with Android app and portfolio tools
Google Finance is leaving beta with a dedicated Android app and new AI-linked portfolio and briefing features. Google’s announcement says the Android app includes watchlists, real-time data, a live financial news feed, the AI research tool, and AI-powered key moments for stock moves, while portfolios are rolling out globally with support for building holdings from screenshots, CSVs, PDFs, or natural-language descriptions.
Filed from: Ars Technica , Google .
Aseon Labs raises $10 million for robotaxi service pods
Aseon Labs raised $10 million in seed funding led by Crane Venture Partners, with participation from Y Combinator, Expa, and angel investors from Anthropic, Nuro, and Mercury, according to TechCrunch. The company is building parking-space-sized pods for charging, cleaning, and inspecting robotaxis inside operating zones.
Filed from: TechCrunch , Y Combinator .
Transaction data shows Claude gaining among paying AI consumers
Credit-card transaction analysis from Indagari shows Anthropic’s Claude gaining among paying U.S. consumers, according to TechCrunch. The analysis covered weekly transactions from 2025 through May 10, 2026, and showed Claude consumer payments up about 75 percent since January in that segment, while TechCrunch also reported Sensor Tower data showing ChatGPT still far ahead across consumer platforms.
Filed from: TechCrunch , Indagari .
Notion sets September shutdown for Notion Mail inbox
Notion will shut down Notion Mail on September 22, 2026, as the company shifts email work toward Notion agents. Notion’s help page says emails remain in Gmail, but drafts, scheduled emails, snippets, and auto-label instructions that live only in Notion Mail need to be saved or exported before the shutdown.
Filed from: TechCrunch , Notion Help .
Reports say OpenAI will stagger GPT-5.6 release after White House request
The Verge reported, citing The Information, that OpenAI plans a limited preview of GPT-5.6 after the Trump administration asked the company to stagger the release over security concerns. The report says Sam Altman told employees that a small group of partners would receive access first instead of a broad public release, and neither OpenAI nor the White House had published a matching public announcement at the time of the report.
Filed from: The Verge , The Information .
From the Community
IBM unveils sub-1 nanometer chip with nanostack architecture
IBM announced sub-1 nanometer chip technology at the 0.7 nm node, using a three-dimensional nanostack transistor architecture that it says packs nearly 100 billion transistors onto a fingernail-sized die. IBM said published results project up to 50 percent more performance or 70 percent greater energy efficiency than its 2 nm node, with a production timeline estimated at five years.
Filed from: IBM Newsroom .
Un-0 uses coupled oscillators as an image-generation substrate
Unconventional AI released Un-0, an image generator that replaces conventional neural-network layers with a simulated system of coupled Kuramoto oscillators. The project reports FID 6.74 on class-conditional ImageNet 64x64, with learnable coupling strengths and natural frequencies as model parameters and a conventional decoder accounting for under 13 percent of parameters.
Filed from: Unconventional AI .
Akrites forms coalition for AI-accelerated open-source vulnerability response
AWS, Anthropic, Google, Microsoft, NVIDIA, and other technology companies announced Akrites, a coordinated effort to find, fix, and responsibly disclose vulnerabilities in critical open-source software. The initiative says it will establish a shared Security Incident Response Team to coordinate remediation upstream with maintainers and act as maintainer of last resort for abandoned critical packages.
Filed from: Akrites .
PostgreSQL case study builds a financial system inside the database
A technical article demonstrates a banking transfer and transaction system built with PostgreSQL 18 features and standard extensions, including application-time periods, constraint triggers, and the temporal_tables extension. The case study uses PostgreSQL features for audit trails, state machines, analytical queries, and high-throughput transaction processing.
Filed from: Eduardo Bellani .
Age-verification mandates raise privacy and anonymity concerns
A FIRE essay argues that government-mandated age verification for social media, including Australia’s under-16 ban and proposals in the U.K. and U.S., effectively requires identity verification for online participation. The article cites Australia’s rollout, continued teen usage claims, government-ID data breach risk, and phishing exposure tied to verification workflows.
Filed from: FIRE .
