Traditional and indie authors are flooding #WritersTok with videos of them editing their manuscripts to refute accusations of generative AI use—and bring readers into their very human process.

TL;DR: Turn ideas into full-length books with AI—lifetime access for just $49. Writing a book takes time—something most of us don’t have between inbox chaos and back-to-back meetings. But what if all you needed was an idea? That’s where YouBooks steps in. This AI-powered tool helps you generate full-length nonfiction books with just a few prompts, and right now, you can lock in lifetime access for $49 (reg. $540). YouBooks pulls from several top-tier AI models, like ChatGPT, Claude, and Gemini, and combines them with live web research to build out detailed, structured manuscripts up to 300,000 words. Whether you want to write about productivity, startup culture, parenting, or personal finance, feed in your topic and let the AI do the heavy lifting. Why is Youbooks for you? 150,000 credits per month (1 word = 1 credit) Downloadable formats: PDF, DOCX, EPUB Commercial rights so that you can sell, share, or publish your books Custom style options to match your tone or brand It’s a serious time-saver if you’ve been sitting on an idea forever or want to build a content empire without writing every word yourself. Plus, unlike many AI tools, YouBooks gives you full ownership of the content you create. Snag a lifetime subscription to YouBooks for $49 and start turning your thoughts into fully formed nonfiction books: no ghostwriters, no subscriptions, and no gatekeepers. Youbooks – AI Nonfiction Book Generator: Lifetime SubscriptionSee Deal StackSocial prices subject to change.

This is today’s edition of The Download, our weekday newsletter that provides a daily dose of what’s going on in the world of technology. Manus has kick-started an AI agent boom in China Last year, China saw a boom in foundation models, the do-everything large language models that underpin the AI revolution. This year, the focus has shifted to AI agents—systems that are less about responding to users’ queries and more about autonomously accomplishing things for them.There are now a host of Chinese startups building these general-purpose digital tools, which can answer emails, browse the internet to plan vacations, and even design an interactive website. Many of these have emerged in just the last two months, following in the footsteps of Manus—a general AI agent that sparked weeks of social media frenzy for invite codes after its limited-release launch in early March.As the race to define what a useful AI agent looks like unfolds, a mix of ambitious startups and entrenched tech giants are now testing how these tools might actually work in practice—and for whom. Read the full story. —Caiwei Chen Inside the race to find GPS alternatives Later this month, an inconspicuous 150-kilogram satellite is set to launch into space aboard the SpaceX Transporter 14 mission. Once in orbit, it will test super-accurate next-generation satnav technology designed to make up for the shortcomings of the US Global Positioning System (GPS). Despite the system’s indispensable nature, the GPS signal is easily suppressed or disrupted by everything from space weather to 5G cell towers to phone-size jammers worth a few tens of dollars. The problem has been whispered about among experts for years, but it has really come to the fore in the last three years, since Russia invaded Ukraine.Now, startup Xona Space Systems wants to create a space-based system that would do what GPS does but better. Read the full story. —Tereza Pultarova Why doctors should look for ways to prescribe hope —Jessica Hamzelou This week, I’ve been thinking about the powerful connection between mind and body. Some new research suggests that people with heart conditions have better outcomes when they are more hopeful and optimistic. Hopelessness, on the other hand, is associated with a significantly higher risk of death. The findings build upon decades of fascinating research into the phenomenon of the placebo effect. Our beliefs and expectations about a medicine (or a sham treatment) can change the way it works. The placebo effect’s “evil twin,” the nocebo effect, is just as powerful—negative thinking has been linked to real symptoms. Researchers are still trying to understand the connection between body and mind, and how our thoughts can influence our physiology. In the meantime, many are developing ways to harness it in hospital settings. Is it possible for a doctor to prescribe hope? Read the full story. This article first appeared in The Checkup, MIT Technology Review’s weekly biotech newsletter. To receive it in your inbox every Thursday, and read articles like this first, sign up here. The must-reads I’ve combed the internet to find you today’s most fun/important/scary/fascinating stories about technology. 1 Elon Musk threatened to cut off NASA’s use of SpaceX’s Dragon spacecraftHis war of words with Donald Trump is dramatically escalating. (WP $)+ If Musk actually carried through with his threat, NASA would seriously struggle. (NYT $)+ Silicon Valley is starting to pick sides. (Wired $)+ It appears as though Musk has more to lose from their bruising breakup. (NY Mag $) 2 Apple and Alibaba’s AI rollout in China has been delayedIt’s the latest victim of Trump’s trade war. (FT $)+ The deal is supposed to support iPhones’ AI offerings in the country. (Reuters) 3 X’s new policy blocks the use of its posts to ‘fine-tune or train’ AI modelsUnless companies strike a deal with them, that is. (TechCrunch)+ The platform could end up striking agreements like Reddit and Google. (The Verge) 4 RJK Jr’s new hire is hunting for proof that vaccines cause autismVaccine skeptic David Geier is seeking access to a database he was previously barred from. (WSJ $)+ How measuring vaccine hesitancy could help health professionals tackle it. (MIT Technology Review) 5 Anthropic has launched a new service for the militaryClaude Gov is designed specifically for US defense and intelligence agencies. (The Verge)+ Generative AI is learning to spy for the US military. (MIT Technology Review) 6 There’s no guarantee your billion-dollar startup won’t failIn fact, one in five of them will. (Bloomberg $)+ Beware the rise of the AI coding startup. (Reuters) 7 Walmart’s drone deliveries are taking offIt’s expanding to 100 new US stories in the next year. (Wired $) 8 AI might be able to tell us how old the Dead Sea Scrolls really are Models suggest they’re even older than we previously thought. (The Economist $)+ How AI is helping historians better understand our past. (MIT Technology Review) 9 All-in-one super apps are a hit in the Gulf They’re following in China’s footsteps. (Rest of World) 10 Nintendo’s Switch 2 has revived the midnight launch eventFans queued for hours outside stores to get their hands on the new console. (Insider $)+ How the company managed to dodge Trump’s tariffs. (The Guardian) Quote of the day “Elon finally found a way to make Twitter fun again.” —Dan Pfeiffer, a host of the political podcast Pod Save America, jokes about Elon Musk and Donald Trump’s ongoing feud in a post on X. One more thing This rare earth metal shows us the future of our planet’s resources We’re in the middle of a potentially transformative moment. Metals discovered barely a century ago now underpin the technologies we’re relying on for cleaner energy, and not having enough of them could slow progress.  Take neodymium, one of the rare earth metals. It’s used in cryogenic coolers to reach ultra-low temperatures needed for devices like superconductors and in high-powered magnets that power everything from smartphones to wind turbines. And very soon, demand for it could outstrip supply. What happens then? And what does it reveal about issues across wider supply chains? Read our story to find out. —Casey Crownhart We can still have nice things A place for comfort, fun and distraction to brighten up your day. (Got any ideas? Drop me a line or skeet ’em at me.) + Sightings of Bigfoot just happen to correlate with black bear populations? I smell a conspiracy!+ Watch as these symbols magically transform into a pretty impressive Black Sabbath mural.+ Underwater rugby is taking off in the UK.+ Fed up of beige Gen Z trends, TikTok is bringing the 80s back.

Last year, China saw a boom in foundation models, the do-everything large language models that underpin the AI revolution. This year, the focus has shifted to AI agents—systems that are less about responding to users’ queries and more about autonomously accomplishing things for them.  There are now a host of Chinese startups building these general-purpose digital tools, which can answer emails, browse the internet to plan vacations, and even design an interactive website. Many of these have emerged in just the last two months, following in the footsteps of Manus—a general AI agent that sparked weeks of social media frenzy for invite codes after its limited-release launch in early March.  These emerging AI agents aren’t large language models themselves. Instead, they’re built on top of them, using a workflow-based structure designed to get things done. A lot of these systems also introduce a different way of interacting with AI. Rather than just chatting back and forth with users, they are optimized for managing and executing multistep tasks—booking flights, managing schedules, conducting research—by using external tools and remembering instructions.  China could take the lead on building these kinds of agents. The country’s tightly integrated app ecosystems, rapid product cycles, and digitally fluent user base could provide a favorable environment for embedding AI into daily life.  For now, its leading AI agent startups are focusing their attention on the global market, because the best Western models don’t operate inside China’s firewalls. But that could change soon: Tech giants like ByteDance and Tencent are preparing their own AI agents that could bake automation directly into their native super-apps, pulling data from their vast ecosystem of programs that dominate many aspects of daily life in the country.  As the race to define what a useful AI agent looks like unfolds, a mix of ambitious startups and entrenched tech giants are now testing how these tools might actually work in practice—and for whom. Set the standard It’s been a whirlwind few months for Manus, which was developed by the Wuhan-based startup Butterfly Effect. The company raised $75 million in a funding round led by the US venture capital firm Benchmark, took the product on an ambitious global roadshow, and hired dozens of new employees.  Even before registration opened to the public in May, Manus had become a reference point for what a broad, consumer‑oriented AI agent should accomplish. Rather than handling narrow chores for businesses, this “general” agent is designed to be able to help with everyday tasks like trip planning, stock comparison, or your kid’s school project.  Unlike previous AI agents, Manus uses a browser-based sandbox that lets users supervise the agent like an intern, watching in real time as it scrolls through web pages, reads articles, or codes actions. It also proactively asks clarifying questions, supports long-term memory that would serve as context for future tasks. “Manus represents a promising product experience for AI agents,” says Ang Li, cofounder and CEO of Simular, a startup based in Palo Alto, California, that’s building computer use agents, AI agents that control a virtual computer. “I believe Chinese startups have a huge advantage when it comes to designing consumer products, thanks to cutthroat domestic competition that leads to fast execution and greater attention to product details.” In the case of Manus, the competition is moving fast. Two of the most buzzy follow‑ups, Genspark and Flowith, for example, are already boasting benchmark scores that match or edge past Manus’s.  Genspark, led by former Baidu executives Eric Jing and Kay Zhu, links many small “super agents” through what it calls multi‑component prompting. The agent can switch among several large language models, accepts both images and text, and carries out tasks from making slide decks to placing phone calls. Whereas Manus relies heavily on Browser Use, a popular open-source product that lets agents operate a web browser in a virtual window like a human, Genspark directly integrates with a wide array of tools and APIs. Launched in April, the company says that it already has over 5 million users and over $36 million in yearly revenue. Flowith, the work of a young team that first grabbed public attention in April 2025 at a developer event hosted by the popular social media app Xiaohongshu, takes a different tack. Marketed as an “infinite agent,” it opens on a blank canvas where each question becomes a node on a branching map. Users can backtrack, take new branches, and store results in personal or sharable “knowledge gardens”—a design that feels more like project management software (think Notion) than a typical chat interface. Every inquiry or task builds its own mind-map-like graph, encouraging a more nonlinear and creative interaction with AI. Flowith’s core agent, NEO, runs in the cloud and can perform scheduled tasks like sending emails and compiling files. The founders want the app to be a “knowledge marketbase”, and aims to tap into the social aspect of AI with the aspiration of becoming “the OnlyFans of AI knowledge creators”. What they also share with Manus is the global ambition. Both Genspark and Flowith have stated that their primary focus is the international market. A global address Startups like Manus, Genspark, and Flowith—though founded by Chinese entrepreneurs—could blend seamlessly into the global tech scene and compete effectively abroad. Founders, investors, and analysts that MIT Technology Review has spoken to believe Chinese companies are moving fast, executing well, and quickly coming up with new products.  Money reinforces the pull to launch overseas. Customers there pay more, and there are plenty to go around. “You can price in USD, and with the exchange rate that’s a sevenfold multiplier,” Manus cofounder Xiao Hong quipped on a podcast. “Even if we’re only operating at 10% power because of cultural differences overseas, we’ll still make more than in China.” But creating the same functionality in China is a challenge. Major US AI companies including OpenAI and Anthropic have opted out of mainland China because of geopolitical risks and challenges with regulatory compliance. Their absence initially created a black market as users resorted to VPNs and third-party mirrors to access tools like ChatGPT and Claude. That vacuum has since been filled by a new wave of Chinese chatbots—DeepSeek, Doubao, Kimi—but the appetite for foreign models hasn’t gone away.  Manus, for example, uses Anthropic’s Claude Sonnet—widely considered the top model for agentic tasks. Manus cofounder Zhang Tao has repeatedly praised Claude’s ability to juggle tools, remember contexts, and hold multi‑round conversations—all crucial for turning chatty software into an effective executive assistant. But the company’s use of Sonnet has made its agent functionally unusable inside China without a VPN. If you open Manus from a mainland IP address, you’ll see a notice explaining that the team is “working on integrating Qwen’s model,” a special local version that is built on top of Alibaba’s open-source model.  An engineer overseeing ByteDance’s work on developing an agent, who spoke to MIT Technology Review anonymously to avoid sanction, said that the absence of Claude Sonnet models “limits everything we do in China.” DeepSeek’s open models, he added, still hallucinate too often and lack training on real‑world workflows. Developers we spoke with rank Alibaba’s Qwen series as the best domestic alternative, yet most say that switching to Qwen knocks performance down a notch. Jiaxin Pei, a postdoctoral researcher at Stanford’s Institute for Human‑Centered AI, thinks that gap will close: “Building agentic capabilities in base LLMs has become a key focus for many LLM builders, and once people realize the value of this, it will only be a matter of time.” For now, Manus is doubling down on audiences it can already serve. In a written response, the company said its “primary focus is overseas expansion,” noting that new offices in San Francisco, Singapore, and Tokyo have opened in the past month. A super‑app approach Although the concept of AI agents is still relatively new, the consumer-facing AI app market in China is already crowded with major tech players. DeepSeek remains the most widely used, while ByteDance’s Doubao and Moonshot’s Kimi have also become household names. However, most of these apps are still optimized for chat and entertainment rather than task execution. This gap in the local market has pushed China’s big tech firms to roll out their own user-facing agents, though early versions remain uneven in quality and rough around the edges.  ByteDance is testing Coze Space, an AI agent based on its own Doubao model family that lets users toggle between “plan” and “execute” modes, so they can either directly guide the agent’s actions or step back and watch it work autonomously. It connects up to 14 popular apps, including GitHub, Notion, and the company’s own Lark office suite. Early reviews say the tool can feel clunky and has a high failure rate, but it clearly aims to match what Manus offers. Meanwhile, Zhipu AI has released a free agent called AutoGLM Rumination, built on its proprietary ChatGLM models. Shanghai‑based Minimax has launched Minimax Agent. Both products look almost identical to Manus and demo basic tasks such as building a simple website, planning a trip, making a small Flash game, or running quick data analysis. Despite the limited usability of most general AI agents launched within China, big companies have plans to change that. During a May 15 earnings call, Tencent president Liu Zhiping teased an agent that would weave automation directly into China’s most ubiquitous app, WeChat.  Considered the original super-app, WeChat already handles messaging, mobile payments, news, and millions of mini‑programs that act like embedded apps. These programs give Tencent, its developer, access to data from millions of services that pervade everyday life in China, an advantage most competitors can only envy. Historically, China’s consumer internet has splintered into competing walled gardens—share a Taobao link in WeChat and it resolves as plaintext, not a preview card. Unlike the more interoperable Western internet, China’s tech giants have long resisted integration with one another, choosing to wage platform war at the expense of a seamless user experience. But the use of mini‑programs has given WeChat unprecedented reach across services that once resisted interoperability, from gym bookings to grocery orders. An agent able to roam that ecosystem could bypass the integration headaches dogging independent startups. Alibaba, the e-commerce giant behind the Qwen model series, has been a front-runner in China’s AI race but has been slower to release consumer-facing products. Even though Qwen was the most downloaded open-source model on Hugging Face in 2024, it didn’t power a dedicated chatbot app until early 2025. In March, Alibaba rebranded its cloud storage and search app Quark into an all-in-one AI search tool. By June, Quark had introduced DeepResearch—a new mode that marks its most agent-like effort to date.  ByteDance and Alibaba did not reply to MIT Technology Review’s request for comments. “Historically, Chinese tech products tend to pursue the all-in-one, super-app approach, and the latest Chinese AI agents reflect just that,” says Li of Simular, who previously worked at Google DeepMind on AI-enabled work automation. “In contrast, AI agents in the US are more focused on serving specific verticals.” Pei, the researcher at Stanford, says that existing tech giants could have a huge advantage in bringing the vision of general AI agents to life—especially those with built-in integration across services. “The customer-facing AI agent market is still very early, with tons of problems like authentication and liability,” he says. “But companies that already operate across a wide range of services have a natural advantage in deploying agents at scale.”

Despite what some experts have characterized as an environment increasingly hostile to AI R&D, North America continues to receive the bulk of AI venture dollars, according to data from investment tracker PitchBook. Between February and May of this year, VCs poured $69.7 billion into North America-based AI and machine learning startups across 1,528 deals. That’s compared with $6.4 billion that VC firms invested in European AI ventures across 742 deals across the same period. Asia-based startups have fared a bit worse than their European counterparts, according to PitchBook. Between February and May, VCs invested just $3 billion in Asia-based AI startups across 515 deals. Under President Donald Trump, the U.S. has dramatically cut funding to scientific grants related to basic AI research, made it more difficult for foreign students specializing in AI to study in the U.S., and threatened to dismantle university-housed AI labs by freezing billions of dollars in federal funds. The administration’s trade policies, meanwhile, including its retaliatory tariffs, have led to a chaotic market unfavorable for risky new AI ventures. In a post on X in March, AI pioneer and Nobel Laureate Geoffrey Hinton called for billionaire Elon Musk, who until recently advised Trump’s cost-cutting group, the Department of Government Efficiency, to be expelled from the British Royal Society “because of the huge damage he is doing to scientific institutions in the U.S.” One might expect that Europe, which has pledged to become a global leader in AI, would attract more venture capital in light of Trump’s controversial policies in the U.S., which have created uncertainty and confusion for founders, investors, and researchers alike. Moreover, the EU has committed hundreds of billions of euros to support the development of AI within its member countries and already has a number of successful, well-funded AI startups in its ranks (see Mistral, H, and Aleph Alpha, to name a few). But that anticipated shift in global investment hasn’t come to pass. There isn’t any sign of a mass VC exodus to the bloc, or of significant upticks in AI funding overseas — at least not yet. Techcrunch event Save now through June 4 for TechCrunch Sessions: AI Save $300 on your ticket to TC Sessions: AI—and get 50% off a second. Hear from leaders at OpenAI, Anthropic, Khosla Ventures, and more during a full day of expert insights, hands-on workshops, and high-impact networking. These low-rate deals disappear when the doors open on June 5. Exhibit at TechCrunch Sessions: AI Secure your spot at TC Sessions: AI and show 1,200+ decision-makers what you’ve built — without the big spend. Available through May 9 or while tables last. Berkeley, CA | June 5 REGISTER NOW The same is true for China, which has spawned high-profile AI startups like DeepSeek and Butterfly Effect — the company behind the agentic platform Manus — but where VC activity in the country and the broader Asian region remains relatively austere. (Export controls impacting the ability of certain Asian countries to procure AI chips are almost certainly a factor.) In 2024, North American startups secured 75.6% of all VC AI funding — $106.24 billion. That share has only increased this year. So far in 2025, North American AI investments represent 86.2% ($79.74 billion) of all VC funding for AI globally. It paints a somewhat surprising picture. Even amid mounting political and regulatory headwinds under Trump’s second term, the U.S. remains the undisputed center for AI capital, meaning investors, fatigued as they may be by the administration’s unpredictability, are still counting on U.S. innovation to deliver the biggest returns, at least for now.

أداة ذكاء اصطناعي مجانية بـ500 كريديت! تجربتي مع SkyWork 🔥 بديل Manus AI

Looking up guides for video games might account for a higher proportion of my Google searches than any other individual activity. Just the sheer number of different quests, mechanics, stats, and even romance guides any given game can involve is staggering. That's why I've come to appreciate collectibles maps even more lately. These interactive tools let you find, filter, and track all the little doodads in your games, organized by the layout of the game's map.There's a good chance you've stumbled onto some collectible tracking sites just by searching for something like "where the heck is that last manuscript page in Alan Wake II?" Sometimes, guides with more traditional lists and screenshots will link to an interactive map where you can get a top-down view of everything you're looking for.While these tools are often described as tracking "collectibles," in reality they're often databases for the location of almost everything in a game. Whether it's the location of certain characters, quest markers, shopkeeper locations, and upgrades, these maps will often point you to everything you need to find.For the biggest game library: IGN's interactive mapsIf you've come across any collectible trackers, it's probably one of IGN's. You've probably come across a walkthrough of a particular level in a game from IGN via Google. What you might not have noticed is that, along the top of those pages, are links to interactive tools that show a lot of the same information overlaid on the game world's map. You can click on points of interest and even check off which ones you've collected. That same info even syncs to the text-based guides. (Disclaimer: Ziff Davis, Lifehacker's parent company, also owns IGN.)Of all the collectible tracker sites I've seen, IGN has the most games available, with over 200 titles. It even includes some recent releases like Doom: The Dark Ages with most or all of the info available on release date. This will vary based on a game's popularity, release date, and how complex tracking its quests and data can be, but if you're looking for a tracker for a particular game, IGN is your best bet.The downside is that while browsing IGN's maps is free, you can only check off 50 items without a subscription to IGN Plus. In exchange for $30/year (or $5/month), you'll unlock the ability to check off as many items as you want, add your own custom notes to maps, and the removal of ads. If you play a lot of sandbox games—and you don't want to roll your own game-tracking spreadsheets—it might be a worthwhile trade-off.For a much cheaper subscription: Map GenieA very similar service to IGN's interactive maps, Map Genie has almost as many games as IGN, with similar limitations, but a much cheaper subscription. Like IGN, Map Genie limits you to 50 items you can check off for free, but you can get unlimited access (and no ads) for only $10/year.Here's a plot twist for you, though: Map Genie is also owned by IGN. So why bother with IGN at all if Map Genie exists? Well, while Map Genie has most of the same game maps as IGN, there are several games IGN has that Map Genie doesn't. Games like Bioshock and Cyberpunk 2077 appear in IGN's library but not Map Genie.On the other hand, a Map Genie subscription also includes access to in-progress game maps. At the time of writing, that includes games like Hollow Knight, Control, and The Legend of Zelda: Wind Waker. In general, Map Genie is the better deal anyway, but the specific game you want to track might impact which service is better for you.For free tracking (on fewer games): GameTrekGameTrek has a much smaller library (with only 18 games so far at time of writing), but it has one big advantage: it's free. At least for now, you can track every collectible, write your own notes, and filter every category of item on the map without paying a cent. You will need to create an account to track anything, but there's no payment required.The small library is also growing at a healthy (if not frenzied) clip. Within the last couple of months, the site has added guides for recent releases like Doom: The Dark Ages and Clair Obscur: Expedition 33, as well as older-but-popular games like The Last of Us Part II. There are a lot of gaps in GameTrek's library right now, but it's hard to beat free.Another free option: Enthusiast sites (like Zelda Dungeon)Interactive collectible trackers take a lot of work and often don't turn a profit. If you saw a $30 or even $10 per year price tag above and (perhaps understandably) scoffed, you can see why. Fortunately, there's no shortage of excited nerds online who love obsessing over their games. Depending on the franchise, you can sometimes find whole sites dedicated to maps and trackers for just one series.Zelda Dungeon is the perfect example here. While it has guides for every Legend of Zelda game under the sun (or moon, as the case may be), it also has interactive maps for several games. This includes Breath of the Wild, Tears of the Kingdom, and even the recent Echoes of Wisdom.Not only do these include tracking for everything from Lightroots to Korok seeds (all 1,000 of them), but you can even mark them complete for free without an account. You'll need to create an account and log in to save your progress across devices, but it's the most generous of all the collectibles trackers I've seen. Your mileage may vary depending on which franchise you're looking for (or how old the game you're playing is), but there's always someone out there documenting their favorite games. If you find a good forum, subreddit, or fan-site dedicated to your beloved franchise, it's worth seeing if they already have an interactive map you can use.

Nature, Published online: 30 May 2025; doi:10.1038/d41586-025-01614-xA concerted effort is needed to support women in their choice of journal when submitting their manuscript.

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.