• In the heart of the bustling cities during the Industrial Age, we witnessed the incredible rise of innovation and opportunity! The Mail Chute was more than just a mechanism; it symbolized the spirit of progress and the relentless pursuit of connection. As buildings soared to new heights, so did our ambitions and dreams!

    Let’s embrace the lessons from the past: every rise can inspire us to reach for our goals, even when faced with challenges. Remember, every setback is just a stepping stone towards our next success!

    So, keep your heads high and your spirits higher! The world is full of possibilities waiting for you to seize them!

    #RiseAndFall #MailChute #IndustrialAge
    🌟 In the heart of the bustling cities during the Industrial Age, we witnessed the incredible rise of innovation and opportunity! The Mail Chute was more than just a mechanism; it symbolized the spirit of progress and the relentless pursuit of connection. As buildings soared to new heights, so did our ambitions and dreams! 🚀✨ Let’s embrace the lessons from the past: every rise can inspire us to reach for our goals, even when faced with challenges. Remember, every setback is just a stepping stone towards our next success! 💪💖 So, keep your heads high and your spirits higher! The world is full of possibilities waiting for you to seize them! 🌈 #RiseAndFall #MailChute #IndustrialAge
    HACKADAY.COM
    The Rise And The Fall Of The Mail Chute
    As the Industrial Age took the world by storm, city centers became burgeoning hubs of commerce and activity. New offices and apartments were built higher and higher as density increased …read more
    1 Yorumlar 0 hisse senetleri
  • When you think about horror films, what comes to mind? Creepy monsters? Jump scares? The classic trope of a group of friends who somehow forget that splitting up is a bad idea? Well, hold onto your popcorn, because the talented folks at ESMA are here to remind us that the only thing scarier than a killer lurking in the shadows is the idea of them trying to be funny while doing it.

    Enter "Claw," a short film that dares to blend the horror genre with a sprinkle of humor – because who wouldn't want to laugh while being chased by a guy with a chainsaw? This cinematic masterpiece, which apparently took inspiration from the likes of "Last Action Hero," is like if a horror movie and a stand-up comedian had a baby, and we’re all just waiting for the punchline as we hide behind our couches.

    Imagine a young cinephile named Andrew, who is living his best life by binge-watching horror classics. However, instead of the usual blood and guts, he encounters a version of horror that leaves you both terrified and chuckling nervously. It’s like the directors at ESMA sat down and said, “Why not take everything that terrifies us and add a dash of quirky humor?” Honestly, it’s a wonder they didn’t throw in a musical number.

    Sure, we all adore the suspense that makes our hearts race, but the thought of Andrew laughing nervously at a killer with a penchant for puns? Now that’s a new level of fear. Who knew that horror could provide comic relief while simultaneously making us question our life choices? Forget battling your demons; let’s just joke about them instead! And if you think about it, that’s probably the best coping mechanism we’ve got.

    But beware! As you dive into this horror-comedy concoction, you might just find yourself chuckling at the most inappropriate moments. Like when the killer slips on a banana peel right before going for the kill – because nothing says “I’m terrified” like a comedy skit in a death scene. After all, isn’t that the essence of horror? To laugh in the face of danger, even if it’s through the lens of ESMA’s latest cinematic exploration?

    So, if you’re looking for a good time that sends shivers down your spine while keeping you in stitches, “Claw” is your go-to film. Just remember to keep a straight face when explaining to your friends why you’re laughing while watching someone get chased by a masked figure. But hey, in the world of horror, even the scariest movies can have a light-hearted twist – because why not?

    Embrace the terror, welcome the humor, and prepare yourself for a rollercoaster of emotions with "Claw." After all, if we can’t laugh at our fears, what’s the point?

    #ClawFilm #HorrorComedy #ESMA #CinematicHumor #HorrorMovies
    When you think about horror films, what comes to mind? Creepy monsters? Jump scares? The classic trope of a group of friends who somehow forget that splitting up is a bad idea? Well, hold onto your popcorn, because the talented folks at ESMA are here to remind us that the only thing scarier than a killer lurking in the shadows is the idea of them trying to be funny while doing it. Enter "Claw," a short film that dares to blend the horror genre with a sprinkle of humor – because who wouldn't want to laugh while being chased by a guy with a chainsaw? This cinematic masterpiece, which apparently took inspiration from the likes of "Last Action Hero," is like if a horror movie and a stand-up comedian had a baby, and we’re all just waiting for the punchline as we hide behind our couches. Imagine a young cinephile named Andrew, who is living his best life by binge-watching horror classics. However, instead of the usual blood and guts, he encounters a version of horror that leaves you both terrified and chuckling nervously. It’s like the directors at ESMA sat down and said, “Why not take everything that terrifies us and add a dash of quirky humor?” Honestly, it’s a wonder they didn’t throw in a musical number. Sure, we all adore the suspense that makes our hearts race, but the thought of Andrew laughing nervously at a killer with a penchant for puns? Now that’s a new level of fear. Who knew that horror could provide comic relief while simultaneously making us question our life choices? Forget battling your demons; let’s just joke about them instead! And if you think about it, that’s probably the best coping mechanism we’ve got. But beware! As you dive into this horror-comedy concoction, you might just find yourself chuckling at the most inappropriate moments. Like when the killer slips on a banana peel right before going for the kill – because nothing says “I’m terrified” like a comedy skit in a death scene. After all, isn’t that the essence of horror? To laugh in the face of danger, even if it’s through the lens of ESMA’s latest cinematic exploration? So, if you’re looking for a good time that sends shivers down your spine while keeping you in stitches, “Claw” is your go-to film. Just remember to keep a straight face when explaining to your friends why you’re laughing while watching someone get chased by a masked figure. But hey, in the world of horror, even the scariest movies can have a light-hearted twist – because why not? Embrace the terror, welcome the humor, and prepare yourself for a rollercoaster of emotions with "Claw." After all, if we can’t laugh at our fears, what’s the point? #ClawFilm #HorrorComedy #ESMA #CinematicHumor #HorrorMovies
    L’ESMA détourne les clichés des films d’horreurs : tremblez !
    Découvrez Claw, un court de fin d’études de l’ESMA qui s’inspire des codes des films d’horreur pour en proposer une version revisitée. A partir d’un concept qui rappelle Last Action Hero, l’équipe a concocté un fil
    Like
    Love
    Wow
    Sad
    Angry
    636
    1 Yorumlar 0 hisse senetleri
  • Switch 2 gamers can now get top protection to end the dreaded console drop-and-break

    Accessories firm PowerA have released a series of peripherals and items designed to look after your believed new Switch 2 console to avoid a broken, smashed machine while taking it on-the-goTech14:16, 15 Jun 2025The PowerA Slim case for Switch 2Gamers who have just snapped up their fancy new Switch 2 console need some protection for their latest purchase.Because this fine piece of tech can easily be dropped while gaming onto a hard floor.‌Thankfully, a host of peripherals and accessories are already hitting stores for the Nintendo machine just days after its summertime launch.‌And it means you’ve now got options to protect your pricey device from a nasty fall or screen smash early in its gaming life.The bods at Power A have dropped a series of items worth considering for you Switch 2.Our go-to here is the new Slim Case which is a bargain at just £14.99.Article continues belowOfficially licensed by Nintendo, it has a moulded interior with soft fabric lining that perfectly cups your console, keeping it tightly nested from movement when zipped in.The case has a clean, rugged designIt looks the part too, with a grey tough fabric feel and that all-important Switch 2 logo on the front, bottom right, so you can show off to your pals.‌Inside you can even tuck in 10 game cards for your favourite titles thanks to a dedicated rack area.And that has an integrated play stand for on-the-go gamers who want to put out the magnetic Joy-Cons and have the display stand up in the case at a nice viewable angle where it remains protected while you game outdoors with pals.The play stand doubles as a padded screen protector when the system is inside the case, which is ideal.‌We’ve tried this out and it feels of good quality and well padded to protect your console.You can also get a screen protector from the firm to cover your precious 7.9-inch 1080p LCD screen form a break during a fall.There are two in a pack for £9 and, just like mobile phone screen protectors, they’ll give you an extra layer of cover while not affecting the touch screen mechanisms.‌The pack includes a microfibre cleaning cloth, placement guides, dust removal stickers and applicator.The Mario Time advantage controller for Switch 2Finally, if you want to avoid the Joy-Cons altogether there are new controllers for the Switch 2 to consider.Article continues belowThe best looking one is arguably the Advantage wired controller dubbed ‘Mario Time’ which costs £29 and boasts hall-effect magnetic sensor thumb sticks for fluid gameplay, on board audio controls for your gaming headsets and a cool Super Mario themed look.‌‌‌
    #switch #gamers #can #now #get
    Switch 2 gamers can now get top protection to end the dreaded console drop-and-break
    Accessories firm PowerA have released a series of peripherals and items designed to look after your believed new Switch 2 console to avoid a broken, smashed machine while taking it on-the-goTech14:16, 15 Jun 2025The PowerA Slim case for Switch 2Gamers who have just snapped up their fancy new Switch 2 console need some protection for their latest purchase.Because this fine piece of tech can easily be dropped while gaming onto a hard floor.‌Thankfully, a host of peripherals and accessories are already hitting stores for the Nintendo machine just days after its summertime launch.‌And it means you’ve now got options to protect your pricey device from a nasty fall or screen smash early in its gaming life.The bods at Power A have dropped a series of items worth considering for you Switch 2.Our go-to here is the new Slim Case which is a bargain at just £14.99.Article continues belowOfficially licensed by Nintendo, it has a moulded interior with soft fabric lining that perfectly cups your console, keeping it tightly nested from movement when zipped in.The case has a clean, rugged designIt looks the part too, with a grey tough fabric feel and that all-important Switch 2 logo on the front, bottom right, so you can show off to your pals.‌Inside you can even tuck in 10 game cards for your favourite titles thanks to a dedicated rack area.And that has an integrated play stand for on-the-go gamers who want to put out the magnetic Joy-Cons and have the display stand up in the case at a nice viewable angle where it remains protected while you game outdoors with pals.The play stand doubles as a padded screen protector when the system is inside the case, which is ideal.‌We’ve tried this out and it feels of good quality and well padded to protect your console.You can also get a screen protector from the firm to cover your precious 7.9-inch 1080p LCD screen form a break during a fall.There are two in a pack for £9 and, just like mobile phone screen protectors, they’ll give you an extra layer of cover while not affecting the touch screen mechanisms.‌The pack includes a microfibre cleaning cloth, placement guides, dust removal stickers and applicator.The Mario Time advantage controller for Switch 2Finally, if you want to avoid the Joy-Cons altogether there are new controllers for the Switch 2 to consider.Article continues belowThe best looking one is arguably the Advantage wired controller dubbed ‘Mario Time’ which costs £29 and boasts hall-effect magnetic sensor thumb sticks for fluid gameplay, on board audio controls for your gaming headsets and a cool Super Mario themed look.‌‌‌ #switch #gamers #can #now #get
    WWW.DAILYSTAR.CO.UK
    Switch 2 gamers can now get top protection to end the dreaded console drop-and-break
    Accessories firm PowerA have released a series of peripherals and items designed to look after your believed new Switch 2 console to avoid a broken, smashed machine while taking it on-the-goTech14:16, 15 Jun 2025The PowerA Slim case for Switch 2Gamers who have just snapped up their fancy new Switch 2 console need some protection for their latest purchase.Because this fine piece of tech can easily be dropped while gaming onto a hard floor.‌Thankfully, a host of peripherals and accessories are already hitting stores for the Nintendo machine just days after its summertime launch.‌And it means you’ve now got options to protect your pricey device from a nasty fall or screen smash early in its gaming life.The bods at Power A have dropped a series of items worth considering for you Switch 2.Our go-to here is the new Slim Case which is a bargain at just £14.99.Article continues belowOfficially licensed by Nintendo, it has a moulded interior with soft fabric lining that perfectly cups your console, keeping it tightly nested from movement when zipped in.The case has a clean, rugged designIt looks the part too, with a grey tough fabric feel and that all-important Switch 2 logo on the front, bottom right, so you can show off to your pals.‌Inside you can even tuck in 10 game cards for your favourite titles thanks to a dedicated rack area.And that has an integrated play stand for on-the-go gamers who want to put out the magnetic Joy-Cons and have the display stand up in the case at a nice viewable angle where it remains protected while you game outdoors with pals.The play stand doubles as a padded screen protector when the system is inside the case, which is ideal.‌We’ve tried this out and it feels of good quality and well padded to protect your console.You can also get a screen protector from the firm to cover your precious 7.9-inch 1080p LCD screen form a break during a fall.There are two in a pack for £9 and, just like mobile phone screen protectors, they’ll give you an extra layer of cover while not affecting the touch screen mechanisms.‌The pack includes a microfibre cleaning cloth, placement guides, dust removal stickers and applicator.The Mario Time advantage controller for Switch 2Finally, if you want to avoid the Joy-Cons altogether there are new controllers for the Switch 2 to consider.Article continues belowThe best looking one is arguably the Advantage wired controller dubbed ‘Mario Time’ which costs £29 and boasts hall-effect magnetic sensor thumb sticks for fluid gameplay, on board audio controls for your gaming headsets and a cool Super Mario themed look.‌‌‌
    Like
    Love
    Wow
    Sad
    Angry
    518
    2 Yorumlar 0 hisse senetleri
  • Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

    Jun 16, 2025Ravie LakshmananMalware / DevOps

    Cybersecurity researchers have discovered a malicious package on the Python Package Indexrepository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others.
    The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development ofsolutions."
    The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week.
    Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithmin order to download and execute a next-stage payload.
    Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer.

    The stealer malware is equipped to siphon a wide range of data from infected machines. This includes -

    JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers
    Pod sandbox environment authentication tokens and git information
    CI/CD information from environment variables
    Zscaler host configuration
    Amazon Web Services account information and tokens
    Public IP address
    General platform, user, and host information

    The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems.
    The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis.
    "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said.

    "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity."
    The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below -

    eslint-config-airbnb-compatts-runtime-compat-checksolders@mediawave/libAll the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry.
    SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former packageto retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown.
    "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said.
    Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed.
    "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work."
    Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server.
    This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domainand configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB.
    "is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL."

    Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account controlusing a combination of FodHelper.exe and programmatic identifiersto evade defenses and avoid triggering any security alerts to the user.
    The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT.
    "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent."
    Crypto Malware in the Open-Source Supply Chain
    The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem.

    Some of the examples of these packages include -

    express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys
    bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing.
    lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers

    "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said.
    "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets."
    AI and Slopsquatting
    The rise of artificial intelligence-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language modelscan hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks.
    Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences.

    Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting.
    "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said.
    "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases."

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #malicious #pypi #package #masquerades #chimera
    Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
    Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Indexrepository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development ofsolutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithmin order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compatts-runtime-compat-checksolders@mediawave/libAll the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former packageto retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server. This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domainand configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB. "is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account controlusing a combination of FodHelper.exe and programmatic identifiersto evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language modelscan hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #malicious #pypi #package #masquerades #chimera
    THEHACKERNEWS.COM
    Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data
    Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    Like
    Love
    Wow
    Sad
    Angry
    514
    2 Yorumlar 0 hisse senetleri
  • Block’s CFO explains Gen Z’s surprising approach to money management

    One stock recently impacted by a whirlwind of volatility is Block—the fintech powerhouse behind Square, Cash App, Tidal Music, and more. The company’s COO and CFO, Amrita Ahuja, shares how her team is using new AI tools to find opportunity amid disruption and reach customers left behind by traditional financial systems. Ahuja also shares lessons from the video game industry and discusses Gen Z’s surprising approach to money management.  

    This is an abridged transcript of an interview from Rapid Response, hosted by Robert Safian, former editor-in-chief of Fast Company. From the team behind the Masters of Scale podcast, Rapid Response features candid conversations with today’s top business leaders navigating real-time challenges. Subscribe to Rapid Response wherever you get your podcasts to ensure you never miss an episode.

    As a leader, when you’re looking at all of this volatility—the tariffs, consumer sentiment’s been unclear, the stock market’s been all over the place. You guys had a huge one-day drop in early May, and it quickly bounced back. How do you make sense of all these external factors?

    Yeah, our focus is on what we can control. And ultimately, the thing that we are laser-focused on for our business is product velocity. How quickly can we start small with something, launch something for our customers, and then test and iterate and learn so that ultimately, that something that we’ve launched scales into an important product?

    I’ll give you an example. Cash App Borrow, which is a product where our customers can get access to a line of credit, often that bridges them from paycheck to paycheck. We know so many Americans are living paycheck to paycheck. That’s a product that we launched about three years ago and have now scaled to serve 9 million actives with billion in credit supply to our customers in a span of a couple short years.

    The more we can be out testing and launching product at a pace, the more we know we are ultimately delivering value to our customers, and the right things will happen from a stock perspective.

    Block is a financial services provider. You have Square, the point-of-sale system; the digital wallet Cash App, which you mentioned, which competes with Venmo and Robinhood; and a bunch of others. Then you’ve got the buy-now, pay-later leader Afterpay. You chair Square Financial Services, which is Block’s chartered bank. But you’ve said that in the fintech world, Block is only a little bit fin—that comparatively, it’s more tech. Can you explain what you mean by that?

    What we think is unique about us is our ability as a technology company to completely change innovation in the space, such that we can help solve systemic issues across credit, payments, commerce, and banking. What that means ultimately is we use technologies like AI and machine learning and data science, and we use these technologies in a unique way, in a way that’s different from a traditional bank. We are able to underwrite those who are often frankly forgotten by the traditional financial ecosystems.

    Our Square Loans product has almost triple the rate of women-owned businesses that we underwrite. Fifty-eight percent of our loans go to women-owned businesses versus 20% for the industry average. For that Cash App Borrow product I was talking about, 70% of those actives, the 9 million actives that we underwrote, fell below 580 as a FICO score. That’s considered a poor FICO score, and yet 97% of repayments are made on time. And this is because we have unique access to data and these technology and tools which can help us uniquely underwrite this often forgotten customer base.

    Yeah. I mean, credit—sometimes it’s been blamed for financial excesses. But access to credit is also, as you say, an advantage that’s not available to everyone. Do you have a philosophy between those poles—between risk and opportunity? Or is what you’re saying is that the tech you have allows you to avoid that risk?

    That’s right. Let’s start with how do the current systems work? It works using inferior data, frankly. It’s more limited data. It’s outdated. Sometimes it’s inaccurate. And it ignores things like someone’s cash flows, the stability of your income, your savings rate, how money moves through your accounts, or how you use alternative forms of credit—like buy now, pay later, which we have in our ecosystem through Afterpay.

    We have a lot of these signals for our 57 million monthly actives on the Cash App side and for the 4 million small businesses on the Square side, and those, frankly, billions of transaction data points that we have on any given day paired with new technologies. And we intend to continue to be on the forefront of AI, machine learning, and data science to be able to empower more people into the economy. The combination of the superior data and the technologies is what we believe ultimately helps expand access.

    You have a financial background, but not in the financial services industry. Before Block, you were a video game developer at Activision. Are financial businesses and video games similar? Are there things that are similar about them?

    There are. There actually are some things that are similar, I will say. There are many things that are unique to each industry. Each industry is incredibly complex. You find that when big technology companies try to do gaming. They’ve taken over the world in many different ways, but they can’t always crack the nut on putting out a great game. Similarly, some of the largest technology companies have dabbled in fintech but haven’t been able to go as deep, so they’re both very nuanced and complex industries.

    I would say another similarity is that design really matters. Industrial design, the design of products, the interface of products, is absolutely mission-critical to a great game, and it’s absolutely mission-critical to the simplicity and accessibility of our products, be it on Square or Cash App.

    And then maybe the third thing that I would say is that when I was in gaming, at least the business models were rapidly changing from an intermediary distribution mechanism, like releasing a game once and then selling it through a retailer, to an always-on, direct-to-consumer connection. And similarly with banking, people don’t want to bank from 9 to 5, six days a week. They want 24/7 access to their money and the ability to, again, grow their financial livelihood, move their money around seamlessly. So, some similarities are there in that shift to an intermediary model or a slower model to an always-on, direct-to-consumer connection.

    Part of your target audience or your target customer base at Block are Gen Z folks. Did you learn things at Activision about Gen Z that has been useful? Are there things that businesses misunderstand about younger generations still?

    What we’ve learned is that Gen Z, millennial customers, aren’t going to do things the way their parents did. Some of our stats show that 63% of Gen Z customers have moved away from traditional credit cards, and over 80% are skeptical of them. Which means they’re not using a credit card to manage expenses; they’re using a debit card, but then layering on on a transaction-by-transaction basis. Or again, using tools like buy now, pay later, or Cash App Borrow, the means in which they’re managing their consistent cash flows. So that’s an example of how things are changing, and you’ve got to get up to speed with how the next generation of customers expects to manage their money.
    #blocks #cfo #explains #gen #surprising
    Block’s CFO explains Gen Z’s surprising approach to money management
    One stock recently impacted by a whirlwind of volatility is Block—the fintech powerhouse behind Square, Cash App, Tidal Music, and more. The company’s COO and CFO, Amrita Ahuja, shares how her team is using new AI tools to find opportunity amid disruption and reach customers left behind by traditional financial systems. Ahuja also shares lessons from the video game industry and discusses Gen Z’s surprising approach to money management.   This is an abridged transcript of an interview from Rapid Response, hosted by Robert Safian, former editor-in-chief of Fast Company. From the team behind the Masters of Scale podcast, Rapid Response features candid conversations with today’s top business leaders navigating real-time challenges. Subscribe to Rapid Response wherever you get your podcasts to ensure you never miss an episode. As a leader, when you’re looking at all of this volatility—the tariffs, consumer sentiment’s been unclear, the stock market’s been all over the place. You guys had a huge one-day drop in early May, and it quickly bounced back. How do you make sense of all these external factors? Yeah, our focus is on what we can control. And ultimately, the thing that we are laser-focused on for our business is product velocity. How quickly can we start small with something, launch something for our customers, and then test and iterate and learn so that ultimately, that something that we’ve launched scales into an important product? I’ll give you an example. Cash App Borrow, which is a product where our customers can get access to a line of credit, often that bridges them from paycheck to paycheck. We know so many Americans are living paycheck to paycheck. That’s a product that we launched about three years ago and have now scaled to serve 9 million actives with billion in credit supply to our customers in a span of a couple short years. The more we can be out testing and launching product at a pace, the more we know we are ultimately delivering value to our customers, and the right things will happen from a stock perspective. Block is a financial services provider. You have Square, the point-of-sale system; the digital wallet Cash App, which you mentioned, which competes with Venmo and Robinhood; and a bunch of others. Then you’ve got the buy-now, pay-later leader Afterpay. You chair Square Financial Services, which is Block’s chartered bank. But you’ve said that in the fintech world, Block is only a little bit fin—that comparatively, it’s more tech. Can you explain what you mean by that? What we think is unique about us is our ability as a technology company to completely change innovation in the space, such that we can help solve systemic issues across credit, payments, commerce, and banking. What that means ultimately is we use technologies like AI and machine learning and data science, and we use these technologies in a unique way, in a way that’s different from a traditional bank. We are able to underwrite those who are often frankly forgotten by the traditional financial ecosystems. Our Square Loans product has almost triple the rate of women-owned businesses that we underwrite. Fifty-eight percent of our loans go to women-owned businesses versus 20% for the industry average. For that Cash App Borrow product I was talking about, 70% of those actives, the 9 million actives that we underwrote, fell below 580 as a FICO score. That’s considered a poor FICO score, and yet 97% of repayments are made on time. And this is because we have unique access to data and these technology and tools which can help us uniquely underwrite this often forgotten customer base. Yeah. I mean, credit—sometimes it’s been blamed for financial excesses. But access to credit is also, as you say, an advantage that’s not available to everyone. Do you have a philosophy between those poles—between risk and opportunity? Or is what you’re saying is that the tech you have allows you to avoid that risk? That’s right. Let’s start with how do the current systems work? It works using inferior data, frankly. It’s more limited data. It’s outdated. Sometimes it’s inaccurate. And it ignores things like someone’s cash flows, the stability of your income, your savings rate, how money moves through your accounts, or how you use alternative forms of credit—like buy now, pay later, which we have in our ecosystem through Afterpay. We have a lot of these signals for our 57 million monthly actives on the Cash App side and for the 4 million small businesses on the Square side, and those, frankly, billions of transaction data points that we have on any given day paired with new technologies. And we intend to continue to be on the forefront of AI, machine learning, and data science to be able to empower more people into the economy. The combination of the superior data and the technologies is what we believe ultimately helps expand access. You have a financial background, but not in the financial services industry. Before Block, you were a video game developer at Activision. Are financial businesses and video games similar? Are there things that are similar about them? There are. There actually are some things that are similar, I will say. There are many things that are unique to each industry. Each industry is incredibly complex. You find that when big technology companies try to do gaming. They’ve taken over the world in many different ways, but they can’t always crack the nut on putting out a great game. Similarly, some of the largest technology companies have dabbled in fintech but haven’t been able to go as deep, so they’re both very nuanced and complex industries. I would say another similarity is that design really matters. Industrial design, the design of products, the interface of products, is absolutely mission-critical to a great game, and it’s absolutely mission-critical to the simplicity and accessibility of our products, be it on Square or Cash App. And then maybe the third thing that I would say is that when I was in gaming, at least the business models were rapidly changing from an intermediary distribution mechanism, like releasing a game once and then selling it through a retailer, to an always-on, direct-to-consumer connection. And similarly with banking, people don’t want to bank from 9 to 5, six days a week. They want 24/7 access to their money and the ability to, again, grow their financial livelihood, move their money around seamlessly. So, some similarities are there in that shift to an intermediary model or a slower model to an always-on, direct-to-consumer connection. Part of your target audience or your target customer base at Block are Gen Z folks. Did you learn things at Activision about Gen Z that has been useful? Are there things that businesses misunderstand about younger generations still? What we’ve learned is that Gen Z, millennial customers, aren’t going to do things the way their parents did. Some of our stats show that 63% of Gen Z customers have moved away from traditional credit cards, and over 80% are skeptical of them. Which means they’re not using a credit card to manage expenses; they’re using a debit card, but then layering on on a transaction-by-transaction basis. Or again, using tools like buy now, pay later, or Cash App Borrow, the means in which they’re managing their consistent cash flows. So that’s an example of how things are changing, and you’ve got to get up to speed with how the next generation of customers expects to manage their money. #blocks #cfo #explains #gen #surprising
    WWW.FASTCOMPANY.COM
    Block’s CFO explains Gen Z’s surprising approach to money management
    One stock recently impacted by a whirlwind of volatility is Block—the fintech powerhouse behind Square, Cash App, Tidal Music, and more. The company’s COO and CFO, Amrita Ahuja, shares how her team is using new AI tools to find opportunity amid disruption and reach customers left behind by traditional financial systems. Ahuja also shares lessons from the video game industry and discusses Gen Z’s surprising approach to money management.   This is an abridged transcript of an interview from Rapid Response, hosted by Robert Safian, former editor-in-chief of Fast Company. From the team behind the Masters of Scale podcast, Rapid Response features candid conversations with today’s top business leaders navigating real-time challenges. Subscribe to Rapid Response wherever you get your podcasts to ensure you never miss an episode. As a leader, when you’re looking at all of this volatility—the tariffs, consumer sentiment’s been unclear, the stock market’s been all over the place. You guys had a huge one-day drop in early May, and it quickly bounced back. How do you make sense of all these external factors? Yeah, our focus is on what we can control. And ultimately, the thing that we are laser-focused on for our business is product velocity. How quickly can we start small with something, launch something for our customers, and then test and iterate and learn so that ultimately, that something that we’ve launched scales into an important product? I’ll give you an example. Cash App Borrow, which is a product where our customers can get access to a line of credit, often $100, $200, that bridges them from paycheck to paycheck. We know so many Americans are living paycheck to paycheck. That’s a product that we launched about three years ago and have now scaled to serve 9 million actives with $15 billion in credit supply to our customers in a span of a couple short years. The more we can be out testing and launching product at a pace, the more we know we are ultimately delivering value to our customers, and the right things will happen from a stock perspective. Block is a financial services provider. You have Square, the point-of-sale system; the digital wallet Cash App, which you mentioned, which competes with Venmo and Robinhood; and a bunch of others. Then you’ve got the buy-now, pay-later leader Afterpay. You chair Square Financial Services, which is Block’s chartered bank. But you’ve said that in the fintech world, Block is only a little bit fin—that comparatively, it’s more tech. Can you explain what you mean by that? What we think is unique about us is our ability as a technology company to completely change innovation in the space, such that we can help solve systemic issues across credit, payments, commerce, and banking. What that means ultimately is we use technologies like AI and machine learning and data science, and we use these technologies in a unique way, in a way that’s different from a traditional bank. We are able to underwrite those who are often frankly forgotten by the traditional financial ecosystems. Our Square Loans product has almost triple the rate of women-owned businesses that we underwrite. Fifty-eight percent of our loans go to women-owned businesses versus 20% for the industry average. For that Cash App Borrow product I was talking about, 70% of those actives, the 9 million actives that we underwrote, fell below 580 as a FICO score. That’s considered a poor FICO score, and yet 97% of repayments are made on time. And this is because we have unique access to data and these technology and tools which can help us uniquely underwrite this often forgotten customer base. Yeah. I mean, credit—sometimes it’s been blamed for financial excesses. But access to credit is also, as you say, an advantage that’s not available to everyone. Do you have a philosophy between those poles—between risk and opportunity? Or is what you’re saying is that the tech you have allows you to avoid that risk? That’s right. Let’s start with how do the current systems work? It works using inferior data, frankly. It’s more limited data. It’s outdated. Sometimes it’s inaccurate. And it ignores things like someone’s cash flows, the stability of your income, your savings rate, how money moves through your accounts, or how you use alternative forms of credit—like buy now, pay later, which we have in our ecosystem through Afterpay. We have a lot of these signals for our 57 million monthly actives on the Cash App side and for the 4 million small businesses on the Square side, and those, frankly, billions of transaction data points that we have on any given day paired with new technologies. And we intend to continue to be on the forefront of AI, machine learning, and data science to be able to empower more people into the economy. The combination of the superior data and the technologies is what we believe ultimately helps expand access. You have a financial background, but not in the financial services industry. Before Block, you were a video game developer at Activision. Are financial businesses and video games similar? Are there things that are similar about them? There are. There actually are some things that are similar, I will say. There are many things that are unique to each industry. Each industry is incredibly complex. You find that when big technology companies try to do gaming. They’ve taken over the world in many different ways, but they can’t always crack the nut on putting out a great game. Similarly, some of the largest technology companies have dabbled in fintech but haven’t been able to go as deep, so they’re both very nuanced and complex industries. I would say another similarity is that design really matters. Industrial design, the design of products, the interface of products, is absolutely mission-critical to a great game, and it’s absolutely mission-critical to the simplicity and accessibility of our products, be it on Square or Cash App. And then maybe the third thing that I would say is that when I was in gaming, at least the business models were rapidly changing from an intermediary distribution mechanism, like releasing a game once and then selling it through a retailer, to an always-on, direct-to-consumer connection. And similarly with banking, people don’t want to bank from 9 to 5, six days a week. They want 24/7 access to their money and the ability to, again, grow their financial livelihood, move their money around seamlessly. So, some similarities are there in that shift to an intermediary model or a slower model to an always-on, direct-to-consumer connection. Part of your target audience or your target customer base at Block are Gen Z folks. Did you learn things at Activision about Gen Z that has been useful? Are there things that businesses misunderstand about younger generations still? What we’ve learned is that Gen Z, millennial customers, aren’t going to do things the way their parents did. Some of our stats show that 63% of Gen Z customers have moved away from traditional credit cards, and over 80% are skeptical of them. Which means they’re not using a credit card to manage expenses; they’re using a debit card, but then layering on on a transaction-by-transaction basis. Or again, using tools like buy now, pay later, or Cash App Borrow, the means in which they’re managing their consistent cash flows. So that’s an example of how things are changing, and you’ve got to get up to speed with how the next generation of customers expects to manage their money.
    Like
    Love
    Wow
    Sad
    Angry
    449
    2 Yorumlar 0 hisse senetleri
  • iPhone Users No Longer Need To Panic Over Storage, As iOS 26 Will Automatically Reserve Space To Make Sure Future Software Updates Install Without Any Last-Minute Hassles

    Menu

    Home
    News

    Hardware

    Gaming

    Mobile

    Finance
    Deals
    Reviews
    How To

    Wccftech

    MobileSoftware
    iPhone Users No Longer Need To Panic Over Storage, As iOS 26 Will Automatically Reserve Space To Make Sure Future Software Updates Install Without Any Last-Minute Hassles

    Ali Salman •
    Jun 14, 2025 at 07:08pm EDT

    Apple is silently fixing a long-standing iOS issue, which will make users a lot more stress-free when updating their iPhones to the latest software. Apple's release notes suggest that iOS 26 will bring a new dynamic storage reserve feature, which will allow the device to save up some space so that the automatic updates are downloaded and installed automatically. The new feature is part of the iOS 26 developer beta 1, and it remains to be seen how it actually works.
    Apple is introducing smart storage management in iOS 26 to prevent failed updates on iPhones with low available space
    Apple notes in its latest release notes for the developer beta that iOS 26 can dynamically reserve storage space to ensure that automatic updates are installed without a hassle. This marks a small but significant improvement for users who struggle to keep their storage free for updates. In the past, many users had to manually clear the storage when the system did not have enough room to install a new iOS version, which left them with a failed update error. With iOS 26, Apple is proactively addressing this by reserving space ahead of time when automatic updates are enabled in the Settings app.
    “Depending on the amount of free space available, iOS might dynamically reserve update space for Automatic Updates to download and install successfully,” Apple says in the beta documentation.
    At this point, Apple has not disclosed how the dynamic reservation system works or how much storage will be allocated for the automatic updates. However, the company's efforts align with similar mechanisms in macOS. If you are not familiar with it, Apple already uses temporary system storage management during updates, even in the case of iOS, but the new feature could mean that the system actively manages and holds onto space as part of its background maintenance.
    There is also no word from Apple on whether users will be notified when space is being reserved or if they will have the ability to opt out of the operation. The feature is expected to work automatically and seamlessly, making it easier for iPhone users to install the latest iOS updates. The update makes it easier for users who tend to ignore storage warnings or those who are not aware of their device's remaining storage capacity.
    The company is adding one more way, aiming to make iOS updates less of a hassle, especially when a major update arrives with numerous features, including security updates. We will share more details on iOS 26, so do keep an eye out.

    Subscribe to get an everyday digest of the latest technology news in your inbox

    Follow us on

    Topics

    Sections

    Company

    Some posts on wccftech.com may contain affiliate links. We are a participant in the Amazon Services LLC
    Associates Program, an affiliate advertising program designed to provide a means for sites to earn
    advertising fees by advertising and linking to amazon.com
    © 2025 WCCF TECH INC. 700 - 401 West Georgia Street, Vancouver, BC, Canada
    #iphone #users #longer #need #panic
    iPhone Users No Longer Need To Panic Over Storage, As iOS 26 Will Automatically Reserve Space To Make Sure Future Software Updates Install Without Any Last-Minute Hassles
    Menu Home News Hardware Gaming Mobile Finance Deals Reviews How To Wccftech MobileSoftware iPhone Users No Longer Need To Panic Over Storage, As iOS 26 Will Automatically Reserve Space To Make Sure Future Software Updates Install Without Any Last-Minute Hassles Ali Salman • Jun 14, 2025 at 07:08pm EDT Apple is silently fixing a long-standing iOS issue, which will make users a lot more stress-free when updating their iPhones to the latest software. Apple's release notes suggest that iOS 26 will bring a new dynamic storage reserve feature, which will allow the device to save up some space so that the automatic updates are downloaded and installed automatically. The new feature is part of the iOS 26 developer beta 1, and it remains to be seen how it actually works. Apple is introducing smart storage management in iOS 26 to prevent failed updates on iPhones with low available space Apple notes in its latest release notes for the developer beta that iOS 26 can dynamically reserve storage space to ensure that automatic updates are installed without a hassle. This marks a small but significant improvement for users who struggle to keep their storage free for updates. In the past, many users had to manually clear the storage when the system did not have enough room to install a new iOS version, which left them with a failed update error. With iOS 26, Apple is proactively addressing this by reserving space ahead of time when automatic updates are enabled in the Settings app. “Depending on the amount of free space available, iOS might dynamically reserve update space for Automatic Updates to download and install successfully,” Apple says in the beta documentation. At this point, Apple has not disclosed how the dynamic reservation system works or how much storage will be allocated for the automatic updates. However, the company's efforts align with similar mechanisms in macOS. If you are not familiar with it, Apple already uses temporary system storage management during updates, even in the case of iOS, but the new feature could mean that the system actively manages and holds onto space as part of its background maintenance. There is also no word from Apple on whether users will be notified when space is being reserved or if they will have the ability to opt out of the operation. The feature is expected to work automatically and seamlessly, making it easier for iPhone users to install the latest iOS updates. The update makes it easier for users who tend to ignore storage warnings or those who are not aware of their device's remaining storage capacity. The company is adding one more way, aiming to make iOS updates less of a hassle, especially when a major update arrives with numerous features, including security updates. We will share more details on iOS 26, so do keep an eye out. Subscribe to get an everyday digest of the latest technology news in your inbox Follow us on Topics Sections Company Some posts on wccftech.com may contain affiliate links. We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com © 2025 WCCF TECH INC. 700 - 401 West Georgia Street, Vancouver, BC, Canada #iphone #users #longer #need #panic
    WCCFTECH.COM
    iPhone Users No Longer Need To Panic Over Storage, As iOS 26 Will Automatically Reserve Space To Make Sure Future Software Updates Install Without Any Last-Minute Hassles
    Menu Home News Hardware Gaming Mobile Finance Deals Reviews How To Wccftech MobileSoftware iPhone Users No Longer Need To Panic Over Storage, As iOS 26 Will Automatically Reserve Space To Make Sure Future Software Updates Install Without Any Last-Minute Hassles Ali Salman • Jun 14, 2025 at 07:08pm EDT Apple is silently fixing a long-standing iOS issue, which will make users a lot more stress-free when updating their iPhones to the latest software. Apple's release notes suggest that iOS 26 will bring a new dynamic storage reserve feature, which will allow the device to save up some space so that the automatic updates are downloaded and installed automatically. The new feature is part of the iOS 26 developer beta 1, and it remains to be seen how it actually works. Apple is introducing smart storage management in iOS 26 to prevent failed updates on iPhones with low available space Apple notes in its latest release notes for the developer beta that iOS 26 can dynamically reserve storage space to ensure that automatic updates are installed without a hassle. This marks a small but significant improvement for users who struggle to keep their storage free for updates. In the past, many users had to manually clear the storage when the system did not have enough room to install a new iOS version, which left them with a failed update error. With iOS 26, Apple is proactively addressing this by reserving space ahead of time when automatic updates are enabled in the Settings app. “Depending on the amount of free space available, iOS might dynamically reserve update space for Automatic Updates to download and install successfully,” Apple says in the beta documentation. At this point, Apple has not disclosed how the dynamic reservation system works or how much storage will be allocated for the automatic updates. However, the company's efforts align with similar mechanisms in macOS. If you are not familiar with it, Apple already uses temporary system storage management during updates, even in the case of iOS, but the new feature could mean that the system actively manages and holds onto space as part of its background maintenance. There is also no word from Apple on whether users will be notified when space is being reserved or if they will have the ability to opt out of the operation. The feature is expected to work automatically and seamlessly, making it easier for iPhone users to install the latest iOS updates. The update makes it easier for users who tend to ignore storage warnings or those who are not aware of their device's remaining storage capacity. The company is adding one more way, aiming to make iOS updates less of a hassle, especially when a major update arrives with numerous features, including security updates. We will share more details on iOS 26, so do keep an eye out. Subscribe to get an everyday digest of the latest technology news in your inbox Follow us on Topics Sections Company Some posts on wccftech.com may contain affiliate links. We are a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to amazon.com © 2025 WCCF TECH INC. 700 - 401 West Georgia Street, Vancouver, BC, Canada
    0 Yorumlar 0 hisse senetleri
  • Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets

    Jun 14, 2025Ravie LakshmananMalware / Threat Intelligence

    A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan.
    "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets."
    The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites.

    Details of the campaign come a little over a month after the cybersecurity company revealed another sophisticated phishing campaign that hijacked expired vanity invite links to entice users into joining a Discord server and instruct them to visit a phishing site to verify ownership, only to have their digital assets drained upon connecting their wallets.
    While users can create temporary, permanent, or custominvite links on Discord, the platform prevents other legitimate servers from reclaiming a previously expired or deleted invite. However, Check Point found that creating custom invite links allows the reuse of expired invite codes and even deleted permanent invite codes in some cases.

    This ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server.
    "This creates a serious risk: Users who follow previously trusted invite linkscan unknowingly be redirected to fake Discord servers created by threat actors," Check Point said.
    The Discord invite-link hijacking, in a nutshell, involves taking control of invite links originally shared by legitimate communities and then using them to redirect users to the malicious server. Users who fall prey to the scheme and join the server are asked to complete a verification step in order to gain full server access by authorizing a bot, which then leads them to a fake website with a prominent "Verify" button.
    This is where the attackers take the attack to the next level by incorporating the infamous ClickFix social engineering tactic to trick users into infecting their systems under the pretext of verification.

    Specifically, clicking the "Verify" button surreptitiously executes JavaScript that copies a PowerShell command to the machine's clipboard, after which the users are urged to launch the Windows Run dialog, paste the already copied "verification string", and press Enter to authenticate their accounts.
    But in reality, performing these steps triggers the download of a PowerShell script hosted on Pastebin that subsequently retrieves and executes a first-stage downloader, which is ultimately used to drop AsyncRAT and Skuld Stealer from a remote server and execute them.
    At the heart of this attack lies a meticulously engineered, multi-stage infection process designed for both precision and stealth, while also taking steps to subvert security protections through sandbox security checks.
    AsyncRAT, which offers comprehensive remote control capabilities over infected systems, has been found to employ a technique called dead drop resolver to access the actual command-and-controlserver by reading a Pastebin file.
    The other payload is a Golang information stealer that's downloaded from Bitbucket. It's equipped to steal sensitive user data from Discord, various browsers, crypto wallets, and gaming platforms.
    Skuld is also capable of harvesting crypto wallet seed phrases and passwords from the Exodus and Atomic crypto wallets. It accomplishes this using an approach called wallet injection that replaces legitimate application files with trojanized versions downloaded from GitHub. It's worth noting that a similar technique was recently put to use by a rogue npm package named pdf-to-office.
    The attack also employs a custom version of an open-source tool known as ChromeKatz to bypass Chrome's app-bound encryption protections. The collected data is exfiltrated to the miscreants via a Discord webhook.
    The fact that payload delivery and data exfiltration occur via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord allows the threat actors to blend in with normal traffic and fly under the radar. Discord has since disabled the malicious bot, effectively breaking the attack chain.

    Check Point said it also identified another campaign mounted by the same threat actor that distributes the loader as a modified version of a hacktool for unlocking pirated games. The malicious program, also hosted on Bitbucket, has been downloaded 350 times.
    It has been assessed that the victims of these campaigns are primarily located in the United States, Vietnam, France, Germany, Slovakia, Austria, the Netherlands, and the United Kingdom.
    The findings represent the latest example of how cybercriminals are targeting the popular social platform, which has had its content delivery networkabused to host malware in the past.
    "This campaign illustrates how a subtle feature of Discord's invite system, the ability to reuse expired or deleted invite codes in vanity invite links, can be exploited as a powerful attack vector," the researchers said. "By hijacking legitimate invite links, threat actors silently redirect unsuspecting users to malicious Discord servers."
    "The choice of payloads, including a powerful stealer specifically targeting cryptocurrency wallets, suggests that the attackers are primarily focused on crypto users and motivated by financial gain."

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #discord #invite #link #hijacking #delivers
    Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
    Jun 14, 2025Ravie LakshmananMalware / Threat Intelligence A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets." The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites. Details of the campaign come a little over a month after the cybersecurity company revealed another sophisticated phishing campaign that hijacked expired vanity invite links to entice users into joining a Discord server and instruct them to visit a phishing site to verify ownership, only to have their digital assets drained upon connecting their wallets. While users can create temporary, permanent, or custominvite links on Discord, the platform prevents other legitimate servers from reclaiming a previously expired or deleted invite. However, Check Point found that creating custom invite links allows the reuse of expired invite codes and even deleted permanent invite codes in some cases. This ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server. "This creates a serious risk: Users who follow previously trusted invite linkscan unknowingly be redirected to fake Discord servers created by threat actors," Check Point said. The Discord invite-link hijacking, in a nutshell, involves taking control of invite links originally shared by legitimate communities and then using them to redirect users to the malicious server. Users who fall prey to the scheme and join the server are asked to complete a verification step in order to gain full server access by authorizing a bot, which then leads them to a fake website with a prominent "Verify" button. This is where the attackers take the attack to the next level by incorporating the infamous ClickFix social engineering tactic to trick users into infecting their systems under the pretext of verification. Specifically, clicking the "Verify" button surreptitiously executes JavaScript that copies a PowerShell command to the machine's clipboard, after which the users are urged to launch the Windows Run dialog, paste the already copied "verification string", and press Enter to authenticate their accounts. But in reality, performing these steps triggers the download of a PowerShell script hosted on Pastebin that subsequently retrieves and executes a first-stage downloader, which is ultimately used to drop AsyncRAT and Skuld Stealer from a remote server and execute them. At the heart of this attack lies a meticulously engineered, multi-stage infection process designed for both precision and stealth, while also taking steps to subvert security protections through sandbox security checks. AsyncRAT, which offers comprehensive remote control capabilities over infected systems, has been found to employ a technique called dead drop resolver to access the actual command-and-controlserver by reading a Pastebin file. The other payload is a Golang information stealer that's downloaded from Bitbucket. It's equipped to steal sensitive user data from Discord, various browsers, crypto wallets, and gaming platforms. Skuld is also capable of harvesting crypto wallet seed phrases and passwords from the Exodus and Atomic crypto wallets. It accomplishes this using an approach called wallet injection that replaces legitimate application files with trojanized versions downloaded from GitHub. It's worth noting that a similar technique was recently put to use by a rogue npm package named pdf-to-office. The attack also employs a custom version of an open-source tool known as ChromeKatz to bypass Chrome's app-bound encryption protections. The collected data is exfiltrated to the miscreants via a Discord webhook. The fact that payload delivery and data exfiltration occur via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord allows the threat actors to blend in with normal traffic and fly under the radar. Discord has since disabled the malicious bot, effectively breaking the attack chain. Check Point said it also identified another campaign mounted by the same threat actor that distributes the loader as a modified version of a hacktool for unlocking pirated games. The malicious program, also hosted on Bitbucket, has been downloaded 350 times. It has been assessed that the victims of these campaigns are primarily located in the United States, Vietnam, France, Germany, Slovakia, Austria, the Netherlands, and the United Kingdom. The findings represent the latest example of how cybercriminals are targeting the popular social platform, which has had its content delivery networkabused to host malware in the past. "This campaign illustrates how a subtle feature of Discord's invite system, the ability to reuse expired or deleted invite codes in vanity invite links, can be exploited as a powerful attack vector," the researchers said. "By hijacking legitimate invite links, threat actors silently redirect unsuspecting users to malicious Discord servers." "The choice of payloads, including a powerful stealer specifically targeting cryptocurrency wallets, suggests that the attackers are primarily focused on crypto users and motivated by financial gain." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #discord #invite #link #hijacking #delivers
    THEHACKERNEWS.COM
    Discord Invite Link Hijacking Delivers AsyncRAT and Skuld Stealer Targeting Crypto Wallets
    Jun 14, 2025Ravie LakshmananMalware / Threat Intelligence A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets." The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites. Details of the campaign come a little over a month after the cybersecurity company revealed another sophisticated phishing campaign that hijacked expired vanity invite links to entice users into joining a Discord server and instruct them to visit a phishing site to verify ownership, only to have their digital assets drained upon connecting their wallets. While users can create temporary, permanent, or custom (vanity) invite links on Discord, the platform prevents other legitimate servers from reclaiming a previously expired or deleted invite. However, Check Point found that creating custom invite links allows the reuse of expired invite codes and even deleted permanent invite codes in some cases. This ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server. "This creates a serious risk: Users who follow previously trusted invite links (e.g., on websites, blogs, or forums) can unknowingly be redirected to fake Discord servers created by threat actors," Check Point said. The Discord invite-link hijacking, in a nutshell, involves taking control of invite links originally shared by legitimate communities and then using them to redirect users to the malicious server. Users who fall prey to the scheme and join the server are asked to complete a verification step in order to gain full server access by authorizing a bot, which then leads them to a fake website with a prominent "Verify" button. This is where the attackers take the attack to the next level by incorporating the infamous ClickFix social engineering tactic to trick users into infecting their systems under the pretext of verification. Specifically, clicking the "Verify" button surreptitiously executes JavaScript that copies a PowerShell command to the machine's clipboard, after which the users are urged to launch the Windows Run dialog, paste the already copied "verification string" (i.e., the PowerShell command), and press Enter to authenticate their accounts. But in reality, performing these steps triggers the download of a PowerShell script hosted on Pastebin that subsequently retrieves and executes a first-stage downloader, which is ultimately used to drop AsyncRAT and Skuld Stealer from a remote server and execute them. At the heart of this attack lies a meticulously engineered, multi-stage infection process designed for both precision and stealth, while also taking steps to subvert security protections through sandbox security checks. AsyncRAT, which offers comprehensive remote control capabilities over infected systems, has been found to employ a technique called dead drop resolver to access the actual command-and-control (C2) server by reading a Pastebin file. The other payload is a Golang information stealer that's downloaded from Bitbucket. It's equipped to steal sensitive user data from Discord, various browsers, crypto wallets, and gaming platforms. Skuld is also capable of harvesting crypto wallet seed phrases and passwords from the Exodus and Atomic crypto wallets. It accomplishes this using an approach called wallet injection that replaces legitimate application files with trojanized versions downloaded from GitHub. It's worth noting that a similar technique was recently put to use by a rogue npm package named pdf-to-office. The attack also employs a custom version of an open-source tool known as ChromeKatz to bypass Chrome's app-bound encryption protections. The collected data is exfiltrated to the miscreants via a Discord webhook. The fact that payload delivery and data exfiltration occur via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord allows the threat actors to blend in with normal traffic and fly under the radar. Discord has since disabled the malicious bot, effectively breaking the attack chain. Check Point said it also identified another campaign mounted by the same threat actor that distributes the loader as a modified version of a hacktool for unlocking pirated games. The malicious program, also hosted on Bitbucket, has been downloaded 350 times. It has been assessed that the victims of these campaigns are primarily located in the United States, Vietnam, France, Germany, Slovakia, Austria, the Netherlands, and the United Kingdom. The findings represent the latest example of how cybercriminals are targeting the popular social platform, which has had its content delivery network (CDN) abused to host malware in the past. "This campaign illustrates how a subtle feature of Discord's invite system, the ability to reuse expired or deleted invite codes in vanity invite links, can be exploited as a powerful attack vector," the researchers said. "By hijacking legitimate invite links, threat actors silently redirect unsuspecting users to malicious Discord servers." "The choice of payloads, including a powerful stealer specifically targeting cryptocurrency wallets, suggests that the attackers are primarily focused on crypto users and motivated by financial gain." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    0 Yorumlar 0 hisse senetleri
  • Ezsharp 2.0 Titanium Folding Knife with Swappable Blades Changes the EDC Game

    Your everyday carry setup says a lot about who you are. Whether you’re a craftsman who demands precision tools or an outdoor enthusiast who needs reliable gear, the right knife can make all the difference. The Ezsharp 2.0 Titanium Folding Utility Knife isn’t just another blade for your pocket. It’s a game-changer that combines premium materials with innovative design.
    Most folding knives force you to choose between strength and weight, but the Ezsharp 2.0 throws that compromise out the window. Built from premium titanium alloy, this folding knife delivers incredible strength while staying remarkably lightweight in your pocket. You get the durability you need without the bulk that weighs you down during long days on the job or weekend adventures.
    Designer: Alan Zheng
    Click Here to Buy Now:. Hurry, only 16/170 left!

    Titanium brings some serious advantages to the table that make it worth the investment. Unlike traditional stainless steel options, titanium offers natural resistance to rust and corrosion, so your knife stays sharp and reliable whether you’re working in humid conditions, caught in unexpected rain, or dealing with extreme temperatures. This means your tool performs consistently regardless of what Mother Nature throws your way.

    The real genius of the Ezsharp 2.0 lies in its dual-blade storage system. Instead of carrying multiple cutting tools or constantly searching for the right blade, you can swap between different scalpel blade types depending on your task. Need precision for detailed work? Switch to a fine-point blade. Tackling heavy-duty cutting? Pop in a robust utility blade and get to work.

    This innovative storage design uses powerful magnets to secure blades in both the active position and the backup compartment. The magnetic retention system ensures your blades stay exactly where they should be, eliminating the wobble and play that plague cheaper alternatives. You can trust that your cutting edge will be stable and precise when you need it most.

    The engineering extends beyond just storage, though. The Ezsharp 2.0 accepts six different scalpel blade formats, including #18, #20, #21, #22, #23, and #24. This compatibility gives you access to specialized blade geometries for everything from cardboard breakdown to precision crafting. Having options means you can tackle any cutting challenge without compromise.

    Craftsmen will appreciate the attention to detail in the construction. Every component except the replaceable blades comes from precision CNC machining, ensuring tight tolerances and smooth operation. The stainless steel blade holder receives proper heat treatment for longevity, while the frame lock mechanism provides a secure lockup that you can depend on during demanding tasks.

    The flipper opening system makes one-handed deployment effortless, perfect when your other hand is busy holding materials or managing your workspace. This practical design consideration shows that the makers understand how working professionals actually use their tools. You shouldn’t have to fumble with complicated mechanisms when time matters and precision counts.

    For EDC enthusiasts, the compact profile means the Ezsharp 2.0 disappears in your pocket without printing or creating uncomfortable bulk. The titanium construction keeps the weight down to levels that won’t throw off your carry balance, yet provides the strength to handle serious cutting tasks when called upon.

    The combination of premium materials, thoughtful engineering, and practical functionality makes the Ezsharp 2.0 stand out in a crowded market. This folding knife represents what happens when designers listen to users and create solutions for real-world problems. Whether you’re a professional who depends on reliable tools or an enthusiast who appreciates quality gear, the Ezsharp 2.0 delivers performance that justifies its place in your everyday carry rotation.
    Click Here to Buy Now:. Hurry, only 16/170 left!The post Ezsharp 2.0 Titanium Folding Knife with Swappable Blades Changes the EDC Game first appeared on Yanko Design.
    #ezsharp #titanium #folding #knife #with
    Ezsharp 2.0 Titanium Folding Knife with Swappable Blades Changes the EDC Game
    Your everyday carry setup says a lot about who you are. Whether you’re a craftsman who demands precision tools or an outdoor enthusiast who needs reliable gear, the right knife can make all the difference. The Ezsharp 2.0 Titanium Folding Utility Knife isn’t just another blade for your pocket. It’s a game-changer that combines premium materials with innovative design. Most folding knives force you to choose between strength and weight, but the Ezsharp 2.0 throws that compromise out the window. Built from premium titanium alloy, this folding knife delivers incredible strength while staying remarkably lightweight in your pocket. You get the durability you need without the bulk that weighs you down during long days on the job or weekend adventures. Designer: Alan Zheng Click Here to Buy Now:. Hurry, only 16/170 left! Titanium brings some serious advantages to the table that make it worth the investment. Unlike traditional stainless steel options, titanium offers natural resistance to rust and corrosion, so your knife stays sharp and reliable whether you’re working in humid conditions, caught in unexpected rain, or dealing with extreme temperatures. This means your tool performs consistently regardless of what Mother Nature throws your way. The real genius of the Ezsharp 2.0 lies in its dual-blade storage system. Instead of carrying multiple cutting tools or constantly searching for the right blade, you can swap between different scalpel blade types depending on your task. Need precision for detailed work? Switch to a fine-point blade. Tackling heavy-duty cutting? Pop in a robust utility blade and get to work. This innovative storage design uses powerful magnets to secure blades in both the active position and the backup compartment. The magnetic retention system ensures your blades stay exactly where they should be, eliminating the wobble and play that plague cheaper alternatives. You can trust that your cutting edge will be stable and precise when you need it most. The engineering extends beyond just storage, though. The Ezsharp 2.0 accepts six different scalpel blade formats, including #18, #20, #21, #22, #23, and #24. This compatibility gives you access to specialized blade geometries for everything from cardboard breakdown to precision crafting. Having options means you can tackle any cutting challenge without compromise. Craftsmen will appreciate the attention to detail in the construction. Every component except the replaceable blades comes from precision CNC machining, ensuring tight tolerances and smooth operation. The stainless steel blade holder receives proper heat treatment for longevity, while the frame lock mechanism provides a secure lockup that you can depend on during demanding tasks. The flipper opening system makes one-handed deployment effortless, perfect when your other hand is busy holding materials or managing your workspace. This practical design consideration shows that the makers understand how working professionals actually use their tools. You shouldn’t have to fumble with complicated mechanisms when time matters and precision counts. For EDC enthusiasts, the compact profile means the Ezsharp 2.0 disappears in your pocket without printing or creating uncomfortable bulk. The titanium construction keeps the weight down to levels that won’t throw off your carry balance, yet provides the strength to handle serious cutting tasks when called upon. The combination of premium materials, thoughtful engineering, and practical functionality makes the Ezsharp 2.0 stand out in a crowded market. This folding knife represents what happens when designers listen to users and create solutions for real-world problems. Whether you’re a professional who depends on reliable tools or an enthusiast who appreciates quality gear, the Ezsharp 2.0 delivers performance that justifies its place in your everyday carry rotation. Click Here to Buy Now:. Hurry, only 16/170 left!The post Ezsharp 2.0 Titanium Folding Knife with Swappable Blades Changes the EDC Game first appeared on Yanko Design. #ezsharp #titanium #folding #knife #with
    WWW.YANKODESIGN.COM
    Ezsharp 2.0 Titanium Folding Knife with Swappable Blades Changes the EDC Game
    Your everyday carry setup says a lot about who you are. Whether you’re a craftsman who demands precision tools or an outdoor enthusiast who needs reliable gear, the right knife can make all the difference. The Ezsharp 2.0 Titanium Folding Utility Knife isn’t just another blade for your pocket. It’s a game-changer that combines premium materials with innovative design. Most folding knives force you to choose between strength and weight, but the Ezsharp 2.0 throws that compromise out the window. Built from premium titanium alloy, this folding knife delivers incredible strength while staying remarkably lightweight in your pocket. You get the durability you need without the bulk that weighs you down during long days on the job or weekend adventures. Designer: Alan Zheng Click Here to Buy Now: $79 $138.6 (43% off). Hurry, only 16/170 left! Titanium brings some serious advantages to the table that make it worth the investment. Unlike traditional stainless steel options, titanium offers natural resistance to rust and corrosion, so your knife stays sharp and reliable whether you’re working in humid conditions, caught in unexpected rain, or dealing with extreme temperatures. This means your tool performs consistently regardless of what Mother Nature throws your way. The real genius of the Ezsharp 2.0 lies in its dual-blade storage system. Instead of carrying multiple cutting tools or constantly searching for the right blade, you can swap between different scalpel blade types depending on your task. Need precision for detailed work? Switch to a fine-point blade. Tackling heavy-duty cutting? Pop in a robust utility blade and get to work. This innovative storage design uses powerful magnets to secure blades in both the active position and the backup compartment. The magnetic retention system ensures your blades stay exactly where they should be, eliminating the wobble and play that plague cheaper alternatives. You can trust that your cutting edge will be stable and precise when you need it most. The engineering extends beyond just storage, though. The Ezsharp 2.0 accepts six different scalpel blade formats, including #18, #20, #21, #22, #23, and #24. This compatibility gives you access to specialized blade geometries for everything from cardboard breakdown to precision crafting. Having options means you can tackle any cutting challenge without compromise. Craftsmen will appreciate the attention to detail in the construction. Every component except the replaceable blades comes from precision CNC machining, ensuring tight tolerances and smooth operation. The stainless steel blade holder receives proper heat treatment for longevity, while the frame lock mechanism provides a secure lockup that you can depend on during demanding tasks. The flipper opening system makes one-handed deployment effortless, perfect when your other hand is busy holding materials or managing your workspace. This practical design consideration shows that the makers understand how working professionals actually use their tools. You shouldn’t have to fumble with complicated mechanisms when time matters and precision counts. For EDC enthusiasts, the compact profile means the Ezsharp 2.0 disappears in your pocket without printing or creating uncomfortable bulk. The titanium construction keeps the weight down to levels that won’t throw off your carry balance, yet provides the strength to handle serious cutting tasks when called upon. The combination of premium materials, thoughtful engineering, and practical functionality makes the Ezsharp 2.0 stand out in a crowded market. This folding knife represents what happens when designers listen to users and create solutions for real-world problems. Whether you’re a professional who depends on reliable tools or an enthusiast who appreciates quality gear, the Ezsharp 2.0 delivers performance that justifies its place in your everyday carry rotation. Click Here to Buy Now: $79 $138.6 (43% off). Hurry, only 16/170 left!The post Ezsharp 2.0 Titanium Folding Knife with Swappable Blades Changes the EDC Game first appeared on Yanko Design.
    0 Yorumlar 0 hisse senetleri
  • Core77 Weekly Roundup (6-9-25 to 6-13-25)

    Here's what we looked at this week:Objets d'esign: Lexon is releasing speaker and lamp versions of Jeff Koons' Balloon Dog sculpture. Volvo's new Multi-Adaptive Safety Belt compensates for different sizes, shapes and crash severities.Dometic's designey coolers use a different manufacturing method.
    Wandercraft's Eve, the world's first self-balancing exoskeleton, allows people to walk again.U.C. Berkeley's tiny pogo robot has a unique locomotion style.BARE designs a better—and less expensive—Dutch oven featuring a host of UX improvements.Clever materials use: How to clear standing water on a flat roof using rope.Architecture that works with challenging terrain, not against it: The Zig-Zag Resort, by JA Joubert and UNS Architects.Industrial design firm APE creates the Echo Pro, a perfect-fitting bike helmet with a novel adjustment mechanism.The Splay Max: A folding portable 35" monitor.Industrial Design student work: Dashiell Schaeffer's Curvesse rocking chair, made from a single sheet of plywood.These unusual, "anti-ligature" doorknobs are designed with a grim functional purpose.Designey tool kits: A trend with legs.BareBag's unusual design approach: Bags that serve as hanging points for other bags.From Germany, the NOHRD SlimBeam is a handcrafted, attractive piece of home exercise equipment.Why America's streetlights have been turning purple.When industrial design is subject to aftermarket modifications: BoxPlates to undo the PlayStation 5's look.This ShowerClear design fixes the mold problem all showerheads have.Industrial design case study: Curve ID tackles industrial kitchen equipment for JAVAR.
    #core77 #weekly #roundup
    Core77 Weekly Roundup (6-9-25 to 6-13-25)
    Here's what we looked at this week:Objets d'esign: Lexon is releasing speaker and lamp versions of Jeff Koons' Balloon Dog sculpture. Volvo's new Multi-Adaptive Safety Belt compensates for different sizes, shapes and crash severities.Dometic's designey coolers use a different manufacturing method. Wandercraft's Eve, the world's first self-balancing exoskeleton, allows people to walk again.U.C. Berkeley's tiny pogo robot has a unique locomotion style.BARE designs a better—and less expensive—Dutch oven featuring a host of UX improvements.Clever materials use: How to clear standing water on a flat roof using rope.Architecture that works with challenging terrain, not against it: The Zig-Zag Resort, by JA Joubert and UNS Architects.Industrial design firm APE creates the Echo Pro, a perfect-fitting bike helmet with a novel adjustment mechanism.The Splay Max: A folding portable 35" monitor.Industrial Design student work: Dashiell Schaeffer's Curvesse rocking chair, made from a single sheet of plywood.These unusual, "anti-ligature" doorknobs are designed with a grim functional purpose.Designey tool kits: A trend with legs.BareBag's unusual design approach: Bags that serve as hanging points for other bags.From Germany, the NOHRD SlimBeam is a handcrafted, attractive piece of home exercise equipment.Why America's streetlights have been turning purple.When industrial design is subject to aftermarket modifications: BoxPlates to undo the PlayStation 5's look.This ShowerClear design fixes the mold problem all showerheads have.Industrial design case study: Curve ID tackles industrial kitchen equipment for JAVAR. #core77 #weekly #roundup
    WWW.CORE77.COM
    Core77 Weekly Roundup (6-9-25 to 6-13-25)
    Here's what we looked at this week:Objets d'esign: Lexon is releasing speaker and lamp versions of Jeff Koons' Balloon Dog sculpture. Volvo's new Multi-Adaptive Safety Belt compensates for different sizes, shapes and crash severities.Dometic's designey coolers use a different manufacturing method. Wandercraft's Eve, the world's first self-balancing exoskeleton, allows people to walk again.U.C. Berkeley's tiny pogo robot has a unique locomotion style.BARE designs a better—and less expensive—Dutch oven featuring a host of UX improvements.Clever materials use: How to clear standing water on a flat roof using rope.Architecture that works with challenging terrain, not against it: The Zig-Zag Resort, by JA Joubert and UNS Architects.Industrial design firm APE creates the Echo Pro, a perfect-fitting bike helmet with a novel adjustment mechanism.The Splay Max: A folding portable 35" monitor.Industrial Design student work: Dashiell Schaeffer's Curvesse rocking chair, made from a single sheet of plywood.These unusual, "anti-ligature" doorknobs are designed with a grim functional purpose.Designey tool kits: A trend with legs.BareBag's unusual design approach: Bags that serve as hanging points for other bags.From Germany, the NOHRD SlimBeam is a handcrafted, attractive piece of home exercise equipment.Why America's streetlights have been turning purple.When industrial design is subject to aftermarket modifications: BoxPlates to undo the PlayStation 5's look.This ShowerClear design fixes the mold problem all showerheads have.Industrial design case study: Curve ID tackles industrial kitchen equipment for JAVAR.
    0 Yorumlar 0 hisse senetleri