Got milk? From wearables to popular portables, these are the breast pumps we recommend for your nursing era.

ActuGaming.net Test Shadow Labyrinth – Pac-Man et le metroidvania, une recette qui porte ses fruits ? 2025 est une année particulière pour Pac-Man. Nous avons en effet célébré en mai dernier […] L'article Test Shadow Labyrinth – Pa

For home HVAC systems, heat pumps seem to be the way of the future. When compared to electric heating they can be three to four times more efficient, and they …read more

There are just a few weeks left to tap federal programs that make purchasing an EV, heat pump, or solar panels more affordable.

ActuGaming.net Où trouver de l’aluminium sur Arrakis ? | Dune Awakening Dune Awakening est un MMORPG axé sur la survie prenant place sur Arrakis, une planète […] L'article Où trouver de l’aluminium sur Arrakis ? | Dune Awakening es

June 13, 20256 min readAir-Conditioning Can Surprisingly Help the Power Grid during Extreme HeatSwitching on air-conditioning during extreme heat doesn’t have to make us feel guilty—it can actually boost power grid reliability and help bring more renewable energy onlineBy Johanna Mathieu & The Conversation US Imagedepotpro/Getty ImagesThe following essay is reprinted with permission from The Conversation, an online publication covering the latest research.As summer arrives, people are turning on air conditioners in most of the U.S. But if you’re like me, you always feel a little guilty about that. Past generations managed without air conditioning – do I really need it? And how bad is it to use all this electricity for cooling in a warming world?If I leave my air conditioner off, I get too hot. But if everyone turns on their air conditioner at the same time, electricity demand spikes, which can force power grid operators to activate some of the most expensive, and dirtiest, power plants. Sometimes those spikes can ask too much of the grid and lead to brownouts or blackouts.On supporting science journalismIf you're enjoying this article, consider supporting our award-winning journalism by subscribing. By purchasing a subscription you are helping to ensure the future of impactful stories about the discoveries and ideas shaping our world today.Research I recently published with a team of scholars makes me feel a little better, though. We have found that it is possible to coordinate the operation of large numbers of home air-conditioning units, balancing supply and demand on the power grid – and without making people endure high temperatures inside their homes.Studies along these lines, using remote control of air conditioners to support the grid, have for many years explored theoretical possibilities like this. However, few approaches have been demonstrated in practice and never for such a high-value application and at this scale. The system we developed not only demonstrated the ability to balance the grid on timescales of seconds, but also proved it was possible to do so without affecting residents’ comfort.The benefits include increasing the reliability of the power grid, which makes it easier for the grid to accept more renewable energy. Our goal is to turn air conditioners from a challenge for the power grid into an asset, supporting a shift away from fossil fuels toward cleaner energy.Adjustable equipmentMy research focuses on batteries, solar panels and electric equipment – such as electric vehicles, water heaters, air conditioners and heat pumps – that can adjust itself to consume different amounts of energy at different times.Originally, the U.S. electric grid was built to transport electricity from large power plants to customers’ homes and businesses. And originally, power plants were large, centralized operations that burned coal or natural gas, or harvested energy from nuclear reactions. These plants were typically always available and could adjust how much power they generated in response to customer demand, so the grid would be balanced between power coming in from producers and being used by consumers.But the grid has changed. There are more renewable energy sources, from which power isn’t always available – like solar panels at night or wind turbines on calm days. And there are the devices and equipment I study. These newer options, called “distributed energy resources,” generate or store energy near where consumers need it – or adjust how much energy they’re using in real time.One aspect of the grid hasn’t changed, though: There’s not much storage built into the system. So every time you turn on a light, for a moment there’s not enough electricity to supply everything that wants it right then: The grid needs a power producer to generate a little more power. And when you turn off a light, there’s a little too much: A power producer needs to ramp down.The way power plants know what real-time power adjustments are needed is by closely monitoring the grid frequency. The goal is to provide electricity at a constant frequency – 60 hertz – at all times. If more power is needed than is being produced, the frequency drops and a power plant boosts output. If there’s too much power being produced, the frequency rises and a power plant slows production a little. These actions, a process called “frequency regulation,” happen in a matter of seconds to keep the grid balanced.This output flexibility, primarily from power plants, is key to keeping the lights on for everyone.Finding new optionsI’m interested in how distributed energy resources can improve flexibility in the grid. They can release more energy, or consume less, to respond to the changing supply or demand, and help balance the grid, ensuring the frequency remains near 60 hertz.Some people fear that doing so might be invasive, giving someone outside your home the ability to control your battery or air conditioner. Therefore, we wanted to see if we could help balance the grid with frequency regulation using home air-conditioning units rather than power plants – without affecting how residents use their appliances or how comfortable they are in their homes.From 2019 to 2023, my group at the University of Michigan tried this approach, in collaboration with researchers at Pecan Street Inc., Los Alamos National Laboratory and the University of California, Berkeley, with funding from the U.S. Department of Energy Advanced Research Projects Agency-Energy.We recruited 100 homeowners in Austin, Texas, to do a real-world test of our system. All the homes had whole-house forced-air cooling systems, which we connected to custom control boards and sensors the owners allowed us to install in their homes. This equipment let us send instructions to the air-conditioning units based on the frequency of the grid.Before I explain how the system worked, I first need to explain how thermostats work. When people set thermostats, they pick a temperature, and the thermostat switches the air-conditioning compressor on and off to maintain the air temperature within a small range around that set point. If the temperature is set at 68 degrees, the thermostat turns the AC on when the temperature is, say, 70, and turns it off when it’s cooled down to, say, 66.Every few seconds, our system slightly changed the timing of air-conditioning compressor switching for some of the 100 air conditioners, causing the units’ aggregate power consumption to change. In this way, our small group of home air conditioners reacted to grid changes the way a power plant would – using more or less energy to balance the grid and keep the frequency near 60 hertz.Moreover, our system was designed to keep home temperatures within the same small temperature range around the set point.Testing the approachWe ran our system in four tests, each lasting one hour. We found two encouraging results.First, the air conditioners were able to provide frequency regulation at least as accurately as a traditional power plant. Therefore, we showed that air conditioners could play a significant role in increasing grid flexibility. But perhaps more importantly – at least in terms of encouraging people to participate in these types of systems – we found that we were able to do so without affecting people’s comfort in their homes.We found that home temperatures did not deviate more than 1.6 Fahrenheit from their set point. Homeowners were allowed to override the controls if they got uncomfortable, but most didn’t. For most tests, we received zero override requests. In the worst case, we received override requests from two of the 100 homes in our test.In practice, this sort of technology could be added to commercially available internet-connected thermostats. In exchange for credits on their energy bills, users could choose to join a service run by the thermostat company, their utility provider or some other third party.Then people could turn on the air conditioning in the summer heat without that pang of guilt, knowing they were helping to make the grid more reliable and more capable of accommodating renewable energy sources – without sacrificing their own comfort in the process.This article was originally published on The Conversation. Read the original article.

The government has axed a scheme for upgrading energy efficiency in public sector buildings. The Public Sector Decarbonisation Scheme (PSDS) delivered more than £2.5bn in its first three phases for measures such as heat pumps, solar panels, insulation and double glazing, with further funding of nearly £1bn recently announced. But the Department for Energy Security and Net Zero (DESNZ) has told Building Design that the scheme has been dropped after the spending review, leaving uncertainty about how upgrades will be funded when the current phase expires in 2028. Source: UK Government/FlickrEd Miliband’s Department for Energy Security and Net Zero is responsible for the scheme The department said it would set out plans for the period after 2028 in due course. In a post on LinkedIn, Dave Welkin, director of sustainability at Gleeds, said he had waited for the release of the spending review with a “sense of trepidation” and was unable to find mention of public sector decarbonisation when Treasury documents were released. “I hoped because it was already committed in the Budget that its omission wasn’t ominous,” he wrote. Yesterday, he was told by Salix Finance, the non-departmental public body that delivers funding for the scheme, that it was no longer being funded. It comes after the withdrawal of funding for the Low Carbon Skills Fund (LCSF) in May. According to the government’s website, PSDS and LCSF were intended to support the reduction of emissions from public sector buildings by 75% by 2037, compared to a 2017 baseline. “Neither LCSF or PSDS were perfect by any means, but they did provide a vital source of funding for local authorities, hospitals, schools and many other public sector organisations to save energy, carbon and money,” Welkin said. “PSDS has helped replace failed heating systems in schools, keeping students warm. It’s replaced roofs on hospitals, helping patients recover from illness. It’s replaced windows in our prisons, improving security and stopping drugs getting behind bars.” However, responding to Welkin’s post, Steve Connolly, chief executive at Arriba Technologies, a low carbon heating and cooling firm, said that the scheme was being “mismanaged” with a small number of professional services firms “scooping up disproportionately large grants for their clients”. The fourth phase of the scheme was confirmed last September, with allocations confirmed only last month. This latest phase, which covers the financial years between 2025/26 and 2027/28, saw the distribution of £940m across the country. A DESNZ spokesperson said: “Our settlement is about investing in Britain’s renewal to create energy security, sprint to clean power by 2030, encourage investment, create jobs and bring down bills for good. “We will deliver £1bn in current allocations of the Public Sector Decarbonisation Scheme until 2028 and, through Great British Energy, have invested in new rooftop solar power and renewable schemes to lower energy bills for schools and hospitals across the UK. “We want to build on this progress by incentivising the public sector to decarbonise, so they can reap the benefits in lower bills and emissions, sharing best practice across government and exploring the use of repayable finance, where appropriate.” A government assessment of phase 3a and 3b projects identified a number of issues with the scheme, including delays and cost inflation, with more than a tenth being abandoned subsequent to grants being offered. Stakeholders interviewed for the report also identified “difficulties in obtaining skilled contractors and equipment”, especially air source heat pumps. The first come first served approach to awarding funding was also said to be “encouraging applicants to opt for more straightforward projects” and “potentially undermining the achievement of PSDS objective by restricting the opportunity for larger [and] more complex measures which may have delivered greater carbon reduction benefits”. But the consensus among stakeholders and industry representatives interviewed for the report was that the scheme was “currently key to sustaining the existing UK heat pump market” and that it was “seen as vital in enabling many public sector organisations to invest in heat decarbonisation”.

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Macworld Ads are everywhere. From gas pump screens to streaming services and social media, the average American is exposed to anywhere between 4,000 and 10,000 ads per day. Enough is enough. While some ads are just plain annoying (looking at you, Liberty Mutual), others can be straight-up harmful. Protect your kids from inappropriate content and protect your Mac from phishing with Adguard’s Family Plan, now just $15.97 with code FAMPLAN. With AdGuard’s family plan, you can get privacy protection, ad blocking, and malware protection for up to 9 devices, including desktop and mobile. It’s compatible with both Android and iOS devices as long as they’re running on relatively updated operating systems. AdGuard Family Plan: Lifetime SubscriptionSee Deal From banner ads to pop-ups and video ads, AdgGuard blocks them all seamlessly, allowing you to use your computer the way it was intended. Maximize productivity and protect from harmful viruses or phishing attempts. The robust parental controls also allow users to block inappropriate or adult content to keep the web safe for your kids. For less than the monthly price of a streaming service, you can have peace of mind knowing your children will be shielded from inappropriate materials and you can work, stream, and game uninterrupted. Get AdGuard’s Family Plan for $15.97 (reg. $39.99) with code FAMPLAN. StackSocial prices subject to change.

Investment scams aren't anything new: Bad actors have long used pump-and-dump tactics to hype stocks or cryptocurrencies, preying on emotions like fear and greed. And who wouldn't want big—or even steady—returns on their money, especially amidst tariffs and other economic turmoil? Scammers are currently capitalizing on this with fraudulent Facebook ads to lure users into handing over large sums of money. Here's how to spot these schemes and avoid falling victim. Investment scams on Meta platformsAccording to a group of 42 state attorneys general, the current fraudulent investment campaigns also happen to have elements of impersonation scams. The scheme begins with ads on Facebook that feature prominent investors, including ARK Investment Management's Cathie Wood, CNBC's Joe Kernan, and Fundstrat's Tom Lee, along with other wealthy individuals like Warren Buffet and Elon Musk (none of whom have any actual affiliation with the ad). If you click the ad, you'll be prompted to download or open WhatsApp to join an investment group. This is where the pump-and-dump kicks off. "Experts" in the group advise members to purchase specific stocks, inflating the price, which they in turn sell and profit from. The AG letter to Meta detailing the scam includes reports of individuals losing anywhere from $40,000 to $100,000 or more after clicking on a fraudulent ad on Facebook. Other investment scams originating on Facebook involve cyber criminals harvesting sensitive personal information via fraudulent investing platforms (also by spoofing celebrity endorsements). Investment scam red flags to watch forFor many people, it seems obvious that you shouldn't get your investment advice from a Facebook ad or WhatsApp group. But fear and greed are powerful emotions, and scammers are counting on these social engineering tactics working at least some of the time. That's why you should be wary of any advice that promises an unrealistic rate of return in a short period of time with no risk of loss as well as endorsements from celebrities, political figures, and well-known investors (who are almost certainly not endorsing anything). It's also just good practice not to click ads on Facebook, which are easy vectors for spreading scams and malware. Another sign of a scam is content or communication that appears to be generated by AI. After joining a WhatsApp group, an investigator from the New York Office of the Attorney General was called by a scammer who used AI to translate her speech into English. Unfortunately, emotions can cloud our ability to identify AI-generated content if we want to believe what we're seeing.