In this episode of the fxpodcast, we go behind the scenes with The-Artery, the New York-based creative studio that brought this ambitious vision to life. We speak with Founder and CCO Vico Sharabani, along with Elad Offer, the project’s Creative Director, about what it took to craft this unprecedented experience. From conceptual direction to VFX and design, The-Artery was responsible for the full production pipeline of the AVP edition. Bono’s memoir Surrender: 40 Songs, One Story has taken on new life—this time as a groundbreaking immersive cinematic experience tailored specifically for the Apple Vision Pro. Titled Bono: Stories of Surrender (Immersive), the project transforms his personal journey of love, loss, and legacy into a first-of-its-kind Apple Immersive Video. The-Artery, (R) Founder Vico Sharabani during post-production. This is far more than a stereo conversion of a traditional film. Designed natively for the Apple Vision Pro, Bono: Stories of Surrender (Immersive) places viewers directly on stage with Bono, surrounding them in a deeply intimate audiovisual journey. Shot and mastered at a staggering 14K by 7K resolution, in 180-degree stereoscopic video at 90 frames per second, the format pushes the limits of current storytelling, running at data rates nearly 50 times higher than conventional content. The immersive trailer itself diverges significantly from its traditional counterpart, using novel cinematic language, spatial cues, and temporal transitions unique to Apple’s new medium. This marks the first feature-length film available in Apple Immersive Video, and a powerful statement on Bono’s and U2’s continued embrace of innovation. Watch the video or listen to the audio podcast as we unpack the creative and technical challenges of building a film for a platform that didn’t exist just a year ago, and what it means for the future of immersive storytelling.

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

$45For some people, note-taking is serious, serious business. That’s why your dad’s great ideas, errant thoughts, to-do lists, and appointments deserve a worthy notebook. Traveler’s leather-bound travel journals are great for jotting down all of the above, especially since they come in a slew of sizes.$45 at Traveler’s Company (various sizes)$69Whether your dad is a fan of the Indiana Jones flicks or he digs MachineGames’ excellent Wolfenstein titles, there’s plenty to like in The Great Circle. The first-person exploration game lets you crack the whip, punch Nazis, and traverse the globe to retrieve precious relics. It’s good fun.Anker Laptop Power Bank$110$13519% off$110There are plenty of portable batteries out there, but few are as versatile and powerful as Anker’s 25,000mAh Laptop Power Bank. The handy pack features two built-in, retractable USB-C cables — one of which serves as a lanyard — allowing you to quickly charge most devices on the go.Backbone Pro$170$170The best mobile controller is the Backbone Pro. It retains the same overall design and feel as the company’s cheaper model, only with some comfort-boosting improvements. It also features a built-in battery and Bluetooth support, so your dad can use it for gaming on his TV, computer, VR headset, or handheld PC.$170 at Best Buy$170 at BackboneAncel AD410 OBD2 Scanner Professional Diagnostic Scanner$40$5020% off$40The more ways you know how to diagnose a possible issue with your car, the less time you’ll spend at the mechanic (sorry, mechanics). Ancel’s diagnostic scanner plugs into the OBD2 port found in most US cars dating back to ’96, letting you see exactly why certain lights on your dash keep popping up.$40 at Amazon (with Prime)$50 at AncelSony WH-1000XM6$448$4500% off$448The latest iteration of Sony’s best-in-class noise-canceling headphones has finally arrived. The newfangled XM6 make subtle improvements to every facet, from sound quality to comfort to ANC, while wisely bringing back the foldable design last seen on the last-gen XM4.Hoto SnapBloq System$216$30028% off$216Hoto’s modus operandi is to make svelte, handsome tools, with the SnapBloq being its sleekest yet. Buying all three sets — which, as the name implies, snap together to form a block — nets you a precision screwdriver, drill pen, and rotary tool, all of which are rechargeable. Dad may already own enough tools, but we bet they don’t look nearly as good as these do.$216 at Amazon$240 at HotoSatechi Vegan-Leather Magnetic Wallet Stand$28$4030% off$28Satechi’s MagSafe-ready wallet addresses two specific needs that may make it a must-have for some dads: it’s crafted from vegan leather, and it doubles as a kickstand. That means the durable wallet provides a hands-free way to watch videos or hop on a call, whether you place it in portrait or landscape mode. AirPods 4$119$1298% off$119Most of Apple’s high-end earbud tech can be found in the AirPods 4, which cost significantly less than the latest Pro model. They’re relatively small, offer great sound, and even support USB-C charging, making them a great pick if you can do without active noise cancellation.James$18$2836% off$18Percival Everett’s first work of fiction earned him the Pulitzer this year — and it’s no surprise. The bold 2024 tale serves as a reworking of Huck Finn as told by the enslaved man who travels with him down the Mississippi, and although it’s dead serious at times due to the subject matter, it’s also inventive, poetic, and surprisingly funny.Xiaomi Sound Pocket$27$3010% off$27Xiaomi doesn’t have as much of a presence in the US as it does globally, but thankfully, the classy Sound Pocket is readily available. The compact Bluetooth speaker supports hands-free calling with its built-in microphone, and its IP67 rating means it can even handle some water — so long as you don’t submerge it for too long.$27 at Amazon (with on-page coupon)$30 at Walmart (with on-page coupon)$35While writing Cat’s Cradle, Kurt Vonnegut needed to pay the bills, so he tried his hand at making board games. His creation, a tactical war-themed tabletop game called GHQ (General Headquarters), never saw the light of day — that is, until recently. Needless to say, the two-player game is a great title for Vonnegut fans and scholars alike.$35 at Barnes & Noble$35 at Kurt Vonnegut’s GHQ Museum and Library$550The Forerunner 570 has no business looking as good as it does for a running watch. Garmin’s new wearable features a bright OLED display, a slick translucent band, and several new features, including skin temperature sensors and a built-in speaker / mic. The only real question is what size to get for dear ol’ dad: 42mm or 47mm?$70Magic: The Gathering isn’t as difficult to get into as you might think, and the Final Fantasy-themed expansion might be the perfect place to start. The upcoming collection has sent the internet into a proverbial spiral, with many products selling out as a result of a very dedicated fan base. Lucky for dad, the entry-level starter kit is still readily available.Nitecore BB21 electric blower$65$707% off$65All of dad’s precious tech is prone to dust and other debris, which can impact usability if left unchecked. Fortunately, with Nitecore’s rechargeable air blower as a companion, he can easily rid his mechanical keyboards and other tough-to-reach crannies of unwanted grime, ensuring all of his gadgets are in tip-top shape.$31Bon Iver’s Justin Vernon has come a long way from the fabled Wisconsin cabin where he supposedly holed up to record his debut. Sable, Fable, his latest LP, is a welcome kaleidoscope of sounds and feelings, from familiar strummers and beat-heavy ballads to the kind of sultry, R&B-flecked tracks that would make Prince swoon.$450Telepathic Instruments’ retrofuturist keyboard is a vibes machine, one designed for people who want to easily produce cool sounds. It only houses a few piano keys, but it has dedicated major, minor, and other inputs that let you get creative without necessarily having to know how to play.$450 at Telepathic InstrumentsChef’n S’mores Roaster$50$7432% off$50You can effortlessly replicate the magic of making s’mores while camping with Chef’n’s small, safe machine. The contained flame on the tidy indoor / outdoor roaster is built to toast marshmallows, while its ceramic dome can melt chocolate onto graham crackers. All you’ll need to supply is a fuel can, plus all the s’mores ingredients you can muster.Panasonic 4K Blu-ray player (DP-UB420-K)$245$2502% off$245Like all of us, your dad deserves to watch movies at the best possible resolution, which is where a 4K Blu-ray player comes in. Panasonic makes some of the best models you can buy, and when paired with the right TV, 4K Blu-rays look and sound better than even the most high-res streaming apps. Plus, it’s still fun to collect discs.$125If your dad’s shaving gadget repertoire is outdated, try treating him to a fantastic — and customizable — beard trimmer. Panasonic’s washable, wide-tipped model comes with 19 adjustable settings and can cut hair, too, just in case dad wants to keep a short ’do or touch up his sideburns.$125 at Amazon$125 at PanasonicOntel Battery Daddy storage system$15$2025% off$15Most modern gadgets are rechargeable via USB-C, but many households still rely on traditional batteries for all sorts of things. Your dad is sure to be impressed with your moxie when you gift him this deluxe battery organizer, which has dedicated compartments for coin cell batteries, large D-cell batteries, and all of the smaller sizes in between.Baseus Free2Pull Retractable USB-C Cable 100W$10$2255% off$10Most people don’t want to wrangle cables… and who can blame them? Not us, which is why several folks at The Verge own Baseus’ handy, retractable USB-C option. The Free2Pull comes in two sizes, each of which conveniently pulls the excess cable into a small puck that’s far tidier and easier to manage than a loose cord.$200Most Lego creations occupy some desk or table space, which can be annoying if you’re trying to tidy up. However, every item from Lego’s Vincent van Gogh collection, which consists of several brick-ified paintings from the artist’s late-1800s heyday, can be assembled and then mounted to your wall.$220A massage gun is a gift that keeps on giving. When muscles and tendons are tight or sore, the Theragun Mini serves as a quick and easy remedy, allowing dad to get on with his day with less discomfort. The third-gen model is just a little smaller, making what was already an ultra-portable device even more compact.Birdfy Feeder 1$120$22045% off$120Looking at birds is cool, and we’re all better off spending more time doing it. And while birdwatching typically requires patience and a decent pair of binoculars, you could summon birds with Birdfy’s entry-level smart feeder, which features a 1080p camera and an app that lets you view birds up close as they munch on seeds.Xreal One smart glasses$499$499The Xreal One aren’t the most affordable augmented-reality glasses available, but they are some of the best for displaying movies and games on the go. You can connect them via USB-C to your smartphone, tablet, or handheld gaming PC, making the 84-gram spectacles the ultimate upgrade for both plane flights and your commute.$499 at Amazon$499 at XrealTime Timer MOD (Home Edition)$20$2520% off$20A basic timer may seem like a thoughtless gift, but there are many tasks we procrastinate on every day that could be more easily managed if we dedicated a little bit of time to them. A visual Pomodoro timer, such as the colorful MOD (Home Edition), is key to helping break tasks into manageable chunks or take them on all at once.Nintendo Switch 2$449$449The Switch 2 could make for a stellar gift for any dad — that is, if you can manage to preorder one ahead of the console’s arrival on June 5th. Nintendo’s latest hybrid console packs a larger 7.9-inch 1080p display, magnetic Joy-Con controllers, and a host of other minor but welcome improvements that build upon what was already a winning formula.