
Universe Proves Ordinary After All: High-Profile DESI Study Claiming Giant Aligned Cosmic Structures Collapses Following Data Correction
A widely publicized study published in Nature that used Dark Energy Spectroscopic Instrument (DESI) observations to suggest the existence of unusually long, preferentially aligned filaments in the cosmic web has been overturned by independent analysis. The original paper analyzed data on 47 million galaxies and quasars spanning more than 11 billion years and argued that these structures could stretch across billions of light-years and show non-random orientations, potentially violating the cosmological principle. Critics identified two critical errors: the use of luminosity distance instead of the standard comoving distance and the failure to account for the evolving distances caused by the universe’s expansion. Once these corrections were applied, the apparent giant aligned structures vanished, restoring consistency with the standard cosmological model in which the universe appears statistically uniform on the largest scales. The episode has reignited debate over the rigor of peer review at top journals, the risks of embargoed pre-publication announcements, and the importance of releasing results on preprint servers such as arXiv for community scrutiny before formal publication.
Translated from Russian
Read full articleLatest News

Europe Unveils RLV C5 Reusable Rocket Concept as a Potential Competitor to SpaceX Starship
Following the successful recovery of Super Heavy booster using tower catch arms, SpaceX's Starship continues to push the boundaries of fully reusable super-heavy launch systems. A detailed independent analysis by the German Aerospace Center (DLR) reconstructed flight data from early Starship tests and estimated current payload capacity at around 59 tons to low Earth orbit in fully reusable configuration. The study also modeled future Starship variants with Raptor 3 engines, projecting up to 115 tons reusable and 188 tons expendable. In response, DLR presented its own European super-heavy concept called RLV C5, which features a reusable winged booster based on SpaceLiner technology and an expendable upper stage. The design uses liquid hydrogen/oxygen propulsion and an innovative mid-air capture system by a large subsonic aircraft, aiming for higher payload-to-mass efficiency than Starship. While Starship already undergoes real flight testing, RLV C5 remains a paper study requiring significant further development and funding.
Translated from Russian

IRIS C2 Zero-Day Marketplace: How Two Convicted Fraudsters Jack Berkman and Jacob Wohl Launched a Government-Facing Exploit Trading Operation
IRIS C2, a Virginia-based company promising up to $7 million for zero-day vulnerabilities and offensive hacking tools, is operated by Calvexa Group LLC and run by two previously convicted political provocateurs with histories of fraud and operating under false identities. Journalist Brian Krebs uncovered that the firm, which emerged on social media in January 2025, markets itself as a supplier of offensive cyber capabilities while actively recruiting young talent without requiring formal degrees or experience. The company claims to purchase zero-days, exploit chains, and ready-made attack tools for major platforms, then refine them into stable, weaponized products for sale primarily to government agencies, including phone-hacking solutions. Founders Jack Berkman and Jacob Wohl previously ran fake intelligence firms, spread false accusations against politicians, and were convicted in 2022 for wire fraud in Ohio, later receiving a $5.1 million FCC fine for illegal robocall campaigns. They also received $300,000 from a cryptocurrency theft suspect to lobby for a presidential pardon, continuing a pattern of deceptive business practices exposed by outlets including KrebsOnSecurity and Politico.
Translated from Russian

CAR-T Therapy Expands Beyond Leukemia: GPNMB Protein Emerges as Promising Target for Glioblastoma and Rare Soft Tissue Sarcoma
CAR-T therapy, which has transformed treatment for certain blood cancers like leukemia by engineering patient T-cells to recognize specific surface proteins, has long struggled against solid tumors due to cellular heterogeneity and immunosuppressive microenvironments. Two independent research teams have now identified the surface protein GPNMB as a dual-purpose target that appears on both tumor cells and tumor-supporting immune cells. In glioblastoma models, GPNMB-directed CAR-T cells eradicated patient-derived tumor cells, slowed disease progression in mice, and attacked the protective immune niche. Parallel work on alveolar soft part sarcoma showed similar efficacy in mice, prevented metastasis, passed human-skin safety tests, and achieved disease stabilization in the first treated patient after a single infusion. The studies highlight how targeting proteins shared between cancer cells and their immunosuppressive surroundings could overcome key barriers that have limited CAR-T success in solid tumors, although larger clinical trials are still needed.
Translated from Russian

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches
The second phase of the nationwide "Hundred Cities On-the-Job Plan" for FDE Frontier Deployment Engineers has been announced, expanding opportunities across China. The initiative targets experienced engineers specializing in advanced deployment technologies and aims to place professionals in key urban centers. Building on the success of the first phase, this new round seeks to strengthen technical capabilities in critical infrastructure and cybersecurity domains. Participants will receive structured onboarding, training, and direct placement support in multiple cities. The program underscores growing demand for specialized deployment expertise amid rapid digital transformation.
Translated from Chinese

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security
In June 2026, the ransomware group WorldLeaks infiltrated Tata Electronics, Apple's key manufacturing partner in India, and exfiltrated 630GB of highly sensitive data comprising over 200,000 files that were subsequently posted on the dark web. The stolen materials include unreleased iPhone 18 Pro motherboard schematics, A20 Pro chip technical manuals, complete supplier lists, Tesla component designs, and employee passport copies, exposing the vulnerabilities in Apple's two-decade supply chain secrecy system built at a cost of billions of dollars. WorldLeaks, formerly known as Hunters International, employed a 'steal-only' tactic without encryption, capitalizing on the growing trend of data extortion that has proven more profitable than traditional ransomware. The breach raises serious concerns about Apple's ambitious India manufacturing expansion, which aims to increase local component sourcing from 10% to 50% within three years, and highlights broader risks to global supply chains involving companies such as Tesla, TSMC, and Qualcomm. Apple responded swiftly by deploying DMCA takedowns across platforms like X within 24 hours, yet the irreversible nature of dark web leaks underscores the need for enhanced supplier security audits, data segmentation, and proactive data loss prevention measures.
Translated from Chinese

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools
In July 2026, Check Point Research exposed Cavern Manticore, an Iranian MOIS-linked APT group, actively targeting Israeli IT providers and government entities with a sophisticated modular C2 framework called Cavern (also known as Cav3rn). Unlike previous Iranian groups that rely on public tools, this actor built an entirely custom .NET-based framework deliberately compiled into three incompatible binary formats—pure IL, mixed-mode C++/CLI, and .NET 8 Native AOT—to force analysts to maintain multiple reverse-engineering toolchains and dramatically increase operational costs. The framework achieves near-zero detection rates on VirusTotal by avoiding traditional obfuscation and instead weaponizing compilation formats themselves, with modules running in isolated AppDomains that leave no persistent artifacts. Attackers gain initial access through compromised RMM solutions such as SysAid, abusing legitimate update mechanisms to sideload the Cavern Agent disguised as uxtheme.dll via a WinDirStat DLL side-loading chain. Communication uses XOR encryption with Base64 encoding, fixed Edge User-Agent strings, custom headers, and a unique protocol syntax, while supporting hot updates and aggressive cleanup. The campaign coincides with parallel operations by MuddyWater against regional targets, highlighting Iran’s coordinated escalation in cyberspace and the growing threat of supply-chain trust abuse against MSPs and RMM platforms worldwide.
Translated from Chinese

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk
In April 2026, medical device giant Medtronic suffered a cyber intrusion that lasted six days, allowing unauthorized access to backend IT systems containing sensitive patient information. The breach, discovered on April 19 after beginning on April 13, exposed names, contact details, birth dates, Social Security numbers, and health treatment data linked to devices such as pacemakers, insulin pumps, and neurostimulators. Although the medical devices themselves remain unaffected and show no signs of remote tampering, the leaked data poses severe risks of identity theft, financial fraud, and targeted scams that could persist for years. Medtronic has initiated emergency response measures, engaged external experts, and notified law enforcement and regulators, while offering 24 months of free identity monitoring to affected users. The incident highlights how even large enterprises struggle with securing ordinary office IT systems that store critical patient records, underscoring the need for individuals to monitor accounts and adopt stronger security habits.
Translated from Chinese

Top 10 Security Risks Facing Autonomous AI Agents: From Prompt Injection to Compliance Failures
As AI evolves from conversational large language models to autonomous agents capable of planning trips, writing reports, browsing the web, and executing purchases, a new wave of unprecedented security challenges emerges. These agents can invoke tools, access databases, run code, and autonomously chain tasks, making any vulnerability far more consequential than traditional AI systems. The article systematically outlines ten core risks, including prompt injection, excessive permissions, unsafe tool calls, data leaks, hallucinations leading to irreversible errors, supply chain attacks, multi-agent trust abuse, persistence and self-replication, session hijacking with memory poisoning, and regulatory compliance gaps. It emphasizes that agent security is no longer optional but requires immediate threat modeling, red teaming, permission audits, and adherence to frameworks like OWASP LLM Top 10 and NIST AI RMF. Developers, enterprises, and users must act swiftly to mitigate these expanding attack surfaces before autonomous capabilities outpace defensive measures.
Translated from Chinese

NSA Revives Elite TAO Hacking Unit Behind Stuxnet and WannaCry to Accelerate Cyber Operations Against China and Adversaries
The U.S. National Security Agency has restored the original name Tailored Access Operations (TAO) to its premier cyber intrusion division as part of a major internal restructuring aimed at speeding up offensive operations against hostile nations, including China. The unit, which operated under the name Office of Computer Network Operations (CNO) following the 2016 NSA21 reforms, will once again function as a distinct entity with its own dedicated building at Fort Meade. The change reverses aspects of the earlier reorganization that had merged offensive operations and intelligence collection into larger directorates, a move former employees say hindered collaboration between developers and operators. Deputy NSA Director Tim Kosiba, a former TAO member, oversaw the revival, which was presented to Defense Secretary Pete Hegseth during his visit to the agency’s headquarters. TAO has long been linked to some of the most sophisticated U.S. cyber tools, including those used in the Stuxnet operation against Iran’s nuclear program and the EternalBlue exploit later deployed in the global WannaCry ransomware attack. The unit develops custom malware, persistence mechanisms, and covert access tools for intelligence collection against foreign targets. Former personnel believe the restored structure will improve attack preparation and innovation, particularly in the era of artificial intelligence.
Translated from Russian
From Russian sources
Translated from Russian

No Hacker Genius Needed: One Login and 49 Minutes Suffice in Injective Supply Chain Attack
A routine update to the @injectivelabs/sdk-ts library for Injective blockchain wallets turned into a supply-chain trap within 49 minutes, stealing users' recovery phrases and private keys. The malicious version 1.20.21 was published on npm on July 8, 2026, after attackers compromised a long-trusted maintainer account and pushed code directly to the main branch. The backdoor, disguised as anonymous performance statistics collection, activated only when applications called PrivateKey.fromMnemonic() or PrivateKey.fromHex(), exfiltrating sensitive data via the X-Request-Id header to an attacker-controlled server mimicking Injective infrastructure. Eighteen Injective Labs packages were affected, with 87 downstream dependencies also pulling in the compromised library, which sees roughly 175,000 monthly downloads. Although developers rolled back the changes and released clean version 1.20.23 within 49 minutes, at least 310 malicious downloads were recorded, and cached copies may persist in build environments. Security researchers from Datadog, Socket, StepSecurity, and OX Security have advised immediate migration to the patched release and full key rotation for any wallets that interacted with the tainted code.

Bacteria Convert Toxic Dissolved Uranium into Rare Stable Compound FeU(V)Oâ‚„, Paving Way for Microbial Nuclear Waste Remediation
Scientists have discovered that naturally occurring bacteria from a flooded uranium mine in the Ore Mountains can transform dissolved uranium into a rare, stable pentavalent compound called FeU(V)Oâ‚„ using only glycerol as an additional carbon and energy source. In laboratory experiments mimicking the oxygen-free conditions found 2 km underground, the microbial community reduced dissolved uranium levels to just 5% of the original concentration within 130 days. Advanced synchrotron analysis at ESRF in France revealed that the bacteria not only accumulate uranium on cell walls but actively produce the previously little-known FeU(V)Oâ‚„ mineral, first identified in 2020 in uranium-contaminated Croatian soil. Remarkably, the compound remained stable and even continued to form when the bacterial biomass was dried and exposed to oxygen. This biological process could offer a cost-effective, nature-based approach to cleaning uranium-polluted water and soil, although further research is needed to scale it beyond laboratory conditions and identify the specific microbial species involved.

Doubling GPT-3 Inference Speed and Eliminating Silicon Furnaces: Vertical Memory Architectures V-Die and MOSAIC Revolutionize HBM Cooling and Bandwidth for AI Accelerators
Researchers from South Korea and Japan have unveiled two groundbreaking vertical memory stacking technologies, V-Die and MOSAIC, at the June 2026 IEEE VLSI Symposium that promise to dramatically increase HBM capacity and performance while solving critical heat dissipation problems in AI accelerators. Instead of stacking DRAM dies horizontally with TSV interconnects, both approaches rotate the memory packages sideways so individual dies stand vertically like radiator fins, enabling better cooling and more interconnects. The Korean V-Die design eliminates TSVs entirely, provides four times more connections than HBM4, reduces read latency by 37 percent, and uses microfluidic channels to keep temperatures around 45 °C, delivering 540 tokens per second on GPT-3-scale workloads versus 296 tokens with conventional HBM4 in simulations. The Japanese MOSAIC project replaces physical contacts with miniature inductive coils that enable wireless data transfer at up to 4 Gbit/s per channel, allowing up to 98 dies and 294 GB of memory (theoretically 882 GB) to be placed directly above a GPU with only a one-degree temperature rise. Both technologies remain in the research or early prototype stage and still face manufacturing and cost challenges, yet they demonstrate a viable path around the thermal wall that currently limits further scaling of high-bandwidth memory for next-generation AI hardware.

Interpol’s Operation First Light 2026: 5,811 Arrests, $293 Million Seized in Global Crackdown on Social Engineering Fraud
Law enforcement agencies from 97 countries and territories conducted Interpol’s Operation First Light 2026 between 15 January and 30 April 2026, resulting in 5,811 arrests and the seizure of $293 million in illicit assets. The operation targeted social engineering scams—including business email compromise, fake investment schemes, romance fraud, and blackmail—and the associated money laundering networks that have turned personal trust into a multi-million-dollar criminal enterprise. Over 152,000 cases were examined, more than 31,000 bank accounts were frozen, and nearly 24,000 crimes were solved, leading to the identification of 15,600 suspects and 142,000 victims worldwide. One of the most striking discoveries was a fully equipped fake Brazilian police station built in Eswatini, where 82 people were arrested and 240 electronic devices seized. In Thailand, investigators traced over $122.5 million in romance-scam proceeds through a single 20-year-old suspect’s cryptocurrency wallets, while coordinated efforts in Singapore, Oman, and Macau prevented multimillion-dollar losses in real time.

Rosreestr to Integrate AI with Satellite Imagery for Faster and More Efficient Map Updates Across Russia
Rosreestr plans to deploy artificial intelligence to accelerate the updating of cartographic materials by analyzing data from space-based remote sensing. The agency has already begun transitioning to satellite imagery for mapping the entire territory of Russia and now intends to add AI capabilities to detect changes automatically and reduce manual work. Following a signed roadmap with Roscosmos, a pilot project is being launched to monitor terrain changes using orbital images. Deputy Head Maxim Smirnov highlighted that the technology will increase update speed, boost labor productivity, and improve the efficiency of budget spending. IT companies are invited to propose solutions that combine space data with vector and registry information at various scales, after which Rosreestr will select the most suitable monitoring technology. The initiative aims to replace slow, labor-intensive manual map updates with automated satellite analysis, which is especially practical for a country of Russia’s vast size.

GC Solar and SEG-T Launch Development of AI-Powered Security Email Gateway SEG-T to Counter Advanced Phishing Campaigns
GC Solar and co-founder of Secure-T Khariton Nikishkin have initiated the development of SEG-T, a new Security Email Gateway solution designed to protect corporate email systems using multi-agent AI. The project responds to the growing sophistication of phishing attacks that leverage ready-made toolkits, infrastructure, anti-bot mechanisms, and AI-generated content to create convincing messages at scale. Unlike traditional filters, SEG-T will analyze both technical indicators and semantic elements such as tone, manipulation tactics, attempts to build trust, instill fear, or create urgency. The system will block suspicious attachments including links, archives, PDFs, executables, and SVGs while focusing primarily on social engineering rather than relying on a built-in sandbox. SEG-T is planned for deployment across cloud, on-premises, and Kubernetes environments with rapid 15-minute setup times and will integrate with Solar webProxy and Solar Dozor for enhanced traffic inspection and data loss prevention. GC Solar holds a 49% stake in the project following its earlier acquisition of a controlling interest in Secure-T.
From Chinese sources
Translated from Chinese

Phase II of National 100-City FDE Frontier Deployment Engineer Onboarding Program Officially Launches
The second phase of the nationwide "Hundred Cities On-the-Job Plan" for FDE Frontier Deployment Engineers has been announced, expanding opportunities across China. The initiative targets experienced engineers specializing in advanced deployment technologies and aims to place professionals in key urban centers. Building on the success of the first phase, this new round seeks to strengthen technical capabilities in critical infrastructure and cybersecurity domains. Participants will receive structured onboarding, training, and direct placement support in multiple cities. The program underscores growing demand for specialized deployment expertise amid rapid digital transformation.

630GB of Apple Secrets Leaked on Dark Web: WorldLeaks Breach Shatters Tata Electronics Supply Chain Security
In June 2026, the ransomware group WorldLeaks infiltrated Tata Electronics, Apple's key manufacturing partner in India, and exfiltrated 630GB of highly sensitive data comprising over 200,000 files that were subsequently posted on the dark web. The stolen materials include unreleased iPhone 18 Pro motherboard schematics, A20 Pro chip technical manuals, complete supplier lists, Tesla component designs, and employee passport copies, exposing the vulnerabilities in Apple's two-decade supply chain secrecy system built at a cost of billions of dollars. WorldLeaks, formerly known as Hunters International, employed a 'steal-only' tactic without encryption, capitalizing on the growing trend of data extortion that has proven more profitable than traditional ransomware. The breach raises serious concerns about Apple's ambitious India manufacturing expansion, which aims to increase local component sourcing from 10% to 50% within three years, and highlights broader risks to global supply chains involving companies such as Tesla, TSMC, and Qualcomm. Apple responded swiftly by deploying DMCA takedowns across platforms like X within 24 hours, yet the irreversible nature of dark web leaks underscores the need for enhanced supplier security audits, data segmentation, and proactive data loss prevention measures.

Iranian State-Sponsored Hackers Unveil Cavern C2 Framework: Multi-Format .NET Compilation Bypasses All Security Detection Tools
In July 2026, Check Point Research exposed Cavern Manticore, an Iranian MOIS-linked APT group, actively targeting Israeli IT providers and government entities with a sophisticated modular C2 framework called Cavern (also known as Cav3rn). Unlike previous Iranian groups that rely on public tools, this actor built an entirely custom .NET-based framework deliberately compiled into three incompatible binary formats—pure IL, mixed-mode C++/CLI, and .NET 8 Native AOT—to force analysts to maintain multiple reverse-engineering toolchains and dramatically increase operational costs. The framework achieves near-zero detection rates on VirusTotal by avoiding traditional obfuscation and instead weaponizing compilation formats themselves, with modules running in isolated AppDomains that leave no persistent artifacts. Attackers gain initial access through compromised RMM solutions such as SysAid, abusing legitimate update mechanisms to sideload the Cavern Agent disguised as uxtheme.dll via a WinDirStat DLL side-loading chain. Communication uses XOR encryption with Base64 encoding, fixed Edge User-Agent strings, custom headers, and a unique protocol syntax, while supporting hot updates and aggressive cleanup. The campaign coincides with parallel operations by MuddyWater against regional targets, highlighting Iran’s coordinated escalation in cyberspace and the growing threat of supply-chain trust abuse against MSPs and RMM platforms worldwide.

Medtronic Cyberattack Exposes Patient Data: Six-Day Breach Puts Social Security Numbers and Health Records at Risk
In April 2026, medical device giant Medtronic suffered a cyber intrusion that lasted six days, allowing unauthorized access to backend IT systems containing sensitive patient information. The breach, discovered on April 19 after beginning on April 13, exposed names, contact details, birth dates, Social Security numbers, and health treatment data linked to devices such as pacemakers, insulin pumps, and neurostimulators. Although the medical devices themselves remain unaffected and show no signs of remote tampering, the leaked data poses severe risks of identity theft, financial fraud, and targeted scams that could persist for years. Medtronic has initiated emergency response measures, engaged external experts, and notified law enforcement and regulators, while offering 24 months of free identity monitoring to affected users. The incident highlights how even large enterprises struggle with securing ordinary office IT systems that store critical patient records, underscoring the need for individuals to monitor accounts and adopt stronger security habits.

Top 10 Security Risks Facing Autonomous AI Agents: From Prompt Injection to Compliance Failures
As AI evolves from conversational large language models to autonomous agents capable of planning trips, writing reports, browsing the web, and executing purchases, a new wave of unprecedented security challenges emerges. These agents can invoke tools, access databases, run code, and autonomously chain tasks, making any vulnerability far more consequential than traditional AI systems. The article systematically outlines ten core risks, including prompt injection, excessive permissions, unsafe tool calls, data leaks, hallucinations leading to irreversible errors, supply chain attacks, multi-agent trust abuse, persistence and self-replication, session hijacking with memory poisoning, and regulatory compliance gaps. It emphasizes that agent security is no longer optional but requires immediate threat modeling, red teaming, permission audits, and adherence to frameworks like OWASP LLM Top 10 and NIST AI RMF. Developers, enterprises, and users must act swiftly to mitigate these expanding attack surfaces before autonomous capabilities outpace defensive measures.