ContentBuffer
Welcome, Tech Leaders.
Security researchers discovered nearly a million cannabis club membership IDs left unprotected on public internet URLs. The breach included personal details like passport numbers, photo IDs, and private chat messages between clubs and members. A secret key for Stripe payments was also exposed in plain text. This affects anyone who's ever visited a cannabis club or used the PuffPal app. CCS shut down its entire system after being notified to fix security issues.
Over 100 organizations had their Oracle PeopleSoft servers breached by ShinyHunters, a notorious hacking group known for mass attacks on popular enterprise software. The breaches exposed student records from universities, including home addresses, phone numbers, emails, and dates of birth. This attack highlights the ongoing vulnerability of legacy systems used in education and other sectors. Most targeted schools had already been compromised in earlier campaigns, indicating repeated security lapses. Let's dive deeper…
In today's ContentBuffer update:
Xbox Set to Cut Jobs, Studios Amidst Rising Costs
Apple and Google Enable Manual Thread Credential Sharing on Smart Home Streamers
Tesla's energy storage revenue doubles, capturing 82% of installations
Amazon Secures $17.5B Loan Amidst AI Arms Race
5 new AI tools & 5 new AI jobs
More tech news
Latest Development
Cybersecurity
Image source: platform.theverge.com
Summary: CCS left 985,000 cannabis club member IDs exposed online for weeks. Now they're scrambling to fix it before real damage happens.
Key Points:
Over 985,000 photo IDs and personal info were exposed on public URLs without password protection
The breach included data from cannabis clubs worldwide, including 30,000 US members
A secret Stripe payment key was found in plain text within the PuffPal app
CCS took five days to respond after being notified about the security issues
Nefos co-founder Andreas Nilsen is working with Ireland's Data Protection Authority
Why it matters: If you're a cannabis club member or use the PuffPal app, your personal info and photos are now exposed. CCS shut down their system but it took days to respond after being notified. This affects anyone who uses digital services for cannabis clubs.
Cybersecurity
Image source: techcrunch.com
Summary: ShinyHunters hacked over 100 orgs using PeopleSoft software, exposing student data from universities. Why it matters: Legacy enterprise systems are still vulnerable to mass attacks.
Key Points:
Over 100 organizations had their Oracle PeopleSoft servers compromised by ShinyHunters in a widespread attack
Student records including home addresses, phone numbers, emails, and DOBs were exfiltrated from hacked servers
Most targeted universities had already been compromised in earlier campaigns, indicating repeated security issues
ShinyHunters' original goal was to hack an FBI PeopleSoft server to post a statement denying swatting involvement
Oracle did not respond to requests for comment on the breach and its impact
Why it matters: If you're using Oracle's PeopleSoft in your university or organization, this is a wake-up call. The attack exposed sensitive student data, highlighting critical security gaps in legacy systems. Universities need to reassess their security measures, especially for outdated software.
Gaming-industry
Image source: platform.theverge.com
Summary: Xbox is set for major layoffs and potential studio closures next month due to rising component costs. The company needs a new strategy to remain competitive.
Key Points:
Over the past five years, Xbox has spent over $20 billion on content, platform, and hardware subsidies.
Annual revenue decline: nearly half a billion dollars since 2018.
Component costs for the 2027 holiday season expected to be over 5x higher than two years ago.
Memory costs have followed a similar trajectory, increasing significantly.
Xbox is committed to Helix and exploring new M&A opportunities.
Why it matters: If you're invested in Xbox's future or part of its workforce, the upcoming layoffs and potential studio closures are crucial. The company's shift towards a new business model signals significant changes for developers and gamers alike.
Internet-of-things
Image source: platform.theverge.com
Summary: Apple and Google update their smart home streamers to support Thread 1.4, enabling manual credential sharing but not all devices are ready yet. Worth watching: full ecosystem adoption for seamless integration.
Key Points:
Thread 1.4 introduces standardized credential sharing for border routers, a key feature in the Matter/Thread protocol (20 words)
Apple's tvOS 27 developer beta and Google TV Streamer now support manual Thread credential sharing through software updates (35 words)
Samsung SmartThings hubs have supported credential sharing since October 2023, while HomePod Software 27 is still pending (34 words)
Thread Border Routers can now implement credential sharing, simplifying network integration for compatible devices (31 words)
Ikea's Dirigera hub and Amazon smart speakers are already on Thread 1.4 or will be updated this year once Apple and Google catch up (35 words)
Why it matters: If you're setting up a Matter/Thread smart home, the new credential sharing feature in Thread 1.4 simplifies network integration for devices like Samsung's SmartThings hub. However, HomePod Software 27 is still pending, so smaller ecosystems may lag behind until full adoption.
Energy-storage
Image source: techcrunch.com
Summary: Tesla's energy storage revenue has doubled since 2023, capturing 82% of global installations. This dominance is crucial as data centers expand to support AI growth.
Key Points:
Tesla's annual revenue from energy generation and storage has surged by 100%, hitting $X billion in 2023.
The company now controls 82% of the market, up from 40% two years ago.
Annual installations are expected to exceed 110 GWh per year by 2030, driven by data center expansion for AI.
GM's gross margin over the last 15 years has averaged just over 11%, a stark contrast to Tesla's 30% in energy storage.
Startups have raised large rounds to capture market share, but face significant competition from Tesla.
Why it matters: If you're planning data center expansion for AI workloads, Tesla's dominance means your options are limited. The company's control over the market ensures that any new installations will likely rely on its technology, impacting everything from cost to scalability.
Infrastructure-investments
Image source: techcrunch.com
Summary: Amazon secures a $17.5B loan to fund AI infrastructure, raising questions about ROI amid record-breaking corporate borrowing.
Key Points:
Amazon signed a deal with Citigroup, JPMorgan Chase, Wells Fargo, HSBC, and BofA Securities for the $17.5 billion loan.
The total new financing for Amazon reached roughly $31.5 billion within just two days.
Alphabet plans to raise $80 billion through a stock sale to fund AI investments, following Meta's $30 billion bond sale.
Companies are spending large sums of money to keep pace in the AI arms race, with many borrowing heavily for massive buildouts.
Investors and analysts question whether returns will justify the unprecedented scale of borrowing seen recently.
Why it matters: If you're a tech investor or executive overseeing major infrastructure projects, this trend signals a shift towards aggressive spending in AI. Amazon's $17.5 billion loan alone is indicative of how seriously companies are taking their AI investments. However, the question remains whether these massive expenditures will translate into tangible returns.
New Tools & Job
note.md - note.md is a private, local-first markdown workspace for macOS built for focused writing, research, and structured thought. It supports GitHub Flavored Markdown, complex tables, and LaTeX math, with bidirectional links and a visual graph to connect ideas. Smart citations and research-table extraction are powered by local AI models that keep your data on-device, and you can import scientific papers and PDFs directly. Markdown is the storage format - no proprietary lock-in.
Genpire - Genpire is an AI-native product design and manufacturing platform. It turns any idea, sketch, or prompt into factory-ready output in minutes - design visuals, technical specs, bills of materials, graded size specs, construction notes, materials, and manufacturer matching - all in one workflow. Built for fashion, apparel, and consumer-goods brands, it compresses development timelines that previously ran four to eight weeks.
PollyReach - PollyReach gives every AI agent its own phone number and the ability to make and receive real calls. Its human-like AI voice agents automate lead qualification, customer support, and appointment booking, and can serve as a 24/7 AI receptionist. Polly finds the number, dials, navigates phone menus, handles the conversation, and confirms bookings, syncing with Google Calendar, Outlook, and Calendly to check availability.
Contextberg - Contextberg is a local memory app for AI coding agents. It watches your screens, agent transcripts, and browser activity in the background, then serves both short-term and long-term memory to agents like Claude Code, Cursor, and OpenClaw over the Model Context Protocol (MCP). It is privacy-first and Windows-first - your data never leaves your machine - and installs from the Microsoft Store.
Nota: AI Notes & Voice - Nota is an AI notes and voice app for iPhone, iPad, Mac, and Apple Watch. Capture your way - type, dictate, sketch, scan, or upload images - and let built-in AI clarify, shape, and organize your notes. Its scanner extracts text from documents, whiteboards, business cards, signs, photos, and textbooks, and Apple Pencil support adds handwriting and drawing with tags, pins, search, and visual organization.
Software Engineer, Secrets Infrastructure (Remote) - Fully remote team building Stripe's internal secrets/credentials infrastructure.
Software Engineer, New Grad - New grad SWE role spanning Stripe's payments, money-movement and platform teams.
Applied Scientist / Research Engineer, AI4Engineering - Apply Mistral's models to coding, software engineering, and developer workflows.
AI Scientist - Research scientist role on Mistral AI's research org — onsite, hybrid or remote.
Research Engineer, Machine Learning - Build and optimize large-scale learning systems powering Mistral's open-weight models.
Machine Learning Engineer, Fast Optimized Inference (EMEA Remote) - Build the fastest open-source inference stack — quantization, kernels, serving — at Hugging Face.
Cloud Machine Learning Engineer (US Remote) - Build Hugging Face's cloud ML offerings — inference endpoints, training infrastructure, and customer-facing tooling.
SDE AI/ML II — ML Inference Apps, AWS Neuron - Performance tune and enable ML model families (Llama2, GPT-class) on AWS Neuron / Trainium inference accelerators.
Annapurna Labs at AWS — Early Career (US): ML Systems & Silicon Innovation - Multiple technical tracks across ML Systems & Compilers, Distributed Training Systems and ML Infrastructure on AWS's silicon team.
Machine Learning Research Engineer, Generative AI (Siri) - Build infrastructure, datasets and models that empower Siri across NLU, dialog generation, speech synthesis and multi-modal interaction.
AI Research Scientist — Safety Alignment Team - Research and develop safety-alignment techniques for Meta's frontier AI systems.
AI Research Scientist, Language — Generative AI - Conduct research on generative language models within Meta's GenAI org.
Senior Deep Learning Algorithm Engineer - Develop and optimize deep learning algorithms for NVIDIA's accelerated computing platforms.
Deep Learning Software Engineer, TensorRT Performance — New College Grad 2026 - Integrate TensorRT into open-source frameworks and implement graph compiler algorithms across NVIDIA's inference ecosystem.
Research Engineer, Pretraining - Build and optimize pretraining systems and pipelines for frontier models at Google DeepMind.
Research Engineer, World Models - Implement core infrastructure and conduct research to build generative models of the physical world.
Staff Machine Learning Engineer, Virtual Collaborator - Lead ML engineering for the Virtual Collaborator product line at Anthropic.
Research Engineer, Cybersecurity Reinforcement Learning - Safely advance model capabilities in secure coding, vulnerability remediation, and defensive cybersecurity.
Research Engineer / Research Scientist, Pre-training - Develop the next generation of large language models on Anthropic's Pre-training team.
Research Engineer / Scientist, Alignment Science - Contribute to exploratory experimental research on AI safety with a focus on risks from powerful future systems.
QUICK HITS
North Korean Hackers Account for Half of U.S. Tech Infiltrations - North Korean hackers pose as IT workers, infiltrate U.S. tech firms, and steal IP and crypto. They account for nearly half of all hands-on-keyboard intrusions in 2025-26. Companies must stay vigilant against these sophisticated threats.
Wing Expands Drone Delivery to Seven More US Cities - Wing is expanding its drone delivery service to seven more US cities through a partnership with Walmart, aiming for over 270 locations by next year. Why it matters: Drone delivery isn't just a gimmick; it's becoming a reliable service used multiple times weekly by many customers.
Anthropic Launches Claude Fable 5 With Restricted Medical Knowledge - Anthropic released Claude Fable 5, skipping basic biology and med queries for safety reasons. If you need deep medical insights, look elsewhere.
Microsoft VP Addresses AI Backlash From Graduates - Microsoft VP addresses graduate backlash against AI in commencement speeches, calling for higher standards in tech development.
AI Honors Gala Wraps Up With Trump's AI Executive Order Delay - Tech lobbyists pulled strings at the AI Honors gala while President Trump delayed signing an executive order on AI until June 2nd after last-minute lobbying from Sacks and Musk.
Independent Musicians Sue Google Over Lyria Training - Independent musicians sue Google over Lyria training, alleging misuse of uploaded songs. The case highlights the murky legal waters around data usage in AI development.
THAT'S A WRAP
Partner with Us
Showcase your product to our engaged community of Tech enthusiasts
Our newsletter reaches a diverse audience of tech professionals, investors, engineers, managers, and business leaders worldwide. Get in touch today.
Comments
Be the first to comment
Want this in your inbox?
Get the daily edition delivered free every morning.
Join 2,012 builders reading daily.