Benton Innovation Group

Thanks to Helium, the City of Redondo Beach in California just solved a years-long connectivity dead zone at its pier without a single new tower. 1M+ visitors a year. Near-zero cell coverage. Not because the technology didn't exist, but because the traditional model for building coverage makes problems like this too expensive and too slow to fix. A local deployer saw the gap, deployed Helium coverage, now thousands of people connect through the Network daily. No towers. No massive upfront buildout. Locally owned and earned from the traffic it carries. That's what happens when you distribute infrastructure to the people who see the gaps firsthand. Read the news 🔗���️ https://t.co/GIoiicmYtj

We’ve released a detailed technical analysis of the supply chain poisoning activities related to Mini Shai-Hulud. Within just 22 minutes, the attacker-controlled npm account “atool” published 637 malicious versions across 317 npm packages, including popular dependencies in the AntV ecosystem and echarts-for-react. At the same time, the attackers also poisoned Python packages such as durabletask while impersonating official Microsoft releases. The malware primarily targets sensitive credentials from cloud environments including AWS, GCP, Azure, Kubernetes, and Vault, as well as npm and GitHub tokens. It also features supply chain self-propagation and persistence mechanisms targeting AI coding assistants such as Claude Code and Codex. Full technical analysis👇 https://t.co/8XKCvjQxqF

THE NUMBERS DON’T WHISPER. THEY SCREAM. Massie gained votes. Turnout doubled. His opponent vote didn’t grow. It exploded. 2024 opponent vote: 12,664 2026 opponent vote: 57,822 That’s a 356.6% surge. Total turnout jumped from 52,593 to 105,361. Maybe it’s real. Maybe it’s clean. Maybe every ballot checks out. Then prove it. An audit is not fear. An audit is verification. If voters are expected to accept the result then officials should welcome the review. Call the Kentucky Secretary of State. Call county election boards in KY-04. Demand a full audit of the Republican primary vote. Ballot count. Chain of custody. Machine logs. Absentee totals. Precinct-level turnout. Trust is earned in daylight. Open the books. #ElectionAudit #KentuckyPolitics

Ossoff: I am running in Georgia against two Trump lackeys who, you can rest assured as they race for the President's approval, would be voting for this crooked ballroom and this insurrectionist slush fund. And in fact, every national political reporter in the country should be putting that question to these two candidates tonight. They want to be candidates for the U.S. Senate? Let's see them prove to the people of Georgia… because they're pro-war, they're pro-tariff, they're pro-cutting health care. Let's find out where they stand on the crooked ballroom and the insurrectionist slush fund.

🚨 MistEye TI Alert 🚨 Based on recent intelligence, multiple high-frequency npm packages, including AntV and Echarts-for-react, as well as the durabletask Python SDK, have been compromised by Mini Shai-Hulud supply chain attacks. Notably: 1. May 19, 2026: The npm account atool ([email protected]) was compromised, allowing attackers to automatically publish 637 malicious versions across 317 packages within 22 minutes. 2. May 20, 2026 (Beijing Time): Within 35 minutes, attackers consecutively uploaded durabletask versions 1.4.1, 1.4.2, and 1.4.3 at 00:19, 00:49, and 00:54, bypassing normal release controls and impersonating official Microsoft releases. Additionally, these two events—the large-scale GitHub token leaks (potentially exposing official repositories) and the Grafana Labs targeted ransom attack—are likely related to the Mini Shai-Hulud supply chain compromise: • GitHub token leaks: Evidence suggests some leaked tokens may have been used to access and potentially sell official GitHub repositories. The leaks were caused by a compromised employee device, which involved a polluted VS Code extension. • Grafana Labs attack (May 16, 2026): A cybercrime group gained unauthorized access to their GitHub repositories, downloaded the codebase, and issued a ransom demand under threat of data disclosure. Affected Components / Targets: • npm packages: AntV, Echarts-for-react, and other high-frequency components in the npm ecosystem. • Python packages: durabletask 1.4.1, 1.4.2, 1.4.3. • Developer credentials and secrets: GitHub PATs, npm Tokens, AWS Keys, Kubernetes Secrets, Vault Tokens, SSH keys, and over 90 types of local sensitive files. • GitHub repositories: internal codebases potentially accessible via leaked tokens. • Grafana Labs’ repositories (downloaded by attackers; ransom demanded). Potential Attacker Actions: • Immediate exfiltration of cloud and local credentials upon package installation or import. • Unauthorized access to internal repositories and sensitive cloud infrastructure. • Lateral movement across developer machines, CI/CD pipelines, and cloud workloads. • Sale and exploitation of leaked GitHub tokens. • Supply chain compromise affecting dependent projects and production systems. • Ransom demands and potential data disclosure threats against organizations, including open source platforms. Detection Methods: • Audit npm and PyPI dependencies for affected packages: • npm: npm ls <package> --all • Python: pip list --outdated or pip show durabletask to confirm versions. • Inspect lockfiles (package-lock.json, yarn.lock, pnpm-lock.yaml, requirements.txt, pipfile.lock) for malicious versions. • Review CI/CD pipelines and deployment logs for installation of compromised packages. • Monitor GitHub and cloud activity for unusual authentication events, including signs of leaked token usage. Mitigation Measures: • Immediately rotate all exposed GitHub, npm, PyPI, and cloud credentials. • Replace affected npm/PyPI packages with verified safe versions or freeze dependency versions. • Isolate potentially compromised systems and audit for credential theft or lateral movement. • Apply security patches and review post-compromise artifacts in CI/CD pipelines. Additional Recommendations: • Enable real-time monitoring and alerting for suspicious token or key usage. • Implement stricter dependency review policies and supply chain risk checks. • Educate teams to verify package authenticity before installation. • Monitor dark web or underground marketplaces for leaked credentials related to your organization. SlowMist will continue to track and monitor developments related to this incident, including potential new malicious releases or related exploits. MistEye has already pushed relevant threat intelligence to clients to help them proactively assess and mitigate risks. https://t.co/WDr4897Q7Q https://t.co/n3APjBVNYw

In Q4, Helium offloaded 4,388 TB of data from mobile carriers, a 60.7% QoQ increase. Subscribers from AT&T, Movistar, Google Orion, and Wefi are all using Helium seamlessly without knowing it. DePin is the frontier! Today, I released Messari’s State of Helium Q4 2025 report. Here are the highlights 🧵