Supabase's $10.5 Billion Decacorn Moment, Cisco's Zero-Day Crisis, and Reid Hoffman's AI Pivot

The Week Tech Infrastructure Had Its Moment

This was one of those weeks where you could feel the ground shift beneath several major pillars of the technology industry simultaneously. From a record-shattering funding round for an open-source company to actively exploited zero-day vulnerabilities in enterprise networking gear, from a legendary Silicon Valley figure making a dramatic career pivot to a crypto market bloodbath rivaling the FTX collapse — the stories collectively paint a picture of an industry in rapid, sometimes violent, transformation.

Here are the five stories that defined this week in tech.

Supabase Becomes a Decacorn: $500M Series F at $10.5B Valuation

Supabase, the open-source Postgres development platform used by more than 9 million developers worldwide, has officially closed a $500 million Series F funding round at a post-money valuation of $10.5 billion, making it one of the most valuable open-source companies on the planet. The round was led by GIC, Singapore's sovereign wealth fund, with full participation from all existing investors including Accel, Y Combinator, Craft, Felicis, Peak XV, and Coatue.

What makes this round particularly noteworthy is Stripe's decision to double down on its investment, alongside the addition of Salesforce Ventures as a new investor. The funding arrives just seven months after Supabase's Series E — an unusually rapid cadence that signals explosive growth momentum. Total capital raised now exceeds $1 billion.

Supabase has positioned itself as the definitive open-source alternative to Firebase and backend-as-a-service platforms, offering real-time subscriptions, authentication, storage, and edge functions all built on PostgreSQL. Its developer-first approach and open-source licensing have made it the default choice for startups and enterprises looking to escape proprietary vendor lock-in. At $10.5 billion, Supabase isn't just competing with Firebase — it's signaling that the market for developer infrastructure is larger and more hungry for open-source alternatives than many analysts predicted.

Cisco SD-WAN Zero-Day Under Active Exploitation — No Patch Available

Cisco has issued an urgent security advisory warning that a high-severity zero-day vulnerability in Cisco Catalyst SD-WAN Manager (CVE-2026-20245) is being actively exploited in the wild to achieve root-level privilege escalation. The flaw allows local attackers with low privileges to upload a crafted file to the system, execute command injection attacks, and escalate privileges to root.

This is not an isolated incident. Cisco's Product Security Incident Response Team (PSIRT) became aware of the exploitation after Mandiant — Google Cloud's cybersecurity subsidiary — reported the threat without sharing technical details. The vulnerability affects all deployment types: on-premises, cloud-managed, and government (FedRAMP) configurations.

Disturbingly, this is at least the sixth CVE targeting Cisco's SD-WAN Manager to be exploited in active campaigns since early 2026. While no patch exists for CVE-2026-20245 yet, Cisco advises administrators to upgrade to versions that address a related flaw, CVE-2026-20182, patched on May 14. CISA has flagged 90 Cisco vulnerabilities as exploited in the wild — four specifically in SD-WAN Manager. For enterprises running Cisco's network management infrastructure, the message is clear: the attack surface is enormous, and threat actors are moving faster than patches.

Related reading: LiquidJS RCE, a Trojanized npm Package, and GitHub Copilot's Billing Overhaul

A New Magecart Campaign Turns Stripe Into a Data Staging Ground

Security researchers at Sansec have uncovered a sophisticated Magecart campaign that represents a disturbing evolution in payment card skimming tactics. Instead of exfiltrating stolen credit card data directly to attacker-controlled servers — which would trigger security alerts — this campaign stores stolen card data as fake customer records inside Stripe's own API infrastructure.

The attack chain works by embedding malicious JavaScript code within Google Tag Manager containers, which activates on checkout pages. When a customer enters payment details, the skimmer captures the credit card number, expiration date, CVV, name, billing address, and phone number. The data is then XOR-obfuscated, stored locally in the browser, and gradually uploaded to the attacker's Stripe account disguised as legitimate "customer records."

This approach is fiendishly effective because both Google Tag Manager (googletagmanager.com) and Stripe's API (api.stripe.com) are trusted by default in most Content Security Policy configurations. Network filters allow traffic to these domains without scrutiny, meaning the skimmer slips past most standard web application firewall rules. The campaign has been active since December 2025 — months before detection. For e-commerce operators, it's a stark reminder that third-party scripts remain one of the most dangerous and under-monitored attack surfaces in web security.

Related reading: TrapDoor, VaultJacking, and the AI Agent Security Crisis Reshaping Development

Reid Hoffman Leaves Microsoft's Board to Go All-In on AI Drug Discovery

Reid Hoffman, the co-founder of LinkedIn and a decade-long member of Microsoft's board of directors, has resigned to focus entirely on his AI drug discovery startup, Manus. Hoffman joined Microsoft's board after the company acquired LinkedIn for $26.2 billion in 2016, and has been one of the most influential voices in Silicon Valley's AI investment landscape.

His departure is significant for multiple reasons. Hoffman was on Microsoft's board during its initial $1 billion investment in OpenAI in 2019 and was one of OpenAI's original investors. He also served on OpenAI's board until 2023, when he stepped down citing too many potential conflicts of interest — the same rationale he's using now for leaving Microsoft. Notably, Microsoft previously executed a $650 million acqui-hire deal with Inflection AI, another startup involving Hoffman, further illustrating the tangled web of interests.

At Manus, Hoffman serves as chairman and co-founder alongside CEO Dr. Siddhartha Mukherjee, the Pulitzer Prize-winning physician and author of "The Emperor of All Maladies." The startup has raised over $50 million through seed rounds and is pursuing what Hoffman calls "Move 37 AI" — artificial intelligence that can supplant human creativity in chemistry, particularly for cancer treatment. Hoffman's move signals a broader trend: the most connected figures in tech are pivoting from platform companies to applied AI ventures with tangible real-world impact.

Related reading: Anthropic's Near-Trillion-Dollar IPO, DeepSeek's $7.4 Billion Raise, and the One-Line Bug

Crypto Markets Suffer Worst Weekly Rout Since FTX Collapse

The cryptocurrency market lost roughly $390 billion in total value this week in what analysts are calling the worst drawdown since the FTX collapse in November 2022. Bitcoin dropped below $60,000 for the first time in months, while Ethereum fell to a 13-month low around $1,540 after a bug discovered in the Zcash network triggered fears of cross-blockchain contamination risks.

According to CoinDesk and NYDIG, the sell-off wasn't driven by a single catalyst but rather a confluence of headwinds: massive Bitcoin sales by Strategy (formerly MicroStrategy), capital rotation toward AI-focused IPOs like OpenAI and SpaceX, rising fears around quantum computing threats to cryptographic foundations, and growing anxiety over potential Federal Reserve rate hikes. Nearly $7 billion in leveraged positions were liquidated over the course of the week.

Meanwhile, Bitcoin experienced its first-ever "hashrate bear market," with 145 exahashes per second exiting the network in just two weeks. The hashrate dropped from 1,030 EH/s to 885 EH/s as mining profitability plummeted 27% over 30 days. Mining difficulty is projected to decrease by 10.76% on June 13 — the kind of adjustment that historically signals deeper capitulation. For an industry that spent years building institutional credibility, this week was a humbling reminder that crypto markets remain volatile, sentiment-driven, and deeply interconnected with broader macroeconomic forces.

The Bigger Picture

What connects these five stories isn't just timing — it's a common thread of infrastructure under pressure. Supabase is building the new infrastructure that developers trust. Cisco's SD-WAN Manager is the infrastructure enterprises depend on, now under relentless attack. Stripe's API is the infrastructure e-commerce relies on — now being weaponized. Hoffman is leaving the infrastructure of Microsoft to build biological infrastructure at Manus. And crypto's financial infrastructure just experienced a stress test that rivals its worst moments.

Infrastructure — whether code, capital, or consensus — is only as strong as its weakest link. This week, several of those links were tested. The organizations that survive and thrive will be the ones treating resilience not as a feature, but as a foundational design principle.