-
-
ICE Is Using Data Broker Tools to ‘Identify Unaccompanied Minors’ and ‘Fraud’

ICE Is Using Data Broker Tools to ‘Identify Unaccompanied Minors’ and ‘Fraud’ A newly renewed, $25 million-per-year contract with a subsidiary of Thompson Reuters further expands the power of ICE under the Trump administration.
-
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the…
-
‘The Odyssey’ Backlash Failed Tremendously

‘The Odyssey’ Backlash Failed Tremendously For all the hysteria over “woke” casting and ahistorical choices, Christopher Nolan’s epic is on track to make $200 million globally during its opening weekend.
-
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group…
-
Lyft’s CEO Says, ‘We’re the Good Uber’

Lyft’s CEO Says, ‘We’re the Good Uber’ David Risher insists that Lyft has lowered its prices and that customers who only check his competitor’s app are “leaving money on the table.”
-
The Best New Camping Gear at REI (2026): Tents, Coolers, Bikes, More

The Best New Camping Gear at REI (2026): Tents, Coolers, Bikes, More I tested REI’s best new and revamped outdoor gear of 2026. Here’s what’s worth buying, from tents and sleeping bags to coolers and bikes.
-
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. “Any user who ran the project ended up with…
-
Conspiracy Theorists Think Trump’s Speech Paves the Path to the Insurrection Act

Conspiracy Theorists Think Trump’s Speech Paves the Path to the Insurrection Act Election deniers have spent years promoting the idea that the 2020 election was stolen. They believe Donald Trump’s speech finally proves them right.
-
Essential Gear for an Emergency Kit—for Cars or Go-Bags

Essential Gear for an Emergency Kit—for Cars or Go-Bags We consulted preparedness experts and WIRED’s team of testers for the essential gear to keep on hand in case of wildfires, earthquakes, and lord knows what else.
-
5 Best Smart Speakers (2026): Alexa, Google, Apple

5 Best Smart Speakers (2026): Alexa, Google, Apple Looking to add a smart speaker to your house? Here’s which to choose, whether you’re an Alexa, Siri, or Gemini fan.
-
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability…
-
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace? Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs that can move from…
-
Valve Steam Machine Review: A Compromised Console
.jpg)
Valve Steam Machine Review: A Compromised Console Great for indie darlings, but Sony, Microsoft, and Nintendo remain kings of TV gaming.
-
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him…
-
Panasonic Japanese Microwave Review (2026): True 1-Button Cooking

Panasonic Japanese Microwave Review (2026): True 1-Button Cooking The Japanese Microwave measures food temperature directly, and stops cooking when food’s hot. It’s kinda terrific.
-
23 Best Gifts for Cooks (2026): Vitamix, Frying Pans, Air Fryers

23 Best Gifts for Cooks (2026): Vitamix, Frying Pans, Air Fryers From the best air fryer to frying pans to knife sharpeners anyone can use, these ideas will keep the curious home chef in your life tinkering away.
-
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into…
-
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which uncovered the activity…
-
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The vulnerability in question…
-
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems inoperable and forced…
-
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the…
-
Swatch’s New Gold MoonSwatch Solves the Problem of the Nightmare Royal Pop Launch

Swatch’s New Gold MoonSwatch Solves the Problem of the Nightmare Royal Pop Launch Swatch’s latest MoonSwatch is the Mission to the Moon 1969, a limited-edition model with components crafted from Omega’s 18K Moonshine Gold. To get one, you’ll have to join a lottery.
-
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token…
-
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report.…
-
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and…
-
XPeng’s New ‘Budget’ EV Looks Like the Ferrari Luce

XPeng’s New ‘Budget’ EV Looks Like the Ferrari Luce The electric L03 is looking to punch above its weight in style and tech as it launches in 60 countries worldwide.
-
11 Best Sleeping Bags (2026): Ultralight, Warm Weather, for Kids

11 Best Sleeping Bags (2026): Ultralight, Warm Weather, for Kids Whether you’re climbing peaks or taking the family to the local park, we’ve found the best sleeping bags for every temperature, budget, and camping expedition.
-
20+ Hijacked Government Websites Became an Attack Channel

20+ Hijacked Government Websites Became an Attack Channel More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind…
-
The Best Backpacking Water Filters of 2026

The Best Backpacking Water Filters of 2026 We’ve tested filters from Sawyer, Katadyn, LifeStraw, MSR and more to find the best option for every adventure.
-
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click “Buy Now” instead. Ask a coding assistant to apply a maintainer’s fix from a GitHub thread, and a fake comment…
-
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in…
-
Hisense XR10 Smart Projector Review: RGB-Powered Wonder

Hisense XR10 Smart Projector Review: RGB-Powered Wonder Projectors are adopting RGB backlighting, the hottest tech from the world of TVs. This large but vivid projector is a great option for summer movie nights.
-
Gay Men Flocked to Goose for Friendship. Some Still Feel Excluded

Gay Men Flocked to Goose for Friendship. Some Still Feel Excluded Despite positioning itself as an anti-hookup app, users tell WIRED that Goose has fake profiles, harsh acceptance standards, and problems with inclusivity.
-
AI Can Find Bugs, But Human Knowledge Still Proves Them

AI Can Find Bugs, But Human Knowledge Still Proves Them Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing…
-
Best Air Purifiers (2026): Coway, AirDoctor, IQAir, and More

Best Air Purifiers (2026): Coway, AirDoctor, IQAir, and More Protect your home against dust, pets, allergens, and more with the best air purifiers, tested firsthand.
-
Please Stop Making Me Opt Out of AI

Please Stop Making Me Opt Out of AI I’m sick of “opt-out” toggles for automatically enabled generative AI features. It’s past time to make “opt in” the default setting for sensitive features.
-
Astronomers Have Found a Sugar Molecule in Deep Space for the First Time Ever

Astronomers Have Found a Sugar Molecule in Deep Space for the First Time Ever Researchers identified traces of erythrulose, a monosaccharide, thousands of light-years away.
-
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi…
-
OnePlus, the ‘Flagship-Killer’ Smartphone Brand, Is All but Dead

OnePlus, the ‘Flagship-Killer’ Smartphone Brand, Is All but Dead The original OnePlus phone disrupted the mobile market 13 years ago with its affordable price and top-end specs. Now, the company is exiting North America and Europe to focus on China.
-
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed widely. “GPT‑Red is a strong red-teamer, and our previous models are highly vulnerable to its prompt injection…
-
Lionel Messi’s Final World Cup—and the Death of Early Retirement

Lionel Messi’s Final World Cup—and the Death of Early Retirement Argentina’s Lionel Messi was supposed to be done years ago. Now, sports science is helping soccer’s biggest stars rewrite the rules of aging.
-
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet’s own…
-
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below – CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation…
-
An Inventor of Apple’s FaceID Wants to Analyze Your Brain’s Health With AI

An Inventor of Apple’s FaceID Wants to Analyze Your Brain’s Health With AI Gidi Littwin’s new AI startup, Hemispheric, makes diagnostic brain scans for conditions like depression, PTSD, and Parkinson’s. He wants the technology to be as cheap and easy as for a blood test.
-
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough. For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools,…
-
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a…
-
New Webinar: Closing the Approval Gap in AI-Era Ad Tech

New Webinar: Closing the Approval Gap in AI-Era Ad Tech A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this Approval Gap forms, and gives your team the blueprint to close it…
-
The Best iPad to Buy (and Some to Avoid) in 2026: Air, Pro, Mini
.jpg)
The Best iPad to Buy (and Some to Avoid) in 2026: Air, Pro, Mini Apple just raised its prices. Here’s an updated breakdown of the brand’s tablets to find the best one for your needs.
-
MSI Claw 8 EX AI+ Review: Great Power, Shocking Price

MSI Claw 8 EX AI+ Review: Great Power, Shocking Price But with great power comes a great price.
-
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your…
-
4 Best Personal Safety Alarms: Garmin, Sabre, & More (2026)

4 Best Personal Safety Alarms: Garmin, Sabre, & More (2026) Make some noise for safety with our favorite alarms, from keychain sirens to wearable bracelets.
-
The Best Google Home Speaker (2026)

The Best Google Home Speaker (2026) There’s now only one worth buying—but you can still access new features on older models you might already own.
-
My Ebike Delivery Went Missing. When I Tried to Recover It, I Ended Up in Chatbot Hell
.jpg)
My Ebike Delivery Went Missing. When I Tried to Recover It, I Ended Up in Chatbot Hell Companies’ increasing reliance on AI chatbots isn’t making the customer service experience smarter. It’s just making it more infuriating.
-
The Explosive Diarrhea Outbreak Is About to Get Much Bigger

The Explosive Diarrhea Outbreak Is About to Get Much Bigger Official case counts likely capture only a fraction of US cyclosporiasis infections, and the outbreak is likely to get worse before it gets better.
-
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The
-
OpenAI Staffers Are Funding a Rival Super PAC to Take on Their Boss

OpenAI Staffers Are Funding a Rival Super PAC to Take on Their Boss OpenAI employees have donated more than $215,000 to a political effort opposing Leading the Future, a group backed by the company’s president, Greg Brockman.
-
How To Watch the 2026 FIFA World Cup Semifinals: England vs Argentina

How To Watch the 2026 FIFA World Cup Semifinals: England vs Argentina The end of the FIFA Men’s World Cup is nigh. Here’s how to watch the final games and the first ever World Cup halftime show.
-
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below – CVE-2026-15409 (CVSS score: 10.0) – A Server-side request forgery…
-
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft’s own CVEs by its Security Update Guide count, more than triple June’s previous high of around 200. Those two live…
-
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows…
-
DeepMind CEO calls for an independent standards body to regulate frontier AI
DeepMind CEO calls for an independent standards body to regulate frontier AI DeepMind CEO Demis Hassabis is proposing an AI “standards body” modeled after FINRA, to test frontier models and develop best practices for their release.
-
How To Watch the 2026 FIFA World Cup Semifinals: France vs Spain

How To Watch the 2026 FIFA World Cup Semifinals: France vs Spain The end of the FIFA Men’s World Cup is nigh. Here’s how to watch the final games and the first ever World Cup halftime show.
-
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today.…
-
DeepSeek reportedly in talks to raise $1.5B, then IPO
DeepSeek reportedly in talks to raise $1.5B, then IPO DeepSeek, the Chinese large language model developer, is said to be preparing for a 2027 IPO debut as it also looks to raise around $1.5 billion in new funds at a $71 billion valuation.
-
Meta’s Adam Mosseri says AI token budgets could soon be capped per engineer
Meta’s Adam Mosseri says AI token budgets could soon be capped per engineer Instagram head Adam Mosseri believes companies will eventually need to manage AI token spending the same way they manage payroll or other operating expenses, predicting that engineers could soon face limits on how much they spend using AI tools.
-
YouTube and X Have Become ‘Gateways’ to Nudify Apps

YouTube and X Have Become ‘Gateways’ to Nudify Apps A new study found that social media platforms are referring people to sites where they can create nonconsensual, sexually explicit deepfakes for as little as $1 an image.
-
Google Images gets a Pinterest-like redesign focused on discovery
Google Images gets a Pinterest-like redesign focused on discovery Now, when users navigate to Google Images, they’ll see a “For You” gallery of images tailored to their interests and browsing history.
-
New York State halts construction of all new data centers
New York State halts construction of all new data centers New York has become the first state to temporarily halt approval of large data centers, as Gov. Kathy Hochul argues the AI-driven building boom shouldn’t come at the expense of higher electricity costs, water supplies, or local control.
-
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says The Iranian government exploited well-known flaws in cellphone networks to locate and then strike U.S. military personnel in the build-up and beginning of the war.
-
New York Governor Signs First Statewide Data Center Moratorium

New York Governor Signs First Statewide Data Center Moratorium “We have no choice but to address the challenges created by these massive facilities,” New York governor Kathy Hochul said. The executive order will pause construction for one year.
-
I’m de-influencing you from buying the RingConn 3 (even though it’s pretty)
I’m de-influencing you from buying the RingConn 3 (even though it’s pretty) The RingConn 3 actually looks like real jewelry, not a wearable — but its fitness tracking and headache detection features are disappointing.
-
Reflection inks $1B compute deal with Nebius
Reflection inks $1B compute deal with Nebius Reflection AI has signed a $1 billion deal to access Nebius’ compute. Reflection was founded in 2024 and is developing open source AI technology.
-
The real AI race may no longer be at the frontier
The real AI race may no longer be at the frontier Hugging Face CEO Clem Delangue says enterprises increasingly want open models, due to cost, accessibility, and ownership. Do frontier models still matter if most production AI ends up running on open models?
-
Telegram’s shortlink domain is back online after day-long suspension
Telegram’s shortlink domain is back online after day-long suspension Telegram CEO Pavel Durov confirmed an outage in a tweet, saying that shortlinks to the messaging app had “stopped working.”
-
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo’s security team, which discovered and reported the…
-
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. “An attacker exploiting one of these vulnerable applications can execute untrusted code during system…
-
Plex Keeps Getting Worse. Is Jellyfin a Decent Replacement?

Plex Keeps Getting Worse. Is Jellyfin a Decent Replacement? If you want to stream local media, this free and open source media server is just as good as Plex. But if you rely on remote access or live TV, prepare to tinker.
-
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain…
-
9 Tips to Get More Out of Google Chat

9 Tips to Get More Out of Google Chat There’s more to Google’s messaging app than you might realize.
-
Best RGB TVs (2026): My Picks After Testing the Hottest TVs

Best RGB TVs (2026): My Picks After Testing the Hottest TVs RGB TVs are the latest hotness in the world of televisions, and I’ve tested many of the latest models to see which you should buy.
-
How Pentera Turns AI Security Workflows into Validation Engines

How Pentera Turns AI Security Workflows into Validation Engines AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because…
-
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating…
-
Oura Ring 5 Review: Still the Smart Ring to Beat

Oura Ring 5 Review: Still the Smart Ring to Beat It’s not the upgrade Ring 4 owners have been waiting for, but it’s easily the best smart ring Oura has ever made.
-
This German Man Is on a Quest to Cut the Perfect Slice of Bread
.jpg)
This German Man Is on a Quest to Cut the Perfect Slice of Bread Armed with high-end knives and digital calipers, Germanbreadcutter has entranced thousands of fans, one loaf at a time.
-
This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone

This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone On this week’s episode of The Big Interview podcast, WIRED’s senior culture editor Manisha Krishnan talks to Gowanus about eschewing Big Tech, going outside, and rejection in the age of dating apps.
-
The Chatbot That Foretold Why People Share Secrets With ChatGPT

The Chatbot That Foretold Why People Share Secrets With ChatGPT In the 1960s an MIT professor named Joseph Weizenbaum created a chatbot called ELIZA. The conversations people had with it set precedents for the chatbots to come.
-
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured…
-
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused…
-
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them.…
-
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth…
-
Sam Altman’s space data center trash talk is what most experts already believe
Sam Altman’s space data center trash talk is what most experts already believe “homeboy you’re the one sellling [sic] public market investors on short-term space datacenters.”
-
Tesla Says It’s Building a Wheelchair-Accessible Robotaxi

Tesla Says It’s Building a Wheelchair-Accessible Robotaxi A Tesla representative at a DC hearing said the vehicle is “an active product being built.” But its timeline isn’t clear.
-
Investors send General Fusion soaring in debut as first publicly traded fusion company
Investors send General Fusion soaring in debut as first publicly traded fusion company General Fusion started trading on the Nasdaq following a reverse merger that saw high redemptions.
-
12 states sue to block Paramount’s $110B Warner Bros. deal
12 states sue to block Paramount’s $110B Warner Bros. deal The states allege that the deal would harm movie theaters, basic cable distributors, and audiences.
-
Should AI help you get away with killing your spouse?
Should AI help you get away with killing your spouse? What does a world of total user-aligned AI actually look like?
-
There Are Endless Conspiracy Theories About Lindsey Graham’s Death

There Are Endless Conspiracy Theories About Lindsey Graham’s Death Despite a complete lack of evidence, everyone from Russia to Israel and Iran is being blamed for Lindsey Graham’s death.
-
As TV-tracking app TV Time shuts down, its founder builds Bingers, a new home for fans
As TV-tracking app TV Time shuts down, its founder builds Bingers, a new home for fans The creator of TV Time is building a successor app that will let users import their watch histories and preserve the community that formed around discussing their favorite shows.
-
Anthropic starts localizing Claude pricing for India, its biggest market after the US
Anthropic starts localizing Claude pricing for India, its biggest market after the US Claude users in India are starting to see Indian rupee-denominated subscription plans.
-
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t…
-
SpaceX cleared to fly Starship again after booster failure in May
SpaceX cleared to fly Starship again after booster failure in May This will be the first Starship test flight for SpaceX as a public company, testing the market’s appetite for the company’s “fly, fail, fix” approach to rocket development, which often ends in fireballs.
-
-
-
ICE Is Using Data Broker Tools to ‘Identify Unaccompanied Minors’ and ‘Fraud’

ICE Is Using Data Broker Tools to ‘Identify Unaccompanied Minors’ and ‘Fraud’ A newly renewed, $25 million-per-year contract with a subsidiary of Thompson Reuters further expands the power of ICE under the Trump administration.
-
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the…
-
‘The Odyssey’ Backlash Failed Tremendously

‘The Odyssey’ Backlash Failed Tremendously For all the hysteria over “woke” casting and ahistorical choices, Christopher Nolan’s epic is on track to make $200 million globally during its opening weekend.
-
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group…
-
Lyft’s CEO Says, ‘We’re the Good Uber’

Lyft’s CEO Says, ‘We’re the Good Uber’ David Risher insists that Lyft has lowered its prices and that customers who only check his competitor’s app are “leaving money on the table.”
-
The Best New Camping Gear at REI (2026): Tents, Coolers, Bikes, More

The Best New Camping Gear at REI (2026): Tents, Coolers, Bikes, More I tested REI’s best new and revamped outdoor gear of 2026. Here’s what’s worth buying, from tents and sleeping bags to coolers and bikes.
-
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. “Any user who ran the project ended up with…
-
Conspiracy Theorists Think Trump’s Speech Paves the Path to the Insurrection Act

Conspiracy Theorists Think Trump’s Speech Paves the Path to the Insurrection Act Election deniers have spent years promoting the idea that the 2020 election was stolen. They believe Donald Trump’s speech finally proves them right.
-
Essential Gear for an Emergency Kit—for Cars or Go-Bags

Essential Gear for an Emergency Kit—for Cars or Go-Bags We consulted preparedness experts and WIRED’s team of testers for the essential gear to keep on hand in case of wildfires, earthquakes, and lord knows what else.
-
5 Best Smart Speakers (2026): Alexa, Google, Apple

5 Best Smart Speakers (2026): Alexa, Google, Apple Looking to add a smart speaker to your house? Here’s which to choose, whether you’re an Alexa, Siri, or Gemini fan.
-
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability…
-
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace? Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs that can move from…
-
Valve Steam Machine Review: A Compromised Console
.jpg)
Valve Steam Machine Review: A Compromised Console Great for indie darlings, but Sony, Microsoft, and Nintendo remain kings of TV gaming.
-
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him…
-
Panasonic Japanese Microwave Review (2026): True 1-Button Cooking

Panasonic Japanese Microwave Review (2026): True 1-Button Cooking The Japanese Microwave measures food temperature directly, and stops cooking when food’s hot. It’s kinda terrific.
-
23 Best Gifts for Cooks (2026): Vitamix, Frying Pans, Air Fryers

23 Best Gifts for Cooks (2026): Vitamix, Frying Pans, Air Fryers From the best air fryer to frying pans to knife sharpeners anyone can use, these ideas will keep the curious home chef in your life tinkering away.
-
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into…
-
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which uncovered the activity…
-
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The vulnerability in question…
-
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems inoperable and forced…
-
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the…
-
Swatch’s New Gold MoonSwatch Solves the Problem of the Nightmare Royal Pop Launch

Swatch’s New Gold MoonSwatch Solves the Problem of the Nightmare Royal Pop Launch Swatch’s latest MoonSwatch is the Mission to the Moon 1969, a limited-edition model with components crafted from Omega’s 18K Moonshine Gold. To get one, you’ll have to join a lottery.
-
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token…
-
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report.…
-
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and…
-
XPeng’s New ‘Budget’ EV Looks Like the Ferrari Luce

XPeng’s New ‘Budget’ EV Looks Like the Ferrari Luce The electric L03 is looking to punch above its weight in style and tech as it launches in 60 countries worldwide.
-
11 Best Sleeping Bags (2026): Ultralight, Warm Weather, for Kids

11 Best Sleeping Bags (2026): Ultralight, Warm Weather, for Kids Whether you’re climbing peaks or taking the family to the local park, we’ve found the best sleeping bags for every temperature, budget, and camping expedition.
-
20+ Hijacked Government Websites Became an Attack Channel

20+ Hijacked Government Websites Became an Attack Channel More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind…
-
The Best Backpacking Water Filters of 2026

The Best Backpacking Water Filters of 2026 We’ve tested filters from Sawyer, Katadyn, LifeStraw, MSR and more to find the best option for every adventure.
-
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click “Buy Now” instead. Ask a coding assistant to apply a maintainer’s fix from a GitHub thread, and a fake comment…
-
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in…
-
Hisense XR10 Smart Projector Review: RGB-Powered Wonder

Hisense XR10 Smart Projector Review: RGB-Powered Wonder Projectors are adopting RGB backlighting, the hottest tech from the world of TVs. This large but vivid projector is a great option for summer movie nights.
-
Gay Men Flocked to Goose for Friendship. Some Still Feel Excluded

Gay Men Flocked to Goose for Friendship. Some Still Feel Excluded Despite positioning itself as an anti-hookup app, users tell WIRED that Goose has fake profiles, harsh acceptance standards, and problems with inclusivity.
-
AI Can Find Bugs, But Human Knowledge Still Proves Them

AI Can Find Bugs, But Human Knowledge Still Proves Them Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing…
-
Best Air Purifiers (2026): Coway, AirDoctor, IQAir, and More

Best Air Purifiers (2026): Coway, AirDoctor, IQAir, and More Protect your home against dust, pets, allergens, and more with the best air purifiers, tested firsthand.
-
Please Stop Making Me Opt Out of AI

Please Stop Making Me Opt Out of AI I’m sick of “opt-out” toggles for automatically enabled generative AI features. It’s past time to make “opt in” the default setting for sensitive features.
-
Astronomers Have Found a Sugar Molecule in Deep Space for the First Time Ever

Astronomers Have Found a Sugar Molecule in Deep Space for the First Time Ever Researchers identified traces of erythrulose, a monosaccharide, thousands of light-years away.
-
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi…
-
OnePlus, the ‘Flagship-Killer’ Smartphone Brand, Is All but Dead

OnePlus, the ‘Flagship-Killer’ Smartphone Brand, Is All but Dead The original OnePlus phone disrupted the mobile market 13 years ago with its affordable price and top-end specs. Now, the company is exiting North America and Europe to focus on China.
-
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed widely. “GPT‑Red is a strong red-teamer, and our previous models are highly vulnerable to its prompt injection…
-
Lionel Messi’s Final World Cup—and the Death of Early Retirement

Lionel Messi’s Final World Cup—and the Death of Early Retirement Argentina’s Lionel Messi was supposed to be done years ago. Now, sports science is helping soccer’s biggest stars rewrite the rules of aging.
-
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet’s own…
-
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below – CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation…
-
An Inventor of Apple’s FaceID Wants to Analyze Your Brain’s Health With AI

An Inventor of Apple’s FaceID Wants to Analyze Your Brain’s Health With AI Gidi Littwin’s new AI startup, Hemispheric, makes diagnostic brain scans for conditions like depression, PTSD, and Parkinson’s. He wants the technology to be as cheap and easy as for a blood test.
-
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough. For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools,…
-
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a…
-
New Webinar: Closing the Approval Gap in AI-Era Ad Tech

New Webinar: Closing the Approval Gap in AI-Era Ad Tech A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this Approval Gap forms, and gives your team the blueprint to close it…
-
The Best iPad to Buy (and Some to Avoid) in 2026: Air, Pro, Mini
.jpg)
The Best iPad to Buy (and Some to Avoid) in 2026: Air, Pro, Mini Apple just raised its prices. Here’s an updated breakdown of the brand’s tablets to find the best one for your needs.
-
MSI Claw 8 EX AI+ Review: Great Power, Shocking Price

MSI Claw 8 EX AI+ Review: Great Power, Shocking Price But with great power comes a great price.
-
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your…
-
4 Best Personal Safety Alarms: Garmin, Sabre, & More (2026)

4 Best Personal Safety Alarms: Garmin, Sabre, & More (2026) Make some noise for safety with our favorite alarms, from keychain sirens to wearable bracelets.
-
The Best Google Home Speaker (2026)

The Best Google Home Speaker (2026) There’s now only one worth buying—but you can still access new features on older models you might already own.
-
My Ebike Delivery Went Missing. When I Tried to Recover It, I Ended Up in Chatbot Hell
.jpg)
My Ebike Delivery Went Missing. When I Tried to Recover It, I Ended Up in Chatbot Hell Companies’ increasing reliance on AI chatbots isn’t making the customer service experience smarter. It’s just making it more infuriating.
-
The Explosive Diarrhea Outbreak Is About to Get Much Bigger

The Explosive Diarrhea Outbreak Is About to Get Much Bigger Official case counts likely capture only a fraction of US cyclosporiasis infections, and the outbreak is likely to get worse before it gets better.
-
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The
-
OpenAI Staffers Are Funding a Rival Super PAC to Take on Their Boss

OpenAI Staffers Are Funding a Rival Super PAC to Take on Their Boss OpenAI employees have donated more than $215,000 to a political effort opposing Leading the Future, a group backed by the company’s president, Greg Brockman.
-
How To Watch the 2026 FIFA World Cup Semifinals: England vs Argentina

How To Watch the 2026 FIFA World Cup Semifinals: England vs Argentina The end of the FIFA Men’s World Cup is nigh. Here’s how to watch the final games and the first ever World Cup halftime show.
-
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below – CVE-2026-15409 (CVSS score: 10.0) – A Server-side request forgery…
-
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft’s own CVEs by its Security Update Guide count, more than triple June’s previous high of around 200. Those two live…
-
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows…
-
DeepMind CEO calls for an independent standards body to regulate frontier AI
DeepMind CEO calls for an independent standards body to regulate frontier AI DeepMind CEO Demis Hassabis is proposing an AI “standards body” modeled after FINRA, to test frontier models and develop best practices for their release.
-
How To Watch the 2026 FIFA World Cup Semifinals: France vs Spain

How To Watch the 2026 FIFA World Cup Semifinals: France vs Spain The end of the FIFA Men’s World Cup is nigh. Here’s how to watch the final games and the first ever World Cup halftime show.
-
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today.…
-
DeepSeek reportedly in talks to raise $1.5B, then IPO
DeepSeek reportedly in talks to raise $1.5B, then IPO DeepSeek, the Chinese large language model developer, is said to be preparing for a 2027 IPO debut as it also looks to raise around $1.5 billion in new funds at a $71 billion valuation.
-
Meta’s Adam Mosseri says AI token budgets could soon be capped per engineer
Meta’s Adam Mosseri says AI token budgets could soon be capped per engineer Instagram head Adam Mosseri believes companies will eventually need to manage AI token spending the same way they manage payroll or other operating expenses, predicting that engineers could soon face limits on how much they spend using AI tools.
-
YouTube and X Have Become ‘Gateways’ to Nudify Apps

YouTube and X Have Become ‘Gateways’ to Nudify Apps A new study found that social media platforms are referring people to sites where they can create nonconsensual, sexually explicit deepfakes for as little as $1 an image.
-
Google Images gets a Pinterest-like redesign focused on discovery
Google Images gets a Pinterest-like redesign focused on discovery Now, when users navigate to Google Images, they’ll see a “For You” gallery of images tailored to their interests and browsing history.
-
New York State halts construction of all new data centers
New York State halts construction of all new data centers New York has become the first state to temporarily halt approval of large data centers, as Gov. Kathy Hochul argues the AI-driven building boom shouldn’t come at the expense of higher electricity costs, water supplies, or local control.
-
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says The Iranian government exploited well-known flaws in cellphone networks to locate and then strike U.S. military personnel in the build-up and beginning of the war.
-
New York Governor Signs First Statewide Data Center Moratorium

New York Governor Signs First Statewide Data Center Moratorium “We have no choice but to address the challenges created by these massive facilities,” New York governor Kathy Hochul said. The executive order will pause construction for one year.
-
I’m de-influencing you from buying the RingConn 3 (even though it’s pretty)
I’m de-influencing you from buying the RingConn 3 (even though it’s pretty) The RingConn 3 actually looks like real jewelry, not a wearable — but its fitness tracking and headache detection features are disappointing.
-
Reflection inks $1B compute deal with Nebius
Reflection inks $1B compute deal with Nebius Reflection AI has signed a $1 billion deal to access Nebius’ compute. Reflection was founded in 2024 and is developing open source AI technology.
-
The real AI race may no longer be at the frontier
The real AI race may no longer be at the frontier Hugging Face CEO Clem Delangue says enterprises increasingly want open models, due to cost, accessibility, and ownership. Do frontier models still matter if most production AI ends up running on open models?
-
Telegram’s shortlink domain is back online after day-long suspension
Telegram’s shortlink domain is back online after day-long suspension Telegram CEO Pavel Durov confirmed an outage in a tweet, saying that shortlinks to the messaging app had “stopped working.”
-
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo’s security team, which discovered and reported the…
-
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. “An attacker exploiting one of these vulnerable applications can execute untrusted code during system…
-
Plex Keeps Getting Worse. Is Jellyfin a Decent Replacement?

Plex Keeps Getting Worse. Is Jellyfin a Decent Replacement? If you want to stream local media, this free and open source media server is just as good as Plex. But if you rely on remote access or live TV, prepare to tinker.
-
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain…
-
9 Tips to Get More Out of Google Chat

9 Tips to Get More Out of Google Chat There’s more to Google’s messaging app than you might realize.
-
Best RGB TVs (2026): My Picks After Testing the Hottest TVs

Best RGB TVs (2026): My Picks After Testing the Hottest TVs RGB TVs are the latest hotness in the world of televisions, and I’ve tested many of the latest models to see which you should buy.
-
How Pentera Turns AI Security Workflows into Validation Engines

How Pentera Turns AI Security Workflows into Validation Engines AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because…
-
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating…
-
Oura Ring 5 Review: Still the Smart Ring to Beat

Oura Ring 5 Review: Still the Smart Ring to Beat It’s not the upgrade Ring 4 owners have been waiting for, but it’s easily the best smart ring Oura has ever made.
-
This German Man Is on a Quest to Cut the Perfect Slice of Bread
.jpg)
This German Man Is on a Quest to Cut the Perfect Slice of Bread Armed with high-end knives and digital calipers, Germanbreadcutter has entranced thousands of fans, one loaf at a time.
-
This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone

This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone On this week’s episode of The Big Interview podcast, WIRED’s senior culture editor Manisha Krishnan talks to Gowanus about eschewing Big Tech, going outside, and rejection in the age of dating apps.
-
The Chatbot That Foretold Why People Share Secrets With ChatGPT

The Chatbot That Foretold Why People Share Secrets With ChatGPT In the 1960s an MIT professor named Joseph Weizenbaum created a chatbot called ELIZA. The conversations people had with it set precedents for the chatbots to come.
-
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured…
-
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused…
-
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them.…
-
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth…
-
Sam Altman’s space data center trash talk is what most experts already believe
Sam Altman’s space data center trash talk is what most experts already believe “homeboy you’re the one sellling [sic] public market investors on short-term space datacenters.”
-
Tesla Says It’s Building a Wheelchair-Accessible Robotaxi

Tesla Says It’s Building a Wheelchair-Accessible Robotaxi A Tesla representative at a DC hearing said the vehicle is “an active product being built.” But its timeline isn’t clear.
-
Investors send General Fusion soaring in debut as first publicly traded fusion company
Investors send General Fusion soaring in debut as first publicly traded fusion company General Fusion started trading on the Nasdaq following a reverse merger that saw high redemptions.
-
12 states sue to block Paramount’s $110B Warner Bros. deal
12 states sue to block Paramount’s $110B Warner Bros. deal The states allege that the deal would harm movie theaters, basic cable distributors, and audiences.
-
Should AI help you get away with killing your spouse?
Should AI help you get away with killing your spouse? What does a world of total user-aligned AI actually look like?
-
There Are Endless Conspiracy Theories About Lindsey Graham’s Death

There Are Endless Conspiracy Theories About Lindsey Graham’s Death Despite a complete lack of evidence, everyone from Russia to Israel and Iran is being blamed for Lindsey Graham’s death.
-
As TV-tracking app TV Time shuts down, its founder builds Bingers, a new home for fans
As TV-tracking app TV Time shuts down, its founder builds Bingers, a new home for fans The creator of TV Time is building a successor app that will let users import their watch histories and preserve the community that formed around discussing their favorite shows.
-
Anthropic starts localizing Claude pricing for India, its biggest market after the US
Anthropic starts localizing Claude pricing for India, its biggest market after the US Claude users in India are starting to see Indian rupee-denominated subscription plans.
-
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t…
-
SpaceX cleared to fly Starship again after booster failure in May
SpaceX cleared to fly Starship again after booster failure in May This will be the first Starship test flight for SpaceX as a public company, testing the market’s appetite for the company’s “fly, fail, fix” approach to rocket development, which often ends in fireballs.
-
-
-
ICE Is Using Data Broker Tools to ‘Identify Unaccompanied Minors’ and ‘Fraud’

ICE Is Using Data Broker Tools to ‘Identify Unaccompanied Minors’ and ‘Fraud’ A newly renewed, $25 million-per-year contract with a subsidiary of Thompson Reuters further expands the power of ICE under the Trump administration.
-
New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens

New NadMesh Botnet Hunts Exposed AI Services for Cloud Keys and Kubernetes Tokens A Go botnet called NadMesh turned up in early July hunting exposed AI services, and the operator’s own dashboard claims 3,811 unique AWS keys. A Shodan harvester keeps the scan queue stocked with ComfyUI, Ollama, n8n, Open WebUI, Langflow, and Gradio: the…
-
‘The Odyssey’ Backlash Failed Tremendously

‘The Odyssey’ Backlash Failed Tremendously For all the hysteria over “woke” casting and ahistorical choices, Christopher Nolan’s epic is on track to make $200 million globally during its opening weekend.
-
GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft

GoldenEyeDog Subgroup Linked to DigiCert Breach and Code-Signing Certificate Theft Cybersecurity researchers have attributed the April 2026 DigiCert security incident to a threat activity cluster dubbed CylindricalCanine. Expel, which shared technical details of the event, described the threat actor as a sub-group of GoldenEyeDog (aka APT-Q-27, Dragon Breath, and Miuuti Group), a Chinese cybercrime group…
-
Lyft’s CEO Says, ‘We’re the Good Uber’

Lyft’s CEO Says, ‘We’re the Good Uber’ David Risher insists that Lyft has lowered its prices and that customers who only check his competitor’s app are “leaving money on the table.”
-
The Best New Camping Gear at REI (2026): Tents, Coolers, Bikes, More

The Best New Camping Gear at REI (2026): Tents, Coolers, Bikes, More I tested REI’s best new and revamped outdoor gear of 2026. Here’s what’s worth buying, from tents and sleeping bags to coolers and bikes.
-
Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images

Fake Coding Tests Deliver OtterCookie-Aligned Malware Hidden in SVG Flag Images North Korean threat actors linked to the Contagious Interview campaign have been observed employing steganography in SVG image files to conceal malicious payloads as part of a campaign using fake job postings and coding challenges. “Any user who ran the project ended up with…
-
Conspiracy Theorists Think Trump’s Speech Paves the Path to the Insurrection Act

Conspiracy Theorists Think Trump’s Speech Paves the Path to the Insurrection Act Election deniers have spent years promoting the idea that the 2020 election was stolen. They believe Donald Trump’s speech finally proves them right.
-
Essential Gear for an Emergency Kit—for Cars or Go-Bags

Essential Gear for an Emergency Kit—for Cars or Go-Bags We consulted preparedness experts and WIRED’s team of testers for the essential gear to keep on hand in case of wildfires, earthquakes, and lord knows what else.
-
5 Best Smart Speakers (2026): Alexa, Google, Apple

5 Best Smart Speakers (2026): Alexa, Google, Apple Looking to add a smart speaker to your house? Here’s which to choose, whether you’re an Alexa, Siri, or Gemini fan.
-
E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants

E.U. Orders Google to Open Android Mic, Camera and Screen to Rival AI Assistants The European Commission on Thursday ordered Google to give rival AI assistants the same reach into Android that Gemini already has: the camera, the microphone, whatever is on screen, a wake word that fires with the display off, and the ability…
-
The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace?

The Race to Field Military Autonomy Is On, Can Trusted Information Infrastructure Keep Pace? Military forces are under increasing pressure to field autonomous capabilities faster than ever before. Across the U.S., UK, and NATO, new investment, evolving defense strategies, and accelerated acquisition pathways are transforming how capability is delivered, rewarding programs that can move from…
-
Valve Steam Machine Review: A Compromised Console
.jpg)
Valve Steam Machine Review: A Compromised Console Great for indie darlings, but Sony, Microsoft, and Nintendo remain kings of TV gaming.
-
Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man

Armenia Detains Russian Tourist on U.S. Warrant for REvil Hacker, Lawyers Say Wrong Man Armenia has held a Russian tourist named Aleksandr Ermakov in a detention center since June 28, on a U.S. extradition request for a REvil ransomware suspect named Aleksandr Ermakov. His wife, Maria Yurova, told REN TV that border officers pulled him…
-
Panasonic Japanese Microwave Review (2026): True 1-Button Cooking

Panasonic Japanese Microwave Review (2026): True 1-Button Cooking The Japanese Microwave measures food temperature directly, and stops cooking when food’s hot. It’s kinda terrific.
-
23 Best Gifts for Cooks (2026): Vitamix, Frying Pans, Air Fryers

23 Best Gifts for Cooks (2026): Vitamix, Frying Pans, Air Fryers From the best air fryer to frying pans to knife sharpeners anyone can use, these ideas will keep the curious home chef in your life tinkering away.
-
ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files

ACR Stealer Uses ClickFix Lures to Steal Browser Tokens and Microsoft 365 Files ACR Stealer, an infostealer in circulation since 2024, is walking out of enterprise networks with saved browser passwords, live session tokens, PDFs, Microsoft 365 documents, and files from synced OneDrive and SharePoint folders. It gets in because someone pasted a command into…
-
New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage

New GoSerpent Malware Targets Southeast Asian Governments and Diplomats for Espionage Cybersecurity researchers have discovered a previously undocumented malware called GoSerpent that has been put to use in cyber attacks targeting entities in Southeast Asia since late 2025 with a focus on long-term access and intelligence gathering. Russian cybersecurity company Kaspersky, which uncovered the activity…
-
CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV

CISA Adds Exploited SharePoint RCE Zero-Day CVE-2026-58644 to KEV The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a newly patched security flaw impacting Microsoft SharePoint Server to its Known Exploited Vulnerabilities (KEV) catalog, requiring Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by July 19, 2026. The vulnerability in question…
-
Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack Owen Flowers, 18, and Thalha Jubair, 20, were each sentenced to five and a half years at Woolwich Crown Court on Thursday, 16 July 2026, for the 2024 hack of Transport for London. The attack left 148 TfL systems inoperable and forced…
-
ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories

ThreatsDay: Game Cheat Spyware, 24-Hour Ransomware, Chrome Sync Stalking + 12 More Stories A lot of this week’s trouble starts with something that looks close enough. A familiar repo. A useful installer. A harmless sync setting. Then the handoff goes bad, the box starts talking to someone else, and the damage moves faster than the…
-
Swatch’s New Gold MoonSwatch Solves the Problem of the Nightmare Royal Pop Launch

Swatch’s New Gold MoonSwatch Solves the Problem of the Nightmare Royal Pop Launch Swatch’s latest MoonSwatch is the Mission to the Moon 1969, a limited-edition model with components crafted from Omega’s 18K Moonshine Gold. To get one, you’ll have to join a lottery.
-
n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer

n8n Token Exchange Flaw Could Let Attackers Log In as Users From Another Issuer n8n, the workflow automation platform, handed out the wrong accounts at login. On Enterprise instances configured to trust more than one external token issuer, it matched an incoming JWT to a local user on the sub claim alone and ignored iss. A valid token…
-
New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands

New TELEPUZ Malware Spreads via ClickFix to Steal Data and Run Commands Cybersecurity researchers have called attention to a new modular malware called TELEPUZ that’s been spreading via websites infected with ClickFix lures since late April 2026. “The malware is full-featured, lightweight, and modular,” Elastic Security Labs researcher Cyril François said in a technical report.…
-
New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password ClickLock Stealer, a new macOS infostealer, answers a victim’s refusal by killing their apps on a loop until they hand over the login password. It arrives as a command pasted into Terminal, asks for the password behind a fake system dialog, and…
-
XPeng’s New ‘Budget’ EV Looks Like the Ferrari Luce

XPeng’s New ‘Budget’ EV Looks Like the Ferrari Luce The electric L03 is looking to punch above its weight in style and tech as it launches in 60 countries worldwide.
-
11 Best Sleeping Bags (2026): Ultralight, Warm Weather, for Kids

11 Best Sleeping Bags (2026): Ultralight, Warm Weather, for Kids Whether you’re climbing peaks or taking the family to the local park, we’ve found the best sleeping bags for every temperature, budget, and camping expedition.
-
20+ Hijacked Government Websites Became an Attack Channel

20+ Hijacked Government Websites Became an Attack Channel More than 20 Brazilian government websites were hijacked and turned into malware delivery channels in an active PhantomEnigma campaign uncovered by ANY.RUN, a leading provider of interactive malware analysis and threat intelligence solutions. The investigation revealed previously undocumented backdoor behavior, hidden infrastructure relationships, and multiple attack arms behind…
-
The Best Backpacking Water Filters of 2026

The Best Backpacking Water Filters of 2026 We’ve tested filters from Sawyer, Katadyn, LifeStraw, MSR and more to find the best option for every adventure.
-
New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands

New Agent Data Injection Attack Can Make AI Agents Misclick or Run Attacker Commands Ask an AI agent to summarize the reviews on a product page, and a single planted review can make it click “Buy Now” instead. Ask a coding assistant to apply a maintainer’s fix from a GitHub thread, and a fake comment…
-
Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor

Daxin Resurfaces in Taiwan Alongside Stupig Pre-Login SYSTEM Backdoor An advanced malware previously attributed to a China-linked threat actor has resurfaced after more than four years within a Taiwan manufacturing firm, along with a previously unreported backdoor dubbed Stupig. Daxin (“srt64.sys”), as the kernel-mode rootkit is referred to, was first documented by Broadcom-owned Symantec in…
-
Hisense XR10 Smart Projector Review: RGB-Powered Wonder

Hisense XR10 Smart Projector Review: RGB-Powered Wonder Projectors are adopting RGB backlighting, the hottest tech from the world of TVs. This large but vivid projector is a great option for summer movie nights.
-
Gay Men Flocked to Goose for Friendship. Some Still Feel Excluded

Gay Men Flocked to Goose for Friendship. Some Still Feel Excluded Despite positioning itself as an anti-hookup app, users tell WIRED that Goose has fake profiles, harsh acceptance standards, and problems with inclusivity.
-
AI Can Find Bugs, But Human Knowledge Still Proves Them

AI Can Find Bugs, But Human Knowledge Still Proves Them Artificial intelligence (AI) is changing offensive security, but it has not changed the standard that matters most: a finding has to be proven before it becomes useful. AI-assisted tools can read code quickly, generate payloads, summarize attack surfaces, explain unfamiliar APIs, and run repetitive testing…
-
Best Air Purifiers (2026): Coway, AirDoctor, IQAir, and More

Best Air Purifiers (2026): Coway, AirDoctor, IQAir, and More Protect your home against dust, pets, allergens, and more with the best air purifiers, tested firsthand.
-
Please Stop Making Me Opt Out of AI

Please Stop Making Me Opt Out of AI I’m sick of “opt-out” toggles for automatically enabled generative AI features. It’s past time to make “opt in” the default setting for sensitive features.
-
Astronomers Have Found a Sugar Molecule in Deep Space for the First Time Ever

Astronomers Have Found a Sugar Molecule in Deep Space for the First Time Ever Researchers identified traces of erythrulose, a monosaccharide, thousands of light-years away.
-
Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide

Unpatched Shark Vacuum Flaw Could Let Attackers Control Other Vacuums Region-Wide Pull the certificate off the flash of a Shark RV2320EDUS robot vacuum, and you can run root commands on other people’s Shark vacuums across the same AWS region: watch the camera, drive the robot, read the map of the house, and take the Wi-Fi…
-
OnePlus, the ‘Flagship-Killer’ Smartphone Brand, Is All but Dead

OnePlus, the ‘Flagship-Killer’ Smartphone Brand, Is All but Dead The original OnePlus phone disrupted the mobile market 13 years ago with its affordable price and top-end specs. Now, the company is exiting North America and Europe to focus on China.
-
OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol

OpenAI’s GPT-Red Automates Prompt Injection Testing to Harden GPT-5.6 Sol OpenAI has disclosed details of GPT-Red, an internal automated red-teaming model that scales prompt injection vulnerability discovery with an aim to fix issues before the tools are deployed widely. “GPT‑Red is a strong red-teamer, and our previous models are highly vulnerable to its prompt injection…
-
Lionel Messi’s Final World Cup—and the Death of Early Retirement

Lionel Messi’s Final World Cup—and the Death of Early Retirement Argentina’s Lionel Messi was supposed to be done years ago. Now, sports science is helping soccer’s biggest stars rewrite the rules of aging.
-
OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps

OkoBot Malware Framework Injects Seed Phrase Phishing Into Ledger and Trezor Apps A malware framework called OkoBot has been running on Windows machines since April 2025, and one of its modules is built to con hardware wallet owners out of their recovery phrase. On an infected PC, the request comes from inside the wallet’s own…
-
Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws

Firefox, Chrome, Adobe, and VMware Updates Fix Multiple Critical Security Flaws Mozilla has released updates to address two critical flaws in Firefox for which it warned that exploit code has been published. The vulnerabilities are listed below – CVE-2026-15718, an invalid pointer in the JavaScript: WebAssembly component CVE-2026-15719, a site isolation in the DOM: Navigation…
-
An Inventor of Apple’s FaceID Wants to Analyze Your Brain’s Health With AI

An Inventor of Apple’s FaceID Wants to Analyze Your Brain’s Health With AI Gidi Littwin’s new AI startup, Hemispheric, makes diagnostic brain scans for conditions like depression, PTSD, and Parkinson’s. He wants the technology to be as cheap and easy as for a blood test.
-
SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough.

SASE Has An AI Blind Spot. Inspecting Packets Is No Longer Enough. For years, routing traffic through cloud proxies was good enough. Then work moved to the browser, AI entered the workflow, and the inspection model stopped keeping up. Enterprise workflows now live across SaaS applications, browsers, and an expanding ecosystem of generative AI tools,…
-
Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday

Researcher Drops New Windows Zero-Day PoC Hours After Microsoft Patch Tuesday Security researcher Chaotic Eclipse (aka Nightmare-Eclipse) has released a new proof-of-concept (PoC) exploit called LegacyHive. It has been described as a Windows User Profile Service arbitrary hive load elevation of privileges vulnerability. The Windows User Profile Service, also referred to as ProfSvc, is a…
-
New Webinar: Closing the Approval Gap in AI-Era Ad Tech

New Webinar: Closing the Approval Gap in AI-Era Ad Tech A single approved marketing tag can quietly load fourth-party code your security team has never seen, granting full access to your forms, customer data, and checkout pages. This on-demand webinar reveals how this Approval Gap forms, and gives your team the blueprint to close it…
-
The Best iPad to Buy (and Some to Avoid) in 2026: Air, Pro, Mini
.jpg)
The Best iPad to Buy (and Some to Avoid) in 2026: Air, Pro, Mini Apple just raised its prices. Here’s an updated breakdown of the brand’s tablets to find the best one for your needs.
-
MSI Claw 8 EX AI+ Review: Great Power, Shocking Price

MSI Claw 8 EX AI+ Review: Great Power, Shocking Price But with great power comes a great price.
-
Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution

Cursor Flaw Lets Malicious Cloned Repositories Trigger Windows Code Execution Open a repository in Cursor on Windows and, if a file named git.exe is sitting in the project root, Cursor runs it. No click, no approval dialog, no warning that anything in the folder is about to execute. Whatever that binary does, it does as you, with your…
-
4 Best Personal Safety Alarms: Garmin, Sabre, & More (2026)

4 Best Personal Safety Alarms: Garmin, Sabre, & More (2026) Make some noise for safety with our favorite alarms, from keychain sirens to wearable bracelets.
-
The Best Google Home Speaker (2026)

The Best Google Home Speaker (2026) There’s now only one worth buying—but you can still access new features on older models you might already own.
-
My Ebike Delivery Went Missing. When I Tried to Recover It, I Ended Up in Chatbot Hell
.jpg)
My Ebike Delivery Went Missing. When I Tried to Recover It, I Ended Up in Chatbot Hell Companies’ increasing reliance on AI chatbots isn’t making the customer service experience smarter. It’s just making it more infuriating.
-
The Explosive Diarrhea Outbreak Is About to Get Much Bigger

The Explosive Diarrhea Outbreak Is About to Get Much Bigger Official case counts likely capture only a fraction of US cyclosporiasis infections, and the outbreak is likely to get worse before it gets better.
-
Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware

Compromised AsyncAPI npm Packages Deliver Multi-Stage Botnet Malware Four compromised npm packages in the @asyncapi namespace have been observed distributing a multi-stage botnet loader, according to findings from OX Security, SafeDep, Socket, and StepSecurity. The affected packages are listed below – @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/[email protected] @asyncapi/specs(v6.11.2, v6.11.2-alpha.1) “The
-
OpenAI Staffers Are Funding a Rival Super PAC to Take on Their Boss

OpenAI Staffers Are Funding a Rival Super PAC to Take on Their Boss OpenAI employees have donated more than $215,000 to a political effort opposing Leading the Future, a group backed by the company’s president, Greg Brockman.
-
How To Watch the 2026 FIFA World Cup Semifinals: England vs Argentina

How To Watch the 2026 FIFA World Cup Semifinals: England vs Argentina The end of the FIFA Men’s World Cup is nigh. Here’s how to watch the final games and the first ever World Cup halftime show.
-
Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands

Two SonicWall SMA 1000 Zero-Days Exploited, One Could Enable Admin Commands SonicWall has warned of active exploitation of two zero-day vulnerabilities impacting Secure Mobile Access (SMA) 1000 series appliances, one of which could be exploited to achieve arbitrary command execution. The vulnerabilities are listed below – CVE-2026-15409 (CVSS score: 10.0) – A Server-side request forgery…
-
Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack

Microsoft Patches Record 622 Flaws, Including Two Zero-Days Under Active Attack Microsoft shipped its largest Patch Tuesday on record today, and two of the fixes close holes that attackers are already exploiting. The release covers 622 of Microsoft’s own CVEs by its Security Update Guide count, more than triple June’s previous high of around 200. Those two live…
-
SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data

SAP Patches CVSS 9.9 NetWeaver ABAP Flaw That Could Expose or Modify Data SAP has rolled out updates to address multiple vulnerabilities as part of its July 2026 security updates, including a critical flaw in SAP NetWeaver Application Server ABAP. The vulnerability in question is CVE-2026-44747 (CVSS score: 9.9), an out-of-bounds write flaw that allows…
-
DeepMind CEO calls for an independent standards body to regulate frontier AI
DeepMind CEO calls for an independent standards body to regulate frontier AI DeepMind CEO Demis Hassabis is proposing an AI “standards body” modeled after FINRA, to test frontier models and develop best practices for their release.
-
How To Watch the 2026 FIFA World Cup Semifinals: France vs Spain

How To Watch the 2026 FIFA World Cup Semifinals: France vs Spain The end of the FIFA Men’s World Cup is nigh. Here’s how to watch the final games and the first ever World Cup halftime show.
-
LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts

LabubaRAT Masquerades as NVIDIA Software to Control Windows Hosts Cybersecurity researchers have flagged a previously undocumented Rust-based remote access trojan (RAT) codenamed LabubaRAT that masquerades as NVIDIA software to blend into target environments. “LabubaRAT creates a reusable foothold for hands-on activity,” Blackpoint Cyber researchers Sam Decker and Nevan Beal said in an analysis published today.…
-
DeepSeek reportedly in talks to raise $1.5B, then IPO
DeepSeek reportedly in talks to raise $1.5B, then IPO DeepSeek, the Chinese large language model developer, is said to be preparing for a 2027 IPO debut as it also looks to raise around $1.5 billion in new funds at a $71 billion valuation.
-
Meta’s Adam Mosseri says AI token budgets could soon be capped per engineer
Meta’s Adam Mosseri says AI token budgets could soon be capped per engineer Instagram head Adam Mosseri believes companies will eventually need to manage AI token spending the same way they manage payroll or other operating expenses, predicting that engineers could soon face limits on how much they spend using AI tools.
-
YouTube and X Have Become ‘Gateways’ to Nudify Apps

YouTube and X Have Become ‘Gateways’ to Nudify Apps A new study found that social media platforms are referring people to sites where they can create nonconsensual, sexually explicit deepfakes for as little as $1 an image.
-
Google Images gets a Pinterest-like redesign focused on discovery
Google Images gets a Pinterest-like redesign focused on discovery Now, when users navigate to Google Images, they’ll see a “For You” gallery of images tailored to their interests and browsing history.
-
New York State halts construction of all new data centers
New York State halts construction of all new data centers New York has become the first state to temporarily halt approval of large data centers, as Gov. Kathy Hochul argues the AI-driven building boom shouldn’t come at the expense of higher electricity costs, water supplies, or local control.
-
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says
Iran abused mobile networks’ vulnerabilities to locate US military in the Middle East, report says The Iranian government exploited well-known flaws in cellphone networks to locate and then strike U.S. military personnel in the build-up and beginning of the war.
-
New York Governor Signs First Statewide Data Center Moratorium

New York Governor Signs First Statewide Data Center Moratorium “We have no choice but to address the challenges created by these massive facilities,” New York governor Kathy Hochul said. The executive order will pause construction for one year.
-
I’m de-influencing you from buying the RingConn 3 (even though it’s pretty)
I’m de-influencing you from buying the RingConn 3 (even though it’s pretty) The RingConn 3 actually looks like real jewelry, not a wearable — but its fitness tracking and headache detection features are disappointing.
-
Reflection inks $1B compute deal with Nebius
Reflection inks $1B compute deal with Nebius Reflection AI has signed a $1 billion deal to access Nebius’ compute. Reflection was founded in 2024 and is developing open source AI technology.
-
The real AI race may no longer be at the frontier
The real AI race may no longer be at the frontier Hugging Face CEO Clem Delangue says enterprises increasingly want open models, due to cost, accessibility, and ownership. Do frontier models still matter if most production AI ends up running on open models?
-
Telegram’s shortlink domain is back online after day-long suspension
Telegram’s shortlink domain is back online after day-long suspension Telegram CEO Pavel Durov confirmed an outage in a tweet, saying that shortlinks to the messaging app had “stopped working.”
-
RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata

RabbitMQ Flaws Could Leak OAuth Secrets and Expose Cross-Tenant Queue Metadata Cybersecurity researchers have disclosed details of two access control-related flaws impacting the RabbitMQ message broker service that could allow attackers to leak OAuth client secrets, expose enterprise messaging infrastructure to takeover risks, and bypass tenant boundaries. Miggo’s security team, which discovered and reported the…
-
11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot

11 Old Microsoft-Signed Linux UEFI Shims Could Let Attackers Bypass Secure Boot Cybersecurity researchers have discovered 11 old, Microsoft-signed, Unified Extensible Firmware Interface (UEFI) applications that could be abused to bypass Secure Boot on most systems using the modern firmware standard. “An attacker exploiting one of these vulnerable applications can execute untrusted code during system…
-
Plex Keeps Getting Worse. Is Jellyfin a Decent Replacement?

Plex Keeps Getting Worse. Is Jellyfin a Decent Replacement? If you want to stream local media, this free and open source media server is just as good as Plex. But if you rely on remote access or live TV, prepare to tinker.
-
Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks

Study of 85 Crypto Wallet Extensions Finds Address Leaks and Cross-Site Tracking Risks Researchers at KU Leuven tested 85 of the most popular crypto wallets that run as browser extensions and found that the wallets themselves leak enough to link and track the people using them. The way these wallets talk to websites and blockchain…
-
9 Tips to Get More Out of Google Chat

9 Tips to Get More Out of Google Chat There’s more to Google’s messaging app than you might realize.
-
Best RGB TVs (2026): My Picks After Testing the Hottest TVs

Best RGB TVs (2026): My Picks After Testing the Hottest TVs RGB TVs are the latest hotness in the world of televisions, and I’ve tested many of the latest models to see which you should buy.
-
How Pentera Turns AI Security Workflows into Validation Engines

How Pentera Turns AI Security Workflows into Validation Engines AI security agents are starting to influence real security decisions. They summarize findings, prioritize remediation, recommend next steps, and help teams move faster. But most still rely on fragmented risk signals: scanner output, severity scores, threat intelligence, configuration findings, and exposure data. That fragmentation matters because…
-
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials

OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials At least two distinct threat actors are weaponizing a novel evasion technique called OAuth client ID spoofing in cloud campaigns, while slipping past telemetry. The activity allows users to enumerate user accounts and validate stolen credentials in Microsoft Entra ID environments, without ever generating…
-
Oura Ring 5 Review: Still the Smart Ring to Beat

Oura Ring 5 Review: Still the Smart Ring to Beat It’s not the upgrade Ring 4 owners have been waiting for, but it’s easily the best smart ring Oura has ever made.
-
This German Man Is on a Quest to Cut the Perfect Slice of Bread
.jpg)
This German Man Is on a Quest to Cut the Perfect Slice of Bread Armed with high-end knives and digital calipers, Germanbreadcutter has entranced thousands of fans, one loaf at a time.
-
This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone

This Luddite Puppet Hopes You’re Not Reading This on Your Smartphone On this week’s episode of The Big Interview podcast, WIRED’s senior culture editor Manisha Krishnan talks to Gowanus about eschewing Big Tech, going outside, and rejection in the age of dating apps.
-
The Chatbot That Foretold Why People Share Secrets With ChatGPT

The Chatbot That Foretold Why People Share Secrets With ChatGPT In the 1960s an MIT professor named Joseph Weizenbaum created a chatbot called ELIZA. The conversations people had with it set precedents for the chatbots to come.
-
Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read

Grok Build Uploaded Entire Git Repositories to xAI Storage, Not Just Files It Read xAI’s Grok Build coding CLI was uploading entire Git repositories, full commit history and all, to a Google Cloud Storage bucket run by xAI, not just the files a coding task needed. A researcher publishing as cereblab, testing version 0.2.93, captured…
-
U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support

U.S. Sanctions First VPN Service and Malware Cryptor Seller Over Ransomware Support The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has designated two individuals and a VPN service provider for enabling ransomware actors’ and other cybercriminals’ malicious activities, including ransomware attacks against Americans. The VPN, named First VPN Service (1VPNS), has been accused…
-
148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet

148 npm Packages Disguised as Student Proxies Turned Browsers Into a DDoS Botnet A campaign of 148 npm packages disguised as student web proxies turned visitors’ browsers into a distributed denial-of-service botnet for roughly two weeks in May, according to new research from JFrog. The packages did not go after the developers who might install them.…
-
Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity

Microsoft Maps Three Salesforce Attack Paths Tied to a Year of ShinyHunters Activity Attackers whose methods line up with the data-extortion group ShinyHunters have spent the past year walking into corporate Salesforce environments without exploiting a single flaw in the platform. The way in has been the trust the organization had already extended, usually through the OAuth…
-
Sam Altman’s space data center trash talk is what most experts already believe
Sam Altman’s space data center trash talk is what most experts already believe “homeboy you’re the one sellling [sic] public market investors on short-term space datacenters.”
-
Tesla Says It’s Building a Wheelchair-Accessible Robotaxi

Tesla Says It’s Building a Wheelchair-Accessible Robotaxi A Tesla representative at a DC hearing said the vehicle is “an active product being built.” But its timeline isn’t clear.
-
Investors send General Fusion soaring in debut as first publicly traded fusion company
Investors send General Fusion soaring in debut as first publicly traded fusion company General Fusion started trading on the Nasdaq following a reverse merger that saw high redemptions.
-
12 states sue to block Paramount’s $110B Warner Bros. deal
12 states sue to block Paramount’s $110B Warner Bros. deal The states allege that the deal would harm movie theaters, basic cable distributors, and audiences.
-
Should AI help you get away with killing your spouse?
Should AI help you get away with killing your spouse? What does a world of total user-aligned AI actually look like?
-
There Are Endless Conspiracy Theories About Lindsey Graham’s Death

There Are Endless Conspiracy Theories About Lindsey Graham’s Death Despite a complete lack of evidence, everyone from Russia to Israel and Iran is being blamed for Lindsey Graham’s death.
-
As TV-tracking app TV Time shuts down, its founder builds Bingers, a new home for fans
As TV-tracking app TV Time shuts down, its founder builds Bingers, a new home for fans The creator of TV Time is building a successor app that will let users import their watch histories and preserve the community that formed around discussing their favorite shows.
-
Anthropic starts localizing Claude pricing for India, its biggest market after the US
Anthropic starts localizing Claude pricing for India, its biggest market after the US Claude users in India are starting to see Indian rupee-denominated subscription plans.
-
⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More

⚡ Weekly Recap: ShareFile Threat, Citrix Bleed 2 Ransomware, AI Coding Attacks, and More Somewhere right now, a security tool is quietly finding bugs faster than any human can fix them. That’s supposed to be the good news. The catch is that the attackers have the same tools, pointed the other way, and they don’t…
-
SpaceX cleared to fly Starship again after booster failure in May
SpaceX cleared to fly Starship again after booster failure in May This will be the first Starship test flight for SpaceX as a public company, testing the market’s appetite for the company’s “fly, fail, fix” approach to rocket development, which often ends in fireballs.
-

