Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Cloudflare moves up its post-quantum deadline as researchers narrow the path to Q-Day
Cloudflare announced it is targeting 2029 to complete post-quantum security across its entire product suite, including post-quantum authentication. The company is following a revised roadmap that Google also adopted after announcing that it had improved the quantum algorithm used to break elliptic curve cryptography. Google stopped short of publishing the algorithm, disclosing only a zero-knowledge proof of its existence.

6G network design puts AI at the center of spectrum, routing, and fault management
Wireless network operators are preparing for a generation of infrastructure where AI is built into the architecture from the start. Sixth-generation networks, expected to reach commercial development over the coming decade, are being designed with AI at the center of how spectrum is allocated, traffic is routed, and failures are detected.

What managing partners should ask AI vendors before signing any contract
In this Help Net Security interview, Kumar Ravi, Chief Security & Resilience Officer at TMF Group, argues that over-privileged access and weak workflow controls pose more danger than ransomware attacks, precisely because they accumulate quietly and go unnoticed.

Chaos malware expands from routers to Linux cloud servers
Chaos, Go-based malware first documented by Lumen’s Black Lotus Labs, has historically targeted routers and edge devices. A new variant observed in March 2026 shows the malware operating against misconfigured Linux cloud servers, a category of infrastructure the botnet had not previously prioritized.

Asqav: Open-source SDK for AI agent governance
AI agents are executing consequential tasks autonomously, often across multiple systems and with little record of what they did or why. Asqav, a Python SDK released under the MIT license, addresses that gap by attaching a cryptographic signature to each agent action and linking entries into a hash chain.

AI agent intent is a starting point, not a security strategy
In this Help Net Security interview, Itamar Apelblat, CEO of Token Security, walks through findings from the company’s research, which shows that 65% of agentic chatbots have never been used yet still hold live access credentials. He explains why organizations treat AI agents more like quick experiments than governed identities, and why that creates risks similar to orphaned service accounts, only harder to see.

Health insurance lead sites sell personal data within seconds of form submission
Lead generation websites that offer health insurance quotes collect sensitive personal data and sell it to multiple buyers within seconds of a user clicking submit. A study by researchers at UC Davis, Stanford University, and Maastricht University mapped this process across 105 health insurance lead generation sites and monitored what happened to the data over 60 days.

What vibe hunting gets right about AI threat hunting, and where it breaks down
In this Help Net Security interview, Aqsa Taylor, Chief Security Evangelist, Exaforce, explains vibe hunting, an AI-driven approach to threat detection that inverts traditional hypothesis-driven methods.Instead of analysts defining attack vectors upfront, the AI scans datasets for anomalous patterns and surfaces potential threats.

Little Snitch for Linux shows what your apps are connecting to
Network monitoring on Linux has long been a gap for users who want per-process visibility into outbound connections. Existing tools either operate at the command line or were designed for server security rather than desktop privacy. Objective Development, the Austrian company behind the macOS firewall utility Little Snitch, released a Linux version of the tool. It is free and, according to the company, will remain so.

To counter cookie theft, Chrome ships device-bound session credentials
Cookie theft follows a well-established pattern. Infostealer malware infiltrates a device, extracts authentication cookies, and exfiltrates them to an attacker-controlled server. Because cookies often have extended lifetimes, attackers can access accounts without passwords, then bundle and sell the stolen credentials. Once malware gains access to a machine, it can read the local files and memory where browsers store authentication cookies.

Social engineering attacks on open source developers are escalating
North Korean hackers spent weeks socially engineering an Axios maintainer through a fake Slack workspace, a cloned company identity, and a fabricated Microsoft Teams call that tricked him into installing a RAT posings as a software update. They used the access they gained to inject malware into npm packages downloaded 100+ million times a week.

BlueHammer: Windows zero-day exploit leaked
A buggy but functional proof-of-concept (PoC) exploit for an unpatched Windows local privilege escalation vulnerability dubbed BlueHammer has been published on GitHub by someone who goes by the handle Chaotic Eclipse and Nightmare Eclipse.

Acrobat Reader zero-day exploited in the wild for many months
Unknown attackers have exploited a zero-day Adobe Acrobat Reader vulnerability since November 2025 and possibly even earlier, security researcher Haifei Li has discovered.

Claude helps researcher dig up decade-old Apache ActiveMQ RCE vulnerability (CVE-2026-34197)
In the latest demonstration of how AI assistants can help with bug hunting, Horizon3.ai researcher Naveen Sunkavally used Claude to unearth CVE-2026-34197, a remote code execution vulnerability in Apache ActiveMQ that’s been introduced in the codebase 13 years ago.

Poisoned “Office 365” search results lead to stolen paychecks
A financially motivated hacking group is targeting Canadian employees with a sophisticated campaign designed to covertly redirect their salary payments into attacker-controlled bank accounts, Microsoft researchers discovered.

How Mimecast brings enterprise-grade email protection to API deployment
In this Help Net Security video, Andrew Williams, Senior Product Manager at Mimecast, walks through the company’s API-based email security protection for Microsoft 365 and Google Workspace environments.

April 2026 Patch Tuesday forecast: Spring-cleaning of a preview
The first quarter of the year has already passed. Recent discussions on AI and its risks underscore the importance of human oversight. AI can deliver value in many situations, but it can still reach incorrect conclusions even with complete information. For now, the approach remains trust but verify.

IT talent looks the other way as wireless security incidents pile up
Enterprise wireless networks are supporting a growing mix of devices and applications, increasing operational demand and security exposure. The 2026 Cisco State of Wireless report reflects these conditions through rising incident rates, higher costs, and ongoing staffing challenges.

Residential proxies make a mockery of IP-based defenses
Attack traffic moved through ordinary home and mobile connections in ways that limited the usefulness of IP reputation on its own. GreyNoise observed 4 billion malicious sessions during a 90-day period and described activity that appeared indistinguishable from normal user traffic at the network level.

OpenAI opens applications for an external AI safety research fellowship
OpenAI is accepting applications for a paid fellowship program that will fund external researchers to work on safety and alignment questions related to advanced AI systems. The program, called the OpenAI Safety Fellowship, runs from September 14, 2026 through February 5, 2027. Applications close May 3, with successful applicants notified by July 25.

Russian hackers hijack internet traffic using vulnerable routers
The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned. Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic through servers they control.

Cybercrime losses break the $20 billion mark
Online crime continues to generate rising financial losses, with totals reaching $20.877 billion in 2025. The FBI’s Internet Crime Complaint Center (IC3) report shows a 26% increase in total reported losses from the previous year. More than one million complaints were submitted during the year, with fraud accounting for the majority of losses. Cyber-enabled fraud totaled $17.7 billion, representing 85% of all reported financial damage.

Cybercriminals move deeper into networks, hiding in edge infrastructure
Attack activity is moving toward infrastructure outside endpoint visibility. Proxy networks support a wide range of operations, edge devices serve as initial access points, and GenAI speeds up how attackers assemble and rebuild their tooling. Lumen’s 2026 Threatscape Report describes this pattern in criminal and nation-state activity.

OpenSSL 3.6.2 lands with eight CVE fixes
OpenSSL 3.6.2 patches eight CVEs across a range of components. The project rates the most severe issue in the release as Moderate. The release fixes incorrect failure handling in RSA KEM RSASVE encapsulation (CVE-2026-31790) and a loss of key agreement group tuple structure when the DEFAULT keyword is used in server-side configuration of the key-agreement group list (CVE-2026-2673).

Prompt injection tags along as GenAI enters daily government use
Routine use of GenAI has moved into daily operations in state and territorial government environments, placing new security risks within common workflows. A Center for Internet Security (CIS) report, Prompt Injections: The Inherent Threat to Generative AI, identifies prompt injection as a persistent concern tied to that adoption.

Phishers sneak through using GitHub and Jira’s own mail delivery infrastructure
Attackers are abusing the notification systems of SaaS platforms like GitHub and Jira to send phishing and spam emails, Cisco Talos researchers are warning. On GitHub, the attackers are abusing the service’s notification system to deliver malicious payloads.

WhatsApp brings long-awaited privacy feature to filter who can reach you
After years of waiting, WhatsApp is set to roll out a username feature that will allow people to connect and communicate without sharing their phone numbers. This means more privacy and better control over phone number visibility by choosing a unique username.

113,000 explicit prompts from AI girlfriend platform exposed, many linked to user IDs
MyLovely.AI, an AI girlfriend platform, suffered a data breach that exposed over 100,000 users. MyLovely.AI allows people to create personalized not safe for work (NSFW) content and engage in real-time conversations with AI-generated companions, often involving highly personal prompts and interactions.

CISOs grapple with AI demands within flat budgets
Security spending continues to edge upward across large organizations, though the changes remain gradual and tightly managed. The 2026 RH-ISAC CISO Benchmark reflects a steady environment where budgets expand in small steps, even as AI becomes a routine part of security operations.

Product showcase: Proton Authenticator is an end-to-end encrypted, open source 2FA app
Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is available on Windows, macOS, Linux, iOS, and Android, allowing users to access their verification codes across devices.

Google study finds LLMs are embedded at every stage of abuse detection
Online platforms are running large language models at every stage of LLM content moderation, from generating training data to auditing their own systems for bias. Researchers at Google mapped how this is happening across what the authors call the Abuse Detection Lifecycle, a four-stage framework covering labeling, detection, review and appeals, and auditing.

Comp AI: The open-source way to get compliant with SOC 2, ISO 27001, HIPAA and GDPR
Getting a startup through a SOC 2 audit has long meant months of manual evidence collection, policy writing, and repeated back-and-forth with auditors. A growing number of compliance platforms have moved to automate parts of that process, and Comp AI is now doing it with an open-source codebase that organizations can inspect, modify, and self-host.

GitHub Copilot CLI gets a second-opinion feature built on cross-model review
Coding agents make decisions in sequence: a plan is drafted, implemented, then tested. Any error introduced early compounds as subsequent steps build on the same flawed assumption. Self-reflection is a recognized mitigation technique, and one GitHub Copilot already supports, but a model reviewing its own output is still constrained by the same training data and blind spots that produced it.

AI-enabled device code phishing campaign exploits OAuth flow for account takeover
A phishing campaign that bypasses the standard 15-minute expiration window through automation and dynamic code generation, leveraging the OAuth Device Code Authentication flow to compromise organizational accounts at scale, has been observed by the Microsoft Defender Security Research team. The campaign uses AI-assisted infrastructure and end-to-end automation.

Anthropic’s new AI model finds and exploits zero-days across every major OS and browser
Automated vulnerability discovery tools have existed for decades, and the gap between finding a bug and building a working exploit has always slowed attackers. That gap is now substantially narrower. Anthropic’s Claude Mythos Preview, a new general-purpose language model being made available only to a limited group of critical industry partners and open source developers, can autonomously identify zero-day vulnerabilities and then construct working exploits across every major operating system and major web browser.

Flatpak 1.16.4 fixes sandbox escape and three other security flaws
Flatpak, a Linux application sandboxing and distribution framework, released version 1.16.4, patching four security vulnerabilities. The most severe fix addresses a complete sandbox escape that leads to host file access and code execution in the host context, tracked as CVE-2026-34078.

Iranian cyber activity hits US energy, water, and government networks
U.S. government agencies on Tuesday warned American organizations about ongoing cyber activity targeting OT and PLC devices, including those manufactured by Rockwell Automation and Allen-Bradley, across multiple critical infrastructure sectors. The activity has been attributed to Iranian-affiliated APT actors seeking to disrupt operations in the United States.

Meta’s Muse Spark takes AI a step closer to personal superintelligence
Meta Superintelligence Labs has introduced Muse Spark, a natively multimodal reasoning model with support for tool use, visual chain of thought, and multi-agent orchestration. The release includes a Contemplating mode, which is rolling out gradually and orchestrates multiple agents that reason in parallel.

Claude Managed Agents bring execution and control to AI agent workflows
Anthropic’s Claude Managed Agents are a suite of composable APIs for building and deploying cloud-hosted agents at scale, handling sandboxed code execution, checkpointing, credential management, scoped permissions, and end-to-end tracing for you.

Product showcase: Session, a messenger without phone numbers or metadata
Instant messaging has been around for decades, but it became widely adopted with the emergence of smartphones. Earlier, communication was limited to basic text messages. Messaging expanded to include photos, videos, and video calls without relying on telecom networks, as long as there is a reliable data connection.

Gmail’s end-to-end encryption comes to mobile, no extra apps required
Google has expanded Gmail client-side encryption to Android and iOS devices, allowing users to engage with their organization’s most sensitive data on mobile devices while ensuring data remains compliant with sovereignty and compliance requirements. This feature is available for Enterprise Plus users with the Assured Controls or Assured Controls Plus add-on.

Cybersecurity jobs available right now: April 8, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: April 10, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Advenica, Intruder, Mallory, and Secureframe.

from Help Net Security https://ift.tt/PdfxLwb

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

I traditionally have avoided tying my phone to a specific carrier, but I threw all my principles out the window when my local AT&T offered me a free iPhone 17 Pro if I switched, and traded in my beloved unlocked Pixel 9. It was an offer too good to refuse. Now, T-Mobile is offering a similar deal nationwide. Switch allegiances to them and get a free iPhone 17e, no trade-in necessary. Or, you can choose an iPhone 17 if you trade in an eligible device and choose a premium T-Mobile plan. Here are the details.

256GB

iPhone 17

$0.00 at T-Mobile

$829.99 Save $829.99

$0.00 at T-Mobile

$829.99 Save $829.99

256GB

iPhone 17e

$0.00 at T-Mobile

$599.99 Save $599.99

$0.00 at T-Mobile

$599.99 Save $599.99

You have two options: the recently released, affordable iPhone 17e, or the standard iPhone 17 with a more impressive camera.

The iPhone 17e will be totally free with most plans T-Mobile offers (Experience Beyond, Experience More, or the Essentials plan if you're a new member). You can also be a Go5G Plus or Go5G Next member and still qualify. You will need to complete 24 months of bill payments before the phone is truly yours (if you cancel before, you will be charged a pro-rated amount for it). You will still be charged for taxes on the $599.99 iPhone and will need to pay a $35 per line activation fee. And yes, you can keep your old phone number.

For the iPhone 17, the same general rules apply—but you'll also need to trade in an eligible device. These are the phones you can trade in to get up to $830 in credits towards the value of the iPhone 17:

• Apple iPhone: 13, 13 mini, 13 Pro, 13 Pro Max, 14, 14 Plus, 14 Pro, 14 Pro Max, 15, 15 Plus, 15 Pro, 15 Pro Max, 16, 16 Plus, 16 Pro, 16 Pro Max, 16e

• Google Pixel: 6, 6 Pro, 7 5G, 7 Pro 5G, 8 5G, 8 Pro 5G, 9 5G, 9 Pro 5G, 9 Pro Fold 5G, 9 Pro XL 5G, Fold 5G

• Motorola: razr 2025, razr ultra 2025, razr+ 2023, razr+ 2024, razr+ 2025

• OnePlus: 10 Pro 5G, 9 Pro 5G ​

• Samsung Galaxy: Note 20 4G, Note 20 5G, Note 20 Ultra 4G, Note 20 Ultra 5G, S20, S20 5G, S20 FE, S20 FE 5G, S20 Ultra, S20+, S20+ 5G, S21, S21 FE, S21 Ultra, S21+, S22, S22 Ultra, S22+, S23, S23 FE, S23 Ultra, S23+, S24, S24 FE, S24 Ultra, S24+, S25, S25 Edge, S25 FE, S25 Ultra, S25+, Z Flip3 5G, Z Flip4 5G, Z Flip5 5G, Z Flip6 5G, Z Flip7 5G, Z Fold3 5G, Z Fold4 5G, Z Fold5 5G, Z Fold6 5G, Z Fold7 5G

Keep in mind, these phones offer up to $830 in credits, which will be applied to your bill over the course of 24 months to pay off the phone. The details will be ironed out by the T-Mobile sales rep you speak with. If you're a new member, you will need to join one of the following plans: Experience Beyond, the Experience More plan with at least 1 line, or the Better Value plan with 3+ lines (starting around $50 per line).

from Lifehacker https://ift.tt/gXP3SDv

Running influencers are nothing new, but some of us plugged into the online running scene have noticed a shift lately. When I am drawn in by a caption that reads "my 5K race-day routine 🏃‍♀️ (full breakdown below)" only to discover that breakdown is sponsored by a major running app, I have to roll my eyes. Even if they aren't going as far as lying about their times, these "runfluencers" add a lot of noise and distraction to the community.

Not that there's anything wrong with running influencers in theory. I love seeing someone share their journey from couch to 10K—community is everything in this sport! The issue comes when, in their attempts to profit off the content creator economy, brands like Nike Run Club, Runna, and Strava platform a new class of runfluencer: aspirational, relatable, and, often, quite unqualified to be giving training advice. They're even unqualified to handle their own setbacks, as I've watched an influx of content creators blame brands for their injuries (especially the ones falling for crappy AI-generated training plans). If you prioritize being an influencer over being a runner, you can even get banned from the New York City Marathon.

In short, there's a widening gap between people who look like runners giving advice, and the people who actually know how to train runners. And if you're getting your programming advice from the wrong side of that gap, you are leaving valuable wisdom on the table at best, and setting yourself up for injury at worst.

How the runfluencer economy was born

I've watched this running boom happen in real time. The New York City Marathon lottery has become as laughable as the actual lottery. Even local road races are selling out way faster than before the pandemic. A new wave of first-time runners needed guidance, and they're turning to social media.

The problem is that social media rewards specific kinds of running content: race-day vlogs, before-and-after transformations, and even dramatized conflict with other runners. And where professional athletes have off-seasons built into their routines, content creators can't afford to take time off from their content.

These algorithms don't exactly reward nuance, like the unglamorous reality of base-building, or the importance of running most of your miles at a conversational pace. Boring, correct advice loses to exciting, compelling advice every time the algorithm runs its counts.

Meanwhile, brands have incentives to exacerbate the situation. A sponsorship deal with a creator who has a million followers on TikTok will reach more potential customers than a meticulous training guide written by a certified coach who has only 12,000 YouTube subscribers. As on every other corner of the internet, the result is an information ecosystem that's noisier, less reliable, and harder to navigate.

The most common mistakes runfluencers make

I need to get more specific here, because "influencer advice is bad" isn't necessarily true either. Some of it might be just fine—sensible even. But not all of it, by a long shot. Here are the specific red flags I keep seeing from unqualified runfluencers online:

• Running way too fast, way too often. Roughly 80% of training mileage should be done at easy, conversational pace. Around 20% is fast work, like intervals, tempo, threshold runs. Easy runs don't make for "impressive" content, so the resulting advice pushes recreational runners to run too hard too often, which is one of the fastest routes to overuse injury and burnout.

• Shoe, gear, and training plan misinformation. Creators are rarely positioned to give unbiased assessments of whether a $200 carbon-plate shoe is appropriate for the beginner marathon runner who is watching their video (it's usually not), because their income depends on the relationship with the brand. This is obvious, but worth saying: Content creators are ultimately trying to sell you something. If they give a ringing endorsement of any sort of app or gear, make sure to do your own due diligence on their claims.

• Missing the individual picture entirely. A real coach asks questions. What's your injury history? How many days per week can you train? How much sleep are you getting? Influencer advice, structurally, cannot do this. A video or a post is a one-way street, and, again, their advice might even be based on falsified times.

How to evaluate running advice online

So how do you tell the good from the bad? Here's a set of questions to ask before you let someone's training philosophy into your head.

What are their credentials, and are they legit?

Look for trustworthy certifications: USATF (USA Track & Field) Level 1, 2, or 3 coaching certification; RRCA (Road Runners Club of America) certification; an exercise science, or sports physiology degree; or experience as a competitive athlete. A big follower count is not a credential.

Do they explain the why, or just the what?

Giving flat, prescriptive advice—"everyone should run at least five days a week," or "you should always do long runs on Sundays"—without caveats or explanations is a red flag.

To see what the "why" behind a workout might look like, I recommend reading up on why would you have to run slower, why you should start running stairs, and what the hell a fartlek even is.

Do they readily disclose their sponsors or financial relationships?

Sponsorships and brand deals aren't automatically disqualifying, but they should be disclosed clearly and factored into how you weight gear reviews and product recommendations. Undisclosed sponsorships are a significant red flag.

Where to find good (free!) running advice

An enormous amount of excellent running resources exist online, and most of them are totally free. Here are some of my favorites.

• Hal Higdon's free training plans. These are my go-to. Higdon has been publishing free beginner-through-advanced marathon and half-marathon plans for decades. They're well-structured, conservative in progression, and built on real coaching principles.

• Runner's World. They have trustworthy, downloadable plan options for whatever you might need, from "Start Running" to "Sub-3-Hour Marathon."

• Your local running club. There's a solid chance the in-person collective knowledge in a room of people who've been running for years is worth more than most content online.

• Reddit. Similarly, I often turn to running subreddits (r/AdvancedRunning, r/running), with appropriate skepticism applied. The advanced running community in particular has a high signal-to-noise ratio and actively calls out misinformation. Their wiki is a solid starting resource.

The problem with running apps

Of course, there are everyone's favorite running apps. You won't catch me claiming that Runna, Nike Run Club, and Strava's coach features are outright bad. Runna in particular uses a structured training model, and has credentialed coaches behind the programming.

The issue, then, isn't the apps themselves—it's the influencer-marketing layer that's been placed on top of them, which often creates unrealistic expectations about pace, mileage, and what progress should look like. If you use a structured app, try to understand the training principles it's built on, not just the workouts it assigns.

The bottom line

None of this means you should stop watching running content online—I know I won't. I love seeing other people's journeys, race experiences, and day-to-day running life. There's a big difference, however, between inspirational content and instructional content. Ask yourself the questions above to find runners you can really trust, and tune out the noise.

from Lifehacker https://ift.tt/OIyhQ9v

It happens to the best of us: You write up a comment on an Instagram post, hit send, and, whoops, realize you made a glaring typo. What do you do? Do you delete the comment, retype it, and submit again, doubling the notifications the poster will receive? Leave it, and hope others will overlook your foolish use of "it's" instead of "its"? Neither option is great, but they're the only two choices you have on Instagram, right?

No longer: On Thursday, Instagram announced some exciting news for frequent commenters: Going forward, you'll be able to edit your Instagram comments. Whether you regret one part of your comment, or you only need to fix a mistake, this new feature lets you make adjustments without having to delete your comment entirely, catching up to other platforms that let you make similar edits.

Comment editing, with limits

Comment editing can be a slippery slope. If someone makes a controversial comment but edits it after other people comment en masse, it only creates confusion for users stumbling upon the chaos after the fact. Perhaps that's why Instagram is adding some limitations here. First, you only have 15 minutes after posting a comment to edit it. This is how message editing works on platforms like Apple's Messages app—you only have a finite amount of time to adjust your comments before they're set in stone. Once that 15 minute window is up, your comment is locked to your last edit.

What's more, when you do edit your comments, Instagram places an "Edited" label next to it—letting everyone know you changed the comment in some way. Instagram doesn't make it possible to view the edit history, so no one will be able to see what you said before that last edit—unless, of course, someone took a screenshot of one of your previous comment versions. Also, you can only edit text comments, not images. If you post a comment with an image, you'll need to delete the entire thing to remove that image.

How to edit comments on Instagram

Once you make a comment on an Instagram post, you should now see a new "Edit" button appear next to "Replay" and "Share on Threads." Tap it, and your comment will appear in the text field again. Make your adjustments, then tap the "Send" button again. Remember: You only have 15 minutes from when you first made that comment to make your changes.

from Lifehacker https://ift.tt/uD8mtVw

Every major browser puts a thin strip of tabs at the top of the window. It's great, until you open dozens of tabs, and all you can really see are little website favicons. A better way exists—placing tabs vertically in a sidebar—but browsers have been resisting it for years. Arc was the first mainstream browser that pioneered a sidebar-based navigation system, and since then it has propagated to Chrome, Edge, Firefox, and Arc's spiritual successor, Zen browser. If you're using one of these browsers, I highly recommend making the switch.

Why vertical tabs make more sense

So much wasted space on the left and right. Credit: Khamosh Pathak

Most websites are customized for a vertical reading experience, while laptops and desktops have widescreen displays. When you read articles on a website like Lifehacker, there's quite a lot of white space on the left and the right, while that vertical space is actually at a premium. Depending on your display size, your tabs might end up crunched along the top of the display, space that would otherwise be available for viewing the site in question. Moving the tab bar to a sidebar means you've freed up some useful space up top, with the added advantage of being able to see the names of all your tabs—even if you have 30 tabs open at once.

How to enable vertical tabs in Google Chrome

Credit: Khamosh Pathak

Chrome was the last major browser to add support for vertical tabs, introducing the feature in April 2026. To enable vertical tabs in Chrome, update to the latest version, then go to Settings > Appearance > Tab strip position and switch to Side. All of your tabs will be shifted to a new vertical bar on the left. The URL bar with extensions will move to the top, and a lot of Chrome's interface will disappear.

Chrome also offers a compact mode. You can click the Collapse Tabs icon at the top of the vertical sidebar to only show the website favicons as tabs to save even more space (hovering over a tab will show the tab title). You can still create tab groups from the top of the sidebar, and there's also a handy button to search between the tabs. Pinned tabs show up at the top in their own separate section, too.

How to enable vertical tabs in Firefox

Credit: Khamosh Pathak

Firefox has a sidebar that lets you add features like an AI chatbot, browser history, and quick access to tabs from other devices. Firefox also lets you move the sidebar to the right-hand side if you wish. To enable vertical tabs here, go to Settings > General > Browser Layout > Vertical Tabs (and make sure that Show sidebar is enabled). When the sidebar is open, click the Customize Sidebar button to customize the shortcuts—including the ability to remove all the Firefox features and AI chatbot shortcuts. There's also a compact mode here that only shows the favicons, but reveals the entire sidebar when you hover on it. Use the Expand sidebar on hover feature to switch to this mode.

How to enable vertical tabs in Edge

To enable vertical tabs in Microsoft Edge, go to Settings > Appearance > Tab Actions > Show vertical tabs. Once set, you'll be able to toggle the sidebar from the toolbar up top. Because Edge is based on Chromium, the vertical sidebar works much like the one in Chrome. Pinned tabs show up top, and you can collapse the sidebar for a compact mode.

Zen Browser has vertical tabs by default

Credit: Justin Pot

If you are in favor of vertical tabs, you really should consider using the Zen browser. Currently in beta, it's a spiritual successor to Arc (RIP) that is based on Firefox instead of Chromium, with a focus on privacy and speed. But what's particularly relevant for this piece is that Zen Browser uses a sidebar interface by default. Zen uses workspaces to divide up your work, personal life, or projects. Each space can have its own pinned tabs and its own workspace. You can add tabs to the "Essentials" space that stay the same no matter what. There's also a compact mode that hides the entire sidebar unless you hover on the edge of the window. To know more, take a look at our detailed guide on the Zen browser.

from Lifehacker https://ift.tt/Zknl09C

I've written before about various software tricks to nudge a smartphone toward dumb-phone territory: stripping the home screen down to essentials, enabling greyscale mode, scheduling downtime windows. I tried all of it, and for a time it worked for me, but only in the way that hiding a bag of chips in a high cabinet works—technically an obstacle, but not really a barrier. One tap to "Ignore Limit," and I'm back to scrolling.

The problem is that the key to unlock everything is right there in your pocket. Turns out I needed a small device called Brick to physically restrain me create a physical barrier, and I can feel my screen time habits finally change for the better.

The Brick Phone Access Blocker Device - Subscription-Free Phone Lock, Limits Smartphone Access, Reduces Screen Time & Improves Focus - High-Grade Magnet & Anti-Slip Silicone

$59.00 at Amazon

$59.00 at Amazon

How Brick works with your smartphone

Brick is a small NFC fob—roughly the size of an AirPods case—paired with an app. You open the app, pick which apps or sites to block (or flip it around: choose only the apps you want to keep, and everything else gets blocked), name it something like Work or Family Time (or just Sanity), and tap your phone to the Brick to activate it.

That's it. And to get everything back, you have to physically walk to wherever you left the Brick and tap again. Each Brick comes with five emergency unbricks you can trigger from the app. I appreciate that those exist, and luckily, I haven't had to use them yet.

Why Brick actually helps you reduce your screen time

Here's the thing I keep coming back to: Every digital-based solution asks you to rely on yourself in the exact moment you're weakest. By the time you're faced with the "Ignore Limit" option, you've already picked up your phone. You're already mid-habit.

Brick changes the physicality of the problem. I've found that the greatest service Brick provides is that it doesn't ask you to resist temptation in the moment; instead, it forces you to set an intention earlier, then it makes that intention stick through physical separation rather than willpower. The research on behavior change says this is exactly the right approach. Environment design beats in-the-moment resolve almost every time. (I just apparently needed a $59 piece of hardware to finally internalize that).

I do have to be honest about how ridiculous this is for me: I spent a lot of money on my phone. And I have now spent additional money ($59) specifically to stop using it. Oh well! That's where my screen time had brought me. On the bright side, Brick is a one-time purchase with no need for a subscription or "premium plan." I'll admit I hesitated to make any purchase, given the irony of the situation and my desire to simply have more willpower. But I've realized my time and attention span is worth the cost, and I'm annoyed it took me this long to act on it.

from Lifehacker https://ift.tt/6Jt1FAK

On Wednesday, Google announced "notebooks," a new feature for Gemini designed to help organize your research materials while using the company's flagship chatbot. Google says you should think of notebooks as "personal knowledge bases shared across Google products, starting in Gemini."

If that's a bit too vague for you, here's a simpler explanation: Notebooks are like Gemini chats, but designed to focus on a single topic, complete with bespoke resources Gemini can reference as you discuss that topic.

How Gemini's "notebooks" work

If you're a frequent Gemini user, you probably have a number of chats spanning any number of topics. The goal of notebooks is similar, but more focused: When you know you want to start compiling resources on a specific subject, you can choose the "New notebook" option on the side panel of the Gemini app, give it a name, then start adding sources. These can be from anywhere, including your Google Drive, your computer, websites, or text from your clipboard. You can also move previous chats into this notebook, if they're relevant to the topic at hand.

Once everything is in the notebook, you can start prompting Gemini and asking the AI questions about your topic. Gemini will then pull from all the resources in the notebook to offer detailed, relevant responses. Depending on your subscription plan, Google says you may be able to add more sources to notebooks, too.

Credit: Google

This tool isn't made in isolation. Despite launching in the Gemini app, notebooks will sync with NotebookLM, Google's deep research tool—which is perhaps its biggest perk. That means, notebooks you create in Gemini automatically appear in NotebookLM, so you can not only pick up where you left off, you can take advantage of NotebookLM's features. That means if you create a notebook in Gemini, you can open it in NotebookLM and turn your project into a video, or generate a "podcast" from your Gemini conversations.

I think this cross-platform syncing is probably the best use-case for notebooks. You could already share resources with Gemini if you wanted to chat about a specific topic, but now, you have a dedicated function for that purpose, one that automatically moves across Google's AI research platforms.

How to try notebooks in Gemini

Notebooks will be available to all Gemini users, even those on the free tier, but paid subscribers will have first dibs: Google is rolling out the feature to AI Ultra, Pro, and Plus plans this week, and will make the feature available to mobile and free users in the coming weeks.

from Lifehacker https://ift.tt/26vwzJP