The Latest

Security researchers at Theori have disclosed a high-severity local privilege escalation (LPE) vulnerability (CVE-2026-31431) in the Linux kernel.

The flaw, nicknamed “Copy Fail”, has affected virtually every major Linux distribution shipped since 2017, and a working proof-of-concept (PoC) exploit is publicly available.

About CVE-2026-31431

According to Theori researchers, CVE-2026-31431 originates from the interaction of three reasonable kernel changes made over several years: the addition of authencesn (an AEAD cryptographic wrapper used by IPsec) in 2011, the introduction of AF_ALG AEAD socket support in 2015, and an in-place optimization added to algif_aead.c in 2017.

It’s a logic bug in the authencesn cryptographic template and allows an unprivileged local user to write 4 controlled bytes into the page cache of any readable file on a Linux system, and use that to gain root.

The technical write-up is more detailed, of course.

The good news is that CVE-2026-31431 exploitation requires local code execution as a regular user, which means that, by itself, it can’t be exploited remotely. But “chain it with anything that gives you that (web RCE landing in an unprivileged service account, an SSH foothold, a malicious PR on a CI runner) and you’re root,” the researchers pointed out.

The bad news is that unlike the Dirty Cow and Dirty Pipe Linux kernel LPE vulnerabilities, Copy Fail can be exploited without having to win a race condition, and the same exploit will work on many systems.

What to do?

CVE-2026-31431 affects every Linux distribution that uses a kernel that has been released since 2017.

The exploit script is tiny, doesn’t rely on additional software being installed, will work on almost all Linux distributions released since 2017, will work each time it’s run on a vulnerable system, doesn’t change files on disk and won’t be flagged by tools that monitor files for tampering, leaves no forensic trace on disk and, finally, it can break out of container isolation.

For all of these reasons, the researchers advise admins to prioritize patching the vulnerability on multi-tenant Linux systems, CI runners, cloud SaaS running user code, and container clusters first, and then on standard Linux servers and single-user workstations:

Linux LPE vulnerability CVE-2026-31431

CopyFail patching prioritization (Source: Theori)

The researchers verified that Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16 are vulnerable. Openwall Project founder Alexander Peslyak (aka Solar Designer) confirmed that the exploit provided worked on Rocky Linux 9.7.

Linux distros have been notified of the existence of the vulnerability in advance, they say, and some have already released kernel packages that include the commit that patched it.

Admins/users who, for whatever reason, can’t update their distribution’s kernel package, can temporarilty mitigate the risk by:

  • Blocking AF_ALG socket creation via seccomp, or
  • Blacklisting the algif_aead module.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!


from Help Net Security https://ift.tt/FIr7cez

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

A versatile portable speaker is a great addition to your summer kit—but while lots of speakers claim to be portable, many of them are surprisingly bulky, not very durable, or deliver tinny sound. The JBL Go 4 has none of those issues. It's currently one of the best travel speakers in its price range, and right now, it's even cheaper on Amazon: At $40, it's 20% off and at its lowest price ever.

This tiny speaker is partially made with recycled materials, comes in a wide range of colors, measures just 3.7 x 3.0 x 1.7 inches, and weighs 6.7 ounces, about the same as an iPhone. It carries an IP67 rating, making it dust-proof and durable enough to be submerged in water during a beach outing or pool party.

The speaker has adjustable EQ and Auracast connectivity and a companion app for viewing the battery level, enabling PlaytimeBoost, and adjusting other settings. You can expect up to 9 hours of battery life using PlaytimeBoost. Sound quality from the 45mm driver won’t match higher-end speakers, but it delivers strong bass and clear mids when compared to similarly sized speakers, and it can get pretty loud . (Pro tip: If you want more pronounced bass, lay the speaker on its back rather than propping it upright.)

If you don’t need audiophile-quality sound but want an ultra-compact, lightweight speaker with adjustable EQ, the pocket-sized JBL Go 4 is a smart companion for all your adventures, and a great pick at its current sub-$40 price. However, if you want improved bass, longer battery life, and beefier sound (and don’t mind a slightly bigger build), the JBL Clip 5 is a great upgrade, though it’s almost double the price.


from Lifehacker https://ift.tt/vzRAEn8

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The Echo Show has come a long way since its humble beginnings. The latest smart display from Amazon came out in the winter of 2025 and, for the first time, brings Fire TV integrated into the display, so you can stream your shows directly on it, as well as Alexa+ AI voice control, among other improvements. Right now, the 11-inch Echo Show 11 is $169.99 (originally $219.99) and the 8-inch Echo Show 8 is $139.99 (originally $179.99), both at their lowest prices according to price-tracking tools.

The Amazon Echo Show 11 replaced the 3rd Generation Echo Show 10. One of the obvious differences is the smaller size, but the screen is actually bigger since the bezels are much smaller, giving it a more modern look. The sound is much better as well, with forward-facing speakers and a subwoofer that can fill up a room with sound. The resolution on the display has been bumped to 1,920 by 1,200 pixels, which is better but still underwhelming considering it's not 4K. Some of the more subtle upgrades are the new support for Matter, Thread, and Zigbee, essentially covering almost every smart home device.

If you had the 3rd Gen Echo Show 10, you'll notice the physical camera shutter is gone (you can still disable the camera in settings), as well as the swivel camera feature that follows you around (it is now mounted in place). Amazon's new Alexa+ generative AI is free for Prime members, otherwise, it'll be $19.99 per month. Alexa+ can do anything you'd expect it to; it's conversational, can control your devices without needing to say the exact words in the right order, and will remember past conversations. You can check out more details on PCMag's "excellent" review.

The Echo Show 11 and 8 are the same device, even in audio; the only difference is the screen size and the price.


from Lifehacker https://ift.tt/0ScCWjR

Instagram ain't what it used to be. What started as a simple platform to share retro-inspired photos with friends and family quickly turned into a social media mega-app. You can still share photos, sure, but the platform now offers just about everything, from livestreams to short-form video feeds. In fact, for some users, the Instagram algorithm has turned their feeds into bona fide meme machines, with low-effort videos, images, and carousel posts dominating their experience as they scroll through the app. If you use Instagram, you may have a similar experience—especially if you have a taste for quirky, niche, or otherwise alternative internet humor.

Instagram is putting slop on notice

That's likely changing in the near future. As reported by TechCrunch, Instagram is cracking down on "unoriginal" content—or posts from creators that they didn't create themselves. That includes single photo posts, as well as carousel posts. The idea here is to promote Instagram users who post original content, while limiting users who simply copy other people's work and share it on their own feeds. Much of the low-quality images and videos you see on Instagram (and other social media platforms, for that matter) are stolen from other creators, and reposted as if the uploader has any claim to that content in the first place. Carousels are particular egregious, since it allows a single user to post a number of different images from various creators.

This doesn't mean that any user who reposts something they didn't make themselves will be punished. As long as the poster made a meaningful change to that image or video, it should count as "original" content, in Instagram's book. Otherwise, there'd be a whole host of content—memes or otherwise—that would be banned from the platform. That doesn't include "low-effort edits," however, such as overlaying watermarks or adjusting the speed of the video. A user needs to make more material changes to a piece of content for it to be approved here. As Instagram explains, “an original meme transforms another creator’s photo or video...When meme creators add humor, social commentary, cultural references, or a relatable take by incorporating elements such as unique text, creative edits, and voiceover on a photo or video, they’re producing something original. The best meme creators take third-party content and make it unmistakably theirs by layering in a perspective, joke, or context that wasn’t there before. This is the kind of creativity we want to continue rewarding.”

You probably won't notice a change in AI slop, though

As TechCrunch highlights, Instagram has already applied these rules to reels, so this isn't the first time the platform has tried implementing this policy. What I find interesting, however, is there doesn't appear to be much attention to "AI slop" at this time. In fact, Meta appears to be all-in on AI content, at least as of late 2025. I guess as long as the AI content is "original," Meta doesn't have a problem with it populating on its platforms, Instagram included. That's the opposite approach YouTube is taking: While both platforms suffer from low-quality AI clips, YouTube is actually trying to fight that type of AI content from spreading.

On Instagram, however, you might see a decrease in the amount of repeated, low-effort meme posts that may be flooding your feeds, but you also might have to deal with the same amount of odd AI videos that have been spreading like wildfire. Obvious AI videos are obvious, of course, but with advancing AI video models, new clips are sometimes difficult to tell apart from reality. Be careful out there.


from Lifehacker https://ift.tt/1yv5h4n

Amazon Prime Day 2026 is sure to be the biggest online sale of the year, and it's coming a bit sooner than you may have expected. In a press release yesterday, quickly issued after the sale's timeframe was revealed in Amazon's own first-quarter earnings statement, the company confirmed this year's event will be held in June. This is the first time Amazon has moved its biggest sale of the year earlier since the height of the pandemic in 2021.

Amazon doesn't usually announce its sales months beforehand, typically waiting until at most a month out to give shoppers a heads-up on when a shopping event will take place. But after this early news drop, it's likely the other major retailers like Walmart, Target, and Best Buy will also adjust to earlier dates and follow suit, with plenty of time to prepare their own sales.

Amazon has yet to announce the exact dates of the sale, but if the 2021 sale is any indication, it will likely be sometime in the week of June 22. In 2025, Prime Day doubled from two days to four for the first time, and it will likely be four days long this year as well.

What to expect from Prime Day 2026

Amazon says shoppers will be able to find deals on electronics, kitchen, beauty, and apparel, as well as fresh groceries and everyday pantry and household essentials. The company will undoubtedly release more information about the sale "soon," and I'll be sure to update you when we know more.


from Lifehacker https://ift.tt/FgNIedu

We may earn a commission from links on this page.

With fine central chemistry, a sense of humor, and interesting things to say about the challenges of interfaith romance, Nobody Wants This has been a rom-com hit for Netflix, with a third season coming this year. The world may be a cesspit, but we still love love—at least on TV, and not only on the Hallmark Channel. With that in mind, here are 15 more streaming shows that deal with romance (exclusively) and comedy (mostly), all filled with will-they/won't-they suspense and wildly shippable characters.

Fleabag (2016 – 2019)

This critical favorite stars Phoebe Waller-Bridge as the title character (she's only ever referred to as "Fleabag") in a comedy-drama about a free-spirited, deeply angry single young woman in living in London and sharing her romantic ups and downs via confessional asides to us, the audience. She falls, rather reluctantly, for "The Priest" (Andrew Scott)—she's a confirmed atheist and he's, obviously, not, so it's a bit like Nobody Wants This but messier. Waller-Bridge won separate Emmys as the star, creator, and writer of the series. Stream Fleabag on Prime Video.

Crash Landing on You (2019)

That title isn’t just a metaphor: This Korean series involves a literal crash landing into the North side of the Korean Demilitarized Zone. Yoon Se-ri (Son Ye-jin) is an heiress and independent business owner whose complicated relationships with her family have caused her to step away from them. On a paragliding trip, a tornado sends her north, and she’s rescued from disaster by a captain in the North Korean Special Police Force. The romance between two characters, as well as the sensitive and humane portrayal of life in the North, made this a mega-hit on South Korean TV, and a fan fave worldwide. Stream Crash Landing on You on Netflix.

Catastrophe (2015 – 2019)

A family sitcom that feels far more believable than most, this British import sees Irish primary school teacher Sharon (Sharon Horgan) hooking up with American ad exec Rob (Rob Delaney) over the course of a week, only to discover that she's pregnant once he returns home. They don't really have feelings for each other, but decide to give a go at being a couple, eventually falling into marriage just before the birth of their child. There are lots of jokes and plenty of acerbic dialogue, but this isn't Married... with Children. Sharon and Rob can be a bit nasty, to each other and to their sloppy friend group, but there's also something rather sweet in the show's conviction that having someone to be a mess with can be one of life's great joys. Stream Catastrophe on Prime Video.

Younger (2015 – 2021)

Younger follows Liza Miller (Sutton Foster), a recently divorced woman in her 40s who finds that age is a barrier to reentering the publishing industry she left years earlier. After a compliment convinces her that she could pass for a younger woman (poor thing), she manages to convince the right people that she's just 26 in order to land an entry-level job. Seven seasons of misadventures ensue, but much of the show revolves around the twisty-turny relationship between Liza and Josh (Nico Tortorella), a tattoo artist in his twenties. Stream Younger on Netflix.

Normal People (2020)

OK, not so much with the comedy here. This one comes from Sally Rooney's smart, bestselling novel about the appropriately steamy coming-of-age romance between Marianne (Daisy Edgar Jones) and Connell (Paul Mescal), characters and actors with impressive chemistry. She's rich but lonely, he's popular but the son of the housekeeper. As time goes on and their roles start to shift, life and love only grows more complicated. The plot isn't groundbreaking, but there's an uncommon intelligence here, as well as a frankness about sex and sexual violence that sets it apart. Stream Normal People on Hulu.

It’s Okay to Not Be Okay (2020)

Discussions around mental health remain fraught most anywhere in the world, and South Korea is no exception. Though opportunities for treatment are better than in many other places, social stigma remains a problem. Which is part of the reason Jo Yong and Park Shin-woo’s miniseries was such a sensation when it was released last year: Writer Jo based the show on her own life, plus a good bit of research. The show chronicles the slow-burn romance between Moon Gang-tae (Kim Soo-hyun), a health care worker living with his autistic brother, and a famous children’s book author (Seo Yea-ji) with antisocial personality disorder. It’s lovely, frequently quite funny, and was popular enough in South Korea to inspire a series of children’s books based on the work of the show’s fictional writer. Stream It’s Okay to Not Be Okay on Netflix.

The Lovers (2023)

Janet (Roisin Gallagher) is a deeply cynical, foul-mouthed supermarket employee. Seamus O’Hannigan (Johnny Flynn) is a very mildly famous, but incredibly self-involved TV presenter with a nice girlfriend. Given the title of this British comedy, you won't be surprised to learn that the mismatched pair fall in lust almost immediately, the indifferent Janet pricking Seamus' considerable ego in a way that seems to work for him. The relationship is prickly, but the chemistry here is palpable. Stream The Lovers on Prime Video.

Sex Education (2019 – 2023)

There’s a fair bit of sex on TV (having migrated from the now largely sexless movies), but that’s not the same thing as sex positivity. In this British comedy-drama, Asa Butterfield and Gillian Anderson star as an insecure, shy teenager named Otis and his mother, Jean, a frank and sometimes painfully honest sex therapist. When a school bully needs some sex advice, Otis dispenses some of the wisdom he’s picked up from mom, eventually making a name for himself around school by selling his knowledge as expertise. It’s a funny and charmingly raunchy show, treating sex with humor and positivity, and features a great will-they-or-won't they couple in awkward Otis and the more fearless Maeve (Emma Mackey). Stream Sex Education on Netflix.

Heated Rivalry (2025 – )

You've probably heard the buzz about this one: Shane Hollander (Hudson Williams) and Ilya Rozanov (Connor Storrie) are professional ice hockey players who compete on rival teams, the Montreal Metros and the Boston Raiders. Even as their public relationship remains contentious over a period of years, the two develop a casual (at least at first) sexual relationship that grows increasingly sweaty, ice notwithstanding. (If you want to narrow your recommendations to more shows like Heated Rivalry, we've got a list for that too—along with the books, movies, and video games to explore next.) Stream Heated Rivalry on HBO Max.

The End of the F***ing World (2017 – 2019)

In this extremely unlikely, pitch-dark romantic comedy, James (Alex Lawther) is a budding self-proclaimed psychopath dreaming of killing a person for the first time. He decides on rebellious classmate Alyssa (Jessica Barden), and sets off with her on a road trip across England in order to work his way into her good graces first. It doesn’t work out the way he plans, not even a bit. You’ll finish the first season satisfied and convinced another isn’t necessary, and then be amazed as the second manages to top it. Listen: Sickos can enjoy rom-coms, too. Stream The End of the F***ing World on Netflix.

The Good Place (2016 – 2020)

Not a rom-com, at least not primarily, but there is nonetheless a strong romantic throughline in the relationship between central characters Eleanor Shellstrop (Kristin Bell) and Chidi Anagonye (William Jackson Harper), who are both...deceased. The show is set in an idyllic afterlife run by Ted Danson's immortal Michael, and Eleanor and Chidi are meant to be soulmates—except that rude, crude, and selfish Eleanor was mistaken for another woman, and assigned to the wrong place and the wrong soulmate. To avoid disaster, the two have to fake their love until it starts to become something a bit more real. Stream The Good Place on Peacock, Prime Video, and Hulu.

Emily in Paris (2020 – )

Lily Collins stars as the faux pas-prone Emily Cooper, who moves to Paris and lands a temporary job at a glitzy French marketing firm kind of by accident. She doesn't speak the language and doesn't get the culture, but slowly manages to ingratiate herself to the locals while juggling work and a romance with Lucas Bravo's Gabriel. The series hails from Darren Star, creator of Sex and the City, so her budding high-fashion sense and tendency to narrate adventures à la Carrie Bradshaw make perfect sense. Stream Emily in Paris on Netflix.

Modern Love (2019 – 2021)

The theme of this series is, mostly, New York City—it's a genuine anthology with rom-com leanings, with episodes dealing with dating apps, mental illness, romance among older couples, etc., with each telling an entire story inspired by the New York Times column of the same name. Tina Fey, Julia Garner, Andrew Scott, Sophie Okonedo, Anne Hathaway, Dev Patel, and Cristin Milioti are just some of the performers who appear across the show's two seasons. If you get sick of NYC, Prime also has five spin-offs set in cities around the world (Hyderabad, Chennai, Tokyo, Amsterdam, and Mumbai). Stream Modern Love on Prime Video.

Heartstopper (2022 – )

Repressed yearning is all well and good, but Heartstopper is the affirming high school/coming-of-age/queer teen love story we all kinda need right about now. While it never soft-pedals the dangers of homophobia, it likewise doesn’t wallow in tragedy. Kit Connor and Joe Locke deliver sensitive (and often very funny) performances in a show that’s nearly all smiles without feeling treacly. Stream Heartstopper on Netflix.

With Love (2021 – 2023)

Last, but not least: Gloria Calderón Kellett (One Day at a Time) created this series that follows four couples at once, making for an excellent and very efficient use of your romantic-comedy screen time. At the center of the show is the large and tight-knit Diaz family lead by Lily (Emeraude Toubia) and her brother Jorge (Mark Indelicato), each of whom faces romantic entanglements across an entire year in each of the show's two seasons, with each episode involving a holiday starting with an eventful Nochebuena. Some of the storylines hit harder than others, but this sweet, funny show hits way more than it misses. Stream With Love on Prime Video.


from Lifehacker https://ift.tt/I4Vh2wZ

Despite many intermittent attempts throughout the years to learn another language, I currently speak only English. I understand some words and phrases in Spanish and Portuguese, but I can't have a conversation in either, and I'd like to change that. As it happens, Google Translate's newest feature might be able to help me a bit on my language learning journey—even if it is a bit brutally honest along the way.

How Google Translate's new pronunciation tool works

As reported by TechCrunch, Google Translate now offers pronunciation practice as part of its experience, a la Duolingo. Like Duoligno, Google Translate can listen to your attempt at speaking a specific word, phrase, or sentence, and will offer feedback based on how its AI thinks you did. The app can even offer pronunciation guidance, so you can focus less on trying to sound out the words yourself, and more on how those words phonetically sound. Nick Fox, senior vice president of Knowledge & Information at Google, shared the new feature in an X post on Tuesday:

Per the post, here's how it's supposed to work: Once you enter a word, phrase, or sentence and the app translates it, a new "Practice" options appears at the bottom of the page. Tap this, and you'll open the "Pronunciation" menu. You can listen to the translation again, but tap "Pronounce," and Google Translate will open a pop-up menu with the phonetic pronunciation listed beneath the translation. In tandem, the app activates your device's mic, so you can start speaking. Once you're done, the app processes your attempt and gives you some advice. In the example above, Google Translate told the user they were "Moving in the right direction," but "some sounds were a little unclear."

Google's pronunciation practice isn't quite rolling out in full yet

This pronunciation feature seems like a great addition to one of (if not the) most popular translation apps in the world. And yet, the feature seems to be rolling out both slowly and half-finished. On my Pixel 8 Pro, I don't have the option whatsoever. On my iPhone, I have a similar feature, but not quite what's advertised here. Here's how I've gotten that to work: After translating something, I don't have the "Practice" option at the bottom of the screen. However, I do have a "Speak" option that appears when I hit the speaker button on the translation. This pulls up a very close experience to what was displayed in Fox's post: I get the translation and the ability to speak into the mic, but I don't get the clear phonetic spelling—just the transliteration of it. It's not unhelpful, but the phonetic spelling would be much easier to follow along, especially when I'm trialing Hindi. Unfortunately, I can't read Devanagari characters, so it isn't all that helpful when Google asks me to focus on them while trying to speak.

google translate
"Try saying..." doesn't really work when I don't understand the characters, Google. Credit: Lifehacker

Still, I was able to go off of both the transliteration and the audio of the translation in my attempt to speak the language. Once I finished speaking, I found another quirk not featured in Google's announcement: a grade! In addition to direct feedback, Google gave me a percentage score out of 100 based on how well it thinks I did. I typically fare much better with Spanish than Hindi, but it's only my first day trying the latter after all.

Maybe after Google rolls out the feature a bit more, I'll get more of the advertised experience here. But even in its current form, this is a useful tool. I look forward to Google expanding the supported languages here, but, for now, anyone looking to learn Spanish or Hindi may find a boost with this feature—assuming it appears on your device.


from Lifehacker https://ift.tt/yPvqBmc