The Latest

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Prime Day is long gone, but there are still deals that are meeting (or even exceeding) those Prime Day prices. One of those is this massive 100-inch TV, the Hisense U76N, which you can get for $1,399.99 (originally $1,898). This price beats its Prime Day discount, according to price tracking tools. For context, this TV was $2,300 (down from $3,000) during last year's Memorial Day sale.

100-inch TVs are huge, and usually come with a similar-sized price tag. There is also not a lot of competition for QLEDs at that exact size, since not many companies make them. But if you know when and where to look, you can score one for cheaper. The U76N is a good example, offering great value for its size and specs. It has 4K resolution, Dolby Vision compatibility (as well as HDR10+, HDR10, HLG), Dolby Atmos support, full array local dimming, and it comes with the Google OS. It's my favorite because you can easily cast your phone (Android or iOS) or computer into it, plus, the performance is fast and crisp.

This TV was announced at CES 2024, so it's at that sweet Goldilocks place where it's already seeing great discounts, but it's still a recent model with up-to-date tech. As mentioned, there aren't a lot of QLEDs at the 100-inch size with vibrant colors, deep blacks, and rich contrast like this under $1,400. It's also suitable for gaming, with its 120Hz or 144Hz refresh rates, including FreeSync Premium Pro and Dolby Vision gaming. Keep in mind, though, the speakers for the TV aren't great—like most TVs, you'll at least want to invest in a soundbar and a subwoofer.


from Lifehacker https://ift.tt/Zengaxi

Most of us use our devices as the companies and developers who make them intend, waiting around for the latest operating system to be pushed out to the general public before upgrading. That's the safe bet: The features that ship with an OS like Android are have generally been workshopped and tested to death, so they will (hopefully) run as they should.

But not all users experience their tech this way. Some of us like to run betas—versions of the software that are not yet finished. Betas allow developers (or the merely curious) to test new features and changes with a smaller pool of users so they can iron out any bugs or glitches before they make it to the general public. It's not necessarily the safest software to run on your devices—since it's unfinished, you run the risk of experiencing instability and data loss—but it can be a good way to add some novelty (and functionality) to your otherwise vanilla tech.

But betas aren't even the only way to experience new features early. Depending on the company you made your device, betas might actually be a halfway point between testing and shipping a piece of software. You might hear pre-beta software referred to as "alpha" or "canary:" essentially, it means software that's fresh out of development, and in the earliest stages of testing. In short, being on the cutting edge of software means accepting the biggest risks of instability.

Android's Canary release channel gives you earliest access

If you have an Android device, this earliest testing experience is known as the Canary release channel. It's a pretty new option, at least at the time of writing, as Android only announced it on July 10. It's intended for developers to test their apps with upcoming versions of Android well in advance.

Technically, the Canary release channel replaces another early access model: the Developer Preview. Like the Canary release channel, Developer Previews were designed for developers (though anyone with the know-how could install them) to access the earliest possible versions of new Android features. However, there have been some major changes. Developer Previews did not have a release channel, which meant you had to manually "flash" the software any time a new Android version cycle started. Plus, once Android released a beta for a given software version, the Developer Preview would no longer be available.

The Canary release channel changes that. Once you flash the Android Canary release channel, you can install new updates like any other software via over-the-air (OTA) updates. But just because Android makes it easy, that doesn't mean you should try it.

Is using the Canary release channel safe?

There's a reason Android aims the Canary channel at developers only: This is early-stage software that hasn't gone through the rigorous testing you might be used to as an end-user. It hasn't even gone through the initial debugging that beta testers are used to. This software is nearly brand new, having only completed a short test with internal users, and might ship with issues that are not only annoying, but hinder or prevent your use of Android entirely. Android specifically warns this is not software meant for your primary device.

If you're willing to take on those risks, more power to you. The benefit of the Canary channel is not only trying out new features, but also experiencing changes that might not even make it to the official Android build. But it does come with significant risks. If you want to test features early while mitigating some (but not all) of those risks, the beta program might be more your speed.

Whether you choose to flash the Canary channel, or enroll in the beta program, make sure your data is backed up somewhere safe. If something goes horribly wrong with your unfinished software, you'll want to ensure photos, messages, and any other important data are safely secured elsewhere.

How to run the Canary channel on your Pixel

To start, make sure your Pixel device is in Developer Mode. You can enable this by heading to Settings > About phone and tapping Build number seven times. Then, head to System > Developer options and enable both OEM unlocking and USB debugging.

Now, plug your Pixel into your computer, then head to the Android Flash Tool. Click Get Started, then choose Allow ADB access when prompted. Next, choose Add new device, pick your Pixel from the list, and click Connect. On your Pixel, choose Always allow from this computer then select OK. Choose the device in your browser, then find the most up-to-date Canary build in the Flash Tool. Once flashed, choose Install. Wait until you see Flash Complete, at which point you're safe to disconnect.


from Lifehacker https://ift.tt/sEHhUgV

We may earn a commission from links on this page.

As someone who has completed six marathons and maintains a regular running schedule, I approached the Merach mini stepper with healthy skepticism. The device has exploded across social media platforms, particularly TikTok, where creators claim it's a game-changer for leg strength, cardiovascular health, and overall fitness. After seeing countless videos promising dramatic transformations, I decided to give it a fair 90-day trial.

My goal wasn't to replace my primary training routine, but to evaluate the stepper's utility as an anti-sedentary tool—which is what I label it in my initial review—and determine whether consistent use could perhaps provide meaningful benefits. Having spent years understanding firsthand how the body adapts to training, I wanted to see if this compact device could actually deliver on any its viral promises.

90 days of stepping to nowhere

The Merach mini stepper is a straightforward piece of equipment: two foot pedals connected by hydraulic resistance cylinders, with adjustable tension and a simple step counter. Assembly takes fewer than 15 minutes, and the device feels sturdy despite its lightweight construction.

To get started, this mini stepper has two main modes: stepping up-and-down or twisting side-to-side. When the lever is down, as shown in the photo below, you're set to twist. This twisting motion feels less like a stair climber, and more like you're trying to ski. I know I feel it more in my glutes to keep myself stable during this movement.

The Merach mini stepper settings.
Push the lever down to twist side to side. Credit: Meredith Dietz

When the lever is up as shown here, you can step up and down. This feels more like climbing stairs, and is definitely the choice for a more familiar motion.

The Merach mini stepper settings.
Pull the lever up to go up and down. Credit: Meredith Dietz

I also clipped on my resistance bands to engage my arms. Aside from this bicep action, there's no resistance mechanism beyond your own bodyweight for the stepping itself. This means the difficulty—and potential for gains—is entirely dependent on how fast and forcefully you move. I really gave this stepper a fair shot with my attempts at intensity, but there's simply a lower ceiling on gains compared to something like the stair climber at your gym.

I established a consistent routine: 20-30 minutes of stepping daily, typically while working at my desk or watching television. The stepping motion definitely activates the lower body muscles continuously and elevates heart rate modestly. According to my Garmin watch, I even got up to 140 bpm at times, indicating a moderately intense workout. (My watch is Forerunner 165 Music, which I'm actively testing for a review coming soon.)

Ultimately, the mini stepper's promise of a "low impact" workout is accurate, but perhaps too accurate. My legs never felt particularly challenged. Here's a before/after photo of my calves in particular.

Before/after of calves.
Why is my left calf more defined than my right? Credit: Meredith Dietz

I know how much lighting can influence before/after images, so aimed for the same spot and same time of day, even wearing the same socks. The first photo was taken on May 16 and the second on July 16, 2025. In between these dates I did have to retire my ol' Brooks Ghost 16s last month, but I'm loving the Saucony Endorphin 5 Speeds on the right. As you can see, my muscles look pretty identical after 90 days of mini-stepping.

The reality check: At least I got my steps in?

Social media content around the mini stepper often includes dramatic before-and-after claims, promises of rapid leg transformation, and suggestions that 15-20 minutes daily will revolutionize your fitness. After three months of consistent use, these claims don't align with reality.

My number one complaint is the lack of resistance. While the stepping motion activated the calves, quadriceps, and glutes, this type of device is pretty insufficient to promote true gains or muscle development. The movement pattern is essentially a repetitive calf raise. It's not nothing, but after 90 days, I was bored out of my mind. Unlike running, which offers changing scenery and the possibility of running into that cute dog walker, or cycling, which provides the illusion of going somewhere, the mini stepper offers only the repetitive motion of stepping up and down.

Personally, I think my body had figured out the stepper's limited demands and responded with the physiological equivalent of a shrug. For fellow marathon runners and experienced athletes, the stepper offers minimal training benefit. However, for sedentary individuals seeking to increase daily movement, it no doubt provides a practical, low-barrier solution.

What I learned

Here's what the Amazon reviews don't tell you: The Merach mini stepper works as best it can, and that's the problem. It provides a low-impact, moderate-intensity cardio workout that's safe, accessible, and completely unremarkable. For someone recovering from injury or just starting their fitness journey, it's probably perfect. For anyone hoping to transform their legs into sculpted masterpieces, you're better off investing in a set of dumbbells.

If I were to recommend the mini stepper, I'd focus on the fact that my 90-day journey offered me a practical alternative to prolonged sitting. The device's quiet operation makes it suitable for use during work or while watching movies, which I think addresses one of the primary barriers to consistent exercise: finding the damn time. Plus, the stepper's compact size and portability are genuine advantages. It stores easily, requires no electricity, and can be used in small spaces.

The stepper never challenged me enough to create meaningful change. It never pushed me into that uncomfortable zone where adaptation and improvement happen. After 90 days of faithful stepping, my legs feel identical to how they felt on day one. But that's not necessarily the machine's fault. It's mine, for expecting a $44.99 piece of equipment to deliver what requires dedication, progressive overload, and probably a gym membership.

The Merach mini stepper is a perfectly adequate piece of equipment that does exactly what it claims to do. It's just not revolutionary, transformative, or particularly exciting. If you're looking for a low-commitment way to add some movement to your day while binge-watching Netflix, the stepper delivers. If you're hoping to transform your legs, you'll need to look elsewhere.


from Lifehacker https://ift.tt/X0p2ulC

Since WWDC 2025 in early June, the tech community has had its attention fixed on iOS 26. It makes sense: Like all major software updates, the new OS will ship with big new features and changes, but this year's changes are bigger than most, including Apple's "Liquid Glass" redesign. But despite the hoopla, iOS 26 isn't the next update coming to your iPhone (unless you install the beta, of course).

But even as Apple finalizes its big fall upgrade, it is subsequently working on a much smaller update that you'll likely see before iOS 26 hits your device: iOS 18.6.

Unlike iOS 26, iOS 18.6 will not change much about your overall iPhone experience. That's to be expected: This is the sixth major update to iOS 18, so there aren't many features left for Apple to add. In fact, the only new feature to ship with iOS 18.6 applies exclusively to users in the EU. Those users will find an updated experience when downloading apps and app marketplaces from the web. (EU law forced Apple to allow for this app "sideloading" process, while those of us outside Europe are still locked in to Apple's App Store.)

Instead of big swings, iOS 18.6 seems to be all about stability. Apple appears to be focused on squashing any existing bugs and glitches that haven't been addressed since iOS 18.5, the current version of the iPhone's software.

How to try iOS 18.6 early

As of this piece, iOS 18.6 is on its third beta. As such, it's not clear when Apple plans to formally release the update, but it'll likely arrive before the fall, when the company plans to ship iOS 26 to the general public.

You can try out iOS 18.6 right now, if you want to, though be aware you probably won't notice anything new. If you enroll your Apple Account with Apple's beta program, you'll see the iOS 18.6 beta in Settings > General > Software Update > Beta Updates. Just be aware that, since this is a beta, you run the risk the software will contain bugs and glitches—even if this update is meant to squash them.

The real beta to focus on, of course, is iOS 26. Apple is expected to release the first public beta for this update next week, and when they do, you'll see this update alongside the iOS 18.6 beta.


from Lifehacker https://ift.tt/vbrKkdh

Unknown intruders are targeting fully patched end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances and deploying a novel, persistent backdoor / rootkit, analysts with Google’s Threat Intelligence Group (GTIG) have warned.

The analysts say UNC6148 – as they dubbed the threat group – is likely financially motivated.

SonicWall SMA backdoor rootkit

“An organization targeted by UNC6148 in May 2025 was posted to the ‘World Leaks’ data leak site (DLS) in June 2025, and UNC6148 activity overlaps with publicly reported SonicWall exploitation from late 2023 and early 2024 that has been publicly linked to the deployment of Abyss-branded ransomware (tracked by GTIG as VSOCIETY),” they noted.

SonicWall appliances saddled with malware

In this latest campaign, UNC6148 leveraged compromised local administrator credentials and possibly an unknown zero-day remote code execution vulnerability to deploy the OVERSTEP backdoor.

Google’s investigators have been unable to pinpoint how the attackers managed to obtain the admin credentials they used in the attack. It’s possible that they sourced them from infostealer logs or credential marketplaces, the GTIG experts noted, but it’s more likely that they’ve leveraged a known vulnerability prior to the targeted SMA appliance being updated to the latest firmware version.

(Which specific vulnerability was exploited for this part of the attack is currently unknown, though some have been mentioned as possibly used: CVE-2021-20035, CVE-2021-20039, CVE-2024-38475, or CVE-2025-32819.)

The attackers exfiltrated the credentials back in January 2025, and used them in June 2025 to establish an SSL VPN session to the targeted SMA appliance, then spawned a reverse shell – something that was deemed impossible due to how the appliances are designed.

Google’s incident response arm Madiant and the SonicWall Product Security Incident Response Team (PSIRT) still don’t know how the attackers established this reverse shell, and posit that the action was made possible by exploiting an unknown vulnerability.

Through the reverse shell, the threat actors:

  • Performed reconnaissance
  • Performed file manipulation
  • Exported settings from the SMA appliance, (apparently) modified them to include new rules for their infrastructure to ensure uninterrupted operations, and imported them back to the SMA appliance
  • Deployed the OVERSTEP backdoor
  • Assured the backdoor’s persistence by hiding a file and modifying another legitimate file on the system

“Once the deployment of OVERSTEP was complete, the threat actor cleared the system logs and rebooted the firewall to trigger the execution of OVERSTEP. The changes [made] meant that whenever the appliance was rebooted, the OVERSTEP binary would be loaded into the running filesystem on the appliance,” the analysts explained.

Have your SonicWall devices been compromised?

The OVERSTEP backdoor:

  • Hijacks standard API functions
  • Establishes a reverse shell
  • Exfiltrates passwords from the compromised host
  • Implements usermode rootkit capabilities and attempts to delete select entries from log files to hide its presence and its components
  • Receives commands embedded within web requests

The malware’s capabilities allowed the attackers to hide what (if anything) they did on the system after they compromised the appliance.

“The primary risk stems from OVERSTEP’s functionality to steal sensitive files. Its ability to exfiltrate the persist.db database and certificate files from the /etc/EasyAccess/var/cert directory gives the attacker credentials, OTP seeds, and certificates. While we did not directly observe the weaponization of this stolen data, it creates a clear path for persistent access,” the analysts said.

They’ve shared host and network-based indicators of compromise (IoCs) related to this campaing and urged defenders to analyze disk images and peripheral log sources for signs of compromise.

“If evidence of compromise is detected, organizations should take immediate steps to contain the threat,” they noted, and advised isolating the appliance(s), preserving disk images and telemetry for a full forensic investigation and, if needed, calling in incident responders to help with the investigation.

Finally, they should consider all user credentials and certificates with private keys stored on the appliance compromised, and should reset / revoke / reissue them.

SonicWall comments

“SonicWall is aware of the recent report by Google Threat Intelligence Group (GTIG) identifying an active campaign targeting SMA 100 series appliances. We’ve been working closely with GTIG throughout this process and appreciate their responsible disclosure and continued partnership in protecting customers and the broader security community,” a SonicWall representative told Help Net Security.

“In response to the evolving threat landscape—and in alignment with our commitment to transparency and customer protection—SonicWall will accelerate the end-of-support date for the SMA 100 series from October 1, 2027, to December 31, 2025. The SMA 100 has already reached end-of-sale status, as reflected in our Product Lifecycle Table, and this update aligns with our long-term strategy and industry direction.”

They also noted that SonicWall has been actively guiding customers toward more modern, secure solutions such (e.g. the Cloud Secure Edge service and the SMA 1000 series), and that detailed migration guidance to SonicWall’s Zero Trust solutions will be shared with customers and partners in the coming weeks.

“We understand that not all customers have transitioned yet, and we remain committed to supporting existing SMA 100 deployments with firmware updates throughout the remaining lifecycle. These updates may become more frequent as we prioritize risk mitigation and the ongoing protection of our user base,” they added.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!


from Help Net Security https://ift.tt/TkW7Zah

If using your iPhone as your car's key seems like the future, you haven't been living in the present. There are a number of car brands that support digital keys in general, some of which have included the option on all models released since 2020. Apple's Wallet app supports the feature, and has for about five years now, but adoption has been relatively slow—although it's soon to pick up.

How Apple Wallet's car keys work

If your car supports car keys through the Wallet app on iPhone or Apple Watch, you'll be able to control your vehicle in three different ways—depending on the model. Some cars let you lock, unlock, and start your car with "passive entry": As you approach your car with your device, it will lock; once inside, you can start it; and as you leave your car with your device, it locks.

Other cars support a "proximity" version of this feature instead. In that case, you hold up your device to a sensor on the door to lock or unlock it. Then, you hold your device to a key reader to start the car.

Finally, there's the remote option, which lets you lock, unlock, or start your car from the Wallet app itself.

You can learn more about how to set up the feature from our guide here.

Cars that already support car keys in Apple Wallet

Apple doesn't make it easy to find official stats on the cars that support Wallet's car key feature at this time. Where you'll find that info is in Apple's list of CarPlay-compatible cars. Apple says there are "more than 800 models to choose from," but that's just as far as CarPlay is concerned. Cars that support Wallet's car keys have a key icon next to their name, which requires you to scroll through the entire list of 800+ cars to identify them all. From my scrolling, that includes the following:

BMW

  • 2021 - 2024 1 Series

  • 2021 - 2024 2 Series

  • 2021 - 2024 3 Series

  • 2021 - 2024 4 Series

  • 2021 - 2024 5 Series

  • 2021 - 2024 6 Series

  • 2021 - 2024 8 Series

  • 2021 - 2024 X5

  • 2021 - 2024 X6

  • 2021 - 2024 X7

  • 2021 - 2024 X5 M

  • 2021 - 2024 X6 M

  • 2021 - 2024 Z4

  • 2022 - 2024 i4

  • 2022 - 2024 iX

  • 2022 - 2024 iX1

  • 2022 - 2024 iX3

  • 2023 i3

  • 2023 - 2024 i7

  • 2024 i5

BYD

  • 2022 - 2024 HAN

Genesis

  • 2023 - 2024 GV60

  • 2023 - 2024 G90

  • 2024 G70

Hyundai

  • 2023 - 2024 Palisade

  • 2023 - 2024 IONIQ 6

Kia

  • 2023 - 2024 Telluride

  • 2023 - 2024 Niro

  • 2024 Seltos

  • 2024 EV9

Lotus

  • 2024 Eletre

  • 2024 Emeya

Mercedes-Benz

  • 2024 E‑Class

RAM

  • 2025 RAM 1500

Vehicles that will support Apple Wallet car keys "soon"

Apple lists a number of new vehicle brands that will adopt this digital key feature "soon." Unfortunately, there isn't a set timeline here, but at least we know which brands are coming next. In all, there are 13:

  • Acura

  • Cadillac

  • Chery

  • Chevrolet

  • GMC

  • Hongqi

  • Lucid

  • Porsche

  • Rivian

  • Smart

  • Tata

  • Voyah

  • WEY


from Lifehacker https://ift.tt/h7jUuDz

Seems like an old system system that predates any care about security:

The flaw has to do with the protocol used in a train system known as the End-of-Train and Head-of-Train. A Flashing Rear End Device (FRED), also known as an End-of-Train (EOT) device, is attached to the back of a train and sends data via radio signals to a corresponding device in the locomotive called the Head-of-Train (HOT). Commands can also be sent to the FRED to apply the brakes at the rear of the train.

These devices were first installed in the 1980s as a replacement for caboose cars, and unfortunately, they lack encryption and authentication protocols. Instead, the current system uses data packets sent between the front and back of a train that include a simple BCH checksum to detect errors or interference. But now, the CISA is warning that someone using a software-defined radio could potentially send fake data packets and interfere with train operations...


from Schneier on Security https://ift.tt/mtpb4ye