The Latest

We may earn a commission from links on this page.

Last week, Chinese tech firm Bigme teased an intriguing new addition to its lineup of e-readers and digital notebooks: the "world's first" dual-screen smartphone, with both an e-ink and an LCD display on opposite sides of the device. I thought I had a pretty good idea of how that might work—but now, Bigme has revealed what the "Hibreak Dual" will actually look like, and it's definitely not what I was expecting. Seeing it actually made me laugh out loud.

The e-ink side of the phone looks exactly like I anticipated, offering a 6.13-inch, 300 PPI black-and-white/150 PPI color e-ink display not unlike the one on the Boox Palma 2 Pro or Bigme's own Hibreak Pro Color. It does support stylus input, which I wasn't expecting, but instead of the full-screen rear LCD screen I was expecting, the back of the device has a tiny, circular touchscreen that looks like nothing so much as a porthole on a submarine.

Product image of the HibreakDual
Credit: Bigme

You're probably wondering why this thing exists, or why anyone would buy it. I don't know either.

The product page on the Bigme website describes the 360x360 circular LCD as a "secondary screen" intended for notifications, music, or checking the time—three things you can do right from the lock screen on most any Android-enabled touchscreen device, but e-ink displays are either on or off, so the additional utility does make a certain sort of sense. But people who opt for an e-ink smartphone are typically looking for fewer distractions, so I can't imagine many of them want a phone that will still be pinging them with alerts, only on a tiny, awkward screen that's too small to read easily. Is anyone nostalgic for the days of the nigh-illegible display on the front of the Motorola Razr?

A vintage Motorola Razr showingthe small front LCD
Credit: Velimir Zeland/Shutterstock

Even Bigme seems slightly confused about why it designed this thing. In a promotional video, you can watch a model awkwardly interacting with the circular LCD, snapping selfies and watching vertical videos with big black bars on either side. Stretching for utility, the video also touts that you can use this second screen to snap a photo of your pet. Layer a chatbot over it, and you can create your own "AI pet." Sure, Jan.

In response to incredulous comments on the r/Bigme Reddit (typical response: "This can't be more disappointing") the company attempted a justification: "This product combines an e-ink main screen with an LCD subscreen [supporting] functions like viewing images, watching videos, [and] receiving call reminders...This design keeps you in an eye-friendly experience while using the LCD functions that e-ink alone handles less effectively." Recognizing the reality didn't quite match up to what people were expecting, the company did add that it has "heard your requests for a full-screen dual e-ink and LCD phone (both displays large)" and it will "include that in our future product planning."

I'm really not sure why Bigme needed help arriving at this conclusion, but here we are.

If you actually want to buy the Hibreak Dual, you have a lot of options

Let it not be said that Bigme is going at this half-assed: The company is launching the Hibreak Dual in eight different configurations. You can preorder it with a black-and-white or color e-ink screen, choose between 8GB or 12GB of RAM and 128GB or 256GB of storage, and buy it with or without a stylus and a case. Prices range from $519 on the low end to $689 fully tricked out. (For comparison's sake, the Bigme Hibreak Pro Color—without the porthole LCD or stylus support—is on sale for $489 on Amazon.

Once you get past the bizarre design choices, the Hibreak Dual has pretty standard specs for an e-ink phone: 5G dual-sim, outdated Android 14 OS, the aforementioned storage and RAM options, a generic "octacore" 2.6GHz processor, a 4,500mAh battery, a 5MP selfie camera, and a 20MP rear camera. I don't know why I bothered to tell you that though. You probably aren't going to buy it.

(I'm still laughing. Why is it a circle?)


from Lifehacker https://ift.tt/vjurgRB

We may earn a commission from links on this page.

Apple's product lineup is not small: The company makes smartphones, tablets, computers, headphones, and smart watches, among many others. But aside from the Vision Pro, it's a bit late to break into the headset and smart glasses market—while other companies, namely Meta, have pushed full steam ahead on their own smart wearable tech. But as anyone following tech rumors may know, Apple is working on its own smart glasses—four glasses, in fact.

In the latest edition of his Power On newsletter, Bloomberg's Mark Gurman asserts that Apple is working on not just one design for its upcoming smart glasses, but four. According to Gurman, there are two main designs, which each offer slimmer or smaller variant. They include the following:

Gurman says that all four models will use acetate, rather than plastic, which may make the glasses more "durable and luxurious" than similar options from other companies. The company is planning on a number of finishes and color options, and may include black, ocean blue, and light brown. The goal here is to design something "instantly recognizable," a concept Apple calls "the icon," according to Gurman. Think Apple's AirPods, Apple Watch: These products don't really look like anything else on the market, so when you see them, you know right away what they are and who makes them. Rather than develop smart glasses that look like any others, like Meta Ray-Bans, the company wants you to know those are Apple glasses you're seeing.

Functionally, Apple's smart glasses should be similar to Meta Ray-Bans: You'll be able to take photos and videos, sync with your iPhone, take phone calls, receive incoming notifications, listen to music, and chat with Siri hands-free: presumably, Apple's AI-powered assistant, assuming the company actually releases it with iOS 27. Gurman says the glasses will pair with Apple's upcoming AirPods and a new pendant device, both of which may come with embedded cameras for AI assistance.

My big question for Apple here is regarding privacy: Smart glasses aren't necessarily a privacy enthusiast's dream design, as they subtly embed cameras into the frames. You can walk around taking images and recording videos of people without their explicit knowledge, without attracting the same attention as you would holding up your smartphone. Gurman doesn't speak much to this point, though he does say Apple is taking a slightly different approach to the camera design than Meta: Apple's cameras may be vertical ovals with surrounding lights, as opposed to the Meta Ray-Bans' circular camera design.

While smart glasses are selling, I'm still skeptical they'll take off in the same way smartphones did. There are benefits to having a hands-free smart device in glasses form, but smartphones offer far more functionality—at least, at this time. Until we get to a point where AR technology makes heads-up displays for glasses as easy to use as an iPhone, I'm not sure people will adopt this technology en masse.


from Lifehacker https://ift.tt/HCem2BE

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The unlocked Samsung Galaxy S26 Ultra with 512GB of storage has dropped to $1,299 (originally $1,499), its lowest price so far, according to price-trackers. It is still a premium buy, but it is built for people who want one device to handle everything (for example, storing large photo libraries, recording video often, or using their phone for work tasks).

The phone runs Android 16 and uses the Snapdragon 8 Elite Gen 5 for Galaxy processor, so performance is not a concern. Apps open fast, games hold steady frame rates, and multitasking feels smooth even with heavier workloads, notes this PCMag review. The 6.9-inch display is sharp and gets bright enough for outdoor use, though reflections can be noticeable in direct light. It also includes the S Pen, which is useful for quick notes, photo edits, or marking up documents in a way most phones can’t match, though it does not sit completely flush, making it easier to knock loose.

The camera system is the main reason to consider it. It uses a 200MP primary sensor, backed by multiple telephoto and ultrawide lenses, which gives you flexibility for everything from close-ups to long zoom shots. Photos come out detailed and consistent, even in mixed lighting. Video is just as reliable, which makes it a good option if you shoot often and don’t want to carry a separate camera. There are also a few AI tools built in, like automatic edits and smarter search in photos, which save time without getting in the way. That said, the phone’s large camera module causes it to wobble on flat surfaces.

The new Privacy Display is the most noticeable change, and it is both useful and limiting—it makes the screen hard to read from the side, which helps in public places when handling sensitive information, but it also reduces brightness and color when active; and even with it turned off, viewing angles are reportedly weaker than other phones in this price range.

Our Best Editor-Vetted Tech Deals Right Now
Deals are selected by our commerce team

from Lifehacker https://ift.tt/Ye0yBvD

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Home security gear tends to get expensive fast, which is why this Blink bundle stands out on price alone. The Blink Video Doorbell + Outdoor 4 XR bundle has dropped to $64.99 (from $174.98), a 64% discount and the lowest price tracked so far, according to price trackers. In the box, you get a second-generation video doorbell, one Outdoor 4 camera, and the Sync Module XR that ties everything together. It’s a simple starter setup for anyone who wants to monitor both the front door and a second outdoor spot without piecing together separate components. Setup is designed to be straightforward, and the system runs on AA lithium batteries instead of a wired connection. Blink says you can get up to two years of battery life with the included Energizer cells, but real-life mileage depends on usage.

The doorbell offers a head-to-toe HD view, so you can see packages on the ground as well as people at the door. As for the Outdoor 4 camera, it streams in 1080p and adds infrared night vision and two-way audio, so you can check in after dark or speak through the app when you’re away. Motion alerts come through quickly thanks to dual-zone detection, though the more advanced alerts, like person detection, are locked behind a Blink subscription after the 30-day trial ends. Without that plan, you still get live view and basic motion clips, but less context around what triggered the alert. The Sync Module XR also helps if you need to place the outdoor camera farther from the house, reaching up to 400 feet in ideal conditions, though you may see some drop in video quality at that range (the doorbell doesn’t benefit from that extended range). Also, while its video quality is solid for casual monitoring, it is not as sharp or detailed as higher-end wired systems.

Our Best Editor-Vetted Tech Deals Right Now
Deals are selected by our commerce team

from Lifehacker https://ift.tt/riIEZSj

Financial fraud losses in the United States reached $16.6 billion in 2024, up from $4.2 billion in 2020. Behind those numbers is a structural problem: the teams responsible for stopping fraud, fraud investigators and cybersecurity analysts, have historically operated separately, using different tools, different terminology, and different mental models of how attacks unfold.

The MITRE Fight Fraud Framework, known as F3, is a behavior-based model designed to give both teams a common structure for describing, detecting, and disrupting fraud campaigns.

MITRE Fight Fraud Framework

A model built from observed fraud behavior

F3 organizes fraudster behavior into tactics and techniques drawn from real-world incidents. The tactics cover the full attack lifecycle: Reconnaissance, Resource Development, Initial Access, Defense Evasion, Positioning, Execution, and Monetization.

Two of those tactics, Positioning and Monetization, do not appear in MITRE ATT&CK, the established framework for cyberattack behavior. Positioning covers the adversary’s actions in a selected environment after gaining access, including collecting data or preparing for execution. Monetization covers converting stolen assets into usable funds or value. These additions reflect the financial end goal that distinguishes fraud from other cyberattacks.

Where a tactic or technique already exists in ATT&CK, F3 uses it directly with definitions modified for fraud-specific outcomes. Fraud-specific techniques that fall outside ATT&CK receive F1XXX-series designations to maintain compatibility with the broader ATT&CK schema.

What sets F3 apart from rule-based detection

Organizations currently rely on rule-based fraud detection systems that apply predefined conditions to transaction data and trigger decisions to approve, decline, or flag activity. F3 operates at a different level.

Speaking to Help Net Security, the MITRE CTID Research Team described the distinction: “F3 is a behavior-based model that maps how fraud occurs. It codifies fraud actors’ tactics and techniques across the full lifecycle, based on real-world incidents. In essence, F3 answers: ‘What is the adversary trying to achieve at this stage, and how do they typically do it?’ By doing so, it enables organizations to understand and describe complete fraud campaigns rather than isolated suspicious events.”

The team notes that F3 can inform and improve rule design by grounding detection logic in observed fraud behaviors and attack sequences. F3 itself does not score transactions or make enforcement decisions. Rules, heuristics, or machine learning models remain necessary to determine whether to allow, block, or escalate activity.

Bringing fraud and cyber teams together

The MITRE Fight Fraud Framework gives fraud analysts a way to describe incidents using consistent behaviors, gives cyber teams a structure for detecting and validating adversary techniques, and gives security leaders a basis for assessing risk tied to how fraud actually unfolds.

The MITRE CTID Research Team outlines a practical path for organizations starting to use the framework: “Integrate fraud and cybersecurity teams. Bring fraud investigators and cyber analysts together through shared workflows, collaboration, and joint analysis to strengthen detection and response capabilities. Document incidents and trends using MITRE F3. Use the MITRE F3 framework to standardize how fraud scenarios, techniques, and patterns are recorded. Map F3 techniques to data sources. Align documented F3 techniques with your organization’s data sources to better identify and monitor adversary behaviors.”

Design principles behind F3

Four principles guided the framework’s construction. Institutions must be able to observe the effects of a technique during the fraud incident. Every incident in F3 includes at least one digital or technological method, such as phishing, malware, or unauthorized access. Techniques describe the behavior of the adversary, focusing on distinct, observable actions rather than on entities or tools. Behaviors that appear in multiple concrete forms are captured as sub-techniques to keep the framework at a consistent level of abstraction.

These principles tie F3 to observable fraud behavior and keep it applicable to cyber threat intelligence, detection engineering, and security control design.

A living framework

F3 is designed to be updated continuously as new fraud schemes emerge and adversaries adapt their techniques. MITRE plans to add data sources for detecting fraudster techniques and recommended mitigations as the framework grows. Organizations can review the framework, suggest edits, prioritize future content, and contribute new techniques or refinements at the F3 website.


from Help Net Security https://ift.tt/GjQfrqy

In this Help Net Security interview, Archit Lohokare, CEO of AppViewX, explains how the rise of AI marked a turning point where machine and AI agent identities began converging into a single problem. Drawing on his experience across IBM and CyberArk, he describes the shift from human-driven systems to autonomous machines.

Lohokare also shares how AppViewX, together with Eos, is building a unified approach that combines CLM, PKI, and agentic governance to secure these identities.

AppViewX AI agent identity

You’ve gone from building CyberArk’s next-generation Identity Security Platform to founding Eos to now leading AppViewX. At what point did you recognize that machine identity and AI agent identity were converging into a single, unsolvable problem without a unified platform?

The realization came with the inflection point of AI adoption, specifically when tools like ChatGPT moved from novelty to enterprise reality. For the past two decades, enterprise digital transformation has been driven by humans using applications and infrastructure at scale. My work during that time, at IBM, Centrify, Idaptive and then CyberArk and beyond, was focused on solving the identity security challenges that emerged from that human-centric growth.

But with the rapid rise of AI, we’ve entered a fundamentally different era. The next step-function in productivity isn’t coming from more humans, it’s coming from machines and AI agents operating autonomously and at massive scale. That shift made something very clear to me: we’re no longer dealing with separate problems of machine identity and emerging AI identity. They are converging into a single, exponentially growing challenge, one that cannot be solved with platforms designed for human identity.

That was the moment of realization. The next generation of market-leading identity security platforms will be those purpose-built to secure machine and AI agent identities, not humans.

AppViewX already had traction in CLM and PKI. Eos brings agentic governance on top of that. Walk us through what the integration of these two layers looks like in practice for a security engineer sitting at a SOC console.

AppViewX already delivers deep discovery, governance, and compliance for machine identities through CLM, along with strong authentication via PKI.

Eos extends this with an agentic layer, bringing the same capabilities to AI agents. The challenge doesn’t change, but rather, it scales. Organizations now need to discover, govern, and secure not just certificates, but autonomous agents accessing resources.

For a security engineer, this becomes a unified control plane to:

  • Discover machine identities and AI agents
  • Enforce consistent governance and policy
  • Monitor, audit and control their access and behavior

The value is simplicity and consolidation: one platform to reduce identity and access management risk across both machines and AI agents as they rapidly scale.

You and Kashyap Ivaturi are co-founders stepping into the top two technology roles of an established company. How are you thinking about preserving the engineering culture that made Eos attractive in the first place while integrating into a larger organization?

At Eos, Kashyap was instrumental in building an AI-native development lifecycle (AI-DLC), leveraging tools like Claude Code, Figma Make, and other AI agents to dramatically accelerate innovation. What’s unique is that he’s done this across both small, high-velocity teams and large organizations of 500+ engineers, so he brings proven playbooks for scaling without losing that core culture.

Importantly, AppViewX was already on a similar path. Even before we stepped in, there were strong engineering pods experimenting with and adopting AI-driven development practices. So culturally, there’s a natural alignment rather than a forced integration.

Our focus isn’t to impose a new culture, but to amplify what’s already working. That means keeping teams small and empowered, doubling down on AI-native workflows, and creating shared platforms and guardrails that allow innovation to scale without adding unnecessary process.

Ultimately, the goal is to preserve the speed and creativity of Eos, while combining it with the scale and discipline of AppViewX, so we get the best of both worlds.

AI agents can spawn other agents, delegate privileges, and operate across trust boundaries in ways traditional workloads never did. Where do you see the most dangerous blindspot in how enterprises are currently governing this?

The biggest blind spot is that enterprises are still applying human and workload-centric identity models to something fundamentally different.

AI agents are dynamic, non-deterministic, and composite, they can spawn other agents, delegate privileges, and operate across trust boundaries. Yet most organizations still treat them like service accounts or API keys, with coarse, long-lived permissions and little visibility.

That creates a dangerous gap in identity, context, and accountability. Enterprises often don’t know which agent is acting, what it has access to, or how that access propagates.

The core issue is the lack of a unified control plane to govern identity, posture lifecycle, privilege, and behavior in real time. Until that exists, organizations will carry significant unseen risk as agentic systems scale.

Both IDC and KuppingerCole have recognized AppViewX in their leadership reports. Yet the machine identity management category is getting crowded fast, with CrowdStrike, Venafi, and others moving aggressively. What does AppViewX do that those players structurally cannot?

AppViewX is built as a purpose-driven, next-generation SaaS platform for machine identity lifecycle management, not an extension of an endpoint product or a legacy system.

Many newer entrants approach this space adjacently, treating machine identity as a feature to enhance visibility or detection. That limits how deeply they can manage the full lifecycle.

AppViewX is built on core primitives: discovery, issuance, governance, control, and compliance. The platform is designed to operate seamlessly across heterogeneous, vendor-neutral environments.

With the addition of AI agent identity through Eos, we now unify CLM, PKI, and agent governance under a single control plane. That’s not something you can easily retrofit into an endpoint or detection product, it requires a fundamentally different architecture, which is where we have a long-term advantage.


from Help Net Security https://ift.tt/y0O36K8

Trisquel GNU/Linux, a free operating system aimed at home users, small enterprises, and educational centers, released version 12.0. The release, codenamed Ecne, is declared production-ready and builds on the previous version, Aramo, with changes to packaging, the kernel, security, and available software.

Trisquel 12.0

APT 3.0 and repository format changes

Ecne ships with APT 3.0, which brings adoption of the deb822 repository format across all installation paths. The change covers the text-based netinstall, the graphical Ubiquity installer, and package-management tools including Synaptic. The deb822 format replaces the older repository format used in prior releases.

Kernel and installer work

The kernel remained, in the project’s own words, one of its biggest engineering challenges. For Ecne, the team focused on making kernel changes more modular, which substantially reduced breakage in the udeb components used during installation. Work on updating kernel-wedge is ongoing, with the project reporting it is well positioned to complete it.

AppArmor rules and LXDE

The team revised many AppArmor rules for graphical environments, extending security coverage for desktop use. The Trisquel Mini edition, which runs the LXDE desktop, received a significant number of upstream improvements. Ubuntu dropped LXDE from all its releases, leaving Trisquel as one of its primary maintained homes.

Browser choices

Ecne adds ungoogled-chromium and IceCat to its software offerings. Both join Abrowser, the distribution’s continuously maintained browser, giving users three web browsing options that meet the project’s free software requirements.

Backports repository

The backports repository continues to deliver applications in recent versions. The current list includes LibreOffice, yt-dlp, Inkscape, Nextcloud Desktop, Kdenlive, Tuba, 0 A.D., and fastfetch, among others.

Editions

Ecne ships in five editions. The default Trisquel edition uses MATE version 1.26.1 and does not require 3D graphics acceleration. Triskel offers KDE Plasma version 5.27 for users who want detailed control over the desktop environment. Trisquel Mini runs LXDE version 0.99.2 and targets netbooks, older computers, and users with low resource requirements. Trisquel Sugar, also called Trisquel On A Sugar Toast (TOAST), is based on the Sugar learning platform version 0.121 and includes educational activities for children. A network installer image rounds out the lineup, suited to servers and advanced users who want a command-line installation.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!


from Help Net Security https://ift.tt/x57wgjq