The Latest

You've got all kinds of options when it comes to choosing how to communicate digitally with friends and family: not just dedicated messaging apps such as iMessage and WhatsApp, but also the DM features built into social media platforms like Instagram, Facebook, and Snapchat. Some of these apps put a lot of emphasis on security and privacy, with mentions of end-to-end encryption and disappearing messages (WhatsApp now lets you hide your phone number for example). For the ultimate in private messaging, though, there's an app you might not have heard of before.

Delta Chat is decentralized (so there's no one point of failure or control), open-source, end-to-end encrypted, and anonymous—you don't need to supply a phone number to get started. You can even message people who don't have the app. Here's what you need to know, and why you might want to make use of it.

How Delta Chat works

Delta Chat has been around for about a decade now, and started as a way to keep your messages out of the clutches of big tech companies. Over the years, it's added more and more features, become easier to use, and expanded to more platforms. There have also been some changes in the way Delta Chat works as a platform.

For much of Delta Chat's existence, it's worked through email: You signed up with your email address, and the chat app was essentially a wrapper for certain conversations in your inbox. Much of the storage and infrastructure work was handled by your email provider of choice, and anyone with an email address could join in.

Now, though, Delta Chat provides an email address for you, and handles all of the necessary plumbing behind the scenes. Not only does this make the service more convenient, it means you don't need to reveal anything to use it—you won't be asked for a phone number, an email address, a name, or anything else.

Delta Chat
You don't have to give any personal details when creating an account. Credit: Lifehacker

That may sound like it leaves the service open to spam, but the encryption stops that: Essentially, no one can spam you without knowing your specific encryption key. Your address is a random string of characters that you can pass on to trusted contacts—there's no public directory of users, and no way of looking someone up.

There are plenty of the usual chat app features here: audio and video calls, group chats, read receipts, and the option to have your messages disappear after a certain amount of time. You can easily share files with contacts, and you can log in on multiple devices simultaneously.

Getting started with Delta Chat

You can start your Delta Chat journey through the desktop apps for Windows or macOS, or through the mobile apps for Android or iOS. As noted above, you don't need to provide any personal information to sign up for the service: Just tap or click Create new profile on the opening splash screen to begin.

The app will ask you for a username that your contacts will recognize you by, but it doesn't have to be your real name, and there's the option to add a profile picture as well. You are then taken to the main chat screen, though you won't have any chats yet—just a welcome message and a folder for your saved messages.

To add someone on Delta Chat, tap the QR code icon at the top (Android and desktop) or bottom (iOS) of the interface. Ask your prospective contact to scan this with Delta Chat on their own device, though there are also options if you're doing the scanning. You can also generate an invite link to paste into an email or another messaging app.

Delta Chat
The chat interface is a familiar one. Credit: Lifehacker

Everything works very much as you would expect once you're in the Delta Chat interface. Via a long press on mobile or a right-click on the desktop, you can find options for muting, pinning, and archiving specific conversations, while the new chat button (a plus icon on Android and the desktop; a pen-in-a-box icon on iOS) lets you start a new conversation or create a new group chat.

To get to the settings for an individual chat, tap the three dots (top right) on Android, tap the contact name at the top then the three dots (top right) on iOS, and click the three dots (top right) on the desktop. The options here let you set up disappearing messages, search through chats, and clear the conversation history, as well as muting and archiving.

There's a main settings screen, via the large cog icon on the desktop app interface, the three dots (top right) on Android, and the Settings tab on iOS. The options here include being able to set backgrounds for your chat, turn read receipts on and off, and configure the quality of shared media files.

Why pick Delta Chat over the competition?

There are all kinds of encrypted, secure chat apps out there, including WhatsApp and Signal—so what are the compelling reasons to pick Delta Chat instead? The fact that you don't have to offer any personal data is a big one: You don't need a phone number or an email address, and no one is going to find you (or spam you) unless you specifically decide to add them.

Then there's the decentralized aspect of it. Delta Chat's storage servers and nodes are spread out in several different locations, so one power outage or technical failure doesn't bring down the entire system. You can even host your Delta Chat data yourself, if you want.

Due to the email infrastructure underpinning Delta Chat, it's also harder to block and censor than something like Signal, and easier to get your messages exported out.

If you decide to give this app a go, there is the standard problem of trying to convince family and friends to install it too, on top of whatever they're already using—but you don't necessarily have to persuade your entire contacts list to join Delta Chat: It could work well as a private app for you and a handful of people closest to you.


from Lifehacker https://ift.tt/RptZGu3

Owners of the Flipper Zero, the pocket-sized wireless testing tool, spent recent weeks worried that its official firmware had gone quiet. Pavel Zhovner, CEO of Flipper Devices, moved to settle that concern with word that the company has set aside staff to keep the firmware maintained and to support outside contributions. The work will run under a fresh set of rules covering feature requests, code submissions, and testing.

Flipper Zero firmware development

How the quiet period began

The firmware reached a settled state in 2024. That release, stable firmware 1.0, arrived after the launch of the Apps Catalog and gave app developers a stabilized API and SDK. Developers could build against it without rebuilding their apps every month to keep up with API changes. Once the core was steady, Flipper Devices narrowed its firmware work to infrastructure upkeep and critical bug fixes, and turned its attention to new hardware.

A design limit drove much of that architecture. The device carries only 700 KB of flash memory for firmware, and the team hit that ceiling early. Their answer was dynamic app loading from the microSD card, which moved device functions, including core features, out of the firmware and into separate apps. That approach became the base of the 1.0 release.

What changed the plan

Community reaction pushed the company to revisit its stance.

“It’s genuinely moving that this project and everything we’ve built together matters to you. That’s why we’re ready to revisit some of our past decisions. We decided to allocate resources to continue supporting community contributions, but with a new approach,” Zhovner wrote.

Async contact through GitHub

Communication with the development team now runs through GitHub Discussions. Users can post concrete feature requests, formatted to a set template, and vote on the ones they want built. The team has committed to reviewing the requests that gather the most votes on a weekly cycle. Abstract questions, general talk, and help requests move to Discord, Reddit, and social media.

The company disabled direct messages on its social accounts some time ago, once the user base crossed one million. The number of incoming requests had made real-time contact unworkable, and niche asks blended into broad demand with no way to sort one from another. Voting gives the team a signal about what a wider group of users wants prioritized.

Tighter code review

Pull request review gets stricter under an updated contribution guide. Extra scrutiny goes to AI-generated code that touches low-level libraries and proves hard to verify, and to changes that alter the device interface and call for documentation edits. The QA team’s integration test cases are now public, and every firmware change will need to pass them. Flipper Devices plans to bring community members into part of the regression testing.
Submissions to the Apps Catalog continue under the existing process.

Must read:


from Help Net Security https://ift.tt/dWOBSbK

Payment fraud is becoming more organized as criminal groups use fake websites, large-scale operations, and, in some cases, forced labor to steal money and personal information. Advances in agentic AI could automate many stages of payment fraud, from collecting and assembling stolen credentials to deploying password-cracking tools.

key payment fraud trends

What kind of payment fraud concerns you most? (Source: Capco)

CAPCO’s “US Payment Fraud Survey” found that consumers increasingly value fraud protection when choosing payment providers. Security was one of the most important factors for 63% of respondents, and 50% selected advanced fraud protection. Both ranked ahead of customer service, transaction speed, brand reputation, and rewards.

“Payment fraud in the US is becoming more organized, automated and sophisticated, with scammers increasing their use of modern technologies and AI-enabled tools. Our US Payment Fraud survey highlights the value consumers put on security and advanced fraud protection, as well as their concerns about key defenses including some forms of biometric authentication,” said Matthew Cohn, Partner & US Head of Banking & Payments at Capco.

Account takeover fraud

Account takeover remains one of the most common payment fraud threats. Attackers use stolen credentials to gain access to bank accounts, transfer funds, open credit accounts, or create mule accounts. They obtain credentials through phishing campaigns, data breaches, dark web marketplaces, and information people share online.

35% of respondents ranked account takeover as one of their top payment fraud concerns, and 25% of those who experienced an attempted payment fraud said someone tried to take over their account.

Defenses such as passwords, security questions, and some forms of MFA are becoming less effective as criminals use AI to improve phishing campaigns and automate credential theft.

Deepfake technology is increasing the risk for voice and facial biometric authentication. Eighty-nine percent of respondents said they were concerned that personal information available online could help attackers impersonate them or answer security questions.

Why APP fraud keeps growing

Authorized push payment (APP) fraud has become one of the fastest-growing payment fraud threats because victims authorize the transaction after scammers manipulate them. Attackers impersonate bank employees, government agencies, company representatives, or family members to convince victims that their money is at risk or that an urgent payment is required.

Scams begin with a text message, email, or phone call before escalating into conversations designed to build trust and create a sense of urgency.

AI-generated audio, video, and other content are making these impersonation scams more convincing and easier to scale. Criminals are exploring ways to make fraudulent transactions appear legitimate by creating the impression that customers authorized the payment.

Card fraud moves to digital channels

Payment card fraud increasingly relies on stolen card numbers and personal information. Criminals obtain payment data through phishing campaigns, fake websites, skimming attacks, compromised payment terminals, and dark web marketplaces. They then use the stolen credentials to make online purchases or add cards to digital wallets.

More than 90% of credit card fraud involves cards that remain in the owner’s possession. The continued growth of ecommerce and online payment data storage has expanded opportunities for card fraud.

Card and card data theft was the payment fraud concern cited most often by survey respondents, with 46% selecting it. One-third of respondents who experienced an attempted payment fraud said it involved card or card data theft.

Website skimming and automated card credential testing are becoming more common. North America accounted for 51% of global website skimming detections.

“Fraudsters are selling data, services and tools to each other as they build an AI-enabled criminal industry on a global scale. To strengthen defenses and preserve consumer trust, banks and other payment institutions must adopt a coordinated stance across each enterprise, the wider financial sector and other relevant industries,” said Gregg Henzel, Managing Principal, US Financial Crime, Risk, Regulation and Finance at Capco.

Criminals create synthetic identities at scale

Identity fraud allows criminals to open bank accounts, apply for loans, and obtain credit using stolen personal information. Synthetic identity fraud goes a step further by combining real and fabricated information to create new identities.

The share of newly opened bank credit card accounts linked to synthetic identities more than doubled between mid-2021 and mid-2024. Auto lenders carried an estimated $2 billion in synthetic identity debt by mid-2024. Criminal groups are using AI to combine stolen credentials, create convincing documents, and bypass liveness checks during identity verification.

Insider fraud expands the attack surface

Insider fraud remains a significant payment fraud risk because employees and contractors can abuse their access to systems and customer data or help external attackers bypass security controls. Insiders may steal money or credentials, share sensitive information with criminal groups, override fraud controls, or expose organizations through negligence.

Third-party providers can expand the attack surface, making third-party risk management an important part of insider fraud prevention.


from Help Net Security https://ift.tt/zD9WbvO

Open source antivirus scanning sits inside mail gateways, file upload checks, and endpoint tooling at organizations of every size. Much of that work runs through ClamAV, the scanning engine maintained by Cisco’s Talos group. The project released two patch versions, 1.5.3 and 1.4.5, carrying fixes for seven security flaws along with smaller hardening changes.

ClamAV security patch

Packer and PE parsing flaws

Most of the patched bugs sit in the code that unpacks and parses executable formats, the part of a scanner built to handle hostile input. CVE-2026-20213 is an integer overflow in the PE rebuild size calculation that a malformed Aspack-packed file can trigger, leading to a heap buffer overflow write. The related CVE-2026-20214 covers an FSG unpacker loop underflow that can write past the section array during a scan of a crafted PE file. Both reach far back through the codebase, with the FSG issue present in builds dating to 2004.

CVE-2026-20217 rounds out the PE group. A bug in the PESpin unpacker cleanup path could free pointers into the scanned file buffer and crash the scanner. That flaw has lived in the code since 2005.

Archive and image format bugs

Three more fixes address archive and disk-image handling. CVE-2026-20215 is a 7z parser substream count overflow that can under-allocate parser metadata arrays and then write past them when reading a crafted archive. CVE-2026-20243 covers ALZ parser size handling errors that can make malformed ALZ archives panic, abort the scanner, or skip expected scan-limit handling. CVE-2026-20216 is an InstallShield archive extraction limit bypass that can write far more temporary data than intended and drain temporary storage.

The last parsing flaw, CVE-2026-20244, sits in the 32-bit DMG parser. A short mish stripe table could pass validation and crash the scanner. This one affects only 32-bit builds, going back to version 0.98.1, and leaves 64-bit builds untouched.

Quarantine race condition

The releases also harden the quarantine actions in clamscan, clamdscan, and clamonacc against time-of-check/time-of-use races. Under unsafe quarantine directory settings, those races could redirect files as the scanner copied, moved, or removed them. Hiroki Imai of Ricerca Security, Inc. reported the issue.

Version 1.5.3 adds a few items beyond 1.4.5. It upgrades the Rust tar dependency to resolve two RUSTSEC advisories and moves the Rust openssl dependency past CVE-2026-41676. Metadata preclass scans now run before the final scan verdict. A ClamOnAcc fix addresses hash bucket list corruption when two watched paths land in the same bucket. Both releases raise the minimum CMake version to 3.17 to repair Linux builds that link static dependencies against libcurl v8.21.0.

The release files are available on the GitHub release page, and through Docker Hub in Alpine and Debian containers.

Must read:

Subscribe to the Help Net Security ad-free monthly newsletter to stay informed on the essential open-source cybersecurity tools. Subscribe here!


from Help Net Security https://ift.tt/KkVT6g0

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Companies keep bolting AI onto their products, and the security bill is coming due
Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than anything else. The figures come from Cobalt’s AI and Pentesting Pulse Report 2026, built on five years of penetration testing data and a survey of 455 security leaders and practitioners.

DarkMoon: Open-source AI pentesting platform
Penetration testing relies on skilled specialists who spend days probing networks and web applications by hand. Engagements often take weeks, cost thousands of dollars per day, and produce results that vary by tester. AI-driven automation aims to streamline the process. DarkMoon, an open-source platform, uses AI agents to plan and execute security assessments from start to finish, delivering an evidence-backed report at the end.

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin
Phones and laptops include built-in wireless file-sharing features such as Apple’s AirDrop and Google and Samsung’s Quick Share. These services automatically communicate with nearby devices, even if they have never connected before, and are used on more than five billion devices worldwide. Researchers at the CISPA Helmholtz Center for Information Security identified six vulnerabilities affecting AirDrop and Quick Share across macOS, iOS, Android, and Windows.

AI-generated code risks reach security, legal, and compliance teams
Most engineering organizations write code with AI, and a good number of them keep that code away from customers. A Flux survey of engineering leaders and practitioners found that nearly half run AI-generated code in production. Almost every company in the sample uses AI somewhere in development, with under 5% reporting no plans to adopt it within a year.

Nika: Open-source code analysis tool
Many web application vulnerabilities span multiple files, making them difficult for scanners that analyze one file at a time to detect. Nika, an open-source tool from PhonePe, works on that problem by performing cross-file taint analysis in Java microservices, tracing untrusted input across application layers to identify security-sensitive operations.

The endpoint recovery gap many teams discover during an incident
In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once.

Mozilla warns of indirect prompt injection risk in AI coding agents
A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions the developer never explicitly authorized.

JSP webshells being dropped on unpatched PTC Windchill instances
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog.

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,” BlackPoint Cyber’s researchers discovered.

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)
Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday.

What a financial planner taught me about cybersecurity
When Brian Honan spoke at a recent cybersecurity awareness event for financial planners and tax advisors, the audience was highly engaged with the subject. As happens at conferences around the world, people often approach speakers to ask follow-up questions or share their feedback on the presentation. This time, what struck Honan was how many attendees said they had been scared by what they heard during his talk.

Geopolitical cyber threats are turning HR into a security front line
In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted your company before.

Getting boards to fund ERM means speaking their currency
In this Help Net Security video, Greg Young, VP Cybersecurity and Corporate Development at TrendAI, explains how to build Enterprise Risk Management that a board will pay for.

Sycophantic chatbots and the harms that build over many chats
People use AI chatbots for company, advice, and emotional support, and these systems respond in ways designed to hold their attention. Researchers describe the resulting risks as affective safety, harms that arise because humans are emotional beings and AI engages directly with those emotions. The damage can occur during normal use, as systems optimize for the goals set by their developers.

Half the defense base still builds security around compliance
CMMC requirements are appearing in defense contracts and moving down through supplier networks to thousands of companies new to this kind of compliance work. Many run on limited budgets with lean security teams. The picture comes from nearly 900 defense contractors, C3PAOs, federal suppliers, and cybersecurity professionals who attended the 2026 Secureframe National Cybersecurity Summit.

WSL containers now build and run Linux workloads on Windows
Containers power many cloud-native applications, AI workloads, and testing and deployment pipelines. Windows developers have long relied on third-party software to build and run them. WSL containers make that step optional. Introduced at Microsoft Build 2026, the feature is now available in public preview with Windows Subsystem for Linux version 2.9.3. Users can install it with wsl --update --pre-release or by downloading the pre-release build from GitHub.

Kali Linux 2026.2 trims VM boot times, refreshes its desktops
Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large enough to slow the early stages of startup, and few virtual machines need it.

This supercomputer encrypts your data even while it’s running it
Sensitive data is typically encrypted when stored and transmitted, but not while it is being processed in memory, leaving it exposed to anyone with sufficient system access. Researchers at the University of Cologne developed a supercomputer called RAMSES that closes this gap by keeping data encrypted even during processing.

The ARToken phishing panel targets Microsoft 365 accounts
U.S. companies are being targeted with phishing emails that impersonate trusted vendors and appear to be routine invoice inquiries. According to Cisco Talos, the campaign is linked to EvilTokens, a phishing-as-a-service platform that earlier this year operated across hundreds of Cloudflare Workers domains.

What the AI patch gap means for enterprise security
Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source code paths and routed verified findings to the projects that own them. Tuskira studied what happens to those findings once they reach human hands.

Catching ransomware on the wire before it locks the file server
Corporate networks store sensitive data on shared servers accessed through mapped drives, making them prime ransomware targets. A compromised workstation can encrypt remote files over Server Message Block (SMB) traffic, while endpoint security tools often see only part of the attack. Researchers at La Trobe University developed a network-based framework that detects ransomware by analyzing SMB traffic patterns.

Non-interactive SSH attacks dominate after login
Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. The usual assumption is that an attacker eventually breaks in, opens a shell, and starts running commands. Data collected from 11 research honeypots suggests a very different reality.

Most teams accept higher risk for faster AI database work
Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled in a year, climbing from 15% to 44% of organizations, according to Redgate’s 2026 State of the Database Landscape report.

GPT-5.6 gets better at cybersecurity
OpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the flagship model, Terra as a balanced option, and Luna as the fastest and most cost-efficient model. The rollout is being coordinated with the U.S. government before expanding to ChatGPT, Codex, and API users in the coming weeks.

Hottest cybersecurity open-source tools of the month: June 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings.

Vulnerability reports are arriving faster than GitHub can review them
Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point where some new advisories take weeks to publish.

Product showcase: Scam calls, phishing, and data breaches? Meet AVG Mobile Security
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vault. It also identifies suspicious calls and scam text messages and helps keep personal information private while using Wi-Fi networks with its VPN. The app is available for Windows, macOS, Android, and iOS.

OpenClaw for iOS: The viral open-source AI agent comes to iPhone and iPad
OpenClaw, a self-hosted personal AI assistant that connects to existing chat apps, is now available on iPhone, iPad and Apple Watch. The release brings chat, real-time voice conversations, approvals, device capabilities, and private automations to iOS.

Proton’s pitch for Lumo 2.0: Frontier AI without the data grab
Proton has unveiled Lumo 2.0, a major upgrade to its zero-access encrypted AI assistant. Built on a new architecture, the release brings the assistant closer to frontier AI models with new AI models, multimodal capabilities, Memory, improved web search, and enterprise features.

Microsoft wants to stop unwanted bots from entering Teams meetings
A new Microsoft Teams admin policy, Manage external bots and their access to meetings, gives organizations greater visibility and control over external bots in meetings. The policy identifies bots and applies safeguards before they are admitted. Microsoft will begin retiring the existing Require verification by participants (CAPTCHA) meeting policy.

Claude Sonnet 5 includes safeguards against dangerous cyber use
Anthropic has introduced Claude Sonnet 5, the latest version of its general-purpose AI model, with improved reasoning, coding, tool use, and knowledge work capabilities. The model can make plans, use tools such as browsers and terminals, and complete tasks autonomously.

GitHub’s new tool helps prevent costly open-source license violations
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review.

Review: CTRL+ALT+PWN
Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition.

Cloudflare changes AI crawler access rules
Cloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare customers, including those on the Free plan, and gives website owners more control over how different types of AI crawlers access their content.

Scattered Spider suspect extradited over $8 million ransom scheme
A suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U.S. companies, including the breach of a luxury jewelry retailer that led to an $8 million cryptocurrency ransom demand after attackers stole company data.

Organizations struggle to prioritize known cyber risks
Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context spread across multiple systems.

Cybersecurity jobs available right now: June 30, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: July 3, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Digi International, iboss, Jamf, and Netzilo.


from Help Net Security https://ift.tt/FeuSMza

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Fourth of July weekend brings many traditions in the U.S., but my favorite is using the extra time to tackle DIY home improvement projects I’ve been putting off. There are often great sales on power tools and home improvement supplies, with retailers banking on the holiday to draw in DIY enthusiasts who have hosting and entertaining top of mind. It's one of the best times to look for deals on quality tools, and this year, the Fourth of July sale at Home Depot includes some big discounts on cordless power tools and batteries, up to 55% off.

Take advantage of these Home Depot sale on cordless power tool sets

If you’re just starting your DIY tool set or looking to upgrade old or damaged tools, investing in a combo set can save you money when you're just starting out. Choose a tool set with a wide variety of tools compatible with its batteries; that way, you can continue building your set without needing to buy multiple battery systems and chargers.

One of the best deals on quality cordless tools from Home Depot is the DeWalt 20-volt, 6-tool combo set on sale for $499, 44% off its regular price. It comes with a drill, an impact driver, an angle grinder, a sawzall, a circular saw, an oscillating multitool, a 5-amp-hour battery, a 2-amp-hour battery, and a charger. This is a pretty comprehensive starter set that will allow you to tackle basic DIY projects like hanging shelves, but also allows you to do some woodworking and repair work, like replacing fence boards or decking.

A DeWalt 20-volt, 6-tool combo set and rolling case is on sale for $549, 39% off its usual price. This set is a little different than the previous one: it comes with the drill, impact driver, angle grinder, and circular saw, but it has an orbital sander instead of a sawzall. It comes with a 2-amp-hour battery and a 5-amp-hour battery, a charger, and a hard-sided rolling case. The case is a good option if you need to take your tools outside your home workshop, as transporting a full tool set can be cumbersome without the right equipment.

Last but certainly not least, the Milwaukee 18-volt, 6-tool combo set is on sale for $449, 55% off its typical price. This set comes with a drill, an impact driver, an angle grinder, a circular saw, an oscillating multitool, a work light, two 4-amp-hour batteries, a charger, and a tool bag. This is a good set for most DIY home improvement projects, allowing you to handle basic and intermediate repairs as well as some woodworking.

Power drills and drivers are also on sale, up to 45% off

Drills and drivers are basic tools you’ll need for DIY home maintenance, useful for anything from hanging a picture to replacing door hardware. This Ryobi 18-volt drill and driver starter set is on sale for $99, 34% off its regular price. This is an excellent beginner set, including the batteries and charger you need to use it right out of the box. It comes with a drill, an impact driver, two 2-amp-hour batteries, a charger, and an insulated case.

The DeWalt compact 20-volt cordless impact driver is also on sale for $99, 45% off its usual price. This is a good addition to a DeWalt drill set, or on its own, for tackling basic DIY projects. It comes with a 2-amp-hour battery and a charger, so you can use it right out of the box.

Power tool batteries are also on sale at Home Depot, up to 40% off

Batteries are often the most expensive part of a cordless tool set, and they're sometimes the first thing to wear out because even the best-quality batteries tend to lose their ability to hold a charge over time. A good deal on batteries for your tool set will set you up for success, and this set of two DeWalt 20-volt, 5-amp-hour batteries is on sale for $149, 40% off its typical price. This is a battery-only deal, so you’ll need a DeWalt 20-volt charger to use them. These are a good choice if you already have a DeWalt tool set or are buying DeWalt 20-volt tools and want extra batteries.

And the Ryobi 18-volt, 3-battery set is on sale for $179, and it comes with a free tool as well. To get the free tool, click on the “shop this deal” on the menu to the right, then choose what you want from the menu. The final sale price will show up in your cart. The biggest discount on this deal is to add the two-pack of 18-volt batteries from the free tool menu, which gets you four 4-amp-hour batteries, one 2-amp-hour battery, and a charger for $179, 70% off its regular price. This is a good deal if you want to add to your Ryobi tool collection and need extra batteries, or if you use an inverter in your emergency kit, because it lets you keep multiple batteries charged in advance.

Deals are selected by our commerce team

from Lifehacker https://ift.tt/pNbURrD

It might seem improbable to anyone who has spent years waiting for it, but Grand Theft Auto VI is nearly here. In fact, the game is currently available to preorder for PS5 and Xbox through Rockstar. While the game sadly doesn't have a true physical edition, you can choose from either the Standard Edition for $79.99, or the Ultimate Edition for $99.99, the latter of which comes with a laundry list of add-ons to justify the higher price. Both editions also include something you might not have budgeted for: a recurring subscription to GTA+.

Grand Theft Auto: VI comes with a free month of GTA+

No matter which edition of GTA VI you preorder, you'll get a free month of GTA+, Rockstar's online subscription service. According to the company's preorder page, GTA+ will net you a monthly GTA$500,000 deposit into your GTA Online bank account—that's in-game "Grand Theft Auto dollars," not USD, obviously. You also get Shark Cards with 15% bonus GTA$, both free and discounted GTA Online vehicles, and access to "classic" Rockstar games, among other perks. (Those games seem to include a large percentage of the Rockstar library, including Red Dead Redemption, Bully, GTA: The Trilogy — The Definitive Edition, L.A. Noire, and, now, even Grand Theft Auto V.)

GTA VI doesn't come out until Nov. 19, but that GTA+ credit is valid as soon as you preorder the game. You might have to wait until Thanksgiving to sink your teeth into the latest interpretation of Vice City, but you can start playing GTA Online (or any of the Rockstar games available under the subscription) right away, or you can choose to activate it after the game comes out (or by March 2027).

Free subscriptions are always welcome, but they're also dangerous. Anyone who has ever signed up for a free trial of anything knows how easy it is to forget about it—until the charge comes through on your credit card. That could be the eventual case for thousands, if not millions of GTA VI preorderers. As Gamespot highlights, your GTA+ subscription auto-renews, which means you'll be on the hook for $7.99 one month after activating it. That means if you redeem your free GTA+ subscription and you don't want to pay for it, you'll need to cancel it before it automatically renews.

How to cancel your GTA+ subscription

To cancel GTA+, you'll need to return to the store where you purchased the subscription—or, in this case, the platform you preordered the game on. That might include any of the following:

To be clear, your GTA+ subscription doesn't start as soon as you preorder the game. You need to redeem it first. If you intend to use it, make sure you do so before March 31, 2027, or you'll lose access to the free month. After that, you'll need to cancel before the month is up to avoid being charged.


from Lifehacker https://ift.tt/WSQZcKX