The Latest

We may earn a commission from links on this page.

While I'd never presume to speak for her, I suspect that Margaret Atwood would be perfectly happy to be a little less hot right now, if only it meant that her works of fiction, always prescient, weren't so alarmingly present. Written in 1985, The Handmaid's Tale feels closer than ever, and its 2019 sequel, The Testaments, now has a much-anticipated adaptation of its own. While Handmaid saw a generation of women coming to grips with an oppressive Christian nationalist regime consolidating its power, The Testaments finds a later generation of young women who've never known any different; for whom this is all perfectly normal. Which feels rather real. Stream The Handmaid's Tale and The Testaments on Hulu, and then check out these other fascist dystopias.

Alias Grace (2017)

It’s the other big Margaret Atwood novel adaptation (existing well in the shadow of the bigger, buzzier Handmaid’s Tale), but this miniseries is every bit as biting and well-crafted. It’s based on the true story of a poor Irish immigrant found guilty of a double homicide in 1843 under somewhat mysterious circumstances, and following a life of trauma. Years later, a psychiatrist comes to examine her and explores her past and the circumstances that might (just might) have driven a disenfranchised and powerless girl to murder. Stream Alias Grace on Netflix.

Pluribus (2025 – )

In some ways, this is a bit of an anti-Handmaid's Tale, with Pluribus leaning toward dark comedy, but we remain in a fascist dystopia in this show from Breaking Bad's Vince Gilligan, albeit of a different variety. Rhea Seehorn plays Carol Sturka, a fantasy romance author and general grouch who becomes one of only 13 people on the planet immune to the "Joining," an alien virus that transforms the rest of humanity into a peaceful, perky, and perpetually content hive mind. Carol refuses to surrender her miserableness in the face of a loss of identity, fighting instead to restore humanity to its admittedly cruddy ways. Thrilling, heartbreaking, and oddly funny, the show manages to address big questions about what it means to be human, but also, more specifically, suggests that even women who don't quite have their shit together deserve freedom of thought and bodily autonomy. Stream Pluribus on Apple TV.

3% (2016 – 2020)

It would be tempting to see this as a metaphor for the American dream but, of course, it’s a Brazilian show, and it’s not as though inequality was invented in the United States—we’re just particularly good at it. In 3%, the impoverished young Inlanders have one shot at success: completing “The Process,” a series of interviews, puzzles, and escape rooms designed to test their worthiness to join a futuristic offshore utopia. Most fail, and many don’t survive, leaving a success rate of ... 3%. This is very much Hunger Games territory in terms of its themes, but the show has a darker, more adult edge. Stream 3% on Netflix.

Watchmen (2019)

A standalone sequel to the groundbreaking Alan Moore, Dave Gibbons, and John Higgins graphic novel from the '80s (one that ignores the point-missing Zack Snyder movie), this series plays in the sandbox of that book (arguably the wellspring of all modern superhero deconstruction) while advancing its themes. In an alternate Tulsa, Oklahoma, in a world where super-powered vigilantes exist but have been outlawed, the series starts, dramatically, with a depiction of the real-life massacre and destruction of Tulsa's Black Wall Street by white residents in 1921. Regina King plays Angela Abar, a modern cop whose grandparents were killed during those attacks, an event that echoes throughout the series—it's a dystopia that doesn't look all that much different from our own, with masked police operating on the edges of the law, and overtly racist organizations that hold increasing political sway. Generational trauma is at issue here, and, like The Handmaid's Tale, it's a show that looks more depressingly prescient with each passing year. Stream Watchmen on HBO Max.

The Man in the High Castle (2015 – 2019)

From a novel by Philip K. Dick (whose work has been the basis for Blade Runner, Total Recall, Minority Report, A Scanner Darkly, among many others), The Man in the High Castle takes place in an alternate history in which the Axis powers won World War II, and in which the United States is split down the middle; Japan governing the west and Germany the east. The title’s man in the high castle offers an alternate view, though, one in which the Allies actually won, with the potential to rally opposition to the Axis rulers. As the show progresses through its four seasons, the parallels to our increasingly Nazi-friendly world only grow. Stream The Man in the High Castle on Prime Video and Netflix.

Mrs. America (2020)

Though fictionalized, Mrs. America dramatizes the ‘70s-era fight over the Equal Rights Amendment, the moment being, simultaneously, a high and low point in the hope for equity and autonomy. Cate Blanchett plays activist Phyllis Schlafly, who lead the fight against the (once) broadly popular proposed amendment, weaponizing the ERA by tying it to radical and pro-choice feminists, homosexuals, desegregationists, and other maligned groups. She was at the forefront of the broad conservative cultural shift that was very much in full swing when Atwood was writing Handmaid, and it’s not a bad time to take a close look at the people who made basic equality sound radical—a reminder that misogyny is not nearly only the province of white men. This is one hell of a supporting cast as well, including Rose Byrne, Uzo Aduba, and Elizabeth Banks. Stream Mrs. America on Hulu.

Mask Girl (2023)

Kim Mo-mi (Lee Han-byeol, initially), the Mask Girl of the title, is a uniquely complicated woman in this twisty-turny K-drama, one that borders on the experimental in its shifting-perspective format. Mo-mi always wanted to be a K-Pop idol, but it was always made clear to her that she's not nearly pretty enough for that kind of stardom. So, in order to fill that void, she's got a side hustle: On top of her boring office job, she puts on a blonde wig and a mask to perform as a camgirl for anonymous men. It's a means to express herself creatively and sexually with a level of control—until a mistake causes her to lose that control, a co-worker discovers her secret life, and desperation leads to murder. It's a thoroughly twisty thriller with a dark sense of humor, but one that never forgets that Mo-mi's increasingly disturbing actions are fueled by a culture that sees her as plain, and therefore as merely incidental. Stream Mask Girl on Netflix.

Kindred (2022)

Adapted from the essential 1979 novel by Atwood contemporary Octavia Butler, Kindred sees Dana James (Mallori Johnson) pulled back through time to antebellum plantation in Maryland. Having just moved to Los Angeles in 2016 (that year being no accident), Dana finds herself repeatedly transported even as her white neighbors are concerned about the new Black woman on the block. It's not nearly as effective as the book (which should be required reading), granted, but, like the book, it makes clear that the corrupting influence of American slavery has infected everything it has touched, then and now, and that Black women bear an even greater part of that burden. Stream Kindred on Hulu.

Leila (2019)

Plenty will seem familiar here: Adapted from the Prayaag Akbar novel, Leila finds Shalini (Huma Qureshi) living in a segregated India of the 2040s, one in which water and clean air have increasingly become luxuries. For all of that, Shalini and her family are doing better than most, until they're attacked for their interfaith marriage—husband Rizwaan is killed, their daughter is kidnapped, and Shalini is sent to a re-education center alongside other women who are seen as sinners or otherwise unclean. There's the possibility of taking what's referred to as a Purity Test, but not for women with "mixed blood" like Leila. It's a future where women are held to strict but shifting moral standards, dissent is ruthlessly put down, education that's not religious is dismissed, and the environment is increasingly precarious. Couldn't happen here, of course. Stream Leila on Netflix.

Shining Girls (2022)

Handmaid's Tale lead Elisabeth Moss stars in this other sci-fi story from an acclaimed novel (in this case by Lauren Beukes). Moss plays Kirby Mazrachi, an archivist at the Chicago Sun-Times who was attacked and left for dead years ago. She still suffers from the trauma of the event, a legacy which becomes even more complicated when she finds reality shifting around her, and comes across a woman who was murdered, with wounds nearly identical to those that almost killed Kirby. She becomes determined to find the killer, even as the number of female victims grow. It's significant that she's an archivist and not a cop: Kirby isn't content to see these women as bodies, or as merely victims, but is determined that their stories are told. Best not to give to much more away here, except to say that there's a other significant clue in the title, referring as it does to women who stand out in a culture that doesn't always reward that kind of thing. Stream Shining Girls on Apple TV.


from Lifehacker https://ift.tt/K7sxtQj

The Russian state cyber group APT28 has been compromising routers to hijack web traffic and spy on victims, the UK’s The National Cyber Security Centre (NCSC) has warned.

Russian hackers router hijacking

Attackers are exploiting vulnerable routers to alter DHCP and DNS settings, redirecting traffic through servers they control.

“We assess that APT28 is almost certainly the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Centre (GTsSS) Military Intelligence Unit 26165.” said NCSC.

Since 2024, APT28 has configured Virtual Private Servers (VPSs) to operate as malicious DNS infrastructure, receiving large volumes of requests from routers compromised through publicly known vulnerabilities. Investigators identified two clusters of this activity, each involving multiple servers.

“The DHCP DNS server settings of compromised small office/home office (SOHO) routers were modified to include actor-owned IP addresses. These settings were subsequently inherited by downstream devices, for example laptops and phones,” investigators wrote.

“Lookups for domain names containing key terms associated with particular services, often email applications or login pages, would then be resolved by the malicious DNS servers to further actor-owned IP addresses. DNS requests not matching the actor’s targeting criteria would instead be resolved to the legitimate IP addresses for the requested services,” they added.

This setup enabled adversary-in-the-middle activity, allowing attackers to intercept browser sessions and desktop applications and collect authentication data, including passwords and authentication tokens.

One of the router models exploited was the TP-Link WR841N, likely using CVE-2023-50224. The vulnerability allowed unauthenticated access to sensitive information through crafted requests, including credential data. After gaining access, attackers modified DHCP and DNS settings on the device to control how traffic was routed.

These changes typically replaced the primary DNS server with a malicious address while leaving the secondary server unchanged, though in some cases both entries were altered, suggesting repeated compromise.

A second cluster involved infrastructure receiving DNS requests from compromised devices, including MikroTik and TP-Link routers, and forwarding those requests to additional attacker-controlled systems. Some of this activity included operations against a small number of routers located in Ukraine.

Officials note the activity is likely opportunistic, with attackers casting a wide net before narrowing their focus to selected targets.

The NCSC issued a technical advisory on the tactics, techniques and procedures associated with APT28’s exploitation of routers to enable DNS hijacking operations.

“This activity demonstrates how exploited vulnerabilities in widely used network devices can be leveraged by sophisticated hostile actors. We strongly encourage organisations and network defenders to familiarise themselves with the techniques described in the advisory and to follow the mitigation advice,” said Paul Chichester, NCSC Director of Operations.


from Help Net Security https://ift.tt/xHUSYZO

It's officially the end of an era for the Samsung Galaxy community: Samsung is discontinuing its messaging app. If you're a Samsung Messages user, the company says you should plan to migrate to Google Messages to "upgrade your messaging experience."

This deprecation isn't taking effect immediately, however. According to Samsung's official end of service announcement, the company will discontinue Samsung Messages in July 2026. That means you still have roughly three months to keep using the app, if it happens to be your messaging client of choice. That said, the company is encouraging users to set Google Messages as their default messaging app today to "maintain a consistent messaging experience on Android." Samsung says the app will tell users when service will be discontinued.

Samsung is really pushing Google Messages in this end-of-service announcement. The company touts the app's features, like Scam Detection, RCS messaging, AI features, and cross-platform connectivity, so you can pick up another Android device and keep chatting. To their credit, some of these features do make Google Messages the stronger messaging app compared to Samsung Messages—in particular, RCS support. Samsung Messages users are stuck with SMS chats, which limits conversations in terms of both security and functionality. SMS chats don't support high-resolution photo and video sharing, nor do they manage modern group chats well. Crucially, they aren't encrypted, which puts your conversations at risk. While not all RCS chats are encrypted, the ones that are protect your conversations from would-be attackers.

It's not like this decision came totally out of the blue. If you've bought a new Samsung Galaxy device in recent years, you'll notice that Samsung Messages didn't come preinstalled. Instead, you had to seek it out and install it yourself from Samsung's Galaxy Store. Samsung says Galaxy S26 devices can't even download the app, and that following its deadline, no devices will be able to download the app.

Also important to note for some users: Tizen OS watches (watches that were launched before Galaxy Watch4) can't run Google Messages. These watches will not be able to display full message conversations after July 2026. However, you'll still be able to read and send messages.

You can keep using Samsung Messages after the deadline

Not everyone will need to move to Google Messages, however. If you're using an Android device running Android 11 or older, Samsung says you are not affected by this end of service. This will likely impact a small fraction of the Galaxy community, seeing as we're currently on Android 16 (or One UI 8, in Galaxy world). But if you do have an older Android device, you can keep using the app.

In addition, Samsung outlines some specific situations where the app will continue to send messages—even on phones running Android 12 or newer. If you try to send a typical text, it won't go through. However, you will be able to send messages to emergency service numbers. If you text 911 on a Galaxy phone with Samsung Messages, it will work, according to Samsung.

That makes sense—Samsung likely doesn't want to deal with a situation where someone tries to contact emergency services on its unsupported app and cannot get help. But what I find even more interesting is that Samsung Messages will also still work when texting emergency contacts. If you've defined someone as an emergency contact on your Galaxy, you'll be able to text them still.


from Lifehacker https://ift.tt/4jJzUHP

We may earn a commission from links on this page.

If you've been eyeing a Whoop fitness tracker but unsure about the membership cost, your Chase Sapphire card might be about to make that decision a whole lot easier. Through May 12, 2026, Chase is offering cash back on Whoop memberships for both Sapphire Reserve and Sapphire Preferred cardholders—and for Reserve members, the deal effectively covers the entire cost of a year's membership.

What is Whoop?

Whoop is a health and fitness company that makes a wearable tracker and companion app focused on recovery, sleep, and strain. You've probably seen one of these screenless wristbands out in the wild, since Whoop has been one of the best fitness trackers out there for years now. Unlike other fitness wearables, Whoop operates on a membership model, where you pay for access to the platform and the hardware comes included.

What's the Chase Sapphire promotion?

Chase Sapphire Reserve cardholders can receive a one-time $359 statement credit for a Whoop Life membership (which covers the total cost of an annual membership) when they use their card to purchase a Life membership on Whoop. Chase Sapphire Preferred cardholders can receive a one-time $100 statement credit toward the cost of any Whoop annual membership when they use their card to purchase any Whoop membership on the site, too.

Simply put: If you have the Sapphire Reserve, you can get a full year of Whoop Life at no out-of-pocket cost. If you have the Sapphire Preferred, you'll get $100 knocked off whichever annual plan you choose.

How to activate the offer

You can't just make the purchase and expect the credit to apply automatically: You must activate the offer through the Chase Offers portal by May 12, 2026, before making a membership purchase.

First, log in to your Chase account online or through the Chase mobile app. Navigate to the Chase Offers section, which you can typically find under your card's benefits or in the "Explore" tab of the app. Search for the Whoop offer and click "Add to Card" to activate it. Once the offer is added to your card, head to Whoop and purchase the appropriate annual membership. Make sure you use the Chase Sapphire card you activated the offer on at checkout. Your statement credit will then be applied after the qualifying purchase posts to your account.

Remember: Don't skip activation. If you buy the membership before activating, you won't receive the credit.

The bottom line

If you were already planning to try Whoop, this is a great opportunity, especially for those Sapphire Reserve holders getting the membership for free. Even for Preferred cardholders, $100 off is a solid discount on what is otherwise a recurring annual expense.

The main thing to keep in mind is the deadline. The offer must be activated through the Chase Offers portal by May 12, 2026, and the purchase must be made using the card the offer was activated on, at Whoop.com. Do both of those things in the right order, and you're all set.


from Lifehacker https://ift.tt/ES9lqym

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

The JBL PartyBox 720 is down to $799.95 on Woot, a drop from its $1,099.95 list price and below its current $899.95 listing on Amazon. That almost lines up with the lowest price recorded so far, which was $798, according to price-trackers. Also, shipping is free for Amazon Prime members, while everyone else pays a $6 fee. This deal is set to run for about five days, though it could end sooner if stock runs out.

This is the larger and more powerful sibling to the JBL PartyBox Stage 320, which Lifehacker writer Daniel Oropeza covered in detail in this review. In use, the difference shows up in how much sound it can push. The 720 gets loud enough for outdoor setups or crowded rooms without sounding thin. Bass hits hard, mids stay clear, and highs don’t get lost even as you turn it up. There is some compression at the top end, especially in the low frequencies, but it still holds together better than smaller models. You can tweak the sound through the EQ in the app or use the Bass Boost when you want more punch. The speaker runs on dual detachable batteries with a claimed 15 hours of playback, and it supports Auracast if you want to link multiple compatible speakers. It also leans into the “party” angle with built-in RGB lighting and karaoke inputs, so you can plug in a mic and use it without extra gear.

The downsides come from its size and design. This is a large and heavy speaker, so even though it has wheels, you are not going to move it around as casually as a smaller speaker. It also throws sound forward (having a front-facing design), so where you place it in a room will shape how evenly the music reaches everyone. And while it can handle a few splashes with its IPX4 rating, it is not built for heavy exposure to water or rough conditions. As for its battery life, it holds up for a night, but it does not stretch as far as the JBL PartyBox Stage 320, which can last well over 20 hours.

Our Best Editor-Vetted Tech Deals Right Now
Apple iPad 11" 128GB A16 WiFi Tablet (Blue, 2025) $299.99 (List Price $349.00)
Sony WH-1000XM5 $248.00 (List Price $399.99)
Deals are selected by our commerce team

from Lifehacker https://ift.tt/VnpOcxN

Proton Authenticator is a free and open-source two-factor authentication (2FA) app that generates time-based one-time passwords (TOTP) to help secure online accounts. It is available on Windows, macOS, Linux, iOS, and Android, allowing users to access their verification codes across devices.

The app is designed to work without ads or tracking. A Proton account is optional and mainly used for encrypted sync between devices.

Proton Authenticator

How Proton Authenticator works

Setup starts with installing the app from the App Store and adding accounts. Users can scan a QR code or enter a setup key provided by a service that supports 2FA. Those switching from another authenticator can import existing tokens, which helps avoid manual reconfiguration.

Proton Authenticator

Proton Authenticator can be used on its own or alongside other Proton services. It supports workflows where authentication codes are managed separately from passwords.

The app generates six-digit codes that refresh every 30 seconds. These codes are required in addition to a password when logging in to supported services.

Proton Authenticator

The app supports importing tokens from other authenticator tools such as Google Authenticator, Aegis, or Bitwarden Authenticator. Export functionality is also included, allowing users to retain control of their data and move it when needed.

Codes are generated locally on the device. They remain accessible without an internet connection, which makes the app reliable in offline or restricted environments.

Security model

Proton Authenticator uses end-to-end encryption to protect data when synchronization is enabled. Encryption takes place on the user’s device, so only the user can access stored authentication tokens.

Proton Authenticator

The app is open source, allowing anyone to review how it handles data and security. This adds a level of transparency for users who want visibility into the software they rely on.

Users can protect access to the app with a PIN or biometric authentication, depending on the device. These controls help prevent unauthorized access if a device is shared or lost.

Backup and recovery

The app provides several options for backing up authentication data. Users can enable encrypted backups through a Proton account or rely on platform-specific backup systems.

Proton Authenticator

Export tools allow users to create external backups of their authentication data. This reduces the risk of losing access to accounts if a device is replaced or unavailable.

Conclusion

Proton Authenticator is a solid option if you want more control over your two-factor authentication setup. It handles the basics like generating codes, syncing across devices, and backing up your data, without locking you into one way of doing things.


from Help Net Security https://ift.tt/ZSmxG3F

Security spending continues to edge upward across large organizations, though the changes remain gradual and tightly managed. The 2026 RH-ISAC CISO Benchmark reflects a steady environment where budgets expand in small steps, even as AI becomes a routine part of security operations.

Budget growth stays measured

Spending levels increased during 2025 across both IT and security. Average IT spend as a share of revenue rose to 3.9% from 3.2% the year before. Security spend followed a similar path, reaching 0.75% of revenue, up from 0.57%. Security’s share of the IT budget moved slightly to 5.8%.

Planning for 2026 continues along the same track. More than half of respondents expect their security budgets to increase, with most of those increases falling in the 1% to 10% range. A third expect budgets to hold steady, and a smaller group expects reductions.

Business conditions continue to influence these decisions. Company growth, routine annual adjustments, and ongoing digital transformation continue to support budget increases. At the same time, cost control efforts and broader economic pressure remain the main reasons budgets move downward.

Spending remains focused on core areas

Security budgets continue to concentrate on a few main categories. Staffing and compensation account for the largest share, followed closely by software delivered off-premises. Outsourcing and project work make up smaller portions, with hardware and training representing a limited share of overall spend.

Training allocations follow a similar trend, with conferences and events receiving the largest portion, followed by technical training courses. Learning platforms, certifications, and internal workshops make up the rest.

This distribution points to a steady investment in personnel and operational tooling, with limited expansion into new spending categories.

AI becomes a primary pressure point

AI stands out as the most frequently cited source of friction for security leaders. It ranks above supply chain risk, vulnerability management, and ransomware in day-to-day challenges.

That shift appears alongside a broader set of priorities for the coming year. Vulnerability management and zero trust architecture remain at the top of initiative lists. At the same time, AI is moving into planning discussions, appearing within broader initiative categories tied to operational improvement.

Organizations continue to balance these priorities with structural constraints. Tension between cybersecurity and IT priorities remains the most commonly cited challenge, followed closely by budget limitations. The speed of business of business requirements adds another layer of pressure on security programs.

AI use expands across security functions

Security teams are already applying AI across several operational areas. Threat detection and analysis represent the most common use, followed by reporting and incident response automation. Smaller portions of teams use AI for fraud detection and vulnerability management.

Governance structures are taking shape alongside these deployments. Most organizations report having implemented or partially implemented AI policies, with only a small minority indicating no policy in place.

Concerns tied to AI remain consistent across organizations. Data leakage through public tools leads the list, followed by insider misuse and gaps in governance. Questions around output accuracy and model integrity also appear across responses.

Investment shifts without major budget expansion

AI-related initiatives are drawing increased investment attention, with most organizations expecting either moderate or significant increases in this area. Even so, these changes do not always translate into larger overall budgets.

A large share of organizations report no meaningful impact on total security spending. Others indicate that AI initiatives are funded through reallocating existing resources. Only a smaller group expects overall security budgets to increase as a direct result of AI efforts.

This keeps overall spending growth aligned with earlier trends, even as new priorities emerge.

Staffing growth remains gradual

Hiring plans follow the same incremental approach seen in budgets. About a third of organizations plan to expand full-time cybersecurity staff in 2026, with most describing those increases as gradual. At the same time, some expect reductions in contractor roles.

The broader role of the CISO continues to expand across areas such as risk management, compliance, and coordination with business units. These responsibilities add complexity without a corresponding surge in staffing.

Security programs continue to evolve through steady adjustments in funding, staffing, and priorities. AI introduces new demands across operations, though organizations continue to manage those demands within budgets that change slowly from one year to the next.


from Help Net Security https://ift.tt/10tUlRj