The Latest

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Two new high severity WordPress vulnerabilities, patch immediately!
The 7.0.2 WordPress security release addresses one critical and one high severity security issue.

Cynative: Open-source deep research agent
Running a large language model against a live cloud account to hunt for security holes comes with an obvious hazard. An agent that holds real credentials and a mandate to poke around can delete a bucket, flip a permission, or leak a secret on its way to a finding. Cynative, an open-source security research agent, answers that hazard by refusing to write anything by default, and by checking that refusal on every single call it makes.

Fake OAuth client IDs are helping attackers slip past sign-in logs
Attackers running account enumeration against Microsoft cloud tenants have added a step that keeps their probing out of the usual telemetry. They spoof the OAuth client ID, the globally unique identifier assigned to an application and passed as client_id in an authentication request. Microsoft Entra ID records that value as the application ID in its sign-in logs, and the way it handles unfamiliar identifiers opens a gap that operators have started to work through.

The best defense against AI attacks turns out to be a skeptical human
Analysts across the security industry now run generative AI through their daily work, from log triage to incident write-ups. Active use in cybersecurity strategy reached 78% of practitioners in 2026, up from half the field a year earlier. The 2026 SANS AI Survey, drawn from 536 IT and security professionals, describes what that commitment costs to keep.

No one knows how many old shims can still bypass UEFI Secure Boot
Most UEFI systems trust a Microsoft-signed first-stage bootloader called Shim, which enables Linux and other boot tools to work with Secure Boot. ESET discovered that 11 outdated Shim versions (0.9 and earlier) contained vulnerabilities that could undermine Secure Boot. Microsoft revoked trust in those versions as part of its June 9, 2026 Patch Tuesday update.

“Context bombs” can frustrate AI-driven attacks, researchers found
A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable isn’t the technique – prompt injection is old news – but the direction it’s pointed: not to hijack AI agents, but to defend against them.

GPT-Red beat human red teamers on a prompt injection test
GPT-Red is an automated red-teaming model that OpenAI trains to find prompt injection weaknesses. It works the way a human red-teamer does. It sends a prompt, watches how a GPT model responds, and iterates toward a goal such as a successful data exfiltration.

Companies keep getting breached by vulnerabilities they already knew about
Scanning tools have gotten good at their work. Organizations now find more weaknesses across more of their systems than at any earlier point in the industry’s history. A survey from the security firm Vicarius points to a gap that opens after that discovery, in the work of assigning, approving, deploying, and confirming a fix.

Ransom demands are down, email is the top way attackers get in
An employee opens what appears to be a legitimate email, clicks a link, and unknowingly hands over their password. That stolen login gives attackers deeper access to the network, and days later, files become inaccessible. Malicious email and phishing now account for half of all ransomware incidents, according to a survey of 2,158 IT and security leaders whose organizations were hit in the past year.

What public money does to open-source projects
Most of the software running inside a typical company was written by volunteers the company never paid. Open-source code sits under web apps, build pipelines, and the machine learning stacks getting so much attention right now. Roughly 96 percent of codebases carry some of it.

Reading between the lines of a cyber insurance policy
Enterprises in regulated industries often carry cyber insurance policies because contracts require it or boards ask for documented risk transfer. The global market for these policies reached about $16 billion in premiums in 2024. Coverage has become widespread. Payouts have grown less predictable.

The five step plan that cuts security budget waste
In this Help Net Security video, Viktor Bulanek, CTO of Penetrify, explains where security budget waste comes from. Budgets get built around vendor categories, compliance checkboxes, and last year’s headlines. Attackers work along attack paths, and that mismatch is where the money goes. He walks through the two big leaks, overlapping tools that flag the same issue three times, and shelfware that covers a third of the estate at 100% of the invoice.

Ransomware attack halts Coca-Cola’s Fairlife US milk production
A ransomware attack has stopped milk production at Fairlife, the Coca-Cola dairy brand known for its high-protein milk, protein shakes, and nutrition drinks. Coca-Cola disclosed the incident on July 16, 2026, in a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC).

Claude can now sign into websites with 1Password without exposing your credentials
1Password has introduced 1Password for Claude, a beta integration that lets Anthropic’s AI assistant complete browser tasks requiring authentication without accessing users’ passwords or other secrets.

Scammers weaponize FaceTime to drain bank accounts
Apple is warning iPhone and iPad users that scammers are using FaceTime calls to trick them into handing over money and account details.

Spirals ransomware locks down victim systems in under 24 hours
A previously unknown ransomware strain called Spirals was used last month in an attack against an IT services company in South Asia, where attackers went from initial access to data theft and encrypting the network in less than 24 hours, according to Symantec’s Threat Hunter Team.

Security threat prompts Progress to disable ShareFile accounts, tell customers to shut down servers
A “credible external security threat” targeting Progress Software’s ShareFile Storage Zone Controllers (SZC) – the on-premises, customer-managed server components where organizations store files shared via this popular enterprise platform – has spurred the company to disable access to ShareFile accounts that are using them. The warning was sent to customers via email on July 10, urging them to manually shut down the server that is hosting their Storage Zone Controllers.

SonicWall SMA appliances targeted in zero-day attacks (CVE-2026-15409, CVE-2026-15410)
SonicWall has fixed two actively exploited vulnerabilities (CVE-2026-15409, CVE-2026-15410) affecting its Secure Mobile Access (SMA) 1000 Series appliances, and is urging customer organizations to upgrade to a fixed firmare version and search for evidence of potential compromise.

AI-driven bug hunting fuels record Microsoft Patch Tuesday
Microsoft has released patches for 570+ vulnerabilities on July 2026 Patch Tuesday, including two that are being leveraged by attackers (CVE-2026-56155 and CVE-2026-56164), and one that was previouly disclosed (CVE-2026-50661). The release was once again followed by Nightmare Eclipse publishing a stripped down proof-of-concept exploit for an unpatched Windows elevation of privilege (EoP) vulnerability, which the researcher dubbed LegacyHive.

Threat actor impersonated hundreds of brands on GitHub to push infostealer malware
A financially motivated threat actor is impersonating hundreds of brands on GitHub and pushing a smash-and-grab infostealer masquerading as legitimate downloads of popular software, Arctic Wolf threat researchers have warned.

Why SBOMs, signing, and provenance still don’t tell you if software is safe
Software supply chain security has improved with better visibility into software components, stronger code signing, and build provenance, driven in part by Executive Order 14028. While these measures strengthen software integrity and authenticity, they still leave a critical gap: they do not reveal what the software is actually capable of doing once it runs.

The MDR renewal question: What changes when AI can handle the alerts
For most of the past decade, the managed detection and response (MDR) decision was a simple one: teams that couldn’t staff a 24/7 SOC outsourced detection and response to a provider who could. It solved a resources problem, and the alternatives (hiring a team you couldn’t afford or keeping a functional set of SOAR playbooks across an expanding alert surface) were worse.

Product showcase: Trust Chain TPRM turns vendor compliance evidence into verified assurance
Trust Chain is an AI-native third-party risk management (TPRM) solution by Strike Graph that replaces the security questionnaire model with validated evidence of compliance. Rather than asking vendors to self-report their security posture, Trust Chain requires vendors to submit evidence, which is then evaluated using Strike Graph’s patent-pending Verify AI technology.

Your vendor’s vendor might be the real breach risk
In this Help Net Security video, Chris Boehm, Field CTO, Zero Networks, breaks down how a vendor breach can become your breach. He explains that attackers now target the subcontractors behind your trusted vendors. A compromised credential at a company you have never heard of can open access into your systems, because your vendor’s vendor holds keys you never vetted.

A hardware security AI assistant that checks chips for hidden backdoors
Chip designers often license circuitry from third-party vendors, creating a risk that hidden hardware trojans could be embedded in otherwise functional designs. Researchers at the University of Florida developed VeriChat, an AI assistant that helps hardware security engineers detect these threats by answering security questions and running verification tools on uploaded chip designs.

Ransomware negotiator who betrayed clients sentenced to 70 months in prison
A former ransomware negotiator at incident response firm DigitalMint has been sentenced to 70 months in prison after admitting he shared confidential client information with the BlackCat ransomware group and later helped carry out ransomware attacks.

EU and UK blacklist Russia’s cyber operators over efforts to destabilize Europe
The EU and the UK jointly sanctioned dozens of Russian individuals and entities, accusing Moscow of coordinating a malicious cyber ecosystem targeting Europe, its member states, and international partners. The UK sanctioned 24 individuals and entities, while the EU imposed restrictive measures on nine individuals and four entities.

Hackers breach Lidl’s IT service provider, steal customer data
German discount supermarket chain Lidl has notified customers in Germany, Belgium, and the Netherlands that customer data was stolen after attackers breached one of its IT service providers. In notices published on its support websites in Belgium and the Netherlands, Lidl said it was informed of the incident last week.

New tutorials on underground hacking forums have roughly doubled
Underground hacking forums are producing more original tutorials again, with growing attention on financial fraud, particularly the theft and fraudulent use of payment card data, known as carding, and cash-out techniques. Radware analyzed 8,870 tutorial posts published across 24 deep- and dark-web forums between December 2022 and April 2026. After removing reposts, the dataset contained 3,034 unique hacking and fraud guides.

UK charges five persons linked to fraud platform behind more than a million scam calls
Five people have been charged in the UK following a National Crime Agency (NCA) investigation into Russian Coms, a caller ID spoofing service used by fraudsters.

New macOS malware steals passwords by posing as Apple’s crash-reporting tool
Jamf Threat Labs has uncovered a new macOS infostealer named CrashStealer that disguises itself as Apple’s crash-reporting tool to steal passwords, Keychain data, and cryptocurrency wallets. The malware was first spotted in May while it was still under development. By early July, Jamf was seeing in-the-wild detections, indicating it had moved into active use.

ClickFix is changing the economics of social engineering
ClickFix has moved from a one-off social engineering trick into an industrialized attack ecosystem that is outpacing conventional antivirus and endpoint defenses, according to ReversingLabs.

Spanish police dismantle €140 million cybercrime network
Spanish National Police have dismantled a cybercrime network accused of stealing and laundering about €140 million through fake investment platforms, CEO fraud, invoice fraud, and man-in-the-middle attacks.

LabubaRAT malware infiltrates Windows systems while posing as NVIDIA software
LabubaRAT, a previously undocumented Rust-based remote access tool (RAT) masquerading as NVIDIA software that enables post-compromise operations on Windows systems, has been uncovered by Blackpoint Cyber.

Police take down investment fraud network that stole €100 million a month
Dutch police, working alongside Belgian authorities and Europol, have dismantled a major criminal network accused of operating a global investment fraud scheme through dozens of fraudulent call centers.

Claude Code users keep 50% higher limits until July 19
Anthropic has extended a limited-time promotion that increases weekly usage limits in Claude Code by 50% through July 19, 2026, at 11:59 PM PT. When the promotion ends, weekly usage limits will return to their standard levels without any changes to users’ plans or billing.

Debian 13.6 security update patches over a hundred advisories in trixie
Most PCs still run with a UEFI Secure Boot certificate authority, installed by default since 2013, that has now expired. That certificate signed the bootloaders letting machines start with Secure Boot turned on. Its expiry sits at the center of the sixth update to Debian 13, codenamed “trixie.” The point release carries mostly security corrections along with a few fixes for serious problems.

Enterprises are rethinking where their AI applications run
Growing demand for compute capacity, power, cooling and low-latency connectivity is prompting organizations to reassess where AI applications run, according to CoreSite.

99.9% of fixable AI vulnerabilities remain unpatched
Organizations build, deploy, and operate AI in the cloud, but basic cybersecurity hygiene is often sacrificed for speed, according to Orca Security’s 2026 State of AI Security Report.

Microsoft demystifies how Windows updates work
Microsoft has published a guide explaining the Windows servicing model, outlining the purpose of monthly security updates, optional preview releases, hotpatch updates, and the mechanisms used to deliver new features throughout the year.

Claude Code users keep 50% higher limits until July 19
Anthropic has extended a limited-time promotion that increases weekly usage limits in Claude Code by 50% through July 19, 2026, at 11:59 PM PT. When the promotion ends, weekly usage limits will return to their standard levels without any changes to users’ plans or billing.

Chatto: Open-source team messenger with privacy at its core
Teams that want their group chats off commercial platforms have a growing menu of self-hosted options. Chatto joined that group when its developer released the code under an open-source license and posted binaries for anyone to run on their own hardware. The software aims at the same ground as the large team messaging services, and it keeps message data on infrastructure the operator controls.

Fake smart home residents could stand in for real ones in security research
Smart home security research runs on a scarce ingredient: recordings of how real people use the gadgets in their homes. Getting that data means wiring up someone’s house and watching for months, which is slow, costly, and about as invasive as it sounds. So the datasets stay small and cover a thin slice of how people live.

Microsoft Entra ID authentication overhaul to start in September 2026
Microsoft will begin rolling out passkeys as the default authentication experience for Microsoft Entra ID in the public cloud on September 1, 2026. Organizations with SMS or voice authentication enabled will automatically be enabled for passkeys. The next time users complete MFA, they will be prompted to register a passkey.

Google adds FIDO2 keys and phone passkeys to Windows login via GCPW
Google has started rolling out FIDO2-compliant physical security key support as a second factor for authentication in Google Credential Provider for Windows (GCPW) to all Google Workspace customers.

AI used to help plan the break-in, now it’s doing the break-in
Over the past twelve months, researchers documented intrusions in which AI ran exploitation workflows autonomously, generating thousands of commands across dozens of sessions with minimal human direction, according to Check Point’s AI Security Report 2026.

An AI overthinking attack can tie a robot up for over a minute
Robots that read the world through cameras now lean on large vision-language models to interpret what they see and decide what to do next. These models handle images and text together, so any words that fall inside the camera frame become part of the input. A stop sign, a street name, a sticker on a wall. Researchers at Michigan Technological University have shown that this reading habit opens a door for attackers, and the door leads to a denial-of-service problem that looks nothing like the ones most defenders track.

SingGuard-NSFA: Open-source guardrails for agentic AI
SingGuard-NSFA is an open-source guardrail framework aimed at operational threats in agent workflows. Four models ship at 0.8B, 2B, 4B, and 9B parameters, all built on Qwen3.5 base backbones.

FreeRDP 3.29.0 security update resolves 22 advisories
FreeRDP is a free implementation of the Remote Desktop Protocol, released under the Apache license, and it runs on a large share of workstations and servers through the many tools built on it. The 3.29.0 version is a security, bugfix, and maintenance update that resolves 22 advisories.

AWS retools Security Hub for AI and multicloud threats
AWS added AI workload protection and Microsoft Azure security monitoring to Security Hub, its centralized security platform for collecting and prioritizing security findings across cloud environments. Support for additional cloud platforms will follow.

Finance phishing works because it sounds boringly normal
Finance departments handle a constant flow of invoices, contracts, payment notices, and procurement emails, making email a common initial access vector for threat actors. According to Cofense, attackers exploit these workflows with phishing emails that mimic legitimate business correspondence, allowing them to bypass AI-based secure email gateways (SEGs) and other email security technologies.

VS Code agent host runs Copilot, Claude, and Codex in a dedicated process
Developers who lean on AI coding agents often keep several editor windows open at once, each tied to its own session. The 1.129 release of Visual Studio Code reworks that setup with a dedicated agent host.

Microsoft makes Windows SSO prompts easier to manage
Microsoft is introducing a new registry-based policy that lets IT administrators automatically accept Windows SSO permissions on Windows 11 versions 24H2 and 25H2 devices managed with Microsoft Entra ID.

Download: The ultimate guide to network operations management
T and security teams are managing growing complexity across networks, infrastructure, tools, and workflows. The result? Slower response, duplicated effort, and operational friction. This guide explores how intelligent workflows help teams reduce manual work, improve visibility, and move faster across network operations.

Cybersecurity jobs available right now: July 14, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: July 17, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Cloudflare, Lineation.ai, Nudge Security, and Polygraf AI.


from Help Net Security https://ift.tt/KQxZPyn

The 7.0.2 WordPress security release addresses one critical and one high severity security issue.

wp2shell CVE-2026-60137 CVE-2026-60137

The vulnerabilities reported to the WordPress security team include:

  • CVE-2026-60137 – A facilitated SQL injection issue reported as a team by TF1T, dtro, and haongo
  • CVE-2026-60137 – A REST API batch-route confusion and SQL injection issue leading to Remote Code Execution reported by Adam Kues at Assetnote / Searchlight Cyber

Which versions of WordPress are vulnerable?

  • WordPress 6.9 is affected by both vulnerabilities. Version 6.9.5 has been released containing fixes for both.
  • WordPress 6.8 is only affected by the first vulnerability. Version 6.8.6 has been released containing a fix.
  • The beta release of WordPress 7.1 is affected by both vulnerabilities. Version 7.1 beta2 has been released containing fixes for both.

Versions of WordPress prior to 6.8 are not affected.

Emergency temporary mitigation

If this isn’t possible, Security Researchers at Searchlight Cyber note you can temporarily protect your instance by blocking anonymous access to the batch API, either by:

  • Installing a plugin that blocks anonymous access to the rest API entirely; or
  • Blocking /wp-json/batch/v1 and ?rest_route=/batch/v1 at a WAF level.

Note that both these solutions may have impact on legitimate use of the site and should only be considered emergency temporary measures until you can update.


from Help Net Security https://ift.tt/spXHBrk

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Roborock has come a long way from its first generation of clunky robot vacuums that got stuck in corners or blindly bumped into furniture. One of their latest innovations is the Saros Z70, which CNET calls an “AI-powered housekeeper.” It has a robotic arm that allows the device to tidy while it cleans, picking up items like socks and slippers and moving them to designated areas. Right now, the Roborock Saros Z70 robot vacuum and mop is half off, at an all-time low price of $999.99 (originally $1,999).

While the star of the show is the robotic appendage on this AI-powered robot vacuum-and-mop hybrid, it also offers a range of other features, including 3D navigation, a self-emptying bin, automatic mop washing and drying, and built-in voice control. The Omnigrip arm finds, marks, and lifts obstacles to clear once-blocked areas: First, it cleans the rest of the room, then returns to move obstacles and clean the now-uncovered spot. Plus, it has a weight limit, so it won’t accidentally try to pick up pets or heavier, permanently placed items.

The Saros Z70 has 22,000Pa of suction power and hot-water mopping, and 30 adjustable water flow levels. It has dual cameras to enhance navigation and precision sensors to lift itself (climbing thresholds up to about 1.5 inches). Its 3.14-inch profile helps it fit under low-profile furniture. The battery life is around two hours and 15 minutes without the arm; Roborock says it can clean around 150 square meters with the arm enabled, moving up to 10 items.

The Roborock Saros Z70 robot vacuum and mop is a reliable option for a mix of floor types, with a strong feature set and the added novelty of that robot arm (which can double as a futuristic party trick). At 50% off, it’s a more compelling buy than ever before.

Deals are selected by our commerce team

from Lifehacker https://ift.tt/qX645hf

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

As 4K OLED gaming displays go, the Asus ROG Swift PG32UCDM remains a top choice even years after its release. It earned a PCMag Editor’s Choice Award and is widely praised for its near-instant response times, high refresh rates, and vibrant visuals. Right now, the 32-inch Asus ROG Swift PG32UCDMR—an updated version of that monitor—is at a great price price: $899, 30% off the original $1,299.99 cost.

Two standout features are its customizable RGB lighting and extensive connectivity. The lighting allows for multi-colored glow patterns and effects on the monitor’s base and rear, while its DisplayPort 2.1, HDMI 2.1, USB-C, and USB hub connections make it easy to switch between a gaming PC, laptop, and other input sources.

With QD-OLED panel tech, the monitor delivers 4K visuals with excellent color accuracy and coverage, as well as high peak HDR brightness (up to 1,018 nits, according to PCMag’s testing of the earlier model). It supports AMD FreeSync Premium Pro and VESA Adaptive Sync for tear-free, low-latency gaming, while a 240Hz refresh rate pairs with a speedy 0.03 ms response time,  making it ideal for competitive gamers. It is also  VESA DisplayHDR 400 True Black certified and includes a headphone jack. 

Although curved screens have benefits like reduced glare and deeper perceived blacks, they aren’t for everyone, making this a great flat-screen alternative. The ROG Swift PG32UCDM also comes with a bevy of OLED care features designed with longevity in mind, including OLED Care Pro and a Neo Proximity Sensor that detects when you step away and switches the screen to black to help reduce burn-in risk.

If you want a premium flat-screen monitor with impressive color range and accuracy, and the true blacks of an OLED, the 32-inch Asus ROG Swift PG32UCDMR is a smart pick, especially considering its extensive burn-in protection (along with a three-year warranty). At $400 off, it’s a deal worth considering for PC gamers.

Deals are selected by our commerce team

from Lifehacker https://ift.tt/fSV8nhE

We may earn a commission from links on this page.

One of the great joys of a rom com is the fact that you know exactly where the story is headed, but that doesn’t reduce your enjoyment of the journey even a little bit. Prime Video’s Off Campus (adapted from the bestselling books by Elle Kennedy) is a perfect example: It is achingly obvious from the moment they meet in the men’s locker room that Garrett (Belmont Cameli) and Hannah (Ella Bright) are going to end up together. The fun is watching them fight the inevitable. If you’ve devoured the first season of Off Campus and have already burned through all the shows like it, switch gears to long-form and check out the most perfect movie vibe-match you can find: 1992’s The Cutting Edge.

Why The Cutting Edge is the perfect movie to watch after Off Campus

Yes, The Cutting Edge is three decades old. No, you probably don’t recognize the stars. But if you’re looking for a movie that offers the same overall feeling and faith that love can conquer all, including misunderstandings and awkward partnerships, then this movie is what you’re looking for.

Love the arrangement between Hannah and Garrett that leads to them pretending they’re not totally into each other? The Cutting Edge has a similar premise: A talented hockey player, Doug Dorsey (D.B. Sweeney), is injured just before he can win Olympic gold and go pro, ending his career. When a brilliant figure skater, Kate Moseley (Moira Kelly), can’t find a partner due to her temperamental nature, perfectionism, and acidic tone, her desperate trainer offers the job to Dorsey. Dorsey thinks figure skating is humiliating, but he’s desperate for a comeback. Kate thinks Doug is a dumb jock, but she’s out of options. They agree to work together—and sure, they hate each other at first, but this is a romantic comedy. Before long they’re denying their feelings and getting in their own way, just like Hannah and Garrett.

Is your favorite part of Off Campus the banter between Hannah and Garrett (and Allie and Dean and everyone and everyone)? The Cutting Edge is packed with sharp, hilarious exchanges, from Doug learning what a “toe pick” is the hard way to Kate saying “I'm sure there's nothing I do that you'd find exciting. I don't open beer bottles with my toes.” In short, Doug and Kate are increasingly adorable as they try to bicker their way out of how hot they are for each other.

And if what you’re here for is the same thing everyone comes to a rom com for—the big, dopey, heartfelt ending where everyone finally just says what they’re feeling—The Cutting Edge has you, too. The end of the movie is surprisingly powerful after following their journey with each other—it has everything a scene like this needs. It has a passionate speech. It has a character surrendering the final piece of their emotional armor and being truly vulnerable. And it has a grand gesture—though there’s a twist on that, as it’s not the dude running through a metaphorical airport, for once. It’s satisfying and one of the main reasons The Cutting Edge has become something of a cult movie in recent years.

If you need help getting through it until season two of Off Campus, watch The Cutting Edge pronto. You can stream it for free on Tubi or rent it on Prime Video.

More movies like Off Campus

Movies are great, but they end. Need more Off Campus vibes in movie form? Here are a few more suggestions.

Challengers (2024)

If you want a bit more focus on the sports and athleticism on display in Off Campus without sacrificing the complex (and very horny) vibes, this Zendaya-centric film is perfect. The story follows three friends-slash-competitors in the cutthroat world of competitive tennis who navigate a steamy throuple situation, exploring deep issues of friendship, betrayal, sex, and love along the way. Stream Challengers on Peacock or rent it on Prime Video.

My Fault: London (2025)

The film My Fault: London and its sequel, Your Fault: London (based on the book series Culpables by Mercedes Ron), are probably the closest match to Off Campus in some ways. The story follows Noah, who is forced to move to England just before she starts college when her mother marries a wealthy businessman. Her relationship with her new stepbrother, Nick, starts off tense, but these two broken people slowly learn to trust each other—and more. It’s a bit higher on the thriller/drama scale than the show, but slots into the college-age romance space nicely. Stream My Fault: London on Prime Video.

The Kissing Booth (2018)

If you really love the twisting, soapy drama of young love on display in Off Campus, The Kissing Booth (and its two sequels) will deliver. The characters are a bit younger, but the vibe is similar: Elle (Joey King) and Lee (Joel Courtney) have been best friends literally since birth, and Elle has crushed on Lee’s older brother Noah for almost as long. Elle and Lee have a deal, though, that his brother is off-limits no matter how hot he gets (and he’s played by Jacob Elordi, so you know how that’s going). It’s got the same light-but-serious tone as a group of friends tries to figure out love and life together. Stream The Kissing Booth on Netflix.

After (2019)

If you love how Hannah and Garrett are destined to be together but can’t seem to let go of their baggage, check out the After film series, based on the books by Anna Todd. Tessa (Josephine Langford) heads off to college determined to remain loyal to her boyfriend and focused on her future. But when she meets brooding, broken bad boy Hardin (Hero Fiennes Tiffin) she’s soon breaking all her own rules—but a secret threatens to ruin everything. It’s the perfect overly dramatic side quest for Off Campus fans. Stream After on Netflix or rent it on Prime Video.


from Lifehacker https://ift.tt/MJ5VLS6

We may earn a commission from links on this page.

It's been a while since our last visit with the Ingalls family, though perhaps not as long as you might think: while the Melissa Gilbert/Michael Landon series ended in 1984 after a series of TV movies, there have been a couple of live-action adaptations, a stage musical, and an anime series in the years since. Still, none have been as high profile as Netflix's new take on the classic Laura Ingalls Wilder books. It has quickly become one of the biggest shows on streaming despite some controversy over certain plot elements.

Uncharacteristically for Netflix, Little House's second season is already in production, but if you've already binged the entire thing and are eager for more downhome historical drama, consider these 10 streamalikes.

Anne With an E (2017 – 2019)

Lucy Maud Montgomery’s classic historical novel Anne of Green Gables kicked off a long series of similarly family-friendly works, eventually leading to a beloved 1970s television series. Sound familiar? This particular story is entirely fictional, but hits similar notes in its exploration of the childhood of a precocious girl growing up in a rural 19th-century setting. As the series begins in 1896, a couple of elderly and unmarried siblings on Prince Edward Island, Canada, have sent away for an orphan boy to help on the farm, but instead find themselves with a girl: chatty Anne Shirley (Amybeth McNulty), who has to fight to prove herself to her prospective parents, as well as to others in the town who judge her alternately for being a useless girl or for being a poor orphan. The reboot revisits the novel and mines its text (and subtext) for new ideas without betraying the spirit of the work. Stream Anne With an E on Netflix.


Little Women (2017)

At approximately the same time that Laura Ingalls Wilder and family were leaving Wisconsin for the broader Midwest of the author's recollections, Louisa May Alcott was writing and publishing her groundbreaking first novel, set in a Civil War-era New England in which women have largely been left behind by the men in their lives. Though overshadowed by the (excellent) Greta Gerwig film version's arrival two years later, this BBC adaptation is a bit more faithful to the text without ever feeling stuffy. The book takes place over a period of years, and the miniseries format does a better job of capturing the passage of time, which is so critical to the story. Emily Watson plays the stolid Marmee with an appropriate twinkle, and Angela Lansbury (in her final TV role) is perfect as the snide, snippy Aunt March. Stream Little Women on Peacock, Tubi, and Netflix.


The Other Bennet Sister (2026)

A bit of a ratings blockbuster on the BBC, this miniseries revisits the events of Pride and Prejudice from the perspective of Lizzy Bennet's bookish, altogether dorkier sister. Her ruddy complexion, penchant for grammatical correctness, and (dear lord) spectacles make Mary entirely unsuitable for marriage and unfit for much other than genteel spinsterhood. That all begins to change when Mary sets off on her own to become a governess for the Gardiner family in London, and manages to forge a life and a future for herself away from the parents and siblings who see her as not much more than a piece of furniture. Pemberley and its environs are a world (an ocean, at least) away from the rural world of Little House, but both shows offer clever and forthright young women doing their best to find their place. Stream The Other Bennet Sister on Britbox.


All Creatures Great and Small (2020 – )

An update of a venerable British franchise based on a series of autobiographical novels from writer James Alfred Wight (aka James Herriot), All Creatures takes us back to the rural Yorkshire Dales of the 1930s, with a Scottish vet moving to the small farming town of Darrowby to take up a job as a veterinary assistant. First among the local eccentrics is Helen Alderson (Rachel Shenton), a practical and hard-working farmer faced with some big choices in life. Though you need to be willing to witness animals in jeopardy, the big-hearted show only rarely goes for a gut punch. Mostly, it's charming domestic drama amid a bucolic landscape, with frequent guest appearances by baby cows. Stream All Creatures Great and Small on PBS or buy it from Prime Video.


Anne Shirley (2025 – )

Returning for a moment to the world of Anne of Green Gables—though Little House is about an American family and Lucy Maud Montgomery's novels are about a Canadian orphan (who finds a family), they're both about smart, adventurous young women growing up in a challenging, rural frontier. This beautifully animated anime adaptation (not the first Japanese take on the Anne stories) is faithful to the source material while adding some stylistic flourishes (a schoolhouse fight over a chalkboard is drawn, briefly, as a battle sequence). Stream Anne Shirley on Crunchyroll.


Heartland (2007 – )

Based on a popular book series from Linda Chapman and Beth Chambers (who write under the pseudonym Lauren Brooke), this series follows the lives of a family of horse ranchers in western Canada led by sisters Amy and Lou (Amber Marshall and Michelle Morgan). Though it's set in modern-day western Alberta, the frontier feel and family drama don't feel far removed from the lives of the Ingalls. If you're new to the show, there's a lot to catch up on: It's coming up on its 20th season. Stream Heartland on Netflix.


1883 (2021 – 2022)

The first of the Yellowstone spin-offs, 1883 gives us a bit of Dutton family prehistory. Tim McGraw and Faith Hill play the first generation of the family to make the trip from Texas to Montana on a dangerous wagon train led by Sam Elliott. This is a grittier take on westward expansion that doesn't have nearly the same family-friendly Little House vibes—but it does place Isabel May's 17-year-old Elsa Dutton at the heart of the story; she starts as an adventurous young woman before becoming hardened by her experiences. Stream 1883 on Paramount+.


Lark Rise to Candleford (2008 – 2011)

Once again we're a world away from the American frontier of the Ingalls family, but nevertheless following a young woman's coming of age in the 19th century in a story drawn from a series of semi-autobiographical novels (by Flora Thompson). Country girl Laura Timmins (Olivia Hallinan) sets out looking for work in the wealthier, modestly more metropolitan neighboring town of Candleford. She manages to find a job at the post office, befriended and mentored by her mother's cousin, Dorcas (Julia Sawalha). Not everyone in Candleford is so welcoming of the rube from the countryside, especially when Laura is forced to choose between the demands of her job and the needs of the family she left behind. Stream Lark Rise to Candleford on Peacock.


When Calls the Heart (2014 – )

This (very) Hallmark-y series, based on a Janette Oke novels, begins in 1910 and follows young teacher Elizabeth Thatcher (Erin Krakow) as she leaves her relatively wealthy family to take a job in a rural Canadian mining town. Luckily, there's hot mountie Constable Jack Thornton (Daniel Lissing) to help her make the adjustment. There's romance, drama, and triumph among the woman-led cast, with the gentle tone and big heart that you might expect, given the title. The show has lasted 13 seasons and counting, and, Yellowstone-like, has already generated two spin-offs, When Hope Calls and Hope Valley: 1874. Stream When Calls the Heart on Hallmark+ via Prime Video.


Little House on the Prairie (1974 – 1984)

This almost certainly goes without saying, but there are nine seasons of classic Little House and three follow-up movies to plow through (pun intended). The show quickly outgrew its early reputation as a Waltons clone to become a fan and critical favorite with an expansive cast of characters and a strong social conscience, in large part due to the influence of executive producer and star Michael Landon. Melissa Gilbert plays Laura, while Alison Arngrim (who has a cameo in the new series) frequently steals the show as nasty neighbor Nellie Oleson. It's weirder, more dramatic, and a bit less interested in staying true to the books than is the current series, but arguably it's the reason Little House remains in the zeitgeist—even more so than the novels. Stream Little House on the Prairie on Peacock and Prime Video.


from Lifehacker https://ift.tt/k4eGMt7

When I first started covering tech, OnePlus was the brand to beat. It was never an Apple or a Samsung, but that's what it had going for it: The company made high-quality smartphones with enthusiast features at reasonable price points. I wouldn't even have called it an underdog, necessarily. It didn't have much "market share," but it was winning in the eyes of the tech community.

Fast-forward a decade, and the situation couldn't be more different. OnePlus is officially dead in much of the world, as the company announced it will no longer produce new phones for the U.S. or Europe. This change didn't happen overnight: In recent years, OnePlus slowly stopped making phones for enthusiasts and started chasing mainstream flagships at flagship prices. And while it may have had some success, the U.S. smartphone market still looks roughly the same as it did when OnePlus first started—it's all about Apple and Samsung. Now, the company isn't just lagging behind in the U.S.: It no longer exists.

If you don't own a OnePlus device, you might not think this impacts you much, but it does. One fewer company in an already limited market means even less competition for Apple and Samsung than before. Google and Motorola are really the only two other companies making Android devices for the States, and who knows where they go from here. But the biggest impact, of course, is to current OnePlus users. Whenever you own the product of a company that decides to exit the market, there's uncertainty, confusion, and concern. If you're a OnePlus user in the U.S., here's what you need to know:

Where do OnePlus users go from here?

The good news is that OnePlus isn't leaving U.S. users in the lurch. In the company's "Notice of Business Adjustment," it confirmed it will continue to support existing devices with software updates, security patches, and "after-sales" support, per your device's warranty. For the immediate future, it shouldn't feel like OnePlus is gone at all. Your phone will still get updates; you'll be protected from security vulnerabilities; and OnePlus will service your phone if something happens to it under warranty.

Perhaps the biggest change will come once Android 17 arrives on OnePlus devices. OnePlus announced that, rather than continuing to support its OxygenOS software, the company will enroll users with eligible devices into ColorOS, the operating system its parent company Oppo uses. OnePlus users won't transition to ColorOS until ColorOS 17, its take on Android 17. "Legacy models" that don't support ColorOS 17 will instead stay on OxygenOS and receive software maintenance, but no new feature updates.

While it is a separate OS, ColorOS is quite similar to OxygenOS, especially these days. It comes with a familiar UI and many of the same features, though different regions get different app distros—with some going so far as to call it bloatware. ColorOS has never launched on a U.S.-based device, so I can't say what it'll look like for U.S. OnePlus users, but it is possible ColorOS will add apps and services to your device that aren't currently there. As such, some users may find they miss the old OS after updating, or that they don't want to transition at all. Luckily, OnePlus says that users will be able to both decline the update, and roll back to OxygenOS if they don't care for ColorOS.

It's still early days, so there are plenty of questions left for OnePlus to answer. I'll update this post with any news we get, so OnePlus users can continue to plan accordingly.


from Lifehacker https://ift.tt/KJNL7gR