The Latest

We may earn a commission from links on this page.

As the world outside of our streaming boxes has gotten nastier, we've seen an uptick in the population of amiable goofballs within them, with comfort shows like Ted Lasso and Schitt's Creek having set the template. Rooster's Greg Russo (Steve Carell) isn't exactly one of this crowd; his world is falling apart around him rather precipitously in the opening episodes of the HBO series, but the vibe is far less dour. It's a show about a likable, well-meaning character who struggles to maintain his principles and outlook when faced with a world that's more than happy to throw mud in his face.

If that's something you need more of in your life, here are 10 other shows about characters whose failures are relatable, and whose successes are inspiring. Here's to the losers.

Lucky Hank (2023)

Bob Odenkirk hopped directly from Better Call Saul to this academic satire, starring as Hank Devereaux, Jr., a creative writing teacher at a tiny college in Pennsylvania. As the show starts, he's humiliated by a student, publicly mocks his school in a way that nearly gets him tossed, has to deal with his more successful father, and comes to believe that his wife is having an affair. His life only gets more chaotic from there. Mireille Enos (The Killing) co-stars in this short-lived, but still really good, comedy of middle-aged ennui. Buy Lucky Hank from Prime Video or Apple TV.

A Man on the Inside (2024 – )

Another amiable and well-loved TV celebrity stars in this lightly satirical comedy that's a bit more plot-oriented than a typical sitcom. Ted Danson plays Charles Nieuwendyk, a hapless retired professor and recent widower who listens to his daughter's plea that he find something to keep him occupied. He answers an ad from a private investigator looking for someone to go undercover by moving into a retirement community in San Francisco in hopes of discovering who's been stealing the residents' jewelry. As he comes to care about the people he's investigating (and lying to), his job only gets harder. Start at the beginning, but I'll direct your attention toward the second season, co-starring Danson's real-life wife Mary Steenburgen, and set at a small liberal arts college not at all unlike Rooster's Ludlow. Stream A Man on the Inside on Netflix.

The Chair (2021)

Sandra Oh stars in this comedy-drama as Dr. Ji-Yoon Kim, the newly appointed chair of the English department at fictional Pembroke University. The first woman to hold the job, she struggles to balance the significance of the role with a budding relationship and her challenging daughter. This ambitious series only lasted one season, but got great reviews and went a bit deeper than Rooster in its satire of modern academia. Stream The Chair on Netflix.

Ted Lasso (2020 – )

Loveable goof Ted Lasso stole our hearts back in 2020, and there's a largely unexpected revival on the horizon years after the end of its original three-season run. Jason Sudeikis plays the title character, an American college football coach, hired by owner Rebecca Welton (Hannah Waddingham) to coach her Richmond football club (soccer to us Americans), despite his lack of any experience with the sport. She won the team in a messy divorce, and figures that Ted will ruin the franchise that her ex loved so much. With everything and (nearly) everyone against him, he nonetheless wins the team over with his relentless, occasionally ridiculous good-natured optimism. Stream Ted Lasso on Apple TV.

Dear White People (2017 – 2021)

Adapted and extending the 2014 movie, this show takes us to a (fictional) Ivy League school for a comedy-drama that takes on campus life and politics from a rather different perspective than that of Rooster. Logan Browning leads the ensemble cast as Sam White, who kind-of inadvertently starts the titular radio show following a racially charged incident on campus. Far from the screed that some bad faith YouTubers seem to find in the show, it's never shy about confronting the complicated and occasionally silly contradictions of campus activism, with each episode approaching life at Winchester University from a different character's perspective. Stream Dear White People on Netflix.

Shrinking (2023 – )

A fun, funny, occasionally serious dramedy (Rooster vibe-match here), Shrinking stars Jason Segal as cognitive behavioral therapist Jimmy Laird, who's been in a depression spiral since the death of his wife a year before the show opens. When he tries to get through a workday following a night of partying, he loses it on a whiny patient—which is not exactly standard procedure. But Jimmy finds himself invigorated, nonetheless, and telling people what he really thinks becomes his new thing, with mixed results. Jessica Williams plays fellow therapist Gaby Evans, perpetually upbeat despite her recent divorce, while Harrison Ford is clearly having a great time playing Jimmy's crusty boss and mentor. Michael J. Fox joined the cast for the recently completed third season, and it's been renewed for a fourth. Stream Shrinking on Apple TV.

Abbott Elementary (2021 – )

Very quickly establishing itself as one of the great workplace mockumentaries, Quinta Brunson's Abbott Elementary does a workplace comedy like The Office one better in portraying its cast of (mostly) well-meaning characters running up against an American educational system that doesn't always reward good intentions. Stream Abbott Elementary on Hulu and HBO Max.

Somebody Somewhere (2022 – 2024)

Bridget Everett stars as Sam Miller, who struggles to find her new direction after moving back to her hometown to care for her dying sister (don't worry: there's plenty of comedy in the drama, and it's not as heavy as it sounds). She's solidly middle-aged and starting over, kinda—making new friends in a familiar environment where she has to confront the past and the future alike. Luckily, her love of singing, and a community of goofy oddballs, are there to help. It's another story of a person of a certain age, trying to rebuild their life following an upheaval. Stream Somebody Somewhere on HBO Max.

Chad Powers (2025 – )

One minute, Russ Holliday (series star and co-creator Glen Powell) is the biggest name in collegiate football, with a future that couldn't be brighter. The next, he's fumbled a touchdown and later shoved a fan into a cancer patient using a wheelchair. Not great! Eight years later, he's looking for a comeback and so, with shades of Mrs. Doubtfire, he reinvents himself via prosthetics and a wig as the title's Chad Powers, a charmingly naive athlete who signs on to the football team at a tiny Georgia college. It's a goofy premise, but Powell's performance sells it, and the show becomes more engaging as Russ/Chad is forced to ask himself whether this new persona is a con, or the person he'd like to be. Stream Chad Powers on Hulu.

English Teacher (2024 – 2025)

Brian Jordan Alvarez stars as Evan Marquez, an English teacher at Morrison-Hensley High School, another amiable, well-meaning, but easily thwarted character who's struggling to maintain his strident out-ness in the face of modern school politics. Though he's a little younger, he's facing something like an early mid-life crisis, trying to balance his personal life with his career, trying to connect with his students in ways both charming and wildly awkward. This one is tainted by accusations of Alvarez's bad behavior behind-the-scenes; if only real life didn't so often betray the idealism of art. Stream English Teacher on Hulu.


from Lifehacker https://ift.tt/2DLTHoF

We may earn a commission from links on this page.

It's the end of an era: On Monday, Tim Cook announced his plans to step down as Apple CEO. By September, the company's senior vice president of hardware engineering John Ternus will succeed Cook in the role, and Apple will have its second CEO since Steve Jobs' departure in 2011. A lot has happened over at Apple Inc. since Tim Cook took over nearly 15 years ago, but there are some moments that stand out more than others. I've highlighted 11 products and decisions the company has announced or made during Cook's tenure that I think defined this chapter.

Apple introduced Siri in 2011

Tim Cook's first major product announcement actually occurred while Steve Jobs was still alive. On Oct. 4, 2011, Apple announced the iPhone 4s, and while the phone was quite similar to the iPhone 4, it introduced one feature that still defines the company to this day: Siri. It was a novel concept for iPhone users; rather than check the Weather app, you could ask Siri what the temperature outside was like; instead of setting your own alarms, you could ask Siri to do it for you; if you were driving, you could ask Siri to read your messages, or check your calendar for upcoming events.

Of course, Siri went from being an iPhone-exclusive to being the smart assistant across all of Apple's products—even if it isn't the most capable option on the market. The company announced an AI overhaul for Siri back at WWDC 2024, but the upgrades have been delayed again and again.  

Apple Maps dropped for the first time in 2012 (and it didn't go well)

The default navigation app on iPhones hasn't always been Apple Maps. In fact, for the smartphone's first five years, Apple relied on a built-in version of Google Maps to power directions. But in 2012, the company decided to break away from Google, and roll out its own maps app.

While you may or may not prefer Apple Maps today, it was a much different app back in 2012—and by that, I mean it was a bit of a disaster. Apple Maps was missing cities, landmarks, and its app icon even depicted a driver turning off an overpass. The PR nightmare was so bad, Apple's former vice president of iOS, Scott Forstall, left the company after refusing to sign an apology for the app. While many of us who lived through this experience still don't really trust Apple Maps, many iPhone users now choose it over other options.

Apple acquired Beats by Dre in 2014 in the pre-AirPods days

Before Apple disrupted the wireless headphone market with AirPods, it sold two types of wired earbuds: the standard EarPods, and the premium "In-Ear Headphones," which strongly resemble wired AirPods Pro. But the company didn't make the leap from these earbuds options to AirPods directly: Before it did, the company decided to buy Beats by Dre. The acquisition was huge: Apple paid $3 billion for Beats, and decided to keep the branding to boot. It'd be a couple of years before the company would start offering its own premium Apple-branded headphones, so from 2014 to 2016, Beats were the "Apple headphones" of choice.

The company introduced the first Apple Watch in 2014

When Apple first announced the Apple Watch back in 2014, its premium "Edition" line really stole the show. (Apple is selling a $10,000 watch made of gold? Who's going to buy this thing?) But while you could have easily mistaken this for a luxury-only product at the time, it ended up having mass-market appeal, thanks to more budget-friendly options that ditched the premium materials for aluminum. Apple still offers higher-quality Apple Watch models, but it quickly ditched the gold (and the five-figure price tags).

That first watch is in many ways similar to the watches we have today: It pairs with your iPhone, and supports messaging, heart rate tracking, and interchangeable bands. But the Apple Watch has also evolved in many ways. It is, of course, much faster today, but also comes with way more features, including cellular capabilities, sleep tracking, blood oxygen monitoring, and Emergency SOS if you're ever in need of assistance. Tim Cook seems especially invested in this particular product, frequently highlighting stories from customers who have changed their lives with the watch, or had their lives saved by it.

Apple became the first U.S. company to hit $1 trillion in 2018

On Aug. 3, 2018, Apple became the first publicly-traded company in U.S. to be valued at $1 trillion. It was a remarkable moment, especially considering how close Apple came to financial ruin back in the 90s, and how some doubted the company's future following the passing of Steve Jobs. The company continued to hit financial milestones over the years, and today, Tim Cook steps down from a $4 trillion company.

Apple introduced the first wireless AirPods in 2016

Apple famously launched the iPhone 7 without a headphone jack. While you could use an adapter to connect your existing wired headphones to the phone, the company had a solution: Buy its wireless earbuds instead. Apple Fellow Phil Schiller saying the decision resulted from "courage" is still mocked to this day, but Apple has clearly had the last laugh. AirPods have gone on to become wildly popular, and likely had a huge role to play in popularizing wireless headphones in general. The initial product was relatively expensive—$169 for what seemed like a wireless version of the free EarPods that came with every previous iPhone—but the product has blown up. Apple now offers "entry-level" AirPods, a version with noise cancellation, "Pro" AirPods with interchangeable ear tips, and over-the-ear headphones that cost way too much. Like the Apple Watch, this is one product you can't go out in public without seeing.

The Apple TV streaming service was first announced in 2017

I remember when Apple first announced Apple TV—the streaming service, not the existing streaming device. At the time, it was just one more streaming service to keep up with, and I had subscription fatigue. Sure, Apple was a huge company, but trying to break into a market with the likes of Netflix, Hulu, and HBO seemed ill-advised. That's probably why I'm not running a trillion-dollar company: Now called Apple TV+, Apple's streaming service is home to some of the most popular and critically acclaimed shows currently on the air, including Ted Lasso, Severance, Shrinking, and For All Mankind.

The iPhone X was released for Apple's 10th anniversary in 2017 with major design changes

The iPhone has gone through many design changes and shake-ups over its near 20-year history, but perhaps none is as monumental as the iPhone X. For the product's 10th anniversary, Apple totally overhauled its look and function. Gone was the Home button, the large top and bottom bezels, and the LCD screen; in its place, Face ID and an edge-to-edge OLED display (minus the "notch" for the camera, of course). It's a design that still looks pretty fresh nearly 10 years later: nobody would bat an eye if you were rocking an iPhone X today—though it sadly doesn't support the latest version of iOS.

Apple began building its own in-house chips in 2020

If I could pick one moment of the bunch here to highlight as the most important, it'd be Apple silicon. In 2020, Apple officially ditched Intel, opting instead to build its own in-house chips for the Mac. The company already did this for the iPhone, and that same winning formula translated to a product lineup that desperately needed a leg-up. Ever since, Apple has had complete end-to-end control of the Mac: It makes both the hardware and the software, and can optimize the experience to its liking. The current Mac lineup is perhaps the best it has ever been, but, at the same time, many people who bought one of those first M-series Macs five years ago are still using them. I'm writing this on an M1 iMac I have no intentions of upgrading anytime soon.

Apple announced its mixed reality Vision Pro headset in 2024

After years of speculation, Apple finally entered the headset market in 2024 with the Apple Vision Pro. Its mixed reality headset combined some impressive hardware with a unique operating system (visionOS) to pull off an ideal experience for Apple users interested in XR. You can link your MacBook to the headset to pull up a virtual ultra-wide monitor; take FaceTime calls using a virtual persona; and watch videos you shot on your iPhone in spatial reality.

And yet, the Vision Pro is a tough sell for most people. The high starting price tag ($3,499) costs more than most of the company's professional Macs, and doesn't do nearly as much. It might be technically superior to other products on the market, but when you can pick up a Meta Quest for nearly a 10th the price (with much more software support), there's little reason for most to pay the money. As such, the Vision Pro is a rare miss for modern Apple, but it's a monumental moment nonetheless.

The new MacBook Neo, released this year, cut the price of a basic MacBook Air in half

Apple silicon may be the most important thing to happen to the Mac lineup under Tim Cook, but the MacBook Neo might be the most important Mac. Apple took an iPhone chip, put it inside a simple MacBook design, and set the price at $599 ($499 with an education discount). Despite 8GB of RAM, and macOS running on an "A-series" chip rather than M-series, most people can probably get what they need to get done using a Neo, at half the price of Apple's previous entry-level MacBook Air. It's too early to tell just how impactful this device will be on the personal computing market, but my guess is colossal.


from Lifehacker https://ift.tt/ErnvglH

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Larger phone screens come with real benefits, from improved multitasking to reduced eye strain compared to smaller displays. The 2025 Google Pixel 10 Pro XL is a standout in the large-screen category, with a 6.8-inch OLED display, a superior camera, and a capable processor bolstered with a suite of AI features. Right now, the  Google Pixel 10 Pro XL is 25% off on Amazon at a record-low price of $899 (originally $1,199).

This flagship model comes with 256GB storage, 16GB RAM, and the Tensor G5 chip (Google’s fastest yet), which provides enough power for everyday tasks while being tailored toward on-device AI processing. The Pixel 10 Pro XL is packed with AI features, including Gemini Advanced, a generative AI image creator, Pixel Studio (though there are some limitations around racial representation, according to this CNET review), and Magic Cue, a tool designed to automatically surface relevant information from conversations you’ve had so you don’t need to search for it yourself. 

The phone has three rear camera lenses, including a telephoto lens with 5x zoom and a front-facing camera. It performs especially well in low light and for portrait photography, and the large display makes it easier to view and edit photos (which AI tools can also help enhance), making this one of the best Android phones for photography. 

The Google Pixel 10 Pro XL can also charge wirelessly thanks to Pixelsnap, which our reviewer called “Google’s answer to MagSafe.” It also offers seven years of updates, setting a new standard for longevity, and a 120Hz refresh rate for smoother scrolling and multitasking.

The higher refresh rate can take a toll on battery life, which may feel inconsistent despite the 5,200mAh capacity (it lasts only slightly longer than the Pixel 10, though it does charge faster than previous models). Still, if the longest battery life possible isn’t your main priority and you want a phone with maximum screen real estate, the best Android photography experience possible, and powerful AI features, the Pixel 10 Pro XL delivers.


from Lifehacker https://ift.tt/o4Ascpj

We may earn a commission from links on this page.

My house has precisely one outdoor area, which makes it precious. It’s the only spot where we can hang out outside without actually leaving. Since I’m a dedicated introvert who enjoys fake conversations with his cats more than real conversations with people, that’s incredibly important. As a result, I put a lot of time into keeping the deck comfortable and in good repair.

A few years ago, I replaced some of the composite decking with new pieces that didn’t quite match the original color, so I painted the decking to keep things uniform. This past winter was pretty rough on the deck, though, which was starting to look a little worn:

My deck before the paint job, looking a little sad.
My deck before the paint job, looking a little sad. Credit: Jeff Somers

The time had obviously come for a fresh paint job. I chose a lighter color this time and went shopping for the tools I’d need. A roller and a brush? Nope. A regular, cheap push broom and a bender pad.

How to paint a deck with a broom and a bender pad

Here’s all I needed to paint my deck: A paint tray, a can of floor and patio paint, a broom, and a bender pad:

My paint tools for this project.
My paint tools for this project. Credit: Jeff Somers

Painting your deck with a push broom is a lot easier than using a paint roller or a brush. A 10-inch push broom pretty generally covers two deck planks, and the bristles work the paint into the crevices much more efficiently than a roller, requiring fewer passes to get good coverage. And a bender pad is just a flexible, handheld tool that slips easily between tight spaces that need to be painted—like the spaces between deck boards.

Using these two unusual tools, I banged out this paint job in about an hour from start to finish. First, I cleaned the deck using a stiff brush to scrape away any dirt that had crusted on it. I scraped any loose paint away and let the deck dry out thoroughly. Once it was dry, I grabbed the broom and got to work. The key is to choose a push broom with flexible bristles—if they’re too stiff, you won’t get good coverage.

Using the broom to paint the deck.
Using the broom to paint the deck. Credit: Jeff Somers

I alternated between painting the top of the boards and working on the spaces between with the bender bar. Instead of working a sloppy brush in between the boards, the bender pad smoothly pads the sides of the boards, leaving a clean, near-perfect coat. In retrospect, I should have started off by painting the sides first so I didn’t have to twist myself into pretzels at times because the boards were all wet with paint, but that’s a lesson for another time.

Using the bender pad on the deck.
Using the bender pad on the deck. Credit: Jeff Somers

The broom and bender pad combo made painting the deck super easy and fast. If you’ve got a deck you want to paint or stain, forget the rollers and brushes and use a broom and a pad instead. You won’t regret it. Here’s the finished result:

My deck after the paint job.
My deck after the paint job. Credit: Jeff Somers

from Lifehacker https://ift.tt/7WjLR5p

In recent years, Apple has taken significant steps to make the iPad more like a Mac. But while windowed multitasking and a desktop-like Files app helps bridge the gap, the gap still exists. It's still a bit too difficult to use an iPad like a touchscreen MacBook, leaving fans who want such a product wanting. Luckily, a touchscreen MacBook is in the works—it might just take a bit longer than expected to get here.

The touchscreen MacBook Pro might not get here until 2027

In the latest edition of his Power On newsletter, Bloomberg's Mark Gurman shares the bad news: Apple's first MacBook with a touchscreen is more likely to arrive in 2027 than in 2026. See, Gurman previously reported that it was possible Apple would ship 14- and 16-inch MacBook Pros with touch-enabled displays later this year. Another Apple leaker, Ming-Chi Kuo, had a similar assessment. That said, Gurman had reserved the possibility that Apple could push into 2027, depending on how quickly it could actually get its supply out to the market.

That seems to be the case here: The global RAM shortage is hitting everyone hard. As AI companies scoop up as much memory as possible, manufacturers are having trouble producing enough RAM to meet demand. That forces prices for RAM and the devices that use it to rise, but it also puts a strain on companies that are trying to build hardware with RAM: Apple included.

The release date might not have been set in stone regardless, but were Apple more ahead of schedule, it may have announced the new product at WWDC 2026—an event usually reserved for software releases. But Apple likely won't announce a product so early in development if it isn't planning on releasing it until next year, so we'll likely need to keep waiting.

Apple's touchscreen MacBook Pro may come with other advantages

While the touchscreen is the main focus of this upcoming product, this MacBook Pro is rumored to have a number of other perks as well. In addition to being able to touch the display for the first time, this MacBook might be Apple's first to come with an OLED display, rather than the mini-LED tech the MacBook Pros currently ship with. In addition, Apple may take the opportunity to roll out the M6 Pro and M6 Max chips with this MacBook Pro, making it the most powerful MacBook yet.

If you have a newer iPhone, this MacBook may resemble it a bit, too: Apple might ditch the camera "notch" in favor of an iPhone-like Dynamic Island. Apple made that switch back with the iPhone 14 Pro, and might do the same with its first touchscreen Mac—though some developers have tried turning the current notch into a Dynamic Island. Finally, Apple might slim down the MacBook Pro line with this model, offering the first major design refresh since 2021.


from Lifehacker https://ift.tt/oBKwDhR

Nikkei Asia has some bad news for anyone hoping for RAM prices to fall anytime soon: The outlet reported on Friday that the global shortage of memory chips will likely continue until around 2027. According to Nikkei, U.S. and South Korean memory suppliers are raising DRAM production, but are only going to be able to meet about 60% of the demand. What's more, the current conflicts in the Middle East are making electricity and other relevant goods more expensive. Even Samsung, which is launching a fourth RAM plant this year, won't be at full-scale production until at least 2027, if not later.

The memory crisis is ongoing

Part of the problem is split production needs: Samsung's fourth plant needs to make logic chips for computing as well, which means it can't use all of its resources to develop memory chips. And while the company is also building a fifth plant, that location will be designated for producing advanced high-bandwidth memory (HMB), a specific type of memory used for AI semiconductors. That could lower the demand for more general use RAM, but Nikkei reports that this fifth plant will not begin running until 2028 or later. Nikkei reports that memory prices for the first three months of this year are up 90% on the quarter.

A silver lining though: SK Hynix, the second-largest memory chip producer in the world, is currently producing HMB chips, and has been since February. SK Hynix is also on track to start producing in a new plant in Seoul by February 2027, which is three months earlier than previous estimates. That said, Nikkei says this is the only production increase among the big three memory companies, which include SK Hynix, Samsung, and Micron Technology (based in the U.S.) For its part, Micron will start producing in both Idaho as well as Singapore in 2027. Taken together, these three companies control 90% of the global DRAM, and are the only companies that can make HBM.

Nikkei cites Counterpoint Research, which estimates that these companies would need to increase production by 12% per year through 2027 in order to fix the RAM shortage. Right now, it reports that growth looks to be about 7.5%. As such, the issue may not return to normal until sometime next year.

The RAM shortage affects everything

This news is disappointing, especially following positive developments in late March. Back then, we saw prices for RAM kits drop slightly—still far above historic lows, but $30 to $45 reductions in a time when the biggest AI companies on the planet were buying up as much RAM as possible. But following Nikkei's reporting, general prices likely won't fall (or stop rising) for at least another year and a half.

Unfortunately, that has implications for everything that uses RAM, not just the RAM itself. While those who build or work with computers will notice the strain on RAM hardware, there's a long list of consumer devices that will continue to be impacted here as well. Smartphones, laptops, smart glasses, tablets, gaming consoles, cars: If it runs on a computer, it uses RAM. Coupled with market instability across the globe, expect prices on devices you buy to increase in tandem. This perfect storm likely caused Sony to raise prices on the PlayStation consoles and handhelds, for example.


from Lifehacker https://ift.tt/WTmpDwa

Cloud deployment and hosting platform Vercel has suffered a security breach that resulted in attackers accessing some of its internal systems and compromising Vercel credentials of a “limited subset of customers”.

Advice for affected customers

“The incident originated with a compromise of Context.ai, a third-party AI tool used by a Vercel employee,” the Vercel security team explained in a post published on Sunday.

“The attacker used that access to take over the employee’s Vercel Google Workspace account, which enabled them to gain access to some Vercel environments and environment variables that were not marked as ‘sensitive.'”

Vercel CEO Guillermo Rauch explained it better: “Vercel stores all customer environment variables fully encrypted at rest. We have numerous defense-in-depth mechanisms to protect core systems and customer data. We do have a capability however to designate environment variables as ‘non-sensitive’. Unfortunately, the attacker got further access through their enumeration.”

Confirmed affected customers were notified directly and advised to immediately rotate credentials and environment variables, review their account’s activity log and environments for suspicious activity, rotate Deployment Protection tokens (if used), and look for recent unexpected or suspicious looking deployments.

“Take advantage of the sensitive environment variables feature going forward, so that secret values are protected from being read in the future,” the team also counseled.

In the meantime, the company deployed additional protection measures, extended their monitoring, notified law enforcement, and called in experts to help with the investigation.

“We’ve analyzed our supply chain, ensuring Next.js, Turbopack, and our many open source projects remain safe for our community,” Rauch added.

What happened, exactly?

The investigation into the breach is ongoing, and Vercel is getting help from the Google Mandiant team and other cybersecurity firms.

They’ve already confirmed how attackers managed to gain initial access to the Vercel employee’s account.

“Our investigation has revealed that the incident originated from a small, third-party AI tool whose Google Workspace OAuth app was the subject of a broader compromise, potentially affecting its hundreds of users across many organizations,” the Vercel security team shared, along with the unique identifier for the app in question: 110671459871-30f1spbu0hptbs60cb4vsmv79i7bbvqj.apps.googleusercontent.com.

Nudge Security CTO Jaime Blasco tied this tool to Context.ai, the company behind the eponymous AI-native office suite.

“Google has deleted the account but I’m confident the third party AI tool that vercel mentioned in the blog post is context[.]ai based on a now removed chrome browser extension listing linked to an oauth grant in the same account id,” he explained. “They removed the extension from the Chrome marketplace on March 27th which is suspicious.”

It’s unlikely that Vercel is the only victim of this third-party compromise. Google Workspace Administrators and Google Account owners have been advised to check whether they are using the Chrome extension and mount an investigation on their own if they are.

“We’ve reached out to Context to assist in understanding the full scale of the incident, in an effort to protect other organizations and the broader internet,” Rauch stated.

On Sunday, Context released an advisory of their own confirming a security incident that involved unauthorized access to their AWS environment.

“Based on information provided by Vercel and some additional internal investigation, we learned that, during the incident last month, the unauthorized actor also likely compromised OAuth tokens for some of our consumer users. We also learned that the unauthorized actor appears to have used a compromised OAuth token to access Vercel’s Google Workspace,” the company stated.

“Vercel is not a Context customer, but it appears at least one Vercel employee signed up for the AI Office Suite using their Vercel enterprise account and granted ‘Allow All’ permissions. Vercel’s internal OAuth configurations appear to have allowed this action to grant these broad permissions in Vercel’s enterprise Google Workspace.”

Who’s behind the breach?

“We believe the attacking group to be highly sophisticated and, I strongly suspect, significantly accelerated by AI,” Rauch said today. “They moved with surprising velocity and in-depth understanding of Vercel.”

Vercel breached

Screenshot of the BreachForums post

The Vercel compromise has been claimed by ShinyHunters – or someone who’s impersonating the infamous and prolific cybercriminal group – via a post on BreachForums, and they were apparently trying to sell the stolen information, which they say can be used to mount “the largest supply chain attack ever.”

The post has since been removed and the real ShinyHunters denied involvement in the breach.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!


from Help Net Security https://ift.tt/r9n8RJP