The Latest

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Companies keep bolting AI onto their products, and the security bill is coming due
Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than anything else. The figures come from Cobalt’s AI and Pentesting Pulse Report 2026, built on five years of penetration testing data and a survey of 455 security leaders and practitioners.

DarkMoon: Open-source AI pentesting platform
Penetration testing relies on skilled specialists who spend days probing networks and web applications by hand. Engagements often take weeks, cost thousands of dollars per day, and produce results that vary by tester. AI-driven automation aims to streamline the process. DarkMoon, an open-source platform, uses AI agents to plan and execute security assessments from start to finish, delivering an evidence-backed report at the end.

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin
Phones and laptops include built-in wireless file-sharing features such as Apple’s AirDrop and Google and Samsung’s Quick Share. These services automatically communicate with nearby devices, even if they have never connected before, and are used on more than five billion devices worldwide. Researchers at the CISPA Helmholtz Center for Information Security identified six vulnerabilities affecting AirDrop and Quick Share across macOS, iOS, Android, and Windows.

AI-generated code risks reach security, legal, and compliance teams
Most engineering organizations write code with AI, and a good number of them keep that code away from customers. A Flux survey of engineering leaders and practitioners found that nearly half run AI-generated code in production. Almost every company in the sample uses AI somewhere in development, with under 5% reporting no plans to adopt it within a year.

Nika: Open-source code analysis tool
Many web application vulnerabilities span multiple files, making them difficult for scanners that analyze one file at a time to detect. Nika, an open-source tool from PhonePe, works on that problem by performing cross-file taint analysis in Java microservices, tracing untrusted input across application layers to identify security-sensitive operations.

The endpoint recovery gap many teams discover during an incident
In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once.

Mozilla warns of indirect prompt injection risk in AI coding agents
A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions the developer never explicitly authorized.

JSP webshells being dropped on unpatched PTC Windchill instances
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog.

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,” BlackPoint Cyber’s researchers discovered.

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)
Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday.

What a financial planner taught me about cybersecurity
When Brian Honan spoke at a recent cybersecurity awareness event for financial planners and tax advisors, the audience was highly engaged with the subject. As happens at conferences around the world, people often approach speakers to ask follow-up questions or share their feedback on the presentation. This time, what struck Honan was how many attendees said they had been scared by what they heard during his talk.

Geopolitical cyber threats are turning HR into a security front line
In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted your company before.

Getting boards to fund ERM means speaking their currency
In this Help Net Security video, Greg Young, VP Cybersecurity and Corporate Development at TrendAI, explains how to build Enterprise Risk Management that a board will pay for.

Sycophantic chatbots and the harms that build over many chats
People use AI chatbots for company, advice, and emotional support, and these systems respond in ways designed to hold their attention. Researchers describe the resulting risks as affective safety, harms that arise because humans are emotional beings and AI engages directly with those emotions. The damage can occur during normal use, as systems optimize for the goals set by their developers.

Half the defense base still builds security around compliance
CMMC requirements are appearing in defense contracts and moving down through supplier networks to thousands of companies new to this kind of compliance work. Many run on limited budgets with lean security teams. The picture comes from nearly 900 defense contractors, C3PAOs, federal suppliers, and cybersecurity professionals who attended the 2026 Secureframe National Cybersecurity Summit.

WSL containers now build and run Linux workloads on Windows
Containers power many cloud-native applications, AI workloads, and testing and deployment pipelines. Windows developers have long relied on third-party software to build and run them. WSL containers make that step optional. Introduced at Microsoft Build 2026, the feature is now available in public preview with Windows Subsystem for Linux version 2.9.3. Users can install it with wsl --update --pre-release or by downloading the pre-release build from GitHub.

Kali Linux 2026.2 trims VM boot times, refreshes its desktops
Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large enough to slow the early stages of startup, and few virtual machines need it.

This supercomputer encrypts your data even while it’s running it
Sensitive data is typically encrypted when stored and transmitted, but not while it is being processed in memory, leaving it exposed to anyone with sufficient system access. Researchers at the University of Cologne developed a supercomputer called RAMSES that closes this gap by keeping data encrypted even during processing.

The ARToken phishing panel targets Microsoft 365 accounts
U.S. companies are being targeted with phishing emails that impersonate trusted vendors and appear to be routine invoice inquiries. According to Cisco Talos, the campaign is linked to EvilTokens, a phishing-as-a-service platform that earlier this year operated across hundreds of Cloudflare Workers domains.

What the AI patch gap means for enterprise security
Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source code paths and routed verified findings to the projects that own them. Tuskira studied what happens to those findings once they reach human hands.

Catching ransomware on the wire before it locks the file server
Corporate networks store sensitive data on shared servers accessed through mapped drives, making them prime ransomware targets. A compromised workstation can encrypt remote files over Server Message Block (SMB) traffic, while endpoint security tools often see only part of the attack. Researchers at La Trobe University developed a network-based framework that detects ransomware by analyzing SMB traffic patterns.

Non-interactive SSH attacks dominate after login
Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. The usual assumption is that an attacker eventually breaks in, opens a shell, and starts running commands. Data collected from 11 research honeypots suggests a very different reality.

Most teams accept higher risk for faster AI database work
Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled in a year, climbing from 15% to 44% of organizations, according to Redgate’s 2026 State of the Database Landscape report.

GPT-5.6 gets better at cybersecurity
OpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the flagship model, Terra as a balanced option, and Luna as the fastest and most cost-efficient model. The rollout is being coordinated with the U.S. government before expanding to ChatGPT, Codex, and API users in the coming weeks.

Hottest cybersecurity open-source tools of the month: June 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings.

Vulnerability reports are arriving faster than GitHub can review them
Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point where some new advisories take weeks to publish.

Product showcase: Scam calls, phishing, and data breaches? Meet AVG Mobile Security
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vault. It also identifies suspicious calls and scam text messages and helps keep personal information private while using Wi-Fi networks with its VPN. The app is available for Windows, macOS, Android, and iOS.

OpenClaw for iOS: The viral open-source AI agent comes to iPhone and iPad
OpenClaw, a self-hosted personal AI assistant that connects to existing chat apps, is now available on iPhone, iPad and Apple Watch. The release brings chat, real-time voice conversations, approvals, device capabilities, and private automations to iOS.

Proton’s pitch for Lumo 2.0: Frontier AI without the data grab
Proton has unveiled Lumo 2.0, a major upgrade to its zero-access encrypted AI assistant. Built on a new architecture, the release brings the assistant closer to frontier AI models with new AI models, multimodal capabilities, Memory, improved web search, and enterprise features.

Microsoft wants to stop unwanted bots from entering Teams meetings
A new Microsoft Teams admin policy, Manage external bots and their access to meetings, gives organizations greater visibility and control over external bots in meetings. The policy identifies bots and applies safeguards before they are admitted. Microsoft will begin retiring the existing Require verification by participants (CAPTCHA) meeting policy.

Claude Sonnet 5 includes safeguards against dangerous cyber use
Anthropic has introduced Claude Sonnet 5, the latest version of its general-purpose AI model, with improved reasoning, coding, tool use, and knowledge work capabilities. The model can make plans, use tools such as browsers and terminals, and complete tasks autonomously.

GitHub’s new tool helps prevent costly open-source license violations
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review.

Review: CTRL+ALT+PWN
Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition.

Cloudflare changes AI crawler access rules
Cloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare customers, including those on the Free plan, and gives website owners more control over how different types of AI crawlers access their content.

Scattered Spider suspect extradited over $8 million ransom scheme
A suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U.S. companies, including the breach of a luxury jewelry retailer that led to an $8 million cryptocurrency ransom demand after attackers stole company data.

Organizations struggle to prioritize known cyber risks
Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context spread across multiple systems.

Cybersecurity jobs available right now: June 30, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: July 3, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Digi International, iboss, Jamf, and Netzilo.


from Help Net Security https://ift.tt/FeuSMza

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Fourth of July weekend brings many traditions in the U.S., but my favorite is using the extra time to tackle DIY home improvement projects I’ve been putting off. There are often great sales on power tools and home improvement supplies, with retailers banking on the holiday to draw in DIY enthusiasts who have hosting and entertaining top of mind. It's one of the best times to look for deals on quality tools, and this year, the Fourth of July sale at Home Depot includes some big discounts on cordless power tools and batteries, up to 55% off.

Take advantage of these Home Depot sale on cordless power tool sets

If you’re just starting your DIY tool set or looking to upgrade old or damaged tools, investing in a combo set can save you money when you're just starting out. Choose a tool set with a wide variety of tools compatible with its batteries; that way, you can continue building your set without needing to buy multiple battery systems and chargers.

One of the best deals on quality cordless tools from Home Depot is the DeWalt 20-volt, 6-tool combo set on sale for $499, 44% off its regular price. It comes with a drill, an impact driver, an angle grinder, a sawzall, a circular saw, an oscillating multitool, a 5-amp-hour battery, a 2-amp-hour battery, and a charger. This is a pretty comprehensive starter set that will allow you to tackle basic DIY projects like hanging shelves, but also allows you to do some woodworking and repair work, like replacing fence boards or decking.

A DeWalt 20-volt, 6-tool combo set and rolling case is on sale for $549, 39% off its usual price. This set is a little different than the previous one: it comes with the drill, impact driver, angle grinder, and circular saw, but it has an orbital sander instead of a sawzall. It comes with a 2-amp-hour battery and a 5-amp-hour battery, a charger, and a hard-sided rolling case. The case is a good option if you need to take your tools outside your home workshop, as transporting a full tool set can be cumbersome without the right equipment.

Last but certainly not least, the Milwaukee 18-volt, 6-tool combo set is on sale for $449, 55% off its typical price. This set comes with a drill, an impact driver, an angle grinder, a circular saw, an oscillating multitool, a work light, two 4-amp-hour batteries, a charger, and a tool bag. This is a good set for most DIY home improvement projects, allowing you to handle basic and intermediate repairs as well as some woodworking.

Power drills and drivers are also on sale, up to 45% off

Drills and drivers are basic tools you’ll need for DIY home maintenance, useful for anything from hanging a picture to replacing door hardware. This Ryobi 18-volt drill and driver starter set is on sale for $99, 34% off its regular price. This is an excellent beginner set, including the batteries and charger you need to use it right out of the box. It comes with a drill, an impact driver, two 2-amp-hour batteries, a charger, and an insulated case.

The DeWalt compact 20-volt cordless impact driver is also on sale for $99, 45% off its usual price. This is a good addition to a DeWalt drill set, or on its own, for tackling basic DIY projects. It comes with a 2-amp-hour battery and a charger, so you can use it right out of the box.

Power tool batteries are also on sale at Home Depot, up to 40% off

Batteries are often the most expensive part of a cordless tool set, and they're sometimes the first thing to wear out because even the best-quality batteries tend to lose their ability to hold a charge over time. A good deal on batteries for your tool set will set you up for success, and this set of two DeWalt 20-volt, 5-amp-hour batteries is on sale for $149, 40% off its typical price. This is a battery-only deal, so you’ll need a DeWalt 20-volt charger to use them. These are a good choice if you already have a DeWalt tool set or are buying DeWalt 20-volt tools and want extra batteries.

And the Ryobi 18-volt, 3-battery set is on sale for $179, and it comes with a free tool as well. To get the free tool, click on the “shop this deal” on the menu to the right, then choose what you want from the menu. The final sale price will show up in your cart. The biggest discount on this deal is to add the two-pack of 18-volt batteries from the free tool menu, which gets you four 4-amp-hour batteries, one 2-amp-hour battery, and a charger for $179, 70% off its regular price. This is a good deal if you want to add to your Ryobi tool collection and need extra batteries, or if you use an inverter in your emergency kit, because it lets you keep multiple batteries charged in advance.

Deals are selected by our commerce team

from Lifehacker https://ift.tt/pNbURrD

It might seem improbable to anyone who has spent years waiting for it, but Grand Theft Auto VI is nearly here. In fact, the game is currently available to preorder for PS5 and Xbox through Rockstar. While the game sadly doesn't have a true physical edition, you can choose from either the Standard Edition for $79.99, or the Ultimate Edition for $99.99, the latter of which comes with a laundry list of add-ons to justify the higher price. Both editions also include something you might not have budgeted for: a recurring subscription to GTA+.

Grand Theft Auto: VI comes with a free month of GTA+

No matter which edition of GTA VI you preorder, you'll get a free month of GTA+, Rockstar's online subscription service. According to the company's preorder page, GTA+ will net you a monthly GTA$500,000 deposit into your GTA Online bank account—that's in-game "Grand Theft Auto dollars," not USD, obviously. You also get Shark Cards with 15% bonus GTA$, both free and discounted GTA Online vehicles, and access to "classic" Rockstar games, among other perks. (Those games seem to include a large percentage of the Rockstar library, including Red Dead Redemption, Bully, GTA: The Trilogy — The Definitive Edition, L.A. Noire, and, now, even Grand Theft Auto V.)

GTA VI doesn't come out until Nov. 19, but that GTA+ credit is valid as soon as you preorder the game. You might have to wait until Thanksgiving to sink your teeth into the latest interpretation of Vice City, but you can start playing GTA Online (or any of the Rockstar games available under the subscription) right away, or you can choose to activate it after the game comes out (or by March 2027).

Free subscriptions are always welcome, but they're also dangerous. Anyone who has ever signed up for a free trial of anything knows how easy it is to forget about it—until the charge comes through on your credit card. That could be the eventual case for thousands, if not millions of GTA VI preorderers. As Gamespot highlights, your GTA+ subscription auto-renews, which means you'll be on the hook for $7.99 one month after activating it. That means if you redeem your free GTA+ subscription and you don't want to pay for it, you'll need to cancel it before it automatically renews.

How to cancel your GTA+ subscription

To cancel GTA+, you'll need to return to the store where you purchased the subscription—or, in this case, the platform you preordered the game on. That might include any of the following:

To be clear, your GTA+ subscription doesn't start as soon as you preorder the game. You need to redeem it first. If you intend to use it, make sure you do so before March 31, 2027, or you'll lose access to the free month. After that, you'll need to cancel before the month is up to avoid being charged.


from Lifehacker https://ift.tt/WSQZcKX

We may earn a commission from links on this page.

When I raced Hyrox last month, I opted for my Amazfit Cheetah 2 Pro—and I was quite pleased with the results. Over the past year now, I've been keeping an eye on how Amazfit (and its parent ecosystem, Zepp) is steadily gaining a loyal following among people who want serious fitness data without a $400 price tag. And now, I've discovered that most Amazfit owners are barely scratching the surface of what their watch can actually do.

Below are five hacks that go beyond the manual, whether you're using something like the budget-friendly Bip 6, a rugged T-Rex 3, an advanced trainer Balance 3, or any of the Amazfit options in between.

Unlock a secret developer mode in your Amazfit watch

In the Zepp app, go to Profile > Settings > About, then tap the Zepp logo seven times. Voilà: You've just unlocked developer mode. Here's what you can do with this under-the-radar hack:

  • Install custom watch faces via QR code. This lets you bypass the existing native watch face library and upload a custom face on your computer, scan a generated QR code, and install it directly onto your watch.

  • Cross-load watch faces between compatible models. If you own multiple Amazfit models that share a screen resolution with each other (the Bip 6, Active, and Cheetah are one such group), developer mode lets you move watch faces between them. Similar to the hack above, this effectively expands your design options beyond what any single model officially supports.

  • View live device logs. See real-time debugging information for app performance, crashes, and Bluetooth connectivity issues, straight from your phone or computer.

  • Take true screenshots. Tap the screenshot icon to capture exactly what's on your watch face, saved automatically to your phone's photo gallery.

  • Enable Developer Bridge Mode, which connects the Zepp app's runtime to desktop development tools like the Zepp CLI or Watchface Maker, for more advanced customization projects.

Not every user needs all five of these tools—I know I don't. But even if you don't plan on investigating bugs on your own, something like the QR code watch face installer makes the seven-tap trick worth it.

Make your Amazfit work with your schedule

For instance, think about when you typically charge your electronics. If you're using your Amazfit to track your sleep, that means charging has to happen somewhere else in your day. The fix: Keep a charger in your bathroom. A 10-minute top-up while you shower or get ready in the morning is more than enough to keep most Amazfit batteries topped off, and it happens during the exact window you're not wearing the watch anyway.

In the same vein, I recommend re-scheduling your wrist-wake settings. If you've ever been woken up by your own watch flashing on because you rolled over, this one's for you. Instead of leaving "Lift wrist to view info" running 24/7, set it to operate only during your actual waking hours. Whatever hours you set for yourself, the display simply won't activate on wrist movement. This not only stops the middle-of-the-night light attack, but it's also a great way to save battery, since display is one of the biggest power drains on any smartwatch.

Save battery (and stop over-measuring metrics you're not using)

Amazfit watches default to fairly frequent data collection, well beyond what you really need to know. If you're not actively training for something, dial it back like this:

  • When you're not actively exercising, reduce heart rate measurement frequency from every one minute down to every five or 10 minutes.

  • Turn off "Automatic Stress Monitoring" and "Auto Blood Oxygen" tracking unless you specifically rely on that data.

  • Disable continuous location tracking and heart rate logging when you're not working out. Just remember to re-enable both when you start a workout.

These quick settings changes are help stop your watch from unnecessarily draining battery in the background, and you really aren't sacrificing much in terms of data.

And when it comes to heart rate, rather than letting your watch collect data every minute, I highly recommend investing in a chest strap. Wrist-based optical heart rate sensors are convenient, but they're not perfect, especially during high-intensity intervals or activities with lots of wrist movement. If accuracy actually matters to you (say, for zone training), it's worth pairing your watch with an external chest strap like this COOSPO one here. Once paired, enable Heart Rate Push in your sensor settings, and your Amazfit will pull HRM data directly from the strap during workouts instead of relying on its built-in sensor.

Take advantage of surprisingly nifty third-party apps

The native Zepp app ecosystem covers the basics, but I've been scouring multiple Reddit threads to collect the best third-party apps to level up your Amazfit:

  • Navigation Wear syncs Google Maps directions straight to your wrist, so you can follow turn-by-turn directions without needing your phone.

  • Remotify (and similar apps) store music locally on the watch, letting you control playback without needing your phone nearby.

  • RuWeather replaces Amazfit's so-so stock weather app with more detailed, accurate forecasting. You can install it using a QR code from GitHub here.

  • Beeper lets you reply to messages from WhatsApp, Slack, Telegram, and more.

Together, these apps close a lot of the gap between Amazfit and pricier smartwatch ecosystems.

Know about these Amazfit features right out of the gate

Amazfit has plenty of useful features, but they're only useful if you know about them now, before you really need them.

Fix Amazfit's accidental workout pauses

One thing I've noticed about my Amazfit over other stop watches is that the crown (aka the top right button) is either bigger or more sensitive, meaning the watch thinks I'm constantly pausing mid-workout whenever I accidentally bump against it.

Here's my fix: Head into Workout Settings and switch the pause mechanism from a simple press to Long Press. The long press did take me some getting used to, but I'm grateful that I don't have to worry about any more accidental pauses caused by natural wrist movement.

Never lose your phone again

Make sure to go into your Bluetooth settings and set a disconnection alert, so that your watch will notify you the moment your phone's Bluetooth connection drops. This alert could save you from leaving your phone on a restaurant table or a gym bench.

Clear water out quickly and easily

After getting caught in the rain, water can linger in your watch's microphone and speaker ports, muffling sound or triggering false touches. Amazfit's fix is a built-in water ejection feature: Swipe down from the main screen to open the Control Center, tap the Droplet icon, and hold your watch with the speaker facing downward. The watch will vibrate at specific frequencies designed to physically push moisture out of the ports. Like so many of the hacks above, this is one of those features it's good to know about now, so you're ready for the moment you really need it.


from Lifehacker https://ift.tt/ic3dBvW

Earlier this year, security firm Huntress discovered a malicious browser extension that initiates ClickFix attacks, a sophisticated attack designed to take over your computer. In a ClickFix scheme, bad actors get you to install their browser extension, then display a fake error prompt in your browser. This pop-up offers a fix that often requires you to copy a malicious command and run it in the command prompt on your device. Since then, the onus has been on the user to avoid downloading suspicious extensions, but now Opera is adding ClickFix protections directly into its browser.

How "Paste Protect" fights against ClickFix attacks

The feature, called Paste Protect, is designed to stop code injection attacks such as ClickFix. When Paste Protect believes you are the target of a ClickFix attack, it displays a pop-up, warning you not to copy malicious commands, and offers a button to close the tab to sidestep the attack. You do have the option to click "Show content" to view the first 120 characters of the command, in case you want to review what Paste Protect flagged as malicious.

Paste Protect allows you to bypass the block if you wish, with a red button labeled "Hold to copy (unsafe)." To copy the command, you'll have to hold this button for over five seconds. You'll also have the option to always allow copying code from a site you trust, which is helpful in case the feature accidentally blocks code from a legitimate site. The warning may be enough for most casual users to realize that something's off, similar to how Apple and Microsoft protect you from installing untrustworthy apps on your computer. You'll see a warning that blocks you from installing those apps, but there's an option to bypass it if you know what you're doing and are confident that it's a false positive.

ClickFix attacks are quite sophisticated: They may show a fake captcha verification that's designed to fail, and offer a "solution" in the form of malicious code that you can run on your device. Opera claims it uses platform-specific detection techniques for Linux, macOS, and Windows to identify patterns associated with malicious scripts, and blocks them via Paste Protect.

Paste Protect isn't the first Opera feature of its kind

This isn't Opera's first security feature aimed at protecting users from malicious activity. The browser has offered a "Hijack Protection" feature for a few years, which prevents sites from replacing the contents of your clipboard without your permission. This means that if you copy a URL, Opera will stop sites from changing the copied link to a malicious URL. Paste Protect adds an extra layer of security to the browser.

While added security features are more than welcome, vigilance is always the best defense against online scams. Don't install extensions or apps from developers you don't know or trust; never click suspicious links, whether you find the on the web or someone shares them via text or email; and never copy code from the internet and paste it in your device's command prompt without being 100% sure of what you're doing.


from Lifehacker https://ift.tt/0lso89f

We may earn a commission from links on this page.

Apple's MacBook Air is a great value—even now, after the company significantly raised the price of the machine. The Air offers the best of both worlds: It's a lightweight laptop with a powerful Apple chip, without the expense that comes with the added features of the company's "Pro" line. Most of us could probably get by on an Air—if not a Neo—which explains why so many of us own these laptops, and use them every day.

But while you can get a lot done with the Air out of the box, there are so many ways to push this machine to its limits. Below, I've compiled 10 hacks, tips, and tricks that should help you get the most out of your Apple laptop.

Pick up an external SSD to avoid slowdowns and crashes

If you maxed out your MacBook Air's storage upon purchase, you might not need this hack. However, if you, like many of us, purchased a base model MacBook Air—especially when Apple still started the machines off at 256GB—you'll want to consider an external SSD.

Having extra storage is always helpful, but that's not the motivation behind this hack. By adding an SSD to your setup, you sharply reduce the chance of pushing your MacBook Air's storage to its limits, which, in turn, helps it run better. Like all computers, your MacBook Air needs a certain amount of accessible storage space to operate properly. If your MacBook has limited RAM as well, it'll tap into the SSD for "swap." The closer you get to a full drive, the greater the chance for slowdowns or crashes.

Due to the global demand for memory and storage, external SSDs are more expensive than they used to be, but you can still find good deals out there to upgrade your setup. Take this 2TB option from Seagate, for example. For $145, you can potentially octuple your MacBook Air's available storage, ensuring it has the free space on the internal drive it needs for optimal performance.

Upgrade your power adapter to charge your MacBook faster

MacBook Airs released in 2022 and later support power adapters up to 140W, but yours might have shipped with a power adapter as wimpy as 30W. If your MacBook spends most of its life on the charger, that might be just fine. But if you're frequently on the go and you need to charge up as fast as possible, you're going to want a power adapter as close to 140W as possible. Take note of the cable itself, too: If you want to take advantage of fast charging on your MacBook Air, you'll need a MagSafe 3 cable or a USB-C charging cable. (As it happens, not all USB-C cables are created equal. For more information, check out Lifehacker's explainer on USB-C charging cables.)

Set a charge limit to extend the life of your battery

Most of our discussions around batteries concern ways to make day-to-day charges last longer, but equally important is how to stretch the lifecycle of the battery itself. The lithium-ion batteries that most of our devices now use age over time, and, as they do, they lose their capacity to hold a charge. A three-year-old battery that has been frequently recharged won't last as long after being charged to 100% as it did when it was new. Slowing down that aging process can keep your MacBook Air's battery from losing its overall capacity too quickly.

There's no way to prevent battery aging entirely, but you can slow down aging by reducing the number of charging cycles you put the battery through. One of the easiest ways to do that is to set a limit to how charged the battery gets while connected to power, which prevents it from overcharging when you don't need that extra juice. Your MacBook Air tries to do this on its own through a feature called "Optimized Battery Charging," which analyzes how you use your computer to set charge limits accordingly. You can bypass these automated processes and set your own charge limit. That way, you can choose to cap charging at 80% all the time, so that no matter how long your MacBook sits on the charger, it almost never breaks 80%—except for the occasional charge to 100% for "accurate battery state-of-charge estimates."

But that's getting a bit in the weeds. The point is, you can set charge limits for anywhere from 80% to 95% to prevent your Mac's battery from charging when you don't want it to. Here's how: Open System Settings, then choose Battery. Here, click the (i) next to "Charging," then adjust the slider next to "Charge Limit."

Use a clipboard manager to improve copy and paste

Copy and paste is pretty straightforward: You highlight something, copy it, then paste it somewhere else. If you spend a lot of time on your MacBook copying and pasting, however, you know it can get tedious to jump back and forth every time you want to copy something new. Enter: clipboard managers. These tools are essential for frequent copy and pasters, as they save a history of everything you copy on your Mac. When you need to retrieve something, you pull up the clipboard manager, click the item in question, then paste it, eliminating the need to switch between windows all day long.

My clipboard manager is essential, and I've been using one for the past decade or longer. While you had to go third-party for years on Mac, Apple tried to implement its own clipboard manager with macOS 26 by embedding a Clipboard menu in Spotlight. I tried to replace my third-party clipboard manager with this native solution, but, in my view, it's too cumbersome and limiting. There are plenty of options out there, but my go-to is CopyClip. It's free and lives in your menu bar, so your entire clipboard history is accessible from anywhere in macOS.

Use a window manager to improve your workflow

On the flip side, a window manager has been indispensable for me when working across multiple windows at once. If you use windows side-by-side on your Mac, you should never drag and drop your windows again—a good window manager will let you quickly snap windows into place with keyboard shortcuts. I frequently use this tactic when writing: I snap my editor on one half of the screen, and my sources on the right. If you have a large enough screen, you might even want windows in thirds—I imagine having my chat apps on the third pane would be quite useful as well.

Again, for years you had to pick a third-party app to get these features on macOS. But in recent years, Apple also added a new window management system to the mix. You can now hover over the green button on any window to reveal quick resizing options, but you should definitely use the keyboard shortcuts instead. It definitely works better than Spotlight's clipboard manager, and I encourage you to give it a try if you've never used a window manager before.

But, again, I still prefer third-party here. I find the keyboard shortcuts a bit glitchy at times, and some app shortcuts override the macOS shortcuts, so you end up doing things you don't mean to. There are plenty of options to try, but I've used Magnet for years. It costs $4.99, but I've certainly gotten my money's worth, and it's definitely the option for anyone who needs more options than macOS' built-in solution can offer—like window thirds. Before you commit, however, give the built-in shortcuts a try, and see if you like moving windows around with your keyboard.

Use Safari for a private browsing experience

One of the first things most of us do when setting up a new computer is download a third-party browser. Chrome is the world's most popular option, so perhaps that's your go-to as well, but I'd argue that you should give Safari a chance. Apple's browser comes with some great built-in privacy tools, including tracker blocking and preventing extensions from accessing your browsing history. If you have an iCloud+ subscription, you can use iCloud Private Relay to shield your MacBook's IP address from sites as you browse. I also find Safari much more efficient than alternatives like Chrome, so it ends up draining my battery less. I have to use a few different browsers in my line of work, but in my personal use, I'm almost always using Safari.

Use an ad blocker to make the internet more manageable

The internet runs on ads, but that doesn't mean you need to live with that. I'm all for supporting websites that rely on ads for financial support, but that doesn't extend to every corner of the web. There are way too many obnoxious and malicious adverts out there, pining for your clicks, that I find it nearly impossible to browse the internet without an ad blocker in place. Even the FBI recommends using these tools to keep yourself safe online.

Safari plus an ad blocker is an excellent combination. While options used to be limited, there are plenty of choices these days, including a version of uBlock Origin—though I've been using AdGuard for some time. I'd recommend whitelisting the sites you'd like to support with ads, though some may prompt you to do so themselves. (Most will let you continue reading while using your ad blocker, but some might deny access until you disable it.)

Use Voice Isolation for clearer video calls on your MacBook

This is one of my favorite features Apple has added in recent years. If you frequently take video calls on your Mac, either for work or via FaceTime, Voice Isolation is a must. It reduces background noise and focuses on your words, so that others on the call hear your voice, rather than your dog, kids, or the people chatting away in the coffee shop. It works well, too, at least in my experience. My dog has decided to start screaming at a passing car while I'm on a call, only for me to be met with confused looks when I apologize for the disruption. "Oh, really? I didn't hear anything."

To turn Voice Isolation on, open a video calling app like FaceTime to activate your MacBook's camera. Then, click the FaceTime icon in the menu bar. Here, you'll find all your system-level video call controls, including "Mic Mode" at the bottom. Click this, then choose "Voice Isolation." (You'll also see "Wide Spectrum," which does the opposite, by emphasizing all noise that hits the microphone.) This feature is available on iPhone and iPad as well, so I highly recommend enabling it on those devices as well.

Disable 'Reactions' to save yourself embarassment during important video calls

While you're at it, I strongly suggest disabling "Reactions," if enabled. Someone at Apple thought it'd be fun to roll out animated reactions tied to specific gestures for video calls: holding your thumb up displays a 3D graphic of a thumb up emoji in a thought bubble above your head; holding up a peace sign sends balloons rising up from the bottom of the screen. There are a number of these reactions available, and some may enjoy using them. The issue, however, is they apply not just to FaceTime, but to all video calling apps on your Mac. That means if macOS thinks you're holding two thumbs up, it's going to start shooting out fireworks, whether you're on a FaceTime call with a friend, or a Teams call with your boss. Save yourself some future headaches, and disable this feature now.

Double the number of fingerprint scans for Touch ID

On macOS, you get three fingerprint scans for Touch ID. That might be plenty for most, but there is a hidden way to double the number of scans you can make. This goes back to the days when Touch ID was standard on iPhone, before Face ID took over. Apple's fingerprint scanning system seems to still support it on Mac.

First, open System Settings, then choose "Touch ID & Password" from the menu. Under Touch ID, choose "Add Fingerprint." Once the scanner pops up, scan two of your fingers instead of just one. Place one finger on the scanner, lift it when macOS tells you to, then place the second finger down, and repeat. Once the scan completes, you'll have two fingerprints stored on one entry. Do this for all three entries, and you'll be able to unlock your Mac with up to six of your fingers.


from Lifehacker https://ift.tt/39cdrqg

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

When Samsung’s "The Frame" TV first dropped, it pioneered the concept of the “art TV,” making it a smart lifestyle option for anyone who doesn't want a TV to dominate their decor when not in use. Over the years, Samsung has evolved the concept to include a QLED screen, AI processor technology, and thinner displays that make the "it's not a TV, it's art" illusion even more convincing. And right now is a great time to buy one: The 55-inch model from 2025 is marked down by $400, to $697.99—a 36% discount and the lowest price we’ve seen on this model.

Unlike a traditional TV, The Frame is designed to blend in. When you’re not watching TV, it switches into Art Mode, showcasing artwork or your own photos on a matte, anti-glare screen that looks surprisingly close to a real canvas. It also includes Samsung’s Slim Fit wall mount, so it sits nearly flush against the wall like framed artwork, rather than sticking out like a standard TV.  

The 2025 model features Samsung’s NQ4 AI Gen2 Processor and comes with new Vision AI features for improved picture optimization and better content recommendations. It isn't Samsung’s flagship Mini-LED model, but it has fantastic QLED picture quality, with a brighter panel than previous models and strong HDR performance. It’s also a reliable choice for gamers, supporting 4K gaming at up to 144Hz with VRR.

Keep in mind that the set doesn’t come with the customizable bezels that create the framed look (they’re sold separately), and you’ll need a paid Samsung Art Store subscription to unlock the full artwork library. As with every The Frame TV, part of what you’re paying for is the design. While this normally comes at a steep premium, the $400 discount makes it easier to recommend. (That said, if your main priority is the best possible picture quality for the money, you may want to opt for something in Samsung’s Neo QLED lineup.)

Deals are selected by our commerce team

from Lifehacker https://ift.tt/gvn86Gb