The Latest

My fellow Lifehacker writer Beth Skwarecki is a weightlifter. I'm a marathon runner. Together, we make one reasonably competent Hyrox athlete—and in a little over one week, we're going to find out if that's enough. Beth and I are competing together in a Hyrox doubles race on May 29. It's something of a joint experiment to see just how little training you can get away with before showing up to one of these things. Hopefully, we will each bring our respective strengths to the competition, cover for the other's weaknesses, and survive. 

But before we're put to the test, let's take a look at what proper Hyrox prep looks like, and the bare minimum you can (probably) get away with if you want to show up to a competition without a ton of training.

What is Hyrox, exactly?

Beth goes into more depth elsewhere, but here’s a quick primer on Hyrox. In brief, it's a running race combined with functional workout stations, repeated eight times. You run 1 km, hit a workout station, run another 1 km, hit another station, and so on. The stations include activities like sled pushes, rowing, burpee broad jumps, walking lunges, and wall balls. While each station may sound manageable on its own, they become far more difficult when your legs have already been tired out through multiple rounds.

You can compete in Hyroc solo, in doubles, or as a relay team. Naturally, your strategy will depend on which format you’re attempting. For doubles specifically, both athletes run together, but you can split the functional movements however you want. That's where smart planning can make a real difference, and where Beth and I are currently scheming to the best of our ability. 

What does Hyrox training actually look like?

You can sign up for a Hyrox-style class at your local gym and get a great hybrid workout without ever joining an official race. "A regular Hyrox class gives you a taste of the format and builds general fitness for the event," says Elaine Cotter, head trainer and manager at an F45 gym in Brooklyn. "A dedicated training plan is more structured and performance-focused—including specific running workouts, both endurance and interval focused, strength progression, race simulations, pacing, and recovery. Taking some classes here and there means 'I want to be ready.' A dedicated training plan means 'I want to race this well.'"

If you're aiming to genuinely compete—that is, to push your time and finish strong—Cotter recommends starting at least 12 weeks out, and ideally, give yourself 16 weeks. That's enough runway to build a running base, develop muscular endurance across all the stations, and reduce injury risk. But what if you don't have 12 weeks? What if you have, say, one week?

Can you do Hyrox without training at all?

What’s the bare minimum of training a Hyrox athlete can hypothetically get away with? Well, in theory, "anyone with any running or strength training experience can complete a Hyrox," Cotter says. "Does that mean you may have to walk some of it or really take your time to recover in certain parts? Probably—but that's okay."

Unlike Crossfit (to which it is constantly compared), Hyrox is fundamentally a running race. "The run is the limiting factor for most people, and it takes up the most time in the race," Cotter says. "So at bare minimum, you should be able to confidently run an 8K [about five miles] without getting super winded. Even a 10K [6.2 miles]...will help simulate the general endurance needed." Strength matters too, and you should be familiar enough with the movements to perform them safely. But at the end of the day, the run is where most people lose time and hit their wall.

That said, Hyrox is far from a road race. You're doing things like heavy wall balls or sled pulls and then immediately going into a run. Running on such heavy legs is “the wildest feeling," Cotter says, "and it happens the entire time during the race." Practicing that sort of transition should be a priority leading up to race day.

Can you prepare for Hyrox with studio classes alone?

This one is relevant to Beth and me, since we've each taken about four or five Hyrox-specific classes in the lead-up to our race. Can our class attendance substitute for a dedicated 12-week training plan? Well, sort of—but only if you're also running.

"F45 classes and Hyrox-focused training are awesome for building the strength, endurance, and engine needed for the race," Cotter says, "but in a class setting, you aren't necessarily getting the running required. If you are just taking classes with no running outside of that, I fear you will find the race quite challenging."

Luckily, I was independently training for a half-marathon before we started this Hyrox journey, so I feel solid about my cardio. I know Beth has been prioritizing her runs the past few weeks, too. Anyone relying purely on studio classes without additional running should temper their expectations for race day.

How long should you taper before a Hyrox race?

I’m no stranger to taper madness. Especially if you know you've undertrained, the temptation is to keep cramming right up until race day. Unfortunately, that’s almost always a mistake. "The trap people fall into is thinking 'I'm underprepared, so I need to cram fitness until the last second,'" Cotter says. "But realistically, in the final week or two you're not building much new fitness—you're mostly deciding whether you show up tired or fresh."

Her recommendation for someone who started training late is to lean toward a shorter taper. The focus should be on maintaining confidence and rhythm, rather than gaining fitness. In the final days, aim for shorter sessions of 20–30 minutes with some intensity and running, but avoid anything that will leave your legs sore. "Showing up slightly undertrained but recovered is usually better than showing up technically fitter but cooked."

Her taper guidelines by length:

  • 7 days: Ideal for most recreational athletes. 

  • 4–5 days: Probably fine, if training volume wasn't super high. 

  • 2–3 days: Survivable, but she wouldn't recommend going shorter than this.

The bottom line

If you're starting from scratch and want to do Hyrox well, give yourself 12 to 16 weeks to train, and build up your running base first.  If you're doing a doubles race and already have some general fitness under your belt, you can probably survive on much less—provided you can handle an 8K and you know what you're getting into with the workout stations. (For Beth and me, there’s reason to hope that our complementary weaknesses and strengths will be well-suited to the doubles format. Beth will likely handle more of the heavy strength pieces—sled push, sled pull, lunges—while I keep us moving on the runs.)

The final piece of advice is to have a plan for how you'll split each station before you arrive. Reps of 10? Reps of 5? Splits of 150 meters? Figure it out ahead of time so you're not negotiating mid-station with burning legs—and have the stronger runner finish each station so the person who struggles more on the run can get a little extra rest before the next one. (Plus, sitting down and strategizing is a great hack to distract yourself from the temptation to sabotage your taper.) 

How will all this theory work out in practice? We'll report back soon.


from Lifehacker https://ift.tt/2OkpHLy

Netflix's June lineup has a little something for everyone: true crime docs, sports series, comedy films, reality TV, and more. First, the live-action fantasty series Avatar: The Last Airbender (June 25) returns for its second season at the end of the month. Netflix is also launching a Survivor-style competition show—Outlast: The Jungle (June 10) lands 16 players on a remote island to play for a $1 million prize.

Following its May slate of soccer content in the lead-up to the 2026 World Cup, the streamer is hosting The Hot Seat (June 3), a comedy roast featuring World Cup winners from France 1998 and France 2018 alongside stand-up comedians. The Rest is Football (June 10) is a daily series hosted by Gary Lineker, Alan Shearer, and Micah Richards with analysis from the 2026 tournament. And USA 94: Brazil's Return to Glory (June 7), a documentary originally scheduled for release in May, covers Brazil's 1994 World Cup run.

Other sports content includes the third season of AMERICA'S SWEETHEARTS: Dallas Cowboys Cheerleaders (June 16) and Chris & Martina: The Final Set (June 26), a documentary exploring Chris Evert and Martina Navratilova's friendship and dominance in tennis.

The film lineup for June includes Office Romance (June 5), a rom-com starring J.Lo and Brett Goldstein as an airline CEO and the corporate lawyer she falls for (relatable!), and Little Brother (June 26), also a comedy, with John Cena as a well-known real estate agent opposite Eric André as his "little brother."

Here's everything else coming to Netflix in June, and everything that's leaving.

What's coming to Netflix in June 2026

Available soon

Available June 1

  • Bee Movie

  • The Big Lebowski

  • The Chronicles of Riddick

  • Cinderella Man

  • Creed

  • Creed II

  • Creed III

  • Father of the Bride

  • Father of the Bride: Part II

  • The Fault in Our Stars

  • Four Weddings and a Funeral

  • Fried Green Tomatoes

  • The Girl on the Train

  • The Hand that Rocks the Cradle

  • Hawaii Five-0: Seasons 1-5

  • Hot Summer Nights

  • House on Haunted Hill

  • Identity Thief

  • Inside Man

  • Inside Man: Most Wanted

  • The Karate Kid

  • The Karate Kid

  • The Karate Kid Part II

  • The Karate Kid Part III

  • Little Miss Sunshine

  • Made of Honor

  • Miracle

  • Muriel's Wedding

  • My Best Friend's Wedding

  • Out of Africa

  • Pitch Black

  • Rachel Getting Married

  • Riddick

  • Rocky

  • Rocky Balboa

  • Rocky III

  • Rocky IV

  • Rocky V

  • Rookie of the Year

  • Rudy

  • Runaway Bride

  • Scooby-Doo

  • Scooby-Doo 2: Monsters Unleashed

  • Tyler Perry's The Family That Preys

  • The Wedding Date

  • The Wedding Planner

Available June 3

Available June 4

Available June 5

Available June 6

  • Grey's Anatomy: Season 22

  • Resident Alien: Season 4

Available June 7

Available June 8

Available June 9

Available June 10

Available June 11

Available June 12

Available June 13

  • Song Sung Blue

Available June 14

  • Piece by Piece

Available June 15

  • Drinking Buddies

  • Percy Jackson & the Olympians: The Lightning Thief

  • Percy Jackson: Sea of Monsters

Available June 16

Available June 17

  • André Is an Idiot

Available June 18

Available June 19

Available June 20

  • The Root Of The Game—Netflix Sports Series

Available June 22

Available June 23

  • Ryan Hamilton: This Just Hit Me—Netflix Comedy Special

Available June 24

Available June 25

Available June 26

Available June 27

  • Agent Kim Reactivated—Netflix Series

Available June 30

  • Sullivan's Crossing Season 4

What's leaving Netflix in June 2026

Leaving June 1

  • Fifty Shades of Grey

  • Fifty Shades Darker

  • Fifty Shades Freed

  • Glory

  • Jurassic World: Fallen Kingdom

  • The Lego Movie

  • Ray

Leaving June 2

  • Kim's Convenience: Seasons 1-5

Leaving June 3

  • Brockmire: Seasons 1-4

Leaving June 7

  • Blindspot: Seasons 1-5

  • Shiva Baby

Leaving June 9

  • A Lot Like Love

Leaving June 10

  • TURN: Washington's Spies: Seasons 1-4

Leaving June 16

  • Aquarius: Seasons 1-2

  • Unbroken

Leaving June 19

  • The Iron Claw

Leaving June 20

  • The Expendables

  • The Expendables 2

  • The Expendables 3

  • The Expendables 4

Leaving June 21

  • Zoey 101: Seasons 1-2

Leaving June 30

  • Sex and the City: Seasons 1-6


from Lifehacker https://ift.tt/1BrUbW4

Love it or hate it, the Apple ecosystem has its perks. Take "Handoff," for example: If you have at least two connected devices, such as an iPhone and a Mac, you can start a task on one and carry it over to the other. You can start reading an article in Safari on your iPhone, then pick it up when you get to your Mac. Or, say you're on a FaceTime call on your Mac, but you have to run; you can simply switch to your iPhone to keep the conversation going, without having to call them back. It isn't perfect, but it works, it works.

Android doesn't quite have the same setup. While some functions work across devices, like transferring calls, users with an Android phone often don't have the ability to open the same task on their tablet, and vice versa. If you're reviewing a spreadsheet in Google Sheets on your phone, you can't just pick it up on your tablet for a larger view; you instead need to open Sheets on your tablet, then find your way to the document in question. The same goes for many other Google apps, like Chrome, Gmail, Drive, and Docs: Android could really benefit from a dedicated cross-platform option. Luckily, it's on the way, in the form of a new feature called "Continue On."

How "Continue On" works on Android

Google announced "Continue On" during its "What's new in Android" discussion on Tuesday. As reported by 9to5Google, this is a new feature as of Android 17, and will be available in Android 17 RC1. If you've ever used Handoff in the Apple ecosystem, you'll understand the core idea behind Continue On: When you open an app on one of your Android devices, you'll notice the app appear on your other device, with a "Handoff Suggestion label" hovering above it.

handoff suggestion icon
Credit: Google

Say you're working on a Google Doc on your Pixel phone. When you open your Pixel tablet, you'll notice the Google Docs icon populate in the doc, with a special label—even if you already have Google Docs in your dock. If you tap the standard Google Docs icon, you'll open the app as per usual; if you tap the Handoff Suggestion, you'll open the Google Doc you're working on on your phone. In another example, you might be reading through a Gmail thread on your phone, but prefer to finish catching up on your tablet. In this case, the Handoff Suggestion would be Chrome: Tap it on your tablet, and you'll pull up the thread in Gmail on the bigger screen.

Google appears to be taking its time with implementing Continue On. While the feature will work "bidirectionally" in the future, at launch, it only works from phone to tablet. That means you won't be able to hand off a Google Doc from your tablet to your phone, only from your phone to your tablet. Additionally, Google says it's up to developers to decide how they want this experience to run with their own apps. They can open the same app across both devices (Google Docs to Google Docs), or open the web app from the mobile app (Gmail mobile app to Gmail web app in Chrome). Developers can also opt for a mix of both: While the default can be app-to-app, developers can choose to fall back to the web app if the user doesn't have the app installed on their tablet.


from Lifehacker https://ift.tt/PLxEQMK

Google Workspace is getting a slew of AI-related updates, including a brand new app called Google Pics, which can generate and edit images for you. Many of these updates will be available to those who use Gmail, Google Docs, Google Drive, and other Google Workspace apps, the company announced during the Google I/O 2026 keynote. This includes conversational features that will allow you to control Gmail, Docs, and Keep; a new AI inbox that aims to help you stay on top of your email; and a personal AI agent called Gemini Spark that can integrate with Google Workspace apps to get things done for you.

Here are all the major Google Workspace updates unveiled during Google I/O 2026. These features are rolling out for Google AI subscribers and paying Google Workspace users. This means that you won't be able to try much if you're on the free tier of Google services.

Create and edit images with AI in Google Pics

Google Pics is a new app built with the company's latest Nano Banana AI image generation model, and allows you to create and edit photos using AI. Google claims this tool makes useful image editing tools more accessible, highlighting examples such as modifying and translating text, as well as transforming specific elements in an image (e.g., changing a sweater's color or turning a dog into a cat). You can also generate an image with a text prompt, but the real highlight seems to be granular editing.

Like every other AI-related image generation tool, Google Pics also raises ethical questions about the nature of an image. It's not hard to imagine how tools like these could be misused to manipulate and deceive. One can only hope that Google has guardrails in place to clearly identify images edited with Google Pics, and to prevent misuse. This app is available to "Trusted Testers" today, and will be rolling out globally to Google AI Pro and Ultra subscribers (and in preview to Google Workspace business users) this summer.

Enhanced conversational capabilities in Gmail, Docs, and Keep

Google is adding new voice features to Gmail, Google Docs, and Google Keep. The email service is getting a feature called Gmail Live, which will search your inbox to answer your questions. For instance, you could ask something like, "What's going on at my kid's school this week?" The service will then search your inbox and find all the emails from your child's school. The idea is to ask questions with natural language, which is what makes it "conversational."

The next new feature is Docs Live, which acts as your partner and co-writer, according to Google. You can talk to Docs Live, and it will help you brainstorm ideas, organize your thoughts, and structure your document. Google says the feature can even pull information from Gmail, Google Drive, Google Chat, and the web with your permission. You can think of Docs Live as an outlining tool that can gather a bunch of information quickly, making the writing process quicker for those who struggle to get started with a blank document.

For Google Keep users, the new conversational features can turn your "brain dump" into organized notes and lists. You can say everything you want noted down, and the AI assistant will do the sorting and organizing for you. Like Google Pics, all of these conversational features will be rolling out to Google AI Pro and Ultra subscribers (and in preview to Google Workspace business users) this summer.

New features in Gmail's AI Inbox

Gmail's AI Inbox, which offers AI-powered summaries, suggestions, and proofreading, is getting a few new tricks too. During I/O 2026, Google announced that AI Inbox will get personalized draft replies, instant file access, and streamlined task management. AI Inbox will be able to generate a contextual draft for you when it detects that an email requires an urgent response, the company claims. With instant file access, AI Inbox can find and display a link to a document from Google Docs, Sheets, or Slides when you need it, which could make it easier to find the right document in email threads. The feature also lets you mark all emails in a certain topic as read. These features will be available to Google AI Plus and Pro subscribers in the U.S. starting today.

A new personal AI agent: Gemini Spark

The final Workspace-related update today is a new AI agent called Gemini Spark. The company says Spark transforms Gemini from an assistant that answers your questions to one that gets things done with your permission. Once you enable this feature, Google says Gemini Spark can perform tasks such as sending emails on your behalf, and adding events to your calendar. The company adds that it will always ask your permission before performing these actions. Gemini Spark will be rolling out to Google Workspace business users in the coming week, and it'll be available through the Gemini app.


from Lifehacker https://ift.tt/updlhAo

We may earn a commission from links on this page.

Dan Levy's follow-up to Schitt's Creek teams him with I Love LA creator Rachel Sennott for a comedy that, in the best tradition of crime shows, starts small and gets absolutely ridonculous. Laurie Metcalf stars as mom and matriarch Linda alongside Dan Levy's closeted gay minister Nicky and Taylor Ortega's chaos-magnet Morgan. Linda demands that the two of them get a piece of jewelry for their dying grandmother's last birthday, leading to a tiny bit of theft that finds them in debt to the mob. Not content to put the family through the wringer just once, Netflix has renewed it for a second season. In the meantime, enjoy these other crime comedies that try and mostly fail to keep things in the family.

Good Girls (2018 – 2021)

Beth, Ruby and Annie (Christina Hendricks, Retta, and Mae Whitman, respectively) are three moms in suburban Michigan, and they are all having serious money troubles. They're not exactly criminal masterminds, so they concoct a scheme to rob the local grocery store to solve them—a store that just happens to be serve as a front for a money-laundering operation. They make off with $500,000—but the gang leader whose money they unknowingly stole wants it back. Oh, and the store manager spotted one of their distinctive tattoos and is threatening blackmail. It's definitely not a sitcom, but it's a solid comedy-drama with a talented cast of characters who keep finding themselves in deeper and deeper trouble over the course of four seasons. Stream Good Girls on Netflix.

Deli Boys (2025 – )

Pakistani-American journalist and producer Abdullah Saeed has long been celebrated for his investigative reporting and his Vice documentaries, many of them dealing with the impacts of cannabis laws. That experience lends a unique verisimilitude to this comedy series following two brothers—hardworking Mir (Asif Ali) and hard partying Raj (Saagar Shaikh)—who, after the death of their wealthy father, learn that the bulk of their family's money comes not from the public-facing chain of delis, but from the illegal drug operation running behind the scenes. It's fast-paced and frequently very fun, and plays with the notion that the only way to make it in modern America is to live some kind of double life. Stream Deli Boys on Hulu.

Search Party (2016 – 2022)

Alia Shawkat stars here as Dory Sief, an aimless millennial who decides, after seeing a missing-person poster for a college acquaintance, that she's going to make it her purpose to track down Chantal (Clare McNulty) with the extremely begrudging support of her friends. The show shifts focus from season to season, but it's really in the second that the similarities to Big Mistakes become most clear: While initially a darkly comic take on a Nancy Drew-style mystery, the show later finds the gang desperate to cover up a mostly unintentional murder. It's a funny, smart, and impressively weird oddity of a show. Stream Search Party on Netflix.

How to Get to Heaven From Belfast (2026 – )

How to Get to Heaven comes from Irish playwright and Derry Girls creator Lisa McGee, though that earlier and justifiably beloved show will only moderately prepare you for the latest. Three high school friends from Belfast reunite after learning that their fourth bestie has died unexpectedly—except that maybe she didn't, a mixed blessing given that they all have life-ruining secrets that they were hoping to bury. Now they're off to investigate the mystery of the maybe-murder, and find themselves in way over their heads and in a complex web of lies, secrets, and old vendettas. The tone is all over the place in a way that somehow works, and the show has a beating heart beneath the absolute chaos. Stream How to Get to Heaven From Belfast on Netflix.

Vincenzo (2021)

Vincenzo reads like a typical crime drama with just a bit of a twist: Song Joong-ki plays Park Joo-hyung AKA Vincenzo Cassano, Korean by birth but later adopted by an Italian family; as an adult he becomes a lawyer and Mafia consigliere. When the head of the Cassano Family dies, the Don's biological son looks to clean house, forcing Vincenzo to flee to Korea to claim a large cache of money he'd stashed. This is when it gets weirder and more interesting: The money's hidden under a commercial building full of weird and quirky tenants, and circumstances soon put Vincenzo at odds with the pharmaceutical conglomerate that has its eyes on the complex. What started as an unconventional mob story becomes a story about a guy using his mafia skills (the show doesn't shy away from violence) to battle capitalism on behalf of some charmingly goofy new friends. Stream Vincenzo on Netflix.

Barry (2018 – 2023)

Bill Hader won a couple of Emmys for his performance as Barry Berkman, a depressed and anxious hitman who discovers a love of acting that leads him to look for a life beyond killing people, even though he's rather good at it, and keeps getting drawn back in. Barry's mentor and father figure in his quest to rebuild his life on the stage is the wildly eccentric Gene Cousineau (Henry Winkler, who also won an Emmy here), who's entirely supportive of Barry—until he learns of his protégé's double life. Stream Barry on HBO Max.

Bad Sisters (2022 – 2024)

A pitch-dark and pitch-perfect comedy, the Irish import Bad Sisters picked up several well-deserved Emmy nominations in its first year. Writer and co-creator Sharon Horgan leads the cast as Eva Garvey, oldest of five sisters, including Grace (Anne-Marie Duff), who's married to John Paul, an abusive and isolating husband. When the dude winds up dead under rather suspicious circumstances, down-on-his-luck insurance investigator Tom (Brian Gleeson) starts poking his nose into things. We know the sisters definitely wanted John Paul dead, but did they actually do the deed? Tom's family business will go under if he has to pay out on the life insurance policy, so he's very motivated to pin the (potential) crime on at least one of the women. Stream Bad Sisters on Apple TV.

The Gentlemen (2024 – )

This is very much a Guy Ritchie show inspired by a Guy Ritchie film—which ought to tell you all you need to know about the vibe (polished, snarky, and ultra-violent). Theo James plays army officer and Eddie Horniman (I believe I mentioned Guy Ritchie?), heir to the Horniman estate (there it is again) who, upon the death of his father, is named the Duke of Halstead. He learns that dad was tied to various criminal enterprises, and that his scouse brother is millions of pounds in debt to a drug dealer. What else is the dapper, military-trained Duke to do but learn to navigate the violent underworld while looking cool? Stream The Gentlemen on Netflix.

The Sticky (2024)

Though it's tempting to find questionable taste in setting a caper show in Quebec and then having it involve maple syrup, The Sticky is loosely based on The Great Canadian Maple Syrup Heist—a real thing that happened in 2012. Margo Martindale (Justified) plays Ruth Landry, a maple syrup farmer struggling since her husband's incapacitation and running up against a greedy businessman trying to buy her land out from under her. She meets dopey security guard Remy Bouchard (Guillaume Cyr), who's been stealing a barrel or two at a time from the warehouse where he works, and then mobster Mike Byrne (Chris Diamontopoulos) who, she realizes, could provide the muscle needed for a heist. In the best tradition of something like Fargo, the foolproof plan to steal a bunch of syrup gets well out of hand, very quickly. The show ends on a bit of a cliffhanger, but there's still a relatively complete story in its single season. Stream The Sticky on Prime Video.

The Brothers Sun (2024)

A fun action-comedy and member of the Netflix one-season-and-done club, The Brothers Sun stars Oscar-winner Michelle Yeoh as Eileen Sun, the exiled matriarch of a family of Taiwanese gangsters. She'd come to Los Angeles years before, taking a son, Bruce (Sam Song Li), who grew up knowing little of his origins and has few ambitions beyond becoming great at improv comedy. An assassination attempt sends his older brother to L.A., drawing Eileen and Bruce back into the criminal fold, with rival factions coming at them from every side. Stream The Brothers Sun on Netflix.


from Lifehacker https://ift.tt/9Spbqx8

A few times each year, the tech community lights up with new theories and renewed speculation about what Apple might announce next. Those of us who scour the internet for the latest leaks and whispered rumors might try to guess what colors the next iPhone might come in, or what new features could ship with the next version of iOS, then watch Apple's keynote presentations live to see if we were right. If that sounds like you, listen up: This year, your guesses could win you a brand new Apple Watch.

Throughout 2026, Lifehacker is running a guessing game contest based on Apple's new announcements and releases. Here's how it works: The contest will unfold across three rounds.

  • We're currently in Round 1, which will continue through June 2. As you can see from the questions above, this round is focused on the scuttlebutt around Apple's software (iOS, iPadOS, macOS, watchOS, visionOS, etc.).

  • Round 2, which will run from July 7 through July 21, concerns Apple's devices (iPhones, iPads, Macs, Apple Watches, Vision Pro, etc.).

  • Round 3, which will span Aug. 18 through Sept. 1, centers on Apple's fall event.

During each round, you'll answer five questions about what Apple might announce or reveal during its major keynote events. Each question you answer with a correct prediction earns you one entry into the grand-prize drawing, to be held at the conclusion of all three rounds. If you win the drawing, you'll walk away with the latest version of the Apple Watch.

To be eligible, an entrant must be at least 18 years old, and a resident of the 50 U.S. states or Washington, D.C. Lifehacker isn't throwing this event alone: The other CNET Group sites (CNET, Mashable, PCMag, ZDNET) are also hosting their own questions. That means there will be 75 possible questions to answer across all CNET Group sites and all three rounds. You're free to submit answers to any and all of the questionnaires on these sites during each round, but please note that each entrant is only eligible to win one prize. Each of the five websites will announce the winner of its contest shortly after Apple's fall event.

Once you've answered, you'll receive a copy of your responses at the email address you provide, so you can keep track of your predictions—and make sure to come back in July for Round 2 of Lifehacker's Big Guessing Game: Apple Edition.

NO PURCHASE NECESSARY to enter or win the "CNET Group Big Guessing Game" Giveaway. Open to legal U.S. residents in the 50 U.S. & D.C., 18+ yrs of age. Other restrictions apply. Begins May 19, 2026 at 12:01 p.m. ET and ends Sept. 1, 2026 at 11:59 p.m. ET. Void where prohibited. Subject to Official Rules. Sponsor: Ziff Davis, LLC.

Apple is not a sponsor of, affiliated with, or endorser of this sweepstakes. Apple Watch is a trademark of Apple Inc.


from Lifehacker https://ift.tt/Hog0T2R

A critical NGINX vulnerability (CVE-2026-42945) disclosed last week is being exploited by attackers, VulnCheck security researcher Patrick Garrity revealed on Saturday.

NGINX vulnerability exploited CVE-2026-42945

The vulnerability, dubbed NGINX Rift, can be reliably exploited to trigger a denial-of-service condition and can potentially allow for unauthenticated remote code execution, all achievable by sending a specially crafted HTTP request to a vulnerable NGINX instance.

What is NGINX?

NGINX is the most widely deployed web server and, as such, it’s one of the fundamental pieces of modern web infrastructure. It can also play other roles: load balancer, reverse proxy, and HTTP cache.

Its development is overseen by the networking and application delivery company F5, which maintains and releases the open-source version (NGINX Open Source), offers the commercial NGINX Plus version, and has integrated NGINX into its various application delivery and security solutions.

About CVE-2026-42945

CVE-2026-42945 is a memory corruption vulnerability that affects NGINX Open Source (versions 0.6.27 through 1.30.0) and NGINX Plus (vR32 through R36). It also affects some of F5’s products that incorporate the software, such as NGINX Ingress Controller, F5 WAF for NGINX, and others.

“A bug in the ngx_http_rewrite_module lets a remote, unauthenticated attacker corrupt the heap of an NGINX worker process by sending crafted URI. The trigger is a common configuration pattern: a rewrite directive with an unnamed regex capture ($1, $2) and a replacement string that contains a question mark, followed by another rewrite, if, or set directive,” the researchers who unearthed the vulnerability explained.

“When that pattern is present, NGINX computes the destination buffer using one set of escaping assumptions and then writes to it using another. The write runs past the allocated buffer, producing deterministic memory corruption. The bytes written past the allocation are derived from the attacker’s URI, so the corruption is shaped by the attacker rather than random. Repeated requests can also be used to keep workers in a crash loop and degrade availability for every site served by the instance.”

PoC and exploitation

CVE-2026-42945, along with four other security issues, was discovered by Depthfirst researchers with the help of the company’s AI-native vulnerability detection platform. Of the five, CVE-2026-42945 was the most critical.

Once F5 released fixes and the security advisory, Depthfirst researchers published technical details and a proof-of-concept (PoC) exploit.

According to Garrity, VulnCheck’s canary systems began flagging exploitiation attempts on May 16, three days after the vulnerability and the PoC had been made public.

The effectiveness of these attempts depends on the targeted system.

While DoS can be achieved on default NGINX configurations, both VulnCheck and security researcher Kevin Beaumont pointed out that attackers can achieve code execution if they manage to disable address space layout randomization (ASLR) on the target server.

“A further caveat is that the target server has to be running a specific rewrite configuration to be vulnerable, so not every NGINX instance is exploitable. Our Censys query surfaces roughly 5.7M internet-exposed NGINX servers running a potentially vulnerable version, though the truly exploitable population is likely to be a much smaller subset of those,” the VulnCheck Initial Access team noted.

Fixes

So far, F5 fixed the vulnerability in:

  • NGINX Open Source – versions 1.31.0 and 1.30.1
  • NGINX Plus – versions R36 P4 and R32 P6
  • F5 WAF for NGINX v5.13.0
  • F5 DoS for NGINX v4.9.0

It has also provided a mitigation: using named captures instead of unnamed captures in rewrite definitions.

AlmaLinux, Ubuntu and Debian developers have begun releasing patched nginx packages.

Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!


from Help Net Security https://ift.tt/V1wXrCP