The Latest

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Securing the inbox: Where identity, brand and security meet
Getting a verified logo to appear next to your email has traditionally meant having to work with two separate entities. You have to work with a DMARC partner for setting up DMARC and BIMI, then use a trusted Certificate Authority (CA) to purchase a Mark Certificate, and this means having to source a trusted partner for both which delays the project unnecessarily. Red Sift and GlobalSign have now folded both halves into a single package.

Researchers make the case for a cybersecurity AI scientist
Autonomous AI agents have started doing real security work. Language-model agents probe software for flaws, run penetration tests, and chain together attack steps that once needed a human operator. Research about security has stayed slower and more manual, built around expert scarcity and hand-designed experiments. A team at the Chinese Academy of Sciences wants to close that gap. In a recent paper, they define what they term the Cybersecurity AI Scientist. They describe a research system that moves from a question to experimental design, tool building, controlled execution, evaluation, and a written result on its own.

OpenAI and Anthropic are pulling in different directions
Companies are handing routine operational decisions to AI agents that plan, remember, and act on their behalf. These agents run on statistical models, and their behavior can drift across weeks and months. That drift opens a security gap outside the reach of standard monitoring tools. A study of about 1,080 open job postings at OpenAI and Anthropic maps where the two largest AI labs are taking this technology.

Orbia CISO Miranda Ritchie on building security into sustainable infrastructure
In this interview with Help Net Security, Miranda Ritchie, CISO at Orbia, talks about protecting industrial systems where software runs water, chemical and manufacturing processes. She explains why a cyber incident in these settings can harm people, equipment and the environment, and how spread-out sites and aging control hardware widen the risk.

Your coding agent says no in chat and yes in the code
Millions of developers share their keyboard with GitHub Copilot. Inside Visual Studio Code, it opens their files, writes and edits code, runs scripts, and reworks its own output across many turns. The safety testing that vets these agents still runs on chatbot rules: one harmful prompt, one response, graded alone. That rulebook misses where the real danger sits, according to a study from the Alan Turing Institute in London.

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)
CVE-2026-48282, one of the maximum severity vulnerabilities patched in Adobe ColdFusion on June 30, 2026, has been targeted by attackers in the wild. Exploitation attempts were detected on July 2, through the honeypot sensors of cybersecurity threat-intelligence service KEVIntel, mere minutes after watchTowr researchers published a technical analysis of this and other ColdFusion flaws recently fixed by Adobe.

Accenture acknowledges security incident following 35GB data theft claim
Accenture appears to have suffered a data breach, the extent of which is currently unknown. On Monday, a threat actor going by the handle “888” posted on the cybercrime forum PwnForums, claiming to have breached the technology consulting company and stolen “just over 35gb of source codes” in July 2026.

Attackers using Langflow flaw for credential harvesting (CVE-2026-55255)
The US Cybersecurity and Infrastructure Security Agency (CISA) is warning about yet another Langflow vulnerability (CVE-2026-55255) leveraged by attackers in the wild. The flaw was added to the agency’s Known Exploited Vulnerabilities catalog on Tuesday, July 7, nearly two weeks after the Sysdig Threat Research Team observed it being actively targeted.

Microsoft releases fix for RoguePlanet Defender flaw (CVE-2026-50656)
Microsoft has finally released a security update for its Microsoft Malware Protection Engine, which fixes CVE-2026-50656, the Windows Defender local privilege escalation vulnerability triggered by the RoguePlanet exploit.

Extortion crew hijacks Microsoft 365 accounts via fake passkey setup
The Pink cyber extortion crew is tricking employees into giving them access to their Microsoft 365 accounts by faking Entra passkey enrollment requests. The attack starts with a vishing call to an employee. The caller poses as IT and says it’s time to set up a passkey. Everything after that is theater, built to keep the victim occupied while the attacker finalizes everything.

How to implement a continuous offensive security testing program
The hard part was never finding the exposure. It was deciding what to do about it: whether to patch, mitigate, monitor, or accept, and banking that that decision would still hold tomorrow. A penetration test answers this question for the day it runs, then quietly expires. The environment shifts, a control drifts, a new technique lands, and the report now describes a network that no longer exists.

How to prioritize AI agent security by business impact
Your CEO calls about an AI agent security incident in finance. He wants to know whether money moved, whether financial data was exposed, who owned the agent and why it had this level of access. The agent’s OAuth access remained active after its owner left. The access was valid, but no one verified it still served a legitimate business purpose. You need to know which AI agents create business risk and how far that risk can spread.

Your company already adopted AI and nobody is governing access
In this Help Net Security video, Antoine Berton, CTO at Elba Security, breaks down the AI attack surface. He maps five places where exposure lands, from standing OAuth grants and copilots that inherit human permissions to agent credentials stored in config files, missing off-boarding, and unclear authority when an agent acts.

Turning software supply chain security into a daily habit
In this Help Net Security video, Anastasia Tikhonova, Global Threat Research Lead at Group-IB, explains how to operationalize software supply chain risk. Instead of filing an SBOM away as a compliance document, she argues teams should use it every day for vulnerability triage, vendor access reviews, identity monitoring, and incident response.

July 2026 Patch Tuesday forecast: Is CVE tracking still practical?
In June, we saw the deluge of over 200 reported CVEs that I expected in May. There were 116 CVEs for Windows 11 and 104 for Windows 10. In addition, we saw large numbers in both common applications like Office and SharePoint Server as well as the host of development tools and libraries like Visual Studio and .NET. Will the trend continue this month?

New ClamAV security patch closes seven scanner bugs dating back two decades
Open source antivirus scanning sits inside mail gateways, file upload checks, and endpoint tooling at organizations of every size. Much of that work runs through ClamAV, the scanning engine maintained by Cisco’s Talos group. The project released two patch versions, 1.5.3 and 1.4.5, carrying fixes for seven security flaws along with smaller hardening changes.

Flipper Zero firmware development gets a fresh set of community rules
Owners of the Flipper Zero, the pocket-sized wireless testing tool, spent recent weeks worried that its official firmware had gone quiet. Pavel Zhovner, CEO of Flipper Devices, moved to settle that concern with word that the company has set aside staff to keep the firmware maintained and to support outside contributions. The work will run under a fresh set of rules covering feature requests, code submissions, and testing.

Omnigent: Open-source AI agent framework and meta-harness
Plenty of developers now keep several coding agents close at hand, reaching for Claude Code on one task and Codex or Cursor on the next. Each tool arrives with its own command line, its own handling of credentials, and its own way of running shell commands against a working directory. That spread leaves teams with a governance gap around where agent actions land and how much they cost.

Review: Building Machine Learning Systems with a Feature Store
Many people come to machine learning by training a model on a tidy dataset, and then meet a harder problem: making that model work for real users, on fresh data, every day. Jim Dowling’s O’Reilly book, Building Machine Learning Systems with a Feature Store, is written for that moment. Dowling, CEO of Hopsworks, based the book on a course he taught at KTH in Stockholm, so it reads like a guided walk through building real systems.

macOS is becoming a proving ground for AI agents
Somewhere right now, a Mac Mini is sitting on a shelf doing someone’s chores. Nobody’s watching it. It reads a version number out of Terminal, hops over to Safari, digs up a release year, then quietly files a reminder, the kind of dull three-app errand a human would grumble through in ninety seconds. The machine just works, hour after hour, an AI agent with hands on the keyboard and no one in the room.

A single malware file can outweigh an entire AI dataset
Antivirus vendors and security startups keep shipping AI features that promise to read malware the way a seasoned analyst would. The results inside security teams tell a quieter story. A new paper argues that static analysis of software, the job of deciding whether a program is malicious by examining its contents on disk, remains one of the hardest places to make generative AI work.

Messaging fraud trends point to smarter attacks, stronger blocking
Fraudsters spent 2025 investing in scale. New routes, new tools, and higher message volumes moved through the SMS, voice, and chat channels that businesses rely on to reach customers. Money follows that activity. The Communications Fraud Control Association puts global telecom fraud losses at around 42 billion dollars for the year, several billion higher than its estimate for the prior year.

Open-source collaboration is growing worldwide and putting pressure on maintainers
Developers are pushing code and opening pull requests across economy borders at a rate GitHub has rarely seen. Outbound collaboration, the sum of git pushes and pull requests sent from developers in one economy to public repositories in another, grew by 16% from Q4 2025 to Q1 2026, according to the latest GitHub Innovation Graph data.

Malicious AI agent skills can slip past the scanners built to stop them
AI coding agents can be extended with downloadable agent skills from public marketplaces. Because these skills run with the agent’s privileges, a malicious one can steal credentials, access source code, or install malware. Researchers at the Hong Kong University of Science and Technology developed SkillCloak to test how well existing skill scanners detect such threats.

5,811 arrests, $293 million seized over social engineering scams
Criminals who pose as police officers, romantic partners, and business suppliers have built fraud operations that reach across continents. A four-month enforcement campaign against these schemes wrapped up, and police in 97 countries and territories took part.

AWS gives its ERP agent deny-by-default rules and a separate identity
Accounts receivable teams at large companies spend hours each day matching incoming bank payments to invoices by hand. When those payments sit unmatched for days, cash flow suffers and days sales outstanding climbs. The same pattern repeats across blocked invoices, purchase order approval holds, month-end close, and intercompany reconciliations in almost every industry.

Most data brokers won’t tell you what happened to your deletion request
Data brokers collect personal details on most adults in the United States and sell them to buyers that include employers, landlords, insurance companies, and government agencies. California gives residents a way to push back. You can ask a broker to delete your records, or to stop selling and sharing them. A team at UC Irvine decided to find out what happens when someone sends those requests to the whole California registry. The answer gives consumers little comfort.

The open source library holding up your stack might have one maintainer
Every serious software product runs on code that someone else wrote and released for free. A web service leans on a cryptography library, a data pipeline pulls in a parser, and a mobile app ships a handful of small utilities that one person maintains in spare time. All of it carries the same label. A new paper argues that the single label hides differences large enough to change how each piece behaves once it lands in production.

The future of payment fraud could be automated
Payment fraud is becoming more organized as criminal groups use fake websites, large-scale operations, and, in some cases, forced labor to steal money and personal information. Advances in agentic AI could automate many stages of payment fraud, from collecting and assembling stolen credentials to deploying password-cracking tools.

OAuth, guest accounts, and weak MFA drive SaaS risk
Organizations often create guest accounts to give contractors, suppliers, and partners temporary access to files and SaaS applications. Many of these accounts remain active long after they are needed, creating overlooked access paths to corporate data.

Product showcase: Is that text a scam? Malwarebytes Mobile Security can help you find out
Malwarebytes Mobile Security for iPhone combines scam prevention, privacy protection, and identity monitoring in a single app. It evaluates a device’s security posture, provides recommendations to improve protection, and is available for Windows, macOS, Android, iOS, and ChromeOS.

OpenSSH 10.4 arrives with security fixes and a post-quantum signature option
Operators who manage remote access to Unix and Linux systems keep a close watch on OpenSSH, the software that carries most SSH traffic across the internet. The project released version 10.4 with eight security fixes, a set of bug corrections, and a couple of new features.

Power shortages could slow AI data center expansion
AI adoption is increasing demand for data center capacity at the same time operators are running into limits around power, equipment, land, and permitting, according to NTT Data. Access to electricity is becoming a deciding factor in where new data centers are built, when new capacity comes online and how quickly AI projects can expand.

Microsoft wants to keep your AI agents from going rogue
Microsoft has introduced Microsoft Execution Containers (MXC), a cross-platform, policy-driven execution layer for AI agents on Windows and Windows Subsystem for Linux (WSL), now available in early preview. Developers can define constraints for their applications and agents, and Windows enforces them at runtime through MXC.

Apple Container: Open-source tool for Linux containers on the Mac
Developers on Apple silicon Macs have run Linux containers through software built around a single shared virtual machine for years. Apple’s open-source Container project gives each Linux workload its own lightweight virtual machine.

Claude Cowork turns your phone into a remote control for AI work
Anthropic started rolling out Claude Cowork, an AI agent that completes multi-step tasks, in beta for Max users on mobile and the web. They describe a goal, and Claude plans the work, uses the required tools, and produces outputs such as documents, spreadsheets, presentations, and reports.

20 open-source cybersecurity tools to keep your team ready for anything
AI is changing how security teams find vulnerabilities, analyze code, test applications, and protect infrastructure. Developers are building tools to secure AI systems themselves, from coding agents and memory protection to model exposure discovery. This roundup covers recent open-source releases for vulnerability research, application security testing, container security, endpoint protection, AI security, and penetration testing.

Thousands of malicious AI skills found capable of stealing data, running malware
AI agents can browse the web, use external tools, execute commands, and perform tasks on behalf of users. Many rely on skills that define how they interact with services and data. Malicious skills can abuse those capabilities to steal data, execute malware, or manipulate an agent’s behavior, according to the H1 2026 ESET Threat Report.

Wireshark 4.6.7 patches a dozen security flaws
Network analysts who open packet captures in Wireshark push untrusted data through a large set of protocol dissectors, and each parser is a spot where a malformed frame can trip up the software. The 4.6.7 maintenance release closes twelve of those weak points. The fixes reach from cellular signaling parsers to the code that reads capture files off disk.

Product showcase: Protect your iPhone with McAfee Mobile Security
McAfee Mobile Security for iOS combines scam protection, web protection, VPN, Wi-Fi security, and device security checks in a single app. It is also available for Android.

The fake report message that ends with a stolen Reddit account
A direct message arrives on Reddit from a stranger, and it invites a reply. That reply is the point. This scheme runs on social engineering, with no malware and no malicious links, and it has spread across Reddit, Discord, and similar platforms. The goal is a single piece of information: a login or verification code that hands your account to someone else.

AWS centralizes access, spending, and governance for Claude
Claude apps gateway for AWS is a self-hosted control plane that gives organizations a single point of control over access, costs, and policies for Claude Code and Claude Desktop. It replaces per-developer cloud credentials, manual distribution of managed settings to developer laptops, and centralizes usage attribution and spending controls.

Only 28% of financial workforce MFA is phishing-resistant
Passwords remain part of many workforce authentication flows in financial organizations, making phishing and credential theft major identity security risks, according to a new Secret Double Octopus report.

Microsoft is rewriting Windows patch guidance because of AI
Microsoft is recommending that organizations shorten Windows update deployment timelines, warning that advances in AI are reducing the time attackers need to identify and exploit vulnerabilities after security updates are released.

Cybersecurity jobs available right now: July 7, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: July 10, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Attestiv, Automox, Codenotary, and First Recon AI.


from Help Net Security https://ift.tt/BHsSgTD

Google Home is Google's smart home platform, which integrates everything from Google's smart speakers to the lights, plugs, locks, and other appliances across your house. Whether you use just a voice assistant and a smart bulb or two or have a complex web of devices whose actions you're looking to automate, you'll want to consider these hidden tips and tricks to make your smart home work for you.

Enable Night mode to keep your devices from waking people up

Google speakers and displays have a Night mode that lowers their volume and dims their display lights during set "downtimes," so you can still use your voice assistant without disturbing the peace or waking kids who are sleeping. In the Google Home app, tap Home > All devices and long-press your device's tile. Tap Settings > Notifications & digital wellbeing > Night mode and turn Enable night mode on. From here, you can choose when downtime begins and ends and select which days of the week to apply Night mode.

Use Guest Mode to keep your profile private from visitors’ queries

If you have visitors over for dinner or house guests staying for an extended period, you may want them to be able to interact your smart speakers and displays without affecting your algorithm or compromising your privacy. When Guest Mode is turned on, Google automatically deletes recordings and voice assistant activity and disables personal results, such information collected from your Gmail and Google Calendar. This prevents other users from requesting sensitive information—like calendar events, contacts, and reminders—from your device. You can still control your smart home, play media, and query your assistant in Guest Mode. To enable or disable this setting on a specific device, you simply have to say “Hey Google, turn [on/off] Guest Mode.”

Designate household contacts so anyone can use your speaker to call for help

Your smart speaker comes in handy for hands-free calling, and you can set up household contacts so anyone—including kids, babysitters, and guests—can reach important numbers even if they haven't set up voice match. All they have to do is say "Hey Google, call [name or nickname]" to make a call. You can add emergency contacts for when you're away or simply make it easier for those at home to place calls to numbers they don't have memorized. In the Google Home app, tap your profile icon, then go to Home settings > Communication > Household contacts. You can tap Add Person if the contact isn't already listed.

Note that in an emergency, you cannot dial 911 directly from your smart speaker using a voice command. However, if you have a Google Home Premium subscription and sound detection enabled on your speakers or displays, you can set up an emergency calling feature that allows you to contact 911 from your phone if your smoke, carbon monoxide, or glass break alarm is triggered.

Use your speaker as a memory vault to keep track of items you often misplace

If you often find yourself wondering where you put that random item you were sure you'd remember but cannot find, you can offload this mental burden to Google Home. Your speaker can maintain a voice notepad and repeat information back to you later. This is especially useful for keeping track of items you use seasonally (like holiday decor), remembering where you keep important documents or various tools for home maintenance projects, or simply monitoring keys and wallets. Use a command like "Hey Google, remember that..." to add items to your list.

Use device state triggers to create an automated theater experience

If you have your media player or smart TV and lights connected to Google Home, you can set up an automation that turns your den into a home theater—dimming your lights and closing your shades as soon as you turn the TV on or hit play. In the Google Home app, go to the Automations tab and tap Add > Add starter. Choose When a device does something, select your smart TV or speaker, then choose the state you want to use as the trigger (such as when the TV turns on or the device is muted or unmuted). Tap Add action > Adjust Home Devices, select your lights and/or shades, and set them to the preferred brightness or closure. Label the routine and tap Save, then make sure the routine is toggled on.

Set up visual alerts for when your laundry or dishwasher finish running

Another way to use state-based automations is to have your speaker or lights announce when another appliance's task is complete—for example, if you're in your home office, you can set your smart bulbs to blink when the washing machine cycle is over so you know it's time to move clothing to the dryer. This follows the same process outlined above: go to Automations > Add > Household > Add starter > When a device does something. Select your smart appliance first, then select Stops or Finished. Then tap Add action > Visual Cue or Audio Announcement. You can also add conditions if you only want the automation to run during certain hours (so your speaker doesn't wake people up at night, for example).

Sync your lights and alarms for a gentler wake-up

Loud alarms are a jarring way to start the morning, but if you have a smart lights and a Google speaker or display, you can enable Gentle Sleep and Wake, which slowly brightens your lights over a 30-minute period before your alarm sounds. There are several voice commands for Gentle Wake depending on how many lights you want to enable, and you can sync with an alarm (consider selecting a softer, ambient option) so that the light routine will run any time you set an audio alarm. If you have a Nest display, you can also go to Alarms > Set an alarm, toggle on Sunrise Alarm, and customize the lights, timeline, and sounds for your wake-up routine.

Ask Gemini to build if/then automations using natural language

Building automations manually can be cumbersome, and you may not even know what your smart devices are capable of in order to do so. But if you have a Google Home Premium subscription and Gemini for Home enabled on your account, you can simply describe what you want your devices to do, and AI can build the routine for you. The "Help me create" feature works with natural language prompts, and it can also suggest automations based on what you have available in your Google Home app. Go to Add > Automations > Help me create, and speak or type the command. Tap Create, and follow the prompts to adjust or save the automation.

Ask Gemini to analyze camera footage for troubleshooting problems

Instead of scrubbing through hours of Nest footage to figure out what's going on in and around your home, you can ask Gemini to search your video history and give you a summary based on your query. This is useful for day-to-day events, like figuring out what time your dog walker typically arrives and leaves, though you can also ask things like "Did something eat my plants?" to figure out what animals are destroying your garden and troubleshoot accordingly. The Ask Home feature is part of Gemini for Home and is available to Google Home Premium Advanced plan subscribers.

Use privacy settings and commands to prevent your recordings from being stored

Connected devices in a smart home inherently introduce privacy risks, but you can, at the very least, keep Google from storing voice recordings gathered via your speaker or display. From your Google Account, go to Data & Privacy > Web & App Activity and uncheck the box next to "Include voice and audio activity." While you're at it, Google recently updated its privacy settings for Search, so you should go in and customize what it has access to under Search Services History and Personalized Recommendations. You can also ask your voice assistant to delete the last thing you said or activity over a specific time period with commands like "Hey Google, that wasn't for you."


from Lifehacker https://ift.tt/Ew4kx6K

In a rare combined cybersecurity/squid post, a twenty-nine-year-old squid proxy bug can leak HTTP requests.

As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered.

Blog moderation policy.


from Schneier on Security https://ift.tt/U4b9Q2M

We may earn a commission from links on this page.

I’ve been waiting for Ultrahuman’s new Ring Pro, and I’m happy to report I have one in my hands (OK, on one of my hands). This is the ring that was announced back in February, along with a feature-filled charging case. It’s an upgrade from the Ring Air that I previously reviewed, and it retails for $479 including the case. Overall the experience is pretty similar to the Ring Air, but here are a few things I’ve noticed that are worth calling out. 

The battery life is incredible

I’ve been wearing the ring almost three days, and the battery is only down to 78%. By my math, the charge is likely to last about 13 days at this rate. That’s more than double the five to six days I got with the Ultrahuman Ring Air, and significantly more than the week I got from the Oura Ring 5

And if that’s not impressive enough, it turns out I’d accidentally had the ring on Turbo Mode, which samples data more often and thus drains the battery faster. I normally prefer Chill Mode, which offers a middle-of-the-road battery draw. (There is also a Critical Battery Mode for when you’re really desperate.) 

I haven’t had a chance to test the case's battery life yet, but Ultrahuman says it stores multiple full charges for the ring. The company’s battery estimate is 15 days for the ring, and 45 days with the charging case. 

The smart case sings and buzzes

The Ultrahuman Ring Pro’s case is the change I was most excited about. I haven’t yet needed to do any diagnostics or hard resets (which the case can facilitate), but it got my attention pretty much immediately with its sound effects. You hear a tone when you set up the ring—it reminded me of one of those singing metal sound bowls. The case also gave a haptic buzz. 

The entire front lip of the case is an LED indicator light, which can glow or pulse in different colors depending on what it needs to signify. If you lose the case, you can ask the app to make it play a sound. The only thing I haven’t determined is whether there's a way to make the morning alarm play through the case instead of using your phone, a possibility I remember being raised when this ring and case were still in development.

The shape and build are simple and elegant

While Oura went with a smaller-than-ever profile for its newest ring, Ultrahuman has gone the other direction, making its ring a solid hunk of metal. It’s thicker than the Air, but what’s more interesting is that the inside of the ring is the same smooth metal as the outside. Other smart rings have a clear epoxy-like layer on the interior. 

It’s simple, but elegant, and I like that the new design includes two break points where the ring can be pried apart in an emergency. As for how the ring fares beyond appearances, for that you’ll need to wait for my full review. 


from Lifehacker https://ift.tt/XgUlhIK

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

Yesterday, I wrote about Sony's luxurious version of the 1000XM6 going on sale. While it's discounted, $600 is still a lot of money to spend on headphones, and there are other options that are just as premium for almost half the price. The Bose QuietComfort 2nd Gen is one of those options, currently down to $369 (originally $449), its lowest price ever, according to price-tracking tools.

The Bose QuietComfort line has been around for a long time, excelling in comfort, ANC, and minimalism, as was the case for the Bose QuietComfort Ultra (2nd Gen) earbuds that I got to review. The headphone version keeps those same priorities at the forefront. As PCMag says in their "excellent" review, these headphones have excellent ANC, are comfortable for long listening sessions, offer good battery life, and have lossless audio via USB-C, which is very much appreciated for those looking to get away from compressed audio.

I love the Bose app, much more than Sony's confusing Sound Connect. But there are drawbacks. The EQ is limited and might seem too basic to some, but that's what can also feel great for those who value user-friendliness and a minimalistic app. You still get all the important features that all the other premium headphones offer, just in a simpler package.

The audio is deep and rich, and the inclusion of lossless listening via USB-C is a game-changer for those who want to finally listen to high-resolution audio from Spotify or Apple Music. You'll get 30 hours of battery life and support for AAC and SBC codecs, along with AptX Adaptive for hi-res audio. These are a great option for comfort, ANC, and user-friendliness. However, if you value complexity, like tweaking your audio and more in-depth features, the 1000XM6 will be a better option.

Deals are selected by our commerce team

from Lifehacker https://ift.tt/0IOd8rl

I love a short daily word game, but Wordle isn't always enough to scratch that itch. I've had my share of fun with other letter-based guessing games and my new love Minute Cryptic, and I recently discovered Beeswax, a game that gives you five words to spell each day. It's like the spelling bees kids do: You listen to somebody say the word, and then you have to spell it correctly. One mistake, and you're out for the day.

How to play Beeswax

Note that Beeswax has nothing to do with the game Spelling Bee, a New York Times game that is bee-themed but involves manipulating written letters. Beeswax replicates the format of an actual in-person spelling bee. You click a button to hear the word (or to replay it if needed). If you're stuck, you can use hints.

The hints don't impact whether you win or lose, but the shareable text you get at the end will make a note of how many hints you used. The hints are, as in a spelling bee, all spoken as well. You can ask for a definition, a sentence using the word, the word's part of speech, or (my favorite when I'm stuck) the word's language of origin.

If you misspell a word, the game is over. The correct spelling is available on the "game over" screen, but it's hidden like spoiler text, in case you want to ponder your mistakes before revealing the answer. I've played several games, and so far I've missed two words: one that I thought I knew but must have been misspelling all this time, and one that was a new word to me. I can't say I'm disappointed: I've learned a new word.

How to win Beeswax

This is where I'd normally share some hints and tips, but the truth is: You just have to know how to spell the word, or be able to plausibly guess. The tips that apply to spelling bees in general are good ones here. The best tip is just to read more, so you get used to seeing more words. It's also helpful to become a nerd about etymology, constantly looking up words to see where they come from and why they're like that. (You'll start to recognize roots, prefixes, suffixes, and get a sense of how words of different language origins tend to be spelled.) This is more of a lifelong hobby than a strategy for a game, so, uh, good luck.

Personally, I find the language of origin the most helpful type of hint, but I've only played a handful of games so far (and never actually got to compete in a spelling bee as a child), so I can't promise that will always be the most helpful. The 12-year-old winner of the 2017 National Spelling Bee shared some tips with Lifehacker after her win, and she also recommended paying attention to word origins, so perhaps it's a good strategy after all.

Each word comes with a two-minute timer, so you can't think about it forever. That's plenty of time to simply look up the word yourself, of course. And paradoxically, that's what makes the game cheat-proof: After all, "go look up this word" isn't a fun game, and so there's no temptation to cheat. You also don't have to worry about running out of play time: Beeswax makes its entire archive available, even if you don't have an account. Free accounts give you the ability to keep a streak and to show up on the leaderboard.


from Lifehacker https://ift.tt/HuCDzs1

You would think that whenever Google releases new apps or features on only one platform at a time, it would choose Android over iOS. After all, the company makes Android too, so it'd only seem logical for Android users to get the first crack at new Google products. As it turns out, however, it's often the opposite. Google will sometimes release new features for some of its apps on iOS first, before bringing them over to Android. Back in April, for example, the company released "Edge Eloquent," an on-device AI transcription app, on Apple devices only.

Chrome for Android is getting a dedicated back button

Today, however, Google is bringing one of its previously iOS-exclusive Chrome features to Android. As highlighted by Android Authority, Google is now rolling out Chrome 150, which comes with a change for Android devices: a dedicated back button.

You'll notice the change after updating your Chrome for Android app, and opening the three-dot menu. Before, you'd only have the option to go forward a page in the Chrome app, and had to rely on Android's native back button or gesture. It's a small change, but one that makes Chrome for Android feel a bit more like Chrome for desktop, and will certainly be an easier adjustment for anyone switching to Android for the first time.

It's not clear why Google felt the need to bring the button over now, but I understand why it might have thought it didn't need to in the past. Unlike Android, iOS has no dedicated back button, so it makes sense that Google would add the back button to Chrome for iOS. And while users could get the same effect with Android's system-wide back button, it isn't necessarily the most intuitive experience in a browser, since you might not be sure whether you're going back a web page, or returning to the previous app you were using. This update might add a bit of redundancy to Chrome for Android, but I think it's for the better.

Other Chrome 150 changes for Android

You'll also notice the site info button (i) is no longer in the same row as the navigation buttons. Now, you'll find it in the overflow menu under "Site controls." "Add to home screen" is now "Install and create shortcut," which is far more vague in my opinion. If you're used to adding webpages to your home screen, I wouldn't be surprised if you simply thought Google took the feature away with this update.

Speaking of updating, your app may update automatically. But you can check manually by heading to Chrome's page in the Play Store. Alternatively, you can go to your profile in the Play Store, tap "Manage apps & device," then under "Updates available," choose "See details" to look for Chrome.


from Lifehacker https://ift.tt/cLsCqGv