Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Apple's upcoming iPhone 18 Pro models are expected to introduce new color options, including a dark cherry color, and today we may have been given another peek at the rumored finish, courtesy of the Chinese leaker known as Ice Universe.

Image shared by leaker Ice Universe
In an image posted on Weibo, a SIM tray allegedly from the unreleased iPhone is shown in a dark cherry colour, which could also be described in this grainy example as burgundy, brownish, or purple.

Multiple rumors have suggested Apple is testing a deep reddish finish for the iPhone 18 Pro models, and the color is expected to be the special one that Apple markets prominently in 2026, similar to how it did for the Cosmic Orange iPhone 17 Pro.

Two other colors Apple is said to be planning are Light Blue and Dark Gray. Apple may also offer the iPhone 18 Pro and iPhone 18 Pro Max in Silver. Macworld has previously claimed to have identified the Pantone colors for all four finishes.

The four colors were also spotted in the first iPhone 18 Pro dummy models to leak, providing another look at the shades Apple is likely to use.

Notably, in the same Weibo thread where the SIM tray image was posted, Ice Universe responded to another user asking if the iPhone 18 Pro would be available in black. The leaker replied simply, "No." It's not the first time we've heard there will be no black iPhone 18 Pro model this year.

Apple's next-generation premium devices are expected to be unveiled in September alongside Apple's first foldable iPhone, which could have its own set of more muted color finishes, with silver, white, and indigo rumored so far, with other rumors suggesting it will be available in two colors or perhaps even just one.Related Roundup: iPhone 18 ProTag: Ice Universe
This article, "Alleged iPhone 18 Pro Sim Tray Again Shows Dark Cherry Color" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Trust is one of the biggest barriers to adoption in autonomous security operations, and it is rarely solved by messaging alone. It is earned when the workflow proves it can operate with speed, visibility, and accountability at the same time. In this blog, we look at what actually builds trust in autonomous security operations, why human validation still matters, and what IT leaders should expect before giving AI-driven workflows more responsibility.
View the full article
Google has removed a malicious browser extension masquerading as Perplexity AI after Microsoft researchers found it was intercepting users’ search traffic and routing queries through attacker-controlled servers before forwarding them to legitimate search engines.
Microsoft Threat Intelligence said the extension masqueraded as the AI-powered answer engine to trick users into installing it. Based on its analysis, the company said the extension’s primary objective was to intercept search traffic and collect browsing data while maintaining a normal browsing experience, making the activity difficult for users to detect.
“Microsoft Threat Intelligence has identified a malicious Chromium-based extension that spoofs the AI-powered answer engine Perplexity AI to trick unsuspecting users into installing it,” the company’s threat intelligence team said in a blog post. “Based on our observation of the extension’s behavior, we assess its primary objective to be search traffic interception and data collection, which might enable downstream use cases such as profiling, targeted advertising, or other forms of misuse depending on operator intent.”
Microsoft said it reported the extension to Google, which subsequently removed it.
The incident reflects a broader trend identified by Microsoft’s researchers, who earlier this month warned that attackers were increasingly abusing the names and branding of popular AI platforms in phishing and malware campaigns.
Extension quietly intercepted browser searches
Unlike traditional browser hijackers that alter search results or flood users with advertisements, the extension operated less conspicuously.
According to Microsoft, it abused Chromium’s Manifest V3 APIs to intercept searches entered through the browser’s address bar, forwarding those queries through intermediary infrastructure controlled by the attacker before redirecting users to legitimate search providers. Because victims ultimately received the expected search results, the activity could remain largely unnoticed, the blog post added.
“The use of intermediary infrastructure allows the operator to observe search traffic while maintaining the expected browsing experience,” Microsoft Threat Intelligence said.
The attack also relied on user trust rather than exploiting a browser vulnerability.
“What makes this interesting is that the attack doesn’t really depend on exploiting a browser vulnerability. The user becomes the initial access vector,” said Vibhum Dubey, an independent cybersecurity researcher and red teamer.
Employees routinely install browser-based productivity tools, password managers, and AI assistants, making AI-branded extensions appear legitimate, Dubey said. “Users also expect AI tools to request broad permissions to access websites and browser content, allowing malicious permission requests to blend in with legitimate functionality.”
Why AI brands make good bait
For attackers, trusted AI brands are becoming increasingly attractive social engineering lures as enterprises accelerate adoption of generative AI tools.
“Attackers are following user trust,” said Sushovan Mukhopadhyay, director analyst at Gartner. “As employees adopt AI tools quickly, trusted AI brands become high-value bait for social engineering.”
Browser extensions can quietly become “a data collection layer inside the employee’s everyday workflow,” exposing sensitive search queries, browsing activity, and business context, he said.
Mukhopadhyay said the larger issue is that enterprise AI adoption is moving faster than security governance, creating opportunities for attackers to exploit the gap between employee enthusiasm and organizational controls.
A governance blind spot
Both experts said the harder enterprise problem is visibility.
“Most organizations have a mature process for software inventory, but very few have the same level of visibility for browser extensions,” Dubey said. During security assessments, he has seen organizations maintain strict application allowlists while employees continued installing browser extensions with little or no oversight.
Rather than looking only for known malicious extensions, security teams should monitor for risky behaviors such as changes to default search providers, requests for access to all websites, communications with domains unrelated to the claimed publisher, and extensions that seek additional permissions after installation, he said.
Microsoft similarly recommended that organizations verify extension publishers, carefully review requested permissions, and monitor enterprise browsers for unauthorized or unapproved extensions.
Mukhopadhyay said CISOs should begin treating browser extensions as governed enterprise software rather than personal productivity tools.
“That means using allowlists, permission reviews, search-setting monitoring, and controls for unapproved AI tools,” he said. Citing Gartner data, he said by 2029, 30% of enterprises will use secure enterprise browser technologies to improve browser extension auditing, risk profiling, and policy enforcement.
As browsers become the primary workspace for email, SaaS applications, and AI assistants, attackers are likely to continue targeting them, Dubey said. Organizations should therefore treat browser extensions “as third-party software suppliers” that are reviewed, approved, and continuously monitored like any other enterprise application.
View the full article
Apple appears to be taking action to limit the spread of leaked iPhone 18 Pro video footage that surfaced online following a recent cyberattack targeting Tata Electronics, one of Apple's manufacturing partners in India.


Over the last day, video clips that apparently showed an iPhone 18 Pro undergoing drop testing began appearing on X (Twitter). The clips appeared to show a silver-gray iPhone 18 Pro model with a more uniform rear aesthetic than the current iPhone 17 Pro's two-tone design. The device had the expected three-camera rear array, but the lenses appeared to protrude more from the plateau than on the iPhone 17 Pro. The Apple logo on the back of the device also appeared to have a reflective finish.

The clips were initially shared by an account using the @EvLeaks handle and were reposted by Ice Universe, but the posts have been taking down by X, citing a violation of the platform's rules. The @EvLeaks account has since been suspended.

Evan Blass, who was previously associated with the EvLeaks name, says he has "nothing to do with the new @EvLeaks account nor the purported iPhone leak posted there." Blass added: "Looks like Apple may have done what Samsung never could," likely referring back to the hundreds of Samsung leaks that Blass himself has been able to freely make public over the years.

9to5Mac this morning also pulled a report covering the leaked drop-test videos. It is not clear whether the posts were removed at Apple's request or Tata's request.

Elsewhere, over in China, Ice Universe claimed on Weibo that Apple had "already banned the leaked data on Twitter."

Apple has not publicly commented on the removals, but the videos do appear to be genuine, based on similar descriptions provided by Reuters.

The alleged footage follows the outlet's report that Apple is "concerned" about confidential files stolen from Tata Electronics and circulated on the dark web. Reuters said the leaked files included Apple-watermarked documents, component details, supplier information, codenames, and images of iPhone 18 Pro models during drop testing. Apple is said to be investigating the incident and working with Tata on long-term measures to improve security.

We are not sharing the videos or images of them here, though some are still circulating online. They may not last the day, however. The speed of the removals suggest Apple may be moving more aggressively than usual to prevent their further spread ahead of the iPhone 18 Pro's expected launch later in the fall.Related Roundup: iPhone 18 Pro
This article, "Apple Crackdown Suspected After iPhone 18 Pro Leak Videos Disappear" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The U.K.'s competition regulator has proposed letting app developers direct users to payment options outside Apple's App Store and Google's Play Store, in a move aimed at increasing competition and reducing the fees charged by the two companies.


As reported by Reuters, The Competition and Markets Authority (CMA) said the proposals would remove restrictions that currently prevent U.K. developers from directing users to off-platform payment options.

The regulator said any fees Apple and Google charge developers for enabling such "steering" must be fair and reasonable, remain below existing App Store and Play Store commissions, and allow developers to either pass savings on to consumers or reinvest them in innovation.

The CMA said it was also considering making Apple open up access to its near-field communication (NFC) technology, which is used for Apple Pay contactless payments. This would allow developers to potentially offer alternative payment options within their own apps.

Last year, Apple was designated with strategic market status (SMS) in the U.K. for iOS and iPadOS, which enables the CMA to initiate targeted interventions designed to open the platforms to greater competition.

Apple has previously said it does not support allowing developers to direct users to off-platform payments. The company argues this ​could undermine user security and fraud ​protections, and limit its ability ⁠to verify transactions.

An Apple spokesperson told Reuters it could open the door to "scams, bait-and-switch tactics, and the circumvention of parental controls."

In February, Apple and Google agreed to a series of changes aimed at making their app stores fairer for developers. Under terms published by the CMA, both companies said they will ensure apps are reviewed and ranked on their app stores in a "fair, objective and transparent way," without discrimination against apps that compete with their own services.

Apple must allow developers to more easily request access to iOS features and functionality, which could clear the way for third-party apps to better compete with Apple's own services.Tags: Apple Antitrust, App Store, United Kingdom
This article, "UK Pushes Apple to Loosen App Store Payment and NFC Rules" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Convince an AI browser that it is playing a game, and it can hand over your login details. That is the finding behind BioShocking, a technique from security firm LayerX that tricked six AI browsers and assistants into copying a user's credentials and sending them to an attacker. The targets included OpenAI's ChatGPT Atlas, Perplexity's Comet, and Anthropic's Claude browser extension. AnView the full article
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037, carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run LoadMaster with the API enabled, update now. Progress published its advisory on JuneView the full article
Apple on Monday released security updates for iOS, macOS, and the Safari web browser to address over three dozen flaws, including four vulnerabilities in WebKit that were discovered using artificial intelligence (AI) tools like Anthropic Claude and OpenAI Codex Security. The WebKit vulnerabilities are listed below - CVE-2026-43707 - A memory corruption issue that could result in anView the full article
A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances. "Easily exploitable vulnerability allowsView the full article
Some T-Mobile customers with legacy phone plans are being upgraded to newer T-Mobile plans automatically, reports CNET. The company has been sending out notifications to customers with older plans, letting them know that they're going to be transferred to a current plan.


Customers being pushed to a new plan could get an automatic bill increase. The carrier plans to move customers to comparable modern plans. T-Mobile options include Essentials, Essentials Saver, Experience More, and Experience Beyond. Prices for a single line start at $50 per month.

T-Mobile marketing lead Allan Samson said the majority of customers being automatically upgraded will pay below what the plan sells for, and won't have the same pricing that a plan would cost a new customer. The average increase will be around $4 per line per month, with some pricing going up $6.

Employees were told T-Mobile is transitioning customers to modern plans to get rid of over 1,100 legacy billing codes, and were warned to expect increased customer contact volume in the coming weeks.

T-Mobile declined to tell CNET which plans are being retired, but some date back 15 years. The company has run through a lot of plans over the last decade and a half, plus Sprint users on legacy plans were folded into T-Mobile after the 2020 merger.

Thousands of customers are affected, and will be receiving alerts from T-Mobile. Plans will change during the next billing cycle. Customers unhappy with T-Mobile's decision can pick a different T-Mobile plan or switch carriers.Tag: T-Mobile
This article, "T-Mobile Automatically Moving Legacy Plan Customers to New Plans" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Popular messaging app WhatsApp is now allowing users to reserve usernames ahead of plans to launch username-based messaging. Right now, WhatsApp uses a person's phone number as an identifier, but usernames will allow people to interact without having to exchange personal information.


Username reservations are rolling out starting this week, and not all users will have access to the reservation system right away. WhatsApp is sending a notification when a username can be reserved. Usernames are optional, and once access has been granted, a username can be selected by going to Settings > Account > Username. Usernames can be 3 to 35 characters in length.

There are over three billion people on WhatsApp, and the company says it is opening up reservations early so "everyone has the opportunity to select the username that matters to them." WhatsApp suggests users choose a unique name only contacts would know.

Creators, small businesses, and organizations have the option to claim their existing Instagram or Facebook username on WhatsApp. Users who have a username on Instagram or Facebook can claim the same username on WhatsApp by choosing the Use Instagram username or Use Facebook username option, as long as it isn't already taken.

WhatsApp has no directory of usernames to browse, and no username discovery suggestions. People will need to know a WhatsApp user's exact username to send a message, plus there is an optional username key that adds extra spam protection.

Usernames will roll out gradually over the next few months. Once live, an account with a username set will no longer reveal a phone number when messaging a person or a business for the first time.Tag: WhatsApp
This article, "WhatsApp Now Lets You Reserve a Username" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Popular open source AI agent OpenClaw is expanding to the iPhone and iPad with a new native iOS app. OpenClaw for iOS can be used alongside an existing gateway as a secure node for chat, voice approvals, sharing, and device-aware automation.


The iOS app replaces iPhone and ‌iPad‌ workarounds that involved using Telegram or WhatsApp for on-the-go access.

OpenClaw is a self-hosted AI agent that runs on a Mac or PC. Users can connect an API key from Claude, OpenAI, Gemini, or other AI services, linking the model to content on the gateway machine. OpenClaw lets an AI model access messaging apps, files, web browsers, and more, so it can complete tasks.

To make use of the new iOS app, you'll need a gateway running on a local machine. The App Store description says the iOS app can be used in multiple ways.

OpenClaw is a useful tool, but it has risks. It is susceptible to prompt injection and requires broad system permissions on gateway devices.

OpenClaw started out as Clawdbot, because the initial version created by Peter Steinberger used Claude. Anthropic complained about the name, prompting a rename.

The app can be downloaded from the ‌App Store‌ for free. [Direct Link]
This article, "Open Source AI Agent OpenClaw Gets Native iOS App" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released iOS 26.5.2, iPadOS 26.5.2, and macOS Tahoe 26.5.2 with a long list of security fixes that it initially introduced in the iOS 26.6, iPadOS 26.6, and ‌macOS Tahoe‌ 26.6 betas.


Apple told Reuters that it released the updates earlier than planned due to concerns about AI-assisted hacks.

Vulnerability fixes are typically included in most Apple software updates, but its major point updates usually include more fixes. Apple intended to release the 25+ security fixes that it introduced today in iOS 26.6 and its sister updates, but didn't want to wait for iOS 26.6 to come out.

In its security document outlining the changes, Apple did not say that any of the vulnerabilities that were fixed had been actively exploited, and the company further told Reuters that there was no evidence any of the now-patched vulnerabilities had been taken advantage of. Apple said the time between when the security fixes were announced and when they were deployed needed to be compressed, but did not say which vulnerabilities drove the urgency.

Apple is among Anthropic's Project Glasswing partners, and it has been using the Claude Mythos Preview to hunt down and patch vulnerabilities before hackers can use them to breach devices. It's not known if Mythos played a role in Apple's decision to release the fixes ahead of schedule.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Released iOS 26.5.2 Security Fixes Early to Thwart AI-Assisted Hacks" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's newly released iOS 26.5.2, iPadOS 26.5.2, and macOS 26.5.2 updates address more than 25 security vulnerabilities, which means you should install the updates as soon as possible.


According to Apple's security support documents for the updates, the new software has vulnerability fixes that Apple previously made available in the iOS 26.6, iPadOS 26.6, and macOS Tahoe 26.6 betas.

There are multiple kernel fixes, and several WebKit vulnerabilities that could lead to crashes or data leaks have been addressed. None of the vulnerabilities are known to have been actively exploited, but now that Apple has published details about them, it is possible malicious entities could create exploits targeting users who have not yet updated.

Apple always recommends that iPhone, iPad, and Mac users keep their devices up to date and install the new software patches shortly after they're released.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "iOS 26.5.2 Patches More Than 25 Security Vulnerabilities" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is "concerned" about a recent data leak from Tata Electronics, one of its manufacturing partners in India, reports Reuters. Tata Electronics was the target of a cyberattack, with confidential Apple documents stolen and shared on the dark web.


Hackers were able to steal information about the iPhone 18 Pro and ‌iPhone 18 Pro‌ Max, including a list of suppliers, parts, and images of the devices. Detailed documents with component designs and specifications have been leaked, and earlier reports suggested some of the data leaked included emails, event logs, documents from TSMC and Qualcomm, and information about older iPhones.

Reuters says that at least six files show "hundreds" of ‌iPhone 18 Pro‌ components, including details of chips on the main circuit board and battery and camera components. The leaked files have "confidential" Apple watermarks and Apple codenames for the ‌iPhone 18 Pro‌ models, along with images of the iPhones during drop tests.

The images depict a "slab-shaped, grey handset with a three-rear-camera setup and an Apple logo," according to Reuters. Rumors suggest the ‌iPhone 18 Pro‌ will look much like the iPhone 17 Pro, with few design differences beyond a slimmed down Dynamic Island.

Tata supplies some iPhone parts, and also assembles some iPhones in India. It is a growing supplier as Apple works to diversify manufacturing away from China. The data also links suppliers to iPhone parts, which is information Apple does not share.

Tata Electronics disclosed the attack last week, saying it had detected a cybersecurity incident after it became clear ransom group World Leaks had shared more than 200,000 files that included information on Apple and Tesla. The files have been circulating on the dark web since at least June 10.

The manufacturer has restricted internal access to sensitive systems and hired a global consultant to conduct a forensic audit, but Reuters suggests the incident could upset Apple and endanger its relationship with Tata. Apple is investigating the incident and working with Tata on long-term measures to improve security.Related Roundup: iPhone 18 Pro
This article, "Apple 'Concerned' Over iPhone 18 Pro Data Leak From Supplier Tata" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released macOS Tahoe 26.5.2, a small update to the ‌macOS Tahoe‌ operating system that came out last year. ‌macOS Tahoe‌ 26.5.2 comes a month after Apple released ‌macOS Tahoe‌ 26.5.2.


Mac owners can download the software by opening the System Settings app and then navigating to the Software Updates section.

According to Apple's release notes for the update, ‌macOS Tahoe‌ 26.5.2 includes security fixes for the Mac.
Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Apple Releases macOS Tahoe 26.5.2" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released iOS 26.5.2 and iPadOS 26.5.2, minor updates to the iOS and iPadOS 26 operating systems that came out in September. iOS 26.5.2 comes a month after the launch of iOS 26.5.1, an update that added a charging fix for the iPhone Air and iPhone 17 models.


iOS 26.5.2 and iPadOS 26.5.2 can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update.

According to Apple's release notes, iOS 26.5.2 includes security fixes for the iPhone and iPad.

Apple is wrapping up work on iOS 26 because iOS 27 is launching in just a few months. ‌iOS 27‌ is available to developers now, with a public beta coming in July.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Releases iOS 26.5.2 With Security Fixes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the third betas of upcoming iOS 26.6 and iPadOS 26.6 updates to developers for testing purposes, with the software coming two weeks after Apple seeded the second betas.


Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update.

With iOS 27 set to launch in September, Apple is wrapping up work on iOS 26. We are not expecting any major new features in the iOS 26.6 update, and it will primarily focus on bug fixes and performance improvements.

The update adds new wording around blocked contact limits, letting users know when they have exceeded the maximum number of blocked contacts. The update might also include a new anti-snatching feature that locks your iPhone if it's grabbed from your hand.Related Roundups: iOS 26, iPadOS 26Related Forum: iOS 26
This article, "Apple Seeds Third iOS 26.6 and iPadOS 26.6 Betas to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided the third beta of an upcoming macOS Tahoe 26.6 update to developers for testing purposes, with the update coming two weeks after Apple seeded the second beta.


Developers can download the ‌macOS Tahoe‌ 26.6 update by opening up the System Settings app, selecting the General category, and then choosing Software Update. Beta Updates will need to be enabled, and a free developer account is required.

With macOS Golden Gate set to launch in just a few months, Apple is likely focusing most of its attention on the new software. We are not expecting any major new features in ‌macOS Tahoe‌ 26.6.
Related Roundup: macOS TahoeRelated Forum: macOS Tahoe
This article, "Third macOS Tahoe 26.6 Beta Now Available for Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided developers with the third betas of upcoming watchOS 26.6, tvOS 26.6, and visionOS 26.6 betas for testing purposes. The software comes two weeks after Apple seeded the second betas.


The software updates are available through the Settings app on each device, and because these are developer betas, a free developer account is required.

There's no word on what's in the software as of yet. watchOS, tvOS, and visionOS often get few features in each new beta, with updates primarily focusing on bug fixes and performance improvements. Related Roundups: Apple TV, Apple Vision Pro, watchOS 26, watchOS 27Buyer's Guide: Apple TV (Don't Buy), Vision Pro (Neutral)Related Forums: Apple TV and Home Theater, Apple Vision Pro, Apple Watch
This article, "Apple Releases Third watchOS 26.6, tvOS 26.6 and visionOS 26.6 Betas" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple has accused Indian antitrust investigators of "copy-pasting" claims from its rivals and failing to conduct their own analysis, arguing the regulator's findings against it should be thrown out.


In a June 25 submission to the Competition Commission of India (CCI) reviewed by Reuters, Apple escalated its long-running dispute with the regulator, where Match and a group of Indian startups are among its opponents. The CCI's investigators privately concluded in 2024 that Apple had engaged in "abusive conduct" on the App Store and wrongly mandated the use of its own payment system.

Apple has denied the allegations. The company said it is a "minuscule player" with under 6% of India's smartphone market, and argued the investigation's conclusions rest on rivals' claims rather than the CCI's independent work. It warned that "forced alterations to Apple's carefully designed ‌App Store‌ could disrupt its integrated business model," and that remedies would "create regulatory uncertainty and could deter investments in India's digital economy."

In its submission, Apple provided tables intended to show the CCI's investigation team had simply reproduced filings from opponents in the case, including Match, Walmart's Indian payments app PhonePe, and Indian rival Paytm. "The DG [Director General] made no effort whatsoever to independently verify or critically assess these statements, often parroting them verbatim," Apple said.

Apple also claimed the CCI "blindly replicated" a graphic on worldwide consumer spending on mobile apps and games drawn from a 2024 EU ruling against the company, despite India facing different market conditions. In its own case, Google argued that Indian investigators had copied parts of a European ruling, but it had little effect on the final ruling resulting in forced changes to promotion of Android.

Apple is also arguing that officials failed to grant it "a single opportunity to record its statements and provide oral evidence" during the probe, in contrast to Google, which it says was given several chances to defend itself.

The regulator has accused Apple of stalling the case for more than two years by withholding responses and pursuing a parallel challenge to India's antitrust penalty law, which allows for fines of up to 10% of a company's turnover over the previous three years. That law lets India base any penalty on global rather than local turnover, the basis on which Apple has estimated its potential exposure at as much as $38 billion. Apple is separately contesting in a New Delhi court whether the law, which took effect in 2024, should apply to the full 2022–2024 period in question.

Apple had refused to supply global financial documents for that period before agreeing to cooperate in early June 2026, ultimately submitting only its local Indian turnover after requesting a "final extension" that ran to June 25, which was the same day it filed its copy-pasting accusation.

The dispute comes as India grows ever more central to Apple's business. The country is set to make 26% of the world's iPhones in 2026, up from 6% four years ago.Tags: Apple Antitrust, India
This article, "Apple Says India's Antitrust Case Against It Is 'Copy-Pasted'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Best Buy's Fourth of July sale is currently running, and it features a big sale across Apple's previous generation M3 iPad Air tablets. You can find up to $400 off these devices during the event, and they're particularly notable when compared to the recently increased prices of the 2026 M4 iPad Air.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Savings are focused on the cellular models of the M3 iPad Air, with these devices priced similarly to their Wi-Fi only counterparts in many cases. Below we've listed all of the biggest deals for the M3 iPad Air, as well as comparisons to each M4 model.

UP TO $400 OFFM3 iPad Air at Best Buy

Prices start at $499.00 for the 128GB Cellular 11-inch M3 iPad Air, which is a $250 markdown and compares favorably to the $899.00 price tag on the same M4 iPad Air. The main difference between the M3 and M4 iPad Air generations is faster chip speed with the M4 chip, and upgraded wireless technologies, but otherwise the tablets are similar.

11-inch

11-inch M3 iPad Air (128GB Cell) - $499.00 ($899.00 for M4 model)
11-inch M3 iPad Air (256GB Cell) - $599.00 ($999.00 for M4 model)
11-inch M3 iPad Air (512GB Cell) - $749.00 ($1,199.00 for M4 model)
11-inch M3 iPad Air (1TB Cell) - $849.00 ($1,499.00 for M4 model)
13-inch

13-inch M3 iPad Air (128GB Cell) - $779.00 ($1,099.00 for M4 model)
13-inch M3 iPad Air (256GB Cell) - $879.00 ($1,199.00 for M4 model)
13-inch M3 iPad Air (512GB Cell) - $949.00 ($1,399.00 for M4 model)
13-inch M3 iPad Air (1TB Cell) - $1,049.00 ($1,699.00 for M4 model)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Don't Pay Apple's New M4 Prices: Save Hundreds on the M3 iPad Air" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The next-generation iPhone 18 Pro and iPhone 18 Pro Max are now just a few months away, and there are plenty of rumors about the devices.


Apple is expected to unveil the iPhone 18 Pro, iPhone 18 Pro Max, and a foldable "iPhone Ultra" in the first half of September, and the devices should be released in the second half of the month. The regular iPhone 18, a lower-end iPhone 18e, and a second-generation iPhone Air will reportedly be announced around March 2027.

Below, we have recapped 10 features rumored for the iPhone 18 Pro models, as of June:Dark Cherry: The special color for the iPhone 18 Pro models will reportedly be Dark Cherry, alongside Light Blue, Dark Gray, and Silver. The existing Cosmic Orange and Deep Blue colors are expected to be discontinued.
Smaller Dynamic Island: It has been rumored that Face ID's flood illuminator will be moved under the screen on the iPhone 18 Pro models, paving the way for a smaller Dynamic Island on the devices.
LTPO+ Displays: The next Pro models are expected to have the same overall design as the iPhone 17 Pro models, including 6.3-inch and 6.9-inch display sizes and a "plateau" housing three rear cameras. However, the displays will reportedly use so-called LTPO+ display technology, which should contribute to longer battery life.
Variable Aperture: The main 48-megapixel Fusion camera on both iPhone 18 Pro models is rumored to have a variable aperture, which would allow users to control the amount of light that passes through the camera's lens and reaches the sensor. This would provide greater control over depth of field. However, given that iPhones have smaller image sensors due to smartphone size constraints, it is unclear exactly how meaningful this improvement would be.
A20 Pro Chip: Apple's next-generation A20 Pro chip is expected to use TSMC's first-generation 2nm process, whereas the A19 Pro chip is 3nm. With a 2nm architecture and a new packaging design, the A20 Pro chip should deliver solid year-over-year performance and power efficiency gains.
C2 Modem: Apple's custom C1 cellular modem for 5G and LTE debuted in the iPhone 16e last year, and that was followed by a C1X chip in the iPhone Air. Apple says the C1X modem is up to twice as fast as the C1 modem, and the most power-efficient modem in an iPhone ever. The improvements should continue with Apple's third-generation C2 modem in the iPhone 18 Pro models.
5G via Satellite: With the C2 modem, the iPhone 18 Pro models will reportedly support 5G via satellite for web browsing without Wi-Fi or cellular connectivity.
N2 Chip: Most of the iPhone 17 models and the iPhone Air are equipped with an Apple-designed N1 chip that enables Wi-Fi 7, Bluetooth 6, and Thread. Apple says the N1 chip also improves the overall performance and reliability of features like Personal Hotspot and AirDrop. iPhone 18 Pro models are expected to have Apple's next-generation N2 chip, but it is not yet known what improvements would come with this upgrade.
Simplified Camera Control: Apple is expected to simplify the Camera Control button on the iPhone 18 Pro models, by removing touch sensitivity and haptic feedback. The redesigned button will only have pressure sensitivity.
Redesigned Rear Ceramic Shield: The rear Ceramic Shield area for MagSafe is rumored to feature a more frosted and seamless appearance on the iPhone 18 Pro models compared to the current two-tone design.Related Roundup: iPhone 18 Pro
This article, "iPhone 18 Pro is Just a Few Months Away With These 10 New Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
In February, Apple notified the European Commission that it would be acquiring certain assets from and have the right to hire certain employees from Rabbit 3 Times, the company behind the award-winning app design tool Play. The notification was published on the European Commission's website this week, following a four-month waiting period.


Play was a Mac and iPhone app that allowed designers to prototype iPhone app interfaces using Apple's SwiftUI frameworks, and then send them to Xcode.

In 2025, the app won an Apple Design Award for innovation.


"Play is a sophisticated yet accessible tool that lets users build interactive prototypes with SwiftUI frameworks," said Apple. "Its thoughtfully crafted user interface is both powerful and easy to navigate, helping designers create interactive prototypes and collaborate across Mac and iPhone, all synced in real time for seamless creativity."

Play is no longer available in the App Store, presumably due to Apple's acqui-hire.

Apple could use the intellectual property that it acquired from the Play app to improve Xcode, but its exact plans remain to be seen.Tags: App Store, Apple Acquisition, Swift, SwiftUI, Xcode
This article, "Apple Acquires Award-Winning App 'Play'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Best Buy kicked off its annual Fourth of July sale this week, with notable markdowns on Apple devices, TVs, headphones and speakers, monitors, appliances, and much more. This sale is set to last through Sunday, July 5, and you don't need to be a My Best Buy Plus or Total member to see the deals.

Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

In terms of Apple devices, you can find solid deals on MacBook Air, iPad Air, AirTag, Beats accessories, and more. Regarding iPad Air models, Best Buy is offering big discounts across the previous generation M3 model, which are worth looking into for anyone looking to avoid the newly increased prices of the M4 iPad Air.

SITEWIDE SALEBest Buy July 4th Sale

Some of the biggest discounts you'll find in Best Buy's Fourth of July Sale are on TVs, with major savings from popular brands like Insignia, Samsung, and LG. Best Buy has Samsung's popular line of The Frame TVs on sale, including the 65-inch 2025 model for $999.99 ($600 off) and the 65-inch The Frame Pro for $1,499.99 ($400 off), both of which match record low prices.

Apple

AirTag 2 (4-Pack) - $89.00 ($10 off)
11-inch M3 iPad Air (128GB Cell) - $499.00 ($250 off)
11-inch M3 iPad Air (256GB Cell) - $599.00 ($250 off)
11-inch M3 iPad Air (1TB Wi-Fi) - $849.00 ($250 off)
13-inch M5 MacBook Air (16GB/1TB) - $1,449.00 ($150 off)
15-inch M5 MacBook Air (512GB) - $1,349.00 ($150 off)
TVs

55-inch Toshiba C350 4K Smart Fire TV - $249.99 ($150 off)
65-inch Samsung U7900 4K Smart TV - $299.99 ($170 off)
65-inch LG UA7050 4K Smart TV - $329.99 ($160 off)
75-inch LG LED 4K Smart TV - $449.99 ($30 off)
98-inch Hisense QLED 4K Smart Google TV - $1,199.99 ($1,100 off)
65-inch Samsung The Frame TV (2025) - $999.99 ($600 off)
65-inch LG OLED 4K Smart TV - $1,099.99 ($1,600 off)
65-inch Samsung The Frame Pro - $1,499.99 ($400 off)
Monitors

27-inch Samsung Curved 100Hz Monitor - $139.99 ($60 off)
34-inch LG UltraWide 100Hz Monitor - $229.99 ($70 off)
27-inch Samsung Odyssey OLED G5 Gaming Monitor - $349.54 ($150 off)
27-inch Alienware Gaming Monitor - $649.99 ($250 off)
49-inch Samsung Odyssey OLED Curved Monitor - $999.99 ($700 off)
Audio

Beats Pill - $99.99 ($50 off)
Beats Solo 4 Headphones - $149.99 ($50 off)
Beats Studio Pro Headphones - $249.99 ($100 off)
Bose QuietComfort Ultra Headphones - $299.00 ($130 off)
Sony Bravia Theater Bar 6 - $449.99 ($250 off)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Best Buy Hosts July 4th Sale With Notable Apple and Tech Deals" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple plans to adopt OLED panels capable of displaying a much wider range of colors, according to a new report from research firm TrendForce.


The new panels would cover 95% of the BT.2020 color standard, which describes a far broader spectrum of colors than the DCI-P3 standard Apple's screens currently target. In practice, that means deeper, more accurate reds, greens, and blues. Reaching those richer colors demands more precise control over the light a display emits, along with better energy efficiency, so TrendForce expects the next round of OLED competition to hinge less on familiar specs like brightness and thinness and more on balancing color, power consumption, and overall performance.

Apple first brought OLED to the iPad Pro in 2024, and the technology is expected to come to the MacBook Pro between 2026 and early 2027. To reach the wider color range, panel makers are changing the chemistry of the layer inside each pixel that actually produces light, moving from a simpler recipe toward more sophisticated designs that pass energy between materials more efficiently.

TrendForce points to several of these new approaches. One makes a pixel emit a purer, more precise color, which is what lets a screen reach the tougher BT.2020 targets. Another adds a "helper" material so the pixel turns energy into light more efficiently. A third mixes in extra materials to keep a panel bright for longer without wearing out.

The shift is also a chance for display makers to rely less on technologies they have to license from others. All of this is said to be changing the relationship between the companies that manufacture displays and the companies that supply the materials inside them, with the winners increasingly being whoever can offer the best mix of cost, ease of manufacturing, and freedom from patent licensing.

Apple plans to adopt the more advanced OLED panels gradually across future ‌MacBook Pro‌, ‌iPad Pro‌, and iMac models, according to the report. Related Roundups: iMac, iPad Pro, MacBook ProTag: TrendForceBuyer's Guide: iMac (Don't Buy), iPad Pro (Neutral), MacBook Pro (Buy Now)Related Forums: iMac, MacBook Pro
This article, "Apple Plans Wider Color Gamut for Future MacBook Pro, iMac, and iPad Pro" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The next major Mac Studio update is still a couple of years away, but a refresh for 2026 is still in the cards, according to Bloomberg's Mark Gurman.


Writing in the latest edition of his Power On newsletter, Gurman said Apple has two Mac Studio refreshes in the pipeline: an M5 Ultra version due this year, and a more significant M7 Ultra model expected in 2028.

Apple appears set to skip the higher-end M6 chips entirely, hence the two-year gap between the two models. Gurman reported earlier this month that Apple is canceling its higher-end M6 Pro and M6 Max chips, instead releasing a base M6 this year and moving its next Pro and Max silicon to the M7 lineup, which is expected to lean heavily into on-device AI and GPU-intensive workloads.

Apple has always had at least three variants of its in-house silicon, including the base M-series chip, a Pro version, and a Max version. The M6 will mark the first time that Apple is not coming out with a Pro or Max chip for the lineup.

For the Mac Studio, that means jumping straight from M5 Ultra to M7 Ultra – there will be no M6 Ultra in between. While a major redesign is not expected for this year's M5 Ultra model, Gurman says Apple has been developing new inner architecture for the 2028 Mac Studio, including a better heat sink to improve thermal performance.

The ‌Mac Studio‌ refresh was supposed to come earlier in 2026, but Apple reportedly postponed the launch because of memory chip supply issues and price increases. Apple has reportedly tested support for up to 768GB of unified memory, but supply constraints could prevent it from launching with an option for that much memory.

It remains unclear whether Apple will make an October launch for the M5 version, especially given that the current M3 Ultra ‌Mac Studio‌ still has delivery estimates stretching into October. Related Roundup: Mac StudioTag: Mark GurmanBuyer's Guide: Mac Studio (Don't Buy)Related Forum: Mac Studio
This article, "Mac Studio M7 Ultra Expected in 2028 With Better Cooling" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
New findings unearthed by Infoblox show that more than 236,000 websites are using investment scam templates built using a legitimate Chinese open-source, cross-platform application development framework called DCloud Uni-App. The templates power bogus cryptocurrency exchanges, multi-language pig-butchering operations, WhatsApp phishing networks, fake gambling platforms, brand-impersonationView the full article
An alleged image of the iPhone 18 Pro motherboard has leaked online, showing the A20 Pro chip will use a new packaging technology that should offer notable performance gains over the previous model.


The leaked image, which has been shared by the accounts "WHYLAB" and "Ice Universe" on Weibo, appears to show the A20 Pro chip integrated into TSMC's new packaging architecture, known as Wafer-Level Multi-Chip Module (WMCM) technology.

Traditionally, Apple has used package-on-package (PoP) designs, where the DRAM sits directly on top of the application processor. The advantages of this method are lower power consumption and reduced latency, but it also makes heat concentrated in the packaging area.

In the leaked WMCM implementation, by contrast, the DRAM has been moved to the side of the package, which should reduce thermal coupling between the processor and DRAM while improving heat dissipation during sustained workloads. Apple's design is also said to be equipped with LPDDR6 memory with a 96-bit memory bus, which should provide more energy-efficient bandwidth.

The chip size is said to be roughly the same as the A19 Pro, but the Neural Processing Unit (NPU) appears to be significantly larger, suggesting that Apple is also aiming to improve AI performance.

The leaked image has not been confirmed as authentic, but the WMCM technology has been repeatedly rumored for the iPhone 18 Pro and iPhone 18 Pro Max.

Powered by the A20 Pro chip, the foldable iPhone and iPhone 18 Pro models are also expected to use TSMC's new 2nm process, also known as N2, boasting performance improvements that could be up to 15 percent faster and 30 percent more efficient than A19 chips.

Alleged leaked image of A20 Pro chip
In addition, N2 introduces new super-high-performance metal-insulator-metal (SHPMIM) capacitors into the chip's power delivery system. These capacitors more than double the capacitance density of the previous generation. Together with the adoption of WMCM, the changes should boost performance globally and improve power stability and energy efficiency.

The Pro and Fold models are expected to share 12GB of RAM, 48-megapixel rear cameras, and Apple's C2 modem. All three models are expected to be released in September this year.Related Roundup: iPhone 18 ProTag: Ice Universe
This article, "Leaked A20 Pro Image Hints at iPhone 18 Pro Performance Gains" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Today’s encrypted data, such as credentials, may no longer remain confidential in the future because the public-key cryptography protecting it will soon be broken by quantum computers. Although no machine today can break elliptic curve cryptography or RSA, quantum hardware is advancing rapidly and will inevitably change how organizations protect their data. Ciphertext and credentials captured byView the full article
A Russian advanced persistent threat (APT) group has continued to evolve and expand its malware arsenal as part of its ongoing cyber onslaught against Ukraine throughout 2025. Slovakian cybersecurity company ESET said it observed 35 distinct spear-phishing campaigns mounted by Gamaredon against new targets, with most of them taking place in the second half of the year. Primary targets of theseView the full article
Apple's upcoming iPhone 18e will have the same display refresh rate as the existing iPhone 17e, according to a prominent Chinese leaker.


Discussing Apple's product plans for 2027 in a Weibo post, Digital Chat Station claimed that the next generation of Apple's low-cost iPhone will feature the same 60Hz low-temperature polycrystalline silicon (LTPS) TFT panel as the current model.

It means the device will lack the ProMotion 120Hz refresh rate and Always-On display technology that is expected to feature across the rest of the iPhone 18 lineup, similar to the iPhone 17 series.

That's despite the fact that you can find 120Hz screens on competing Android phones at similar price points as the iPhone 17e.

The claim is substantiated by a report out of Korea earlier this year that said Apple would not use a low-temperature polycrystalline oxide (LTPO) panel until the fourth-generation model, which is expected to arrive in early 2028. Adoption of LPTO would make the display technically capable of dynamically adjusting its refresh rate between 1Hz and 120Hz.

The shift in 2028 is said to depend in part on Apple's development of a next-generation "LTPO+" display technology, which incorporates oxide semiconductors in both switching and drive transistors, and is said to use a lot less battery power.

Apple reportedly plans to reserve LTPO+ for its higher-end models in 2028, including new versions of the iPhone Air and its upcoming foldable iPhone, which would free up standard LTPO panels for the rest of the lineup. But if the new technology isn't ready in time, it could delay the trickle-down of LPTO panels to the 19e, so nothing's for certain yet.Tag: Digital Chat Station
This article, "iPhone 18e Won't Get ProMotion Display, Says Leaker" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Introduction
In the rapidly evolving landscape of modern software development, DevOps has firmly established itself as one of the most in-demand career paths in the IT industry. Organizations across the globe are moving toward agile, automated, and cloud-native environments, creating a massive need for professionals who can bridge the gap between development and operations. However, many beginners fall into the trap of chasing the latest flashy tools without first understanding the underlying principles.
Mastering the Core Skills Every DevOps Learner Should Master is the true differentiator between a button-pusher and a true DevOps architect. Relying on tools alone leaves you vulnerable when technology shifts; building a strong foundation in core concepts ensures long-term employability and adaptability. Whether you are a student, a system administrator, or a developer, your journey should be guided by a structured, hands-on approach. For those looking for a clear path forward, DevOpsSchool provides comprehensive training and resources designed to help you navigate this complex field effectively. By focusing on practical application over theoretical memorization, you can build a sustainable and high-growth career.
What Are DevOps Skills?
DevOps skills are a blend of technical expertise, process-oriented thinking, and soft skills required to manage the software delivery lifecycle.
Technical Skills: The ability to use specific software, languages, and infrastructure platforms to automate tasks. Process Knowledge: Understanding the methodology behind CI/CD, Agile, and Lean management. Collaboration: Working effectively across silos, specifically bridging the divide between software developers and IT operations staff. Automation Mindset: The consistent drive to replace manual, repetitive tasks with reliable, automated code or scripts. At its heart, DevOps is about speed, reliability, and scale, and these skills are the tools you use to achieve those outcomes.
Why Core Skills Matter More Than Individual Tools
Technology changes rapidly. A specific tool you master today—like a particular CI/CD platform—might be superseded by a more efficient alternative within a few years. However, the core principles of networking, operating systems, and automation remain constant.
When you master core skills, you gain the ability to learn new tools quickly. If you understand how a packet traverses a network, you can troubleshoot a firewall issue regardless of the specific vendor. If you understand the fundamentals of version control, you can adapt to any repository system. Focusing on fundamentals creates a deeper sense of confidence and superior problem-solving capabilities in real-world production environments.
Complete DevOps Skills Roadmap
Skill AreaWhy It MattersDifficulty LevelLinuxThe foundation of almost all serversMediumNetworkingConnects all distributed systemsHighGitEssential for collaboration and versioningEasyScriptingNecessary for automationMediumCloudWhere modern infrastructure residesHighCI/CDThe backbone of software deliveryMediumContainersStandardizes application deploymentMediumKubernetesOrchestrates containerized workloadsVery HighIaCManages infrastructure as codeMediumMonitoringEnsures system health and visibilityMediumSecurityProtects the entire pipelineHighSoft SkillsBridges team communicationEasy Linux Skills
Linux is the operating system of the cloud. You must be proficient in:
Command Line (CLI): Navigating the file system, editing files with Vim/Nano. File Systems: Permissions, ownership, and disk management. Process Management: Monitoring system resources and handling background jobs. Networking Basics: Configuring IP addresses, routing, and DNS. Learning Tip: Stop using a GUI. Build a Linux virtual machine and force yourself to perform every administrative task exclusively through the terminal.
Networking Fundamentals
You cannot manage what you cannot connect. A DevOps engineer needs to understand:
TCP/IP: The fundamental protocols of the internet. DNS: How domain names resolve to IP addresses. HTTP/HTTPS: How web traffic is handled. Load Balancing: Distributing traffic to ensure high availability. Understanding how a request moves from a user’s browser, through a load balancer, to an application server, and back to a database is vital for troubleshooting.
Version Control With Git
Git is the language of collaboration. You must move beyond simple “git push” commands to understand:
Branching & Merging: Handling parallel development features. Pull Requests: Peer review workflows. Git Workflows: Understanding Trunk-Based Development vs. GitFlow. Git is how teams maintain the “source of truth” for both application code and configuration files.
Programming and Scripting
You don’t need to be a software developer, but you must be able to script.
Bash: For simple, repetitive OS-level tasks. Python: For complex automation, API interactions, and data processing. PowerShell: Often required in Windows-centric corporate environments. Scripting allows you to integrate different tools together into a cohesive pipeline.
Cloud Computing Skills
Cloud platforms like AWS, Azure, and Google Cloud provide the infrastructure. Focus on:
Compute: Virtual machines and serverless functions. Storage: Object storage, block storage, and file systems. Networking: Virtual Private Clouds (VPC), security groups, and gateways. Identity Management: Managing users and permissions securely. CI/CD Fundamentals
CI/CD is the heart of DevOps.
Continuous Integration: Merging code changes frequently into a central repository. Continuous Delivery: Ensuring code is always in a deployable state. Continuous Deployment: Automating the release process to production. Mastering tools like Jenkins, GitHub Actions, or GitLab CI is essential for creating automated workflows.
Docker and Containerization
Containers package an application and its dependencies into a single unit.
Images: Creating lightweight, portable environments. Registries: Storing and retrieving container images. Networking/Volumes: Ensuring containers can communicate and persist data. Docker allows you to eliminate the “it works on my machine” problem.
Kubernetes Skills
Kubernetes is the standard for container orchestration. Key concepts include:
Pods: The smallest deployable unit. Deployments: Managing replicas and updates. Services: Exposing applications to internal or external traffic. Scaling: Adjusting resources based on demand. Infrastructure as Code (IaC)
IaC allows you to provision infrastructure using human-readable configuration files rather than manual clicks in a console.
Terraform: The industry standard for cloud-agnostic provisioning. Ansible: Excellent for configuration management and application deployment. IaC enables version control, repeatability, and consistency across environments.
Monitoring and Observability
You cannot fix what you cannot see.
Metrics: Tracking performance over time (e.g., Prometheus). Logging: Centralizing logs for analysis (e.g., ELK Stack). Alerting: Setting thresholds to notify teams when issues arise. Observability provides the data necessary for informed incident response.
DevSecOps Fundamentals
Security is not an afterthought.
Secure Coding: Scanning code for vulnerabilities. Secrets Management: Never hardcoding passwords in scripts. Shift-Left Security: Integrating security checks early in the pipeline. Soft Skills Every DevOps Engineer Needs
Communication: Clearly explaining technical issues to non-technical stakeholders. Problem-Solving: Remaining calm during outages and identifying root causes. Adaptability: Being willing to unlearn old methods when better ones emerge. Continuous Learning: The technology stack evolves weekly; your curiosity is your greatest asset. How to Learn These Skills Step by Step
StageSkills to LearnExpected Outcome1Linux & NetworkingUnderstanding the host environment2Git & ScriptingAutomating basic tasks3Cloud & ContainersDeploying apps on modern infrastructure4CI/CD & IaCAutomating the full software delivery life cycle5Kubernetes & MonitoringManaging production-scale systems Hands-On Projects to Build These Skills
ProjectSkills CoveredDifficultyWeb Server SetupLinux, NetworkingEasyGit WorkflowGitEasyDockerized AppDocker, ScriptingMediumCI/CD PipelineGit, CI/CD, DockerMediumCloud IaC DeploymentTerraform, CloudHardK8s Cluster MonitorKubernetes, MonitoringHard Common Learning Mistakes
Skipping Fundamentals: Trying to learn Kubernetes before understanding Linux is like trying to build a roof without a foundation. Tool Hopping: Learning the interface of five different tools instead of the logic behind one. Passive Learning: Watching hours of video without ever opening a terminal. Ignoring Security: Believing that security is “someone else’s job.” Measuring Your Progress
MetricWhy It MattersCareer BenefitGitHub PortfolioProves practical skillsHigher interview conversionAutomation ScriptsShows efficiencyDemonstrates valueCertificationsValidates knowledgeHR gatekeeping passProjects CompletedShows applicationTechnical confidence Real-World Example: Beginner to DevOps Engineer
Consider a Linux administrator who spends two hours daily learning Python and Docker. They build a personal project: a static website hosted on AWS. They use Terraform to provision the S3 bucket, a GitHub Action to trigger the deployment, and a monitoring script to alert them via email if the site goes down. By documenting this project on GitHub and explaining the why behind their choices in interviews, they shift from a “support” role to a “DevOps Engineer” role in less than a year.
Future Skills Every DevOps Professional Should Learn
Platform Engineering: Building internal developer platforms to improve the developer experience. GitOps: Managing infrastructure via Git repository state. AI-assisted DevOps: Leveraging LLMs to write better scripts and analyze logs faster. FinOps: Managing and optimizing cloud costs. Certifications & Learning Paths
CertificationBest ForSkill LevelFocus AreaLinux+Linux FoundationBeginnerOS BasicsAWS Solutions ArchitectCloud BeginnersIntermediateInfrastructureCKAKubernetes ExpertsAdvancedContainersTerraform AssociateIaC BeginnersIntermediateAutomation Explore structured paths at DevOpsSchool to find the right certification journey for your goals.
Best Practices Checklist
[ ] Master Linux basics before touching cloud consoles. [ ] Automate any task you find yourself doing more than twice. [ ] Keep your Git commit history clean and meaningful. [ ] Always treat “Infrastructure as Code” as the source of truth. [ ] Document your failures and your learning process. [ ] Stay curious about the “how” and “why,” not just the “what.” FAQs
Which DevOps skill should I learn first? Start with Linux and basic networking. Everything else runs on top of these. Is Linux mandatory? Yes, it is the standard for most servers and container environments. Do I need programming knowledge? You need scripting knowledge. Deep software engineering isn’t required, but logic is. Which cloud platform is best? Start with AWS due to its market share and extensive documentation. How important is Kubernetes? It is essential for modern enterprise-scale applications. Can beginners learn DevOps? Yes, by following a structured roadmap and prioritizing hands-on practice. Are certifications enough? No, certifications validate knowledge, but projects prove competence. How long does it take to become job-ready? Depending on your background, 6 to 12 months of consistent study. Final Thoughts
Becoming a DevOps engineer is not about memorizing a list of tools; it is about cultivating a mindset of continuous improvement and automation. The path can be challenging, but it is deeply rewarding for those who commit to mastering the core fundamentals. Do not be intimidated by the breadth of the field. Start small, build projects, document your progress, and stay consistent. Your ability to solve complex problems and automate away repetitive work will always be in high demand.
View the full article
Microsoft has shut down a long-running malicious extension operation on the Edge Add-ons store that hid its payloads inside ordinary image and font files, then woke up days after install to steal credentials and run ad fraud. The company calls it StegoAd, a mash-up of steganography and adware, and ties 119 extensions to a single threat actor it says has been active since at least 2021.View the full article
A public proof-of-concept is now out for CVE-2026-55200, a critical flaw in libssh2 that lets a malicious or compromised SSH server trigger memory corruption on a connecting client, with possible code execution. No credentials, no user interaction. The bug affects every release up to and including 1.11.1 and carries a CVSS 4.0 score of 9.2. libssh2 is a client-side SSH library, not a server.View the full article
Cybersecurity researchers have uncovered two hijacked npm packages and a cluster of Go packages that are designed to deploy a Python-based information stealer on compromised Windows, Linux, and macOS hosts. "This attack avoids the most common npm execution paths through lifecycle scripts, perhaps in an attempt to remain 'compatible' with npm v12's security hardenings," JFrog said in aView the full article
Prime Day has ended, but the event's best prices have stuck around on a few Apple devices and accessories this weekend. You can still find great deals on AirPods, AirTag, Apple Watch, and MacBook Pro right now on Amazon. Regarding the MacBook Pro, these are now some of the only affected devices still in stock on Amazon in the wake of Apple's price hike this week.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

MacBook Pro


The M5 Pro/M5 Max MacBook Pro models are some of the only remaining products in stock after Apple's price hikes began this week. Starting with the 14-inch models, you can get the 24GB/1TB M5 Pro MacBook Pro for $2,149.99, now a $349 discount on the new price.

$349 OFF14-inch M5 Pro MacBook Pro (24GB/1TB) for $2,149.99
$449 OFF14-inch M5 Pro MacBook Pro (24GB/2TB) for $2,549.99

You can get up to $549 off the 16-inch MacBook Pro right now on Amazon, with the 24GB RAM/1TB M5 Pro model hitting $2,649.99, a $349 discount on the new price.

$349 OFF16-inch M5 Pro MacBook Pro (24GB/1TB) for $2,649.99
$549 OFF16-inch M5 Max MacBook Pro (36GB/2TB) for $3,849.99AirPods


The best Prime Day AirPods discount that's still around is on the AirPods 4, available for $99.00, down from $129.00.

$30 OFFAirPods 4 for $99.00
$50 OFFAirPods Pro 3 for $199.00AirTag 2


Apple's AirTag 2 hit the new low price of $24.00 for the 1-Pack and $89.00 for the 4-Pack.

$5 OFFAirTag 2 (1-Pack) for $24.00
$10 OFFAirTag 2 (4-Pack) for $89.00

This is the first major discount we've ever seen on the AirTag 2 at Amazon since the device launched earlier in 2026. The new AirTag is equipped with a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous-generation model.
Apple Watch Series 11


Amazon this week has all-time low prices on the Apple Watch Series 11, with $120 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$120 OFFApple Watch Series 11 (42mm GPS) for $279.00
$120 OFFApple Watch Series 11 (46mm GPS) for $309.00

You can get the 42mm GPS Apple Watch Series 11 for $279.00, down from $399.00, and the 46mm GPS model for $309.00, down from $429.00. On Amazon, you'll find three of the 42mm GPS models and two of the 46mm GPS models on sale at these all-time low prices.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Missed Prime Day? You Can Still Grab Record Low Apple Discounts This Weekend" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI on Friday released three versions of GPT-5.6, called Sol, Terra, and Luna, as a limited preview to a small number of companies as part of an ongoing engagement with the U.S. government. While Sol is the latest flagship model and the most powerful, Terra strikes a balance between efficiency and power, and Luna is fine-tuned for speed and affordability. "GPT‑5.6 Sol launches with our mostView the full article
The journey toward financial independence often begins with a single step: understanding how money works. In an era where financial markets are more accessible than ever, the interest in equity participation has reached new heights. However, for many, the stock market remains a complex puzzle characterized by volatility and technical jargon. This is where the importance of financial literacy becomes paramount. Navigating these markets without a map is akin to sailing in a storm without a compass, which is why beginners often face significant hurdles when attempting to enter the space. To bridge this gap, structured learning resources have become essential. Platforms like stocksmantra serve as a dedicated financial education and stock market learning platform, designed to help individuals learn stock market basics, investing concepts, and research strategies in a simple and practical way. By prioritizing education over speculation, new participants can build the confidence needed for successful stock market investing for beginners.
What is Stock Market Education?
Stock market education is the process of acquiring the necessary knowledge, skills, and discipline to navigate financial markets effectively. It is not merely about learning how to buy or sell a stock; it is about understanding the mechanics of the economy, the nature of corporate ownership, and the psychology behind market movements.
True education moves beyond surface-level information. It provides a comprehensive framework for interpreting financial data, evaluating business models, and managing risk. Investing blindly—relying on tips, rumors, or emotional impulses—is a recipe for instability. In contrast, an educated approach involves analyzing data objectively and forming a thesis based on logic. Financial literacy acts as the foundation upon which all informed decisions are built, ensuring that individuals understand not just the potential rewards, but the underlying risks involved in every transaction.
Why Beginners Should Learn Stock Market Before Investing
Entering the market without prior knowledge is one of the most common reasons retail investors experience frustration. Learning the fundamentals before deploying capital provides several distinct advantages.
First, it fosters a realistic understanding of risk. Every investment carries a degree of uncertainty, and understanding how to quantify and mitigate that risk is a critical survival skill. Second, education improves decision-making. When a beginner understands the difference between a high-quality business and a failing one, they are less likely to fall for market hype. Third, it builds long-term discipline. The stock market is rarely a shortcut to wealth; it is a tool for long-term growth. Structured learning teaches the patience required to weather market cycles, helping individuals maintain their course toward financial independence despite short-term noise.
Basics of Stock Market for Beginners
At its core, the stock market is a platform where buyers and sellers meet to trade shares of publicly listed companies. A share represents a fractional ownership interest in a business. When a company performs well, the value of that ownership generally increases; conversely, when a company struggles, the value may decrease.
Market participants include individual retail investors, institutional investors, and traders. These participants interact on exchanges, such as the NSE or BSE, which provide the infrastructure for transparent and fair trading. Price movement is primarily a function of supply and demand. If more people want to buy a stock than sell it, the price typically rises. Understanding these basic supply and demand dynamics is the first step in decoding how the market functions on a day-to-day basis.
Introduction to Stock Market Investing for Beginners
There is a fundamental distinction between investing and trading. Investing is generally a long-term endeavor focused on holding assets that appreciate over time or provide dividends. Trading, by contrast, is often short-term and relies on capitalizing on price fluctuations.
For those starting out, focusing on long-term portfolio building is often the most sustainable path. This involves selecting assets based on their long-term potential rather than short-term price swings. Risk diversification—spreading investments across different sectors and asset classes—is a core tenet of this approach. By not putting all one’s capital into a single basket, an investor protects themselves against sector-specific downturns, creating a more resilient financial profile.
Understanding Fundamental Analysis of Stocks
Fundamental analysis is the process of evaluating a company’s intrinsic value. Instead of looking at charts or price trends, an analyst looks at the business itself. Key components include examining company financials, such as earnings, revenue growth, profit margins, and debt levels.
Beyond the numbers, fundamental analysis involves understanding the industry in which the company operates and the competitive advantages the business possesses. An investor performing this type of research asks: Is this business profitable? Is the management team capable? Does the company have a clear path to future growth? This method of analysis is the cornerstone of value investing and is essential for anyone looking to build wealth over several years or decades.
Technical Analysis for Beginners
While fundamental analysis looks at the health of a business, technical analysis for beginners focuses on the price action itself. It relies on the premise that historical price patterns and volume trends can provide insights into future market behavior.
Key tools include charts, which map out price movements over time, and indicators that help identify trends. Concepts such as support and resistance levels are crucial; support is a price level where a stock has historically had difficulty falling below, while resistance is a level where it has had difficulty breaking above. Understanding these patterns helps traders identify potential entry and exit points. However, it is important to remember that technical analysis is a study of market psychology and supply-demand imbalances, and it works best when combined with a sound understanding of trading psychology.
Stock Market Analysis and Research Methods
The most effective market participants often combine fundamental and technical analysis. This dual approach allows for a more holistic view of the market. For instance, an investor might use fundamental analysis to identify a high-quality company, while using technical analysis to determine an optimal time to enter the position.
Research sources for this analysis include annual reports, financial news, market sentiment reports, and sector analysis. By staying informed about macroeconomic factors—such as interest rates or inflation—and comparing them with microeconomic data specific to a company, an investor can make more nuanced decisions. Continuous research is not just a habit; it is a necessity for anyone looking to remain competitive and informed.
IPO Analysis for Beginners
An Initial Public Offering (IPO) occurs when a private company decides to go public by offering shares to the public for the first time. Companies go public to raise capital for expansion, pay off debt, or provide an exit for early investors.
For beginners, analyzing an IPO can be challenging because there is often limited historical data available for the company as a public entity. Evaluating an IPO requires reading the prospectus, understanding the company’s business model, and assessing whether the valuation offered by the company is reasonable compared to its peers. It is vital to distinguish between the hype surrounding an IPO and the actual business potential, as not every newly listed company is a sound investment.
Common Mistakes Beginners Make in Stock Market
The path to success is often marked by avoiding the errors that trap others. One of the most common mistakes is emotional trading—making decisions based on fear or greed rather than data. Another significant error is a lack of research; buying a stock simply because someone else recommended it or because it has been rising is a high-risk behavior.
Overtrading is another pitfall, where investors buy and sell too frequently, leading to higher transaction costs and diminished returns. Furthermore, the absence of risk management—such as failing to set stop-loss levels or failing to diversify—can lead to catastrophic losses during market corrections. Learning to recognize these patterns is a vital part of one’s development as a market participant.
How Structured Learning Helps in Stock Market Success
Structured learning provides a pathway to success that is both efficient and reliable. By following a step-by-step curriculum, learners gain concept clarity, ensuring they understand the “why” behind every market move. This reduces the likelihood of impulsive mistakes and helps in developing a disciplined approach to capital allocation.
Structured education also builds confidence. When an investor understands the mechanics of the market, they are less likely to panic when prices drop. Instead of reacting emotionally, they are able to assess whether the drop is a temporary market fluctuation or a fundamental shift in the company’s prospects. This analytical framework is the hallmark of a successful long-term investor.
Role of Online Platforms in Stock Market Education
The digital age has democratized access to financial information. Online platforms have made it possible for anyone with an internet connection to learn stock market dynamics at their own pace. These platforms offer a wealth of resources, ranging from simplified explanations of complex concepts to interactive research tools.
Community learning is another major benefit, allowing individuals to discuss strategies and share experiences in a controlled environment. The goal of these platforms is to lower the barrier to entry and ensure that retail investors have the same access to quality educational content as professional market participants. By centralizing resources, these platforms help beginners avoid the fragmented and often misleading information found across the web.
Skills Required for Stock Market Success
Succeeding in the financial markets requires a specific set of soft and hard skills. Analytical thinking is at the top of the list; the ability to process data, identify patterns, and draw logical conclusions is essential. Patience is equally critical, as the best investments often take time to materialize.
Discipline is the glue that holds these skills together—the ability to stick to one’s strategy even when the market is chaotic. Risk management is the final pillar, involving the constant assessment of potential downsides. Finally, a commitment to continuous learning is non-negotiable. Markets evolve, economic cycles change, and the most successful investors are those who never stop refining their knowledge.
Future of Stock Market Education
The future of financial education is increasingly data-driven and technology-integrated. We are seeing the rise of AI-powered tools that can help learners analyze vast amounts of financial data in seconds. Simulation-based learning, which allows beginners to “practice” trading and investing with virtual money, is becoming a standard way to gain experience without risking actual capital.
As retail participation continues to grow globally, the demand for high-quality, accessible financial awareness will only increase. We are moving toward a future where financial literacy is considered a fundamental life skill, and education platforms will be the primary drivers of this transition.
Learning Insight: Why Stock Market Education Matters for Modern Investors
In the modern financial landscape, the traditional reliance on simple savings accounts is no longer sufficient to build long-term wealth. With inflation eroding the purchasing power of idle cash, the shift toward investing has become a necessity for achieving financial independence.
Growing retail participation is a positive trend, but it carries a significant responsibility: the need for education. Informed investors are better for the economy, better for the markets, and ultimately, better for themselves. Structured platforms continue to play a pivotal role in this journey, providing the resources and guidance necessary for individuals to transition from passive savers to active, informed participants in the global economy.
Frequently Asked Questions
What is stock market education? Stock market education is the systematic process of learning the concepts, strategies, and psychological aspects of investing and trading to make informed financial decisions.
How can beginners learn stock market easily? Beginners can start by using structured online platforms that break down complex topics into simple, digestible modules, focusing on basics before moving to advanced strategies.
Is stock market investing safe for beginners? While no investment is entirely risk-free, investing becomes significantly safer when a beginner understands risk management, performs thorough research, and maintains a long-term perspective.
What is the difference between investing and trading? Investing is a long-term approach focused on capital appreciation and wealth building, while trading is typically short-term, focusing on capitalizing on price fluctuations.
What is fundamental analysis of stocks? It is the method of evaluating a company’s financial health, including its revenue, earnings, assets, and liabilities, to determine its intrinsic value.
What is technical analysis for beginners? Technical analysis is the study of market price trends and volume patterns, using charts and indicators to predict future price movements based on historical data.
How do IPOs work? An IPO is the process where a private company offers shares to the public to raise capital. Investors can apply for these shares during the subscription period.
How can I start learning stock market? Start by mastering the basic terminology, understanding how exchanges work, and studying the difference between fundamental and technical analysis through reputable educational platforms.
What mistakes should beginners avoid? Beginners should avoid trading based on rumors, emotional decision-making, overtrading, and failing to perform independent research.
How long does it take to learn stock market? Learning is a continuous process. While basic concepts can be understood in a few weeks, becoming proficient takes consistent study and practice over time.
Can I learn stock market online? Yes, online platforms provide comprehensive courses, articles, and research resources that make it convenient to learn at your own pace from anywhere.
Is stock market research important before investing? Yes, research is the most critical step. It ensures that your investment decisions are based on data and logic rather than guesswork or external tips.
Final Thoughts
The journey into the world of finance is an ongoing process of growth and discovery. As we have explored, the stock market offers immense opportunities, but it requires a commitment to learning and a disciplined approach to risk. By focusing on structured financial education, beginners can navigate the complexities of the market with confidence. The importance of financial literacy cannot be overstated; it is the primary tool for achieving long-term financial goals and independence. Whether you are interested in fundamental analysis, technical charts, or simply understanding how the broader economy impacts your savings, consistency is key. Utilizing professional educational resources ensures that your learning path remains clear, practical, and effective. As you continue your journey, remember that the most successful investors are those who prioritize knowledge over impulse, consistently refining their research methods and staying grounded in the core principles of sound financial management.
View the full article
Modern enterprises operate in an environment where the speed of delivery is as critical as the quality and security of the product. Achieving this balance requires more than just adopting new tools; it necessitates a fundamental shift in how teams build, deploy, and manage software. Partnering with a specialized DevOps consulting company allows organizations to navigate this complex transition effectively. At cotocus, we support firms in refining these operational workflows to ensure sustained competitive advantage.
Enterprise Challenges Driving Modernization
Many organizations remain tethered to legacy systems that struggle to keep pace with modern market demands. These legacy architectures often result in silos, where development and operations teams function with misaligned goals. Manual deployment processes frequently become bottlenecks, leading to inconsistent environments and increased human error.
Furthermore, operational complexity often scales faster than the internal ability to manage it. Security concerns, when addressed as an afterthought, create massive technical debt. Perhaps most significantly, a critical skill gap exists where teams understand the necessity of modernization but lack the tactical experience to implement it without disrupting core business functions.
Why Organizations Need Experienced Consulting Partners
Transformation is inherently risky. Without a structured roadmap, organizations often fall into the trap of tool-first adoption, which rarely solves underlying process issues. Experienced consulting partners provide the necessary oversight to mitigate these risks by focusing on people, processes, and technology in that order.
Strategic partners bring proven frameworks that accelerate the adoption curve. They provide objective assessments that identify hidden inefficiencies, establish standardized best practices, and introduce governance models that ensure long-term stability. Crucially, they act as force multipliers, focusing on knowledge transfer to build internal capabilities rather than creating a dependency on external support.
Characteristics of a Mature DevOps Consulting Company
A mature consulting partner goes beyond basic implementation. They employ rigorous assessment methodologies to map the current state of infrastructure and delivery workflows against industry standards. Their value lies in deep architecture expertise, ensuring that proposed solutions are scalable, resilient, and vendor-agnostic where possible.
Exceptional firms also prioritize robust governance frameworks. They understand that automation without guardrails is dangerous. Therefore, they integrate compliance and security policies directly into the design phase. Most importantly, a mature partner emphasizes a mentorship-driven approach, ensuring that the engineering team internalizes the “why” behind every “how,” leading to sustainable operational maturity.
Understanding DevOps Consulting Services
DevOps consulting services encompass a holistic redesign of the delivery lifecycle. This begins with CI/CD pipeline consulting, where the objective is to create seamless, automated flows from code commit to production. Effective pipelines reduce manual intervention, shorten feedback loops, and improve deployment frequency.
Beyond delivery, consultants focus on infrastructure automation, ensuring that environments are reproducible and version-controlled. This operational optimization includes implementing comprehensive monitoring and observability tools. By shifting the focus from simple uptime tracking to meaningful performance metrics, organizations gain the visibility required to proactively resolve issues before they impact the end user.
Cloud Consulting and Migration Services
Cloud migration is rarely as simple as a “lift-and-shift” operation. Cloud consulting services focus on cloud readiness assessments to determine which workloads are suited for cloud-native architectures versus those that require refactoring. This planning phase prevents excessive cloud spend and architectural misalignment.
Modernization strategies often involve transitioning toward hybrid or multi-cloud environments to avoid vendor lock-in. Consultants help design these systems for high availability and elastic scaling. Throughout the process, they introduce cost-optimization strategies, ensuring that the migration is not just technically sound but economically sustainable for the enterprise.
Kubernetes Consulting Services
Kubernetes has become the standard for container orchestration, but its complexity is significant. Kubernetes consulting services help organizations transition from legacy virtual machine management to containerized microservices. This includes platform standardization, where the goal is to provide a consistent environment across development, testing, and production.
A critical aspect of this practice is ensuring production readiness. This involves configuring cluster security, ingress controllers, storage classes, and resource management policies. Consultants guide teams through the intricacies of cluster operations, helping them establish patterns for lifecycle management, upgrades, and disaster recovery that ensure operational continuity.
SRE Consulting Services
Site Reliability Engineering (SRE) bridges the gap between software development and system operations. SRE consulting services move organizations beyond traditional IT support toward a proactive model defined by service-level objectives (SLOs).
By defining measurable error budgets, teams can balance the pursuit of new features with the necessity of system reliability. Consultants help implement incident response processes that prioritize “post-mortems” and root-cause analysis, fostering a culture of continuous improvement. This approach turns operations into a discipline focused on building resilient systems that can withstand failures gracefully.
DevSecOps Consulting Services
Security can no longer exist as a separate, final step in the software lifecycle. DevSecOps consulting services focus on integrating security into every stage of the pipeline. This includes automating static and dynamic analysis, managing software supply chain security, and ensuring secrets management.
By treating security as code, consultants help teams implement policy-driven governance. This ensures that compliance requirements are met automatically rather than through manual audits. This “shift-left” approach empowers developers to own the security of their code, significantly reducing the risk of vulnerabilities reaching production environments.
GitOps and Platform Engineering Consulting
The future of efficient software delivery lies in Platform Engineering consulting, which treats the internal developer platform as a product. The goal is to provide developers with self-service capabilities, allowing them to provision infrastructure and deploy applications without waiting on operational tickets.
GitOps is the operational engine of this model. By using a Git repository as the single source of truth for both infrastructure and applications, organizations achieve declarative management. Changes are tracked, versioned, and applied automatically, ensuring that the live environment always matches the desired state defined in code.
AIOps, MLOps, and DataOps Consulting Services
As data becomes more central to operations, intelligent automation is essential. AIOps consulting services leverage machine learning to analyze vast streams of operational data, identifying anomalies and predicting potential outages before they occur.
For teams building data-driven applications, MLOps consulting services provide the framework to manage the machine learning lifecycle, from training models to deployment and monitoring. Simultaneously, DataOps consulting services focus on automating data pipelines, ensuring data quality, and improving the speed at which business intelligence can be extracted from complex datasets.
Corporate Training for Engineering Teams
Technology is only effective if the team has the skills to wield it. DevOps corporate training must move away from generic, slide-based presentations. Effective programs utilize hands-on, lab-driven sessions that simulate real-world enterprise scenarios.
Customized learning paths are essential, as different roles require different focuses. By fostering a culture of continuous capability development, companies ensure that their engineering teams are not just using the tools, but innovating with them. Training should be viewed as a long-term investment that increases retention and drives higher engineering throughput.
Selecting the Right Consulting Partner
When evaluating a partner, prioritize their history of actual implementation over theoretical knowledge. Ask for evidence of their approach to knowledge transfer—how do they ensure the client team is self-sufficient once the engagement ends?
Review their engagement model: are they providing staff augmentation, or are they taking ownership of transformation outcomes? The best partners offer long-term support, evolving their guidance as the organization matures. Look for partners who emphasize cultural alignment, as the success of DevOps and cloud initiatives depends as much on team behavior as it does on technical tooling.
Recommended Learning and Adoption Paths by Role
Developers: Focus on CI/CD pipeline fluency, container fundamentals, and local development environment automation. DevOps/Platform Engineers: Prioritize infrastructure as code, Kubernetes cluster management, and platform design. Security Professionals: Focus on policy-as-code, DevSecOps pipeline integration, and automated vulnerability management. Architects: Focus on microservices design, cloud-native patterns, and cross-team governance frameworks. Engineering Leaders: Prioritize metrics-based management (DORA metrics), culture building, and resource allocation for long-term reliability. Industry-Specific Strategic Considerations
In highly regulated industries like finance or healthcare, the priority for DevOps consulting is compliance automation and immutable infrastructure. The focus is on building pipelines that provide an audit trail for every change. Conversely, for e-commerce or SaaS companies, the priority is rapid iteration, high availability, and efficient scaling during demand spikes. Aligning your modernization strategy with these industry-specific pressures ensures that your transformation is prioritized correctly.
Frequently Asked Questions
What is the difference between DevOps and SRE? DevOps is a philosophy focused on breaking silos between development and operations, while SRE is a specific set of practices and engineering approaches to achieve the reliability goals set by that philosophy.
How long does a typical cloud migration take? The duration varies based on the size of the infrastructure and the complexity of the workloads. A thorough assessment and phased migration approach are recommended to avoid business disruption.
Is Kubernetes necessary for every organization? Not necessarily. While Kubernetes offers immense power for scaling and container orchestration, its overhead is significant. It is most beneficial for microservices-oriented architectures.
How does DevSecOps change the development process? It requires developers to integrate security testing into their daily workflow, moving from manual security gates to automated checks that provide immediate feedback during code development.
Can DevOps be implemented in a legacy environment? Yes, but it requires an incremental approach. By automating specific bottlenecks first and refactoring systems over time, legacy environments can adopt modern delivery patterns.
What are the key metrics for measuring DevOps success? Core metrics often include deployment frequency, lead time for changes, mean time to recovery (MTTR), and change failure rate.
What is the role of a Platform Engineering team? They build and maintain internal developer platforms that provide self-service tooling, reducing the cognitive load on application developers.
How do we ensure knowledge transfer during an engagement? The most effective approach is pair programming, collaborative design sessions, and creating comprehensive documentation that is treated as part of the product.
Final Thoughts
Digital transformation is an ongoing journey, not a destination. By partnering with experts who emphasize both technical implementation and internal capability building, organizations can create a resilient, high-velocity engineering culture. Success relies on balancing the adoption of advanced practices like GitOps and AIOps with the foundational work of clear communication and continuous learning. Investing in these areas today ensures that your enterprise remains capable of adapting to the evolving technological landscape.
View the full article
The Apple community was rocked this week as the company instituted massive price hikes on a broad array of products, with many products seeing increases of 10–20 percent and a few as high as 50 percent or more. The move led many Apple fans to flock to Amazon and other retailers in attempts to make purchases before the price increases trickle down to third-party sellers.


Other major news this week included a recap of the numerous products in Apple's pipeline rumored for release over the next 12–18 months, a second round of developer betas for iOS 27 and other updates, changes to Apple's chip roadmap, and more, so read on below for all of the details!

Top Stories

Apple Just Increased Prices on MacBooks, iPads, and More

After Tim Cook signaled last week that Apple hardware price increases were "unavoidable" in the face of high memory and storage costs from suppliers, Apple this week followed through with a slew of major price increases across its Mac and iPad lineups, as well as on HomePod, HomePod mini, Apple TV, and Vision Pro.


Apple explained that the company has "never seen a component price increase this much, this quickly," and while Apple held off on raising prices for as long as possible, the situation has become dire enough that it feels it needs to pass the increases along to customers. Apple says that it is "working tirelessly to find solutions," but memory suppliers forecast that shortages and high prices will last well into 2027.

Apple's price increases have largely yet to trickle down to third-party retailers and buyers are quickly snapping up whatever stock Amazon and others have left at the cheaper prices, so if you're interested in making a purchase, it would be wise to act quickly.

Apple to Release These 20 New Products Across Rest of 2026 and 2027

Apple's cadence of product updates has been slowed due to impacts from delays to the more advanced Siri as well as component shortages, so that means the pipeline of upcoming products is remarkably full at the moment.


Bloomberg's Mark Gurman this week recapped a list of around 20 new products we should be seeing through the remainder of 2026 and into 2027. The list includes updates to much of Apple's current product lineup, plus some new products like the foldable iPhone, a high-end touchscreen MacBook, camera-equipped AirPods, a smart home hub, and smart glasses.

Everything New in iOS 27 Beta 2

Apple this week rolled out a second round of developer betas for iOS 27 and related updates, and the new iOS 27 beta includes a few changes as Apple continues to build out the update ahead of an expected September public release.


A new "Write with Siri" button in several first-party apps makes it easier to locate the tools that allow Siri to assist you with writing, while there are improvements to RCS messaging, tweaks to the Camera and Wallet apps, the ability to update an Apple TV from the Home app on iPhone, and more.

2027 Macs to Get AI-Focused M7 Chips as Apple Skips High-End M6

A significant shakeup for Apple's chip roadmap is underway, according to Bloomberg, with Apple cutting higher-end chips from the upcoming M6 family as the company seeks to speed up development of the M7 family to deliver greater AI optimizations.


It sounds like we'll only be getting a base M6 chip from that family later this year in some lower-end Macs, with Apple quickly moving on to an M7 chip in the first half of 2027. Higher-end chips in the M7 family will follow later in 2027.

Apple's highly anticipated OLED touchscreen "MacBook Ultra," will reportedly use the current M5 Pro and M5 chips that debuted in the MacBook Pro earlier this year, despite the fact that the new laptop won't arrive until late this year or even early next year.

Apple Explains Why watchOS 27 Drops Support for So Many Models

Amid some consternation from users, Apple has explained why five Apple Watch models will miss out on watchOS 27 and the new Siri AI features that come with it.


The Apple Watch Series 6, 7, 8, SE 2, and the original Apple Watch Ultra will not receive watchOS 27, and will only get basic security updates going forward. With the update, Apple is effectively dropping three years' worth of device support in a single software update, which is unprecedented for the product line.

Speaking to TechRadar, Apple executives explained that the company wanted to use watchOS 27 to make the Apple Watch a "true co-partner to Apple Intelligence," and that required some sacrifices in supported models for the update. Only the last few generations of Apple Watch include the processing power to be able to adequately deliver the new features both on a standalone basis and in interfacing with a paired iPhone for heavier workloads with Siri AI.

MacRumors Newsletter

Each week, we publish an email newsletter like this highlighting the top Apple stories, making it a great way to get a bite-sized recap of the week hitting all of the major topics we've covered and tying together related stories for a big-picture view.

So if you want to have top stories like the above recap delivered to your email inbox each week, subscribe to our newsletter!Tag: Top Stories
This article, "Top Stories: Massive Apple Price Increases, iOS 27 Beta 2, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
For teams building AI-governed systems, the EU AI Act adds compliance obligations to every stage of the development lifecycle, from documenting training data to reporting incidents in production. With phased enforcement already underway, now is the time to assess where your workflows stand.
The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive AI regulation. It entered into force in August 2024 with requirements rolling out in phases through 2027. The Act applies, among others, to any organization that places an AI system on the EU market, deployers of AI systems established in the EU, or whose AI system’s output is used in the EU, regardless of where that organization is headquartered.
This guide covers what each risk tier requires, the full compliance timeline (including the 2026 Digital Omnibus adjustments), transparency obligations, penalties, and what compliance looks like for the teams building and operating AI systems.
The four risk tiers
The AI Act takes a risk-based approach. Every AI system falls into one of four categories, and the category determines the regulatory obligations that apply. This classification drives the entire compliance process.
1. Unacceptable risk (prohibited)
AI systems in this tier are banned outright under Article 5. These prohibitions have been in effect since February 2, 2025. The prohibited practices include:
Subliminal, manipulative, or deceptive techniques that distort behavior and cause significant harm Exploitation of vulnerabilities related to age, disability, or socioeconomic circumstances Social scoring systems that evaluate individuals based on social behavior or personal traits Predictive policing based solely on profiling or personality traits Untargeted scraping of facial images from the internet or CCTV to build facial recognition databases Emotion recognition in workplaces and educational institutions (except for medical or safety reasons) Biometric categorization to deduce or infer certain protected characteristics (except for labelling or filtering of lawfully acquired biometric datasets) Real-time remote biometric identification in publicly accessible spaces for law enforcement, with narrow exceptions for missing persons, imminent threats, and serious crime investigations 2. High risk (regulated)
High-risk AI systems are subject to the most extensive compliance obligations. The Act identifies two paths to high-risk classification:
Annex I systems: AI used as a safety component or product covered by existing EU product safety legislation (medical devices, machinery, vehicles) that requires a third-party conformity assessment. Annex III systems: AI used in eight sensitive areas: biometrics, critical infrastructure, education, employment, essential public and private services, law enforcement, migration and border control, and administration of justice. Any AI system used to profile individuals within an Annex III use case is automatically classified as high-risk, regardless of other exemptions. Providers who believe their Annex III system is not high-risk must document that assessment before placing it on the market.
This is the tier that puts the heaviest demands on your logging, testing, and documentation pipelines.
Annex III exceptions: An AI system listed under Annex III is not considered high-risk if it performs a narrow procedural task, improves a previously completed human activity, detects decision-making patterns without replacing human judgment, or performs a preparatory task for an Annex III assessment.
3. Limited risk (transparency risk)
AI systems in this tier face requirements focused on transparency and disclosure. Under Article 50, deployers must ensure that users know they are interacting with an AI system (e.g., chatbots), and providers of generative AI must mark synthetic content as AI-generated. This tier is where deepfake obligations sit, covered in detail below.
For software engineers, this comes down to marking generated content in a machine-readable way and surfacing the disclosure where users actually see it.
4. Minimal risk (unregulated)
The majority of AI systems currently on the market, including spam filters, AI-enabled games, and recommendation engines, fall here. No specific regulatory obligations apply, though the Act encourages voluntary codes of conduct.
The compliance timeline
The EU AI Act’s requirements take effect in phases, not all at once. Some obligations are already enforceable. Others will not apply until late 2027.
Date
What takes effect
August 1, 2024
AI Act enters into force (Regulation (EU) 2024/1689 published).
February 2, 2025
Prohibited AI practices under Article 5 become unlawful. AI literacy obligations begin (Article 4).
August 2, 2025
General-purpose AI (GPAI) model obligations take effect (Chapter V). Governance bodies established. Penalty provisions become applicable. Code of Practice for GPAI published.
August 2, 2026
General date of application of the AI Act. Transparency obligations under Article 50 take effect, including deepfake labeling and synthetic content marking. Member States must have at least one AI regulatory sandbox operational.
December 2, 2026*
Machine-readable marking obligations under Article 50(2) apply to AI systems, including GPAI systems, which have been placed on the market before August 2, 2026 (four-month grace period). Article 5 prohibition on AI-generated non-consensual intimate imagery and child sexual abuse material becomes applicable.
August 2, 2027
Obligations for high-risk AI systems embedded in regulated products under Annex I (Article 6(1)). GPAI models placed on the market before August 2025 must be in compliance.
December 2, 2027*
Standalone Annex III high-risk AI system requirements take full effect (risk management, conformity assessment, technical documentation, CE marking, EU database registration).
August 2, 2028*
High-risk AI systems that are components of products covered by Annex I product safety legislation.
*Omnibus adjustment: The Digital Omnibus package revised these high-risk deadlines, moving the Annex III standalone high-risk deadline from August 2026 to December 2, 2027, and the Annex I embedded high-risk deadline from August 2027 to August 2, 2028. The European Parliament approved the package on June 16, 2026.
Obligations for high-risk systems by role
The EU AI Act distinguishes between providers, deployers, importers, and distributors. Their obligations differ by role.
Providers+
Providers of high-risk AI systems carry the heaviest compliance burden. Among other obligations, they must:
Risk management system: Establish and maintain a risk management process throughout the AI system’s lifecycle, not just at launch. Data governance: Ensure that training, validation, and testing datasets are subject to appropriate data governance and management practices and are relevant, sufficiently representative, and as free of errors as possible. Where these datasets contain personal data, the GDPR also applies: you need a lawful basis, data minimization, and, for any special-category data used to detect and correct bias, the specific safeguards. Technical documentation: Produce documentation that demonstrates compliance and provides authorities with the information to assess it. It shall contain, at minimum, the elements contained in Annex IV. Record-keeping and documentation: Design the system to automatically log events relevant to identifying risks and tracking modifications. Providers must keep certain documents for up to 10 years at the disposal of the competent authorities. Transparency and instructions for use: Provide deployers with clear documentation on the system’s capabilities, limitations, intended use, and human oversight requirements, which allows deployers to interpret a system’s output and use it appropriately. Human oversight: Design the system so that deployers can implement effective human oversight during use. Accuracy, robustness, and cybersecurity: Achieve appropriate performance levels across all three dimensions. Quality management system: Establish and document a QMS that covers the full compliance process. Corrective actions: Take necessary corrective action in case of suspected non-conformity of the AI system with the AI Act, including bringing it into conformity, withdrawing it, disabling it or recall it, as appropriate. Cooperation with authorities: Provide information and documentation necessary to competent authorities and giving access to automatically generated logs, upon request, to demonstrate conformity of the AI system with the AI Act. Authorized representatives: Providers established in third-party countries must appoint a representative established in the Union prior to making the high-risk AI system available on the Union market. Conformity assessment: Ensure that the appropriate conformity assessment procedure is completed prior to placing the AI system on the market. Additionally, drawing up an EU declaration of conformity, affix CE marking, and register the system in the EU database before placing it on the market. Post-market monitoring: Providers shall establish and document a post-market monitoring system in a manner that is proportionate to the nature of the AI technologies and the risks of the high-risk AI system. Reporting: Providers shall report any serious incident to the market surveillance authorities. The AI Act establishes different terms for reporting, which vary according to the incident’s severity.  Deployers+
Deployers are natural or legal persons, public authorities, agencies or other bodies that use an AI system under its authority. Those using AI systems in the course of a personal non-professional activity are not considered deployers. Under Article 26, deployers of high-risk systems must:
Use the system as instructed: Operate it the way the provider’s instructions for use specify. Assign human oversight: Put oversight in the hands of people with the competence and authority to exercise it. Govern input data: Where the deployer controls the input data, make sure it’s relevant and sufficiently representative for the system’s intended purpose. Monitor and escalate: Monitor the operation of the AI system, and if it starts to present a risk, notify the provider or the distributor and the market surveillance authority and suspend use. Keep logs: Retain the logs the system generates automatically, to the extent they’re under the deployer’s control, for at least six months. Notify the workforce: Tell affected workers and their representatives before a high-risk system goes live in the workplace. Inform affected people: When an Annex III system makes decisions, or assists in making decisions, about individuals, those individuals have to be told. This overlaps with GDPR transparency and where the system makes solely automated decisions with legal or similarly significant effects, so coordinate the AI Act notice with your GDPR notices. Support data protection assessments: Use the information the provider supplies to meet any data protection impact assessment obligation under the GDPR. Cooperate with authorities: Work with competent authorities on any action they take regarding the system. Register, if public: Public authorities must register the deployment in the EU database and shall not run a system while it isn’t. Article 27 adds a fundamental rights impact assessment for a narrower group: public bodies, private entities providing public services, and deployers using Annex III systems for credit scoring or insurance pricing. Before first use, they document how the system will be used, who it could affect, the risks involved, and the human oversight in place, then file the results with the market surveillance authority.
For engineering teams, most of these duties come down to monitoring, log retention, and the ability to suspend a system fast. They get solved in your infrastructure, not in a policy document.
Important: Under the EU AI Act, operators in the AI-value chain can be considered both providers and deployers. Put your name on a high-risk system, modify one substantially, or repurpose a non-high-risk system into a high-risk use, and you’re reclassified as a provider with the full obligation set (Article 25).
Importers+
Importers are the EU-based persons or organizations that place a non-EU provider’s high-risk AI system on the market, and Article 23 makes them a checkpoint for conformity before the system reaches EU users. Importers must:
Verify conformity before import: Confirm the provider has completed the conformity assessment, drawn up the technical documentation (Annex IV), affixed CE marking with the EU declaration of conformity and instructions for use, and appointed an authorized representative. Block non-conforming systems: If there’s reason to believe a system isn’t in conformity, or its documentation is falsified, don’t place it on the market until it’s corrected. If the system presents a risk, inform the provider, the authorized representative, and the market surveillance authorities. Add contact details: Put the importer’s name, registered trade name or trademark, and contact address on the system, its packaging, or its accompanying documentation. Protect compliance in storage and transit: Make sure storage and transport conditions under the importer’s responsibility don’t compromise the system’s compliance. Keep records for 10 years: Retain a copy of the notified-body certificate (where applicable), the instructions for use, and the EU declaration of conformity for 10 years after the system is placed on the market or put into service. Respond to authorities: On a reasoned request, give competent authorities the information and documentation needed to demonstrate conformity, in a language they can readily understand. Cooperate with authorities: Work with competent authorities on any action they take to reduce or mitigate the risks of a system the importer placed on the market. An importer that puts its own name or trademark on a high-risk system, or substantially modifies one already on the market, is reclassified as a provider and takes on the full provider obligation set (Article 25).
Distributors+
Distributors are the other parties in the supply chain who make a high-risk system available on the EU market. Their duties under Article 24 overlap with an importer’s but focus on what happens at and after the point of sale. Distributors must:
Verify documentation before distribution: Confirm the system bears CE marking, comes with the EU declaration of conformity and instructions for use, and that the provider and importer have met their own obligations. Block non-conforming systems: If there’s reason to believe a system isn’t in conformity, don’t make it available until it’s corrected. If it presents a risk, inform the provider or importer. Protect compliance in storage and transit: Make sure storage and transport conditions under the distributor’s responsibility don’t compromise the system’s compliance. Act on non-conformity after sale: If a system already made available turns out to be non-conforming, take corrective action to fix, withdraw, or recall it, or ensure the provider or importer does. If it presents a risk, immediately inform the provider or importer and the competent authorities. Respond to authorities: On a reasoned request, provide the information and documentation on these actions needed to demonstrate conformity. Cooperate with authorities: Work with competent authorities on any action they take regarding a system the distributor made available. The same reclassification rule applies: a distributor that brands a high-risk system as its own or substantially modifies one already on the market becomes a provider under Article 25.
Deepfake and transparency obligations (Article 50)
Article 50 creates specific transparency requirements for AI systems that interact with people or generate synthetic content. These obligations generally apply from August 2, 2026 and are relevant regardless of the system’s risk classification.
Who must comply
Providers of AI systems that interact directly with people must ensure that individuals are informed they’re interacting with an AI system, unless this is obvious from the circumstances. Providers of AI systems that generate synthetic content (audio, image, video, or text) must mark that output in a machine-readable format that’s detectable as AI-generated or manipulated. The marking must be effective, interoperable, robust, and reliable. Deployers who use AI to create deepfakes must disclose that the content has been artificially generated or manipulated. The Act defines a deepfake as AI-generated or manipulated image, audio, or video content that resembles existing persons, objects, places, or events and would falsely appear authentic. Deployers who publish AI-generated text on matters of public interest must label it as AI-generated, unless the content has been through human editorial review and a natural or legal person holds editorial responsibility. Deployers of emotion recognition or biometric categorisation systems must inform the people exposed to the system that it’s operating, and handle their personal data in line with the GDPR. Artistic exception regarding deepfakes: When AI-generated content is part of an evidently artistic, creative, satirical, or fictional work, only minimal and non-intrusive disclosure is required. The deepfake labeling obligation still applies, but the disclosure format can be lighter.
The Code of Practice for transparency
The European Commission developed a Code of Practice on marking and labeling AI-generated content to operationalize Articles 50(2) through 50(5). The code provides practical and technical guidance for real-world implementation of the marking and disclosure requirements. Its final version was published on June 10, 2026.
General-purpose AI model obligations
Chapter V of the Act creates a separate set of obligations for providers of general-purpose AI (GPAI) models. These rules have been applicable since August 2, 2025 (models placed on the market before that date have until August 2, 2027 to comply). The European Commission has published guidelines to support providers in meeting these requirements.
General-purpose AI models are the broad, multi-purpose models that show significant generality, perform a wide range of distinct tasks, and can be used directly as well as integrated into other AI systems.
All GPAI model providers
Every provider of a GPAI model must draw up and maintain technical documentation (which shall contain at minimum the information set out in Annex VI), provide information and documentation to downstream providers integrating the model, establish a policy to respect the EU Copyright Directive, and publish a sufficiently detailed summary of the content used for training.
Providers of free and open-license GPAI models (where parameters, architecture, and usage information are publicly available) do not need to comply with the obligations regarding technical documentation and provision of information to downstream providers, unless the model presents a systemic risk.
GPAI models with systemic risk
A GPAI model is presumed to carry systemic risk if it was trained using more than 10²⁵ floating point operations (FLOPs) of compute. That bar was set to capture the frontier models of the day: GPT-4 is widely estimated to sit above it, while the earlier GPT-3 was trained on roughly 30 times less. The Commission can also designate other models as systemic on criteria like the number of end users, high-impact capabilities, or output modalities.
Providers of systemic-risk models carry every GPAI obligation above, plus four more:
Model evaluation: Run model evaluations, including adversarial testing. Risk mitigation: Assess and mitigate the systemic risks the model could pose. Incident reporting: Track and report serious incidents to the AI Office. Cybersecurity: Maintain an adequate level of protection for the model. A voluntary Code of Practice for general-purpose AI models was published in July 2025. Following a code of practice creates a presumption of conformity until European harmonized standards are in place.
Penalties and enforcement
The EU AI Act establishes a three-tier penalty structure under Article 99, designed to be effective, proportionate, and dissuasive.
Violation
Maximum fine
Turnover threshold
Prohibited AI practices (Article 5)
€35 million
7% of global annual turnover
High-risk AI system non-compliance (specific provisions)
€15 million
3% of global annual turnover
Supplying incorrect or misleading information to authorities
€7.5 million
1% of global annual turnover
Enforcement is split between the European AI Office, which oversees GPAI model providers, and national competent authorities in each Member State, which handle all other operators.
Each Member State must designate at least one national authority for implementation and market surveillance. The penalty provisions are designed to account for the interests of small and medium-sized enterprises and startups, and Member States report annually to the Commission on fines issued.
What compliance looks like for engineering teams
The EU AI Act’s requirements are written in regulatory language, but they translate to concrete engineering concerns. If your team builds or deploys AI systems that serve EU users, here’s where the Act’s obligations intersect with your development workflow.
Inventory and classification come first
Compliance starts with knowing what you have. Every AI system the organization builds, uses, or procures needs to be cataloged and classified against the Act’s risk tiers. Record, for each system, whether it processes personal data and link the entry to your GDPR records of processing (Article 30) so the AI inventory and the privacy record stay aligned.
This is not a legal exercise alone. Engineering teams are typically the only ones who understand the actual capabilities, data flows, and deployment contexts of the systems they build. If your organization has an AI governance framework in place, the AI inventory is usually its foundation.
Audit trails are non-negotiable
The Act requires automatic event logging for high-risk systems and structured documentation across almost every tier. This means every decision an AI system makes, the categories of data sources it accesses, and every action it takes needs to be logged in a way that is auditable. 
Teams already shipping AI agents need structured event capture of system actions, including timestamp, session context, the tool or rule invoked, and the agent or service identity, scoped to system-health and security telemetry rather than individual worker performance. Exporting these logs to existing SIEM and compliance systems closes the gap between agent behavior and audit requirements.
Prepare your risk management system
Article 9 requires a continuous risk management process, including control measures for risks that can’t be removed by design. 
The ability to enforce policies is the mechanism that makes your chosen controls binding at the moment the agent acts, therefore acting as a risk mitigating strategy. This can happen at the agent level, by applying policies and rules to sandboxed agents, and at the tool level, with policies applied to the gateway that manages agent tool access.
Runtime isolation supports human oversight
The EU AI Act requires that high-risk AI systems be designed for human oversight, and that deployers can intervene during operation. For agentic workloads, where AI acts autonomously, this maps directly to runtime isolation: running agents inside sandboxed environments where network access, filesystem scope, and tool permissions are policy-controlled. 
If an agent exceeds its intended scope, isolation constrains the blast radius. This is the mechanism that makes oversight enforceable at the infrastructure level.
Transparency can be instrumented
Article 50’s deepfake and synthetic content marking requirements are a metadata problem. Providers need to embed machine-readable markers in generated content, and deployers need to surface human-readable disclosures. 
For teams building generative AI systems, this means integrating content provenance marking (such as C2PA or IPTC standards) into the generation pipeline. Where generated content depicts a real, identifiable person, it is also personal data under the GDPR, so the marking is necessary but not sufficient and the usual lawful-basis and rights obligations still apply. The AI governance controls your organization uses can enforce these policies at the platform layer rather than relying on each application to implement them independently.
Use the official compliance tools
The European Commission has launched the AI Act Service Desk, a single information platform that includes an official Compliance Checker to help organizations determine which obligations apply to their AI systems, an AI Act Explorer for navigating the full regulation text, and a helpdesk for submitting questions. These tools are free, official, and available in English, French, and German (with all 24 EU languages planned for 2026).
Start building compliance into your AI infrastructure
EU AI Act compliance is not a document you file. It’s a set of technical controls, organizational processes, and audit practices that need to be embedded in how your team builds and operates AI systems.
To make things easier, Docker AI Governance supports operationalizing these requirements. It does not replace the human oversight, classification, and legal accountability the AI Act assigns to providers and deployers, and customer code, configurations, and telemetry are not used to train Docker’s or third-party models. Instead, Docker AI Governance includes sandbox-based runtime isolation for blast-radius risk mitigation and real time monitoring, policy enforcement across network, filesystem, and MCP tool access, and structured audit logging that exports to existing SIEM and compliance systems.
Explore Docker AI Governance to see how runtime policy, audit trails, and agent isolation support the regulatory controls the EU AI Act requires.
Frequently asked questions
Does the EU AI Act apply to companies outside the EU?
Yes. Under Article 2, the EU AI Act applies to providers and deployers of AI systems regardless of whether they’re established in the EU. You are in scope if you place an AI system on the EU market, or if the system’s output is used in the EU.
Is there an official EU AI Act compliance checker?
The European Commission’s AI Act Service Desk includes a Compliance Checker tool that helps organizations determine which obligations apply to their AI systems. It walks through a series of questions about the system’s purpose, deployment context, and risk profile to identify relevant articles and requirements.
What are the EU AI Act deepfake requirements?
Under Article 50, providers of AI systems that generate synthetic audio, image, video, or text must mark the output in a machine-readable format as AI-generated. Deployers who use AI to create deepfakes (content resembling existing persons or events that would falsely appear authentic) must disclose that the content is artificially generated, even when the content is lawful. Artistic, creative, and satirical uses require only minimal disclosure.
These obligations take effect on August 2, 2026. Where a deepfake depicts a real, identifiable person, that content is also personal data under the GDPR, so labeling is necessary but not sufficient.
What is the difference between the AI Act and the Cyber Resilience Act?
The EU Cyber Resilience Act (CRA) targets products with digital elements and focuses on cybersecurity requirements across their lifecycle. The AI Act specifically targets AI systems and AI models, with requirements that scale based on risk classification. A product could be subject to both regulations, for example an AI-powered medical device that is both a product with digital elements (CRA) and a high-risk AI system (AI Act).
When do the high-risk AI system rules actually take effect?
The timeline depends on the type of high-risk system. Under the Digital Omnibus package, approved by the European Parliament on June 16, 2026, standalone Annex III high-risk systems must comply by December 2, 2027. Annex I embedded high-risk systems (products covered by EU product safety legislation) must comply by August 2, 2028. Check the official implementation timeline for the latest confirmed dates.

View the full article
Hackers are exploiting a critical vulnerability recently patched in PTC Windchill and FlexPLM, two product lifecycle management solutions used by organizations across a range of industries, including defense, aerospace, automotive, medical, electronics, industrial machinery, and consumer goods.
The vulnerability, tracked as CVE-2026-12569, is an unsafe deserialization flaw that enables remote code execution. It’s located in the web-based Windchill PDMLink product data management component and is rated 9.3 severity on the CVSS scale.
Product lifecycle management software is vital to organizations that manufacture products as it allows them to track a product from design to retirement, including storing CAD designs, bills of materials, workflows, engineering data, and more.
PTC alerted customers about the vulnerability and shared mitigation instructions on June 17. Over the next two days the company also released patches for Windchill versions 13.1.1, 13.0.2, 12.1.2, 12.0.2, 11.2.1, 11.1 M020, and 11.0 M030, as well as indicators of compromise.
On Thursday, PTC updated its advisory to warn customers that it has received reports of heightened threat activity. The update included new indicators of compromise that suggest attackers are deploying web shells — backdoor web scripts — on compromised instances. On the same day the US Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
Active exploitation of product lifecycle software is rare, but not surprising given its footprint in sectors that are attractive to threat actors, for both cyber espionage and data extortion. These systems also store highly sensitive intellectual property.
In fact, the damage to organizations could be so serious that back in March, German police reportedly took the unusual step to contact companies in the middle of the night in person to warn about a different zero-day vulnerability in Windchill that they had information attackers were planning to exploit.
The German Federal Office for Information Security (BSI) alerted companies about this new vulnerability as well, stressing it had reliable information about impending cyberattacks, the Heise media group reported.
PTC Windchill was first released 28 years ago and has more than 1.5 million users around the world, including companies such as BMW, Lockheed Martin, Boeing, and NVIDIA. PTC FlexPLM is a variant specifically designed for the retail, footwear, apparel, and consumer products industries.
View the full article
The Shortcuts app can be intimidating to casual iPhone users, but with iOS 27, it's a lot easier to use. With Apple Intelligence integration, shortcuts can be created using natural language, and they're much more accessible to the average person.


Describe a Shortcut

When you tap on the New Shortcut button in the ‌iOS 27‌ Shortcuts app, it opens to the Describe a Shortcut interface.


There's a text box that asks you what you want your shortcut to do, and you can describe what you need in natural language. You can start with a single step, or add in multiple parameters. ‌Apple Intelligence‌ selects the correct actions, creates the automations, and folds it all into a completed shortcut. A few examples of what you can do:

Each evening, set tomorrow's alarm based on my first Calendar event, turn on Sleep Focus, and dim the bedroom lights.
Every morning, show me my first meeting, today's weather, and my Reminders due today.
Turn on the porch lights at night when you get a notification that food delivery is arriving.
Text my partner an ETA when I leave work, then start playing my podcast.
Show me a summary of my day's meetings and to-do list, and suggest anything I should prioritize.
When I open YouTube, turn off orientation lock. Turn it back on when I close the app.
Give me a three-line summary of today's tech news.

Shortcuts and automations can run based on time of day, location, an app action, a system feature like a screenshot, an incoming notification, and more. Shortcuts can do all kinds of things, from accessing system features to opening and running apps.

Add Refinements

After dictating a shortcut, the app will outline each of the actions the shortcut will perform. If it's what you want, you can tap on the play button to test it. It will be added automatically to your personal shortcuts.


If it's not quite what you want or you want to add more features, you can use the "Describe a change" interface. You can type in what you want to tweak, and go through multiple rounds of refinement until you get exactly what you want.

Shortcuts can be used from Siri, the app, Control Center, the Action Button, and more.

Edit Manually

Once created, you can tap into a manual editing interface if you want to add more complicated actions or tweak without using ‌Apple Intelligence‌. AI Shortcuts is in beta and it's not always perfect, so sometimes manual edits are required to get the end result you want.


You can also open any shortcut and use the ‌Apple Intelligence‌ mode to make edits.

New Automation Triggers


When a notification is received
When a screenshot is captured
When a keyboard is connected
When an Apple Watch workout starts


New Actions

There are several new actions in the Shortcuts app.

Automate a recording in Notes
Send messages to a group conversation
Updated Get What's On Screen option that gets context information from the display (e.g. text, title, or links)
Choose an item from a list
Delete conversations or messages in Messages
Mark as read in Messages
Search in Messages
Open Messages inbox
Send Tapback
Auto Enhance Photo
Delete albums and photos
Favorite photos
Hide photos
Open photo
Create Group in Reminders
Create Section in Reminders
Delete groups, lists, and sections in Reminders
Edit list in Reminders
Toggle Hearing Aid Mute
Toggle Vehicle Motion Cues

Improved Apple Intelligence Models

Shortcuts can use improved ‌Apple Intelligence‌ models that have access to broad world knowledge, which means the model can search the web to get information.


There are now Cloud, Cloud Pro, and on-device models that can be used in shortcuts. Cloud Pro is able to search the web, and is used for queries that need information from the internet.

Data Storage

Shortcuts can store and update data, so you can do things like add items to a list or keep a tally.


Automation Updates

Automation is no longer a separate section in the Shortcuts app, and automation triggers are under the general Shortcuts actions.


Cross-Platform Support

The Describe a Shortcut feature is available in the Shortcuts app in ‌iOS 27‌, iPadOS 27, and macOS Golden Gate.

Requirements

The ‌Apple Intelligence‌ Shortcut app features require a device that supports ‌Apple Intelligence‌, which includes the iPhone 15 Pro and later, iPads with an M-series chip or the iPad mini with A17 Pro, or a Mac with an Apple silicon chip.

Supported languages include English, Danish, Dutch, French, German, Italian, Norwegian, Portuguese, Spanish, Swedish, Turkish, Vietnamese, Chinese (simplified and traditional), Japanese, and Korean.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 Makes the Shortcuts App Much Less Intimidating" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Paul Meade, who oversees development on the Vision Pro and Apple's upcoming smart glasses, is leaving Apple for OpenAI, reports Bloomberg.


Meade took over leadership of Apple's Vision Products Group when Vision Pro chief Mike Rockwell took over Siri's AI upgrade. He was previously leading the Vision Pro hardware engineering team, and before that, he was on the iPad and iPhone teams. Meade has been at Apple since 2010, and working in the Vision Products Group since 2017.

More recently, Meade was overseeing the development of the AI smart glasses that Apple has in the works to compete with the Meta Ray-Bans, and also leading the team working on future augmented reality glasses.

Meade is leaving Apple by next week and will join OpenAI's hardware unit to work on AI devices. Fletcher Rothkopf, who heads up product design function for the Vision Pro and smart glasses, will take over for Meade. Meade's decision to leave is a result of executive changes at Apple as John Ternus prepares to take over as CEO. Apple chip lead Johny Srouji is taking Ternus's role as chief hardware officer, and the reorganization has upset some hardware executives.

Former Apple employees Jony Ive, Tang Tan, and Evans Hankey are also at OpenAI, among others.Tag: OpenAI
This article, "Apple Loses Another Top Executive to OpenAI" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's iPhone 18 Pro models could be up to $200 more expensive, according to a prediction from analytics firm IDC.


IDC expected Apple to raise iPhone 18 prices, but prior to yesterday's Mac and iPad price hike, the prediction was a $100 increase for the 18 Pro and Pro Max, and a $50 increase for the base models.

IDC Senior Director of Data & Analytics Nabila Popal says the magnitude of the Mac and iPad price increase points to even higher ‌iPhone 18‌ prices.

Apple also plans to release a foldable iPhone this year, and IDC thinks it could have an average selling price of $2,500, with higher storage tiers to cost as much as $3,000. The price of the premium model could offset some of the increased memory costs and avoid a larger price hike to other models.

Apple increased prices because component costs have gone up as a result of a global memory crisis limiting supply. The ‌iPhone 18 Pro‌ and ‌iPhone 18 Pro‌ Max are expected to have 12GB RAM, so looking to other devices with 12GB RAM could hint at Apple's iPhone pricing plans. The M4 iPad Air and lower-tier M5 iPad Pro have 12GB RAM, with prices going up $150 and $200, respectively.

It's possible the ‌iPhone 18 Pro‌ models will see similar increases in price, raising the starting price of the ‌iPhone 18 Pro‌ to between $1,249 and $1,299 and the starting price of the ‌iPhone 18 Pro‌ Max to between $1,349 and $1,399.

IDC thinks an ‌iPhone 18 Pro‌ price increase won't impact the number of people upgrading, because consumers with an iPhone 15 (non-Pro) or older are likely to want to buy a new iPhone to get Siri AI. The firm estimates that 54 percent of iPhones shipped since 2022 need to be upgraded to get the new ‌Siri‌. Customers who choose a Pro Max are also "premium-focused and less price sensitive" and so won't be dissuaded by a price increase, plus many customers opt for monthly payment plans. A $200 increase to the ‌iPhone 18 Pro‌ price over 36 months is just about $5 per month.Related Roundups: iPhone 18 Pro, iPhone FoldTag: IDC
This article, "iPhone 18 Pro and Pro Max May See $200 Price Increase" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
With Apple's discontinuation of the Pro Display XDR earlier this year, Mac users looking for a larger high-resolution display suddenly found themselves with fewer options on the market. Apple's current display lineup now includes its 27-inch Studio Display and ‌Studio Display‌ XDR, both of which offer excellent image quality and tight macOS integration, but neither provides the larger 32-inch form factor that some users prefer.


LG's UltraFine 6K (32U990A) display helps fill that gap. The display, which was unveiled way back in January 2025 but didn't launch until last October, features a 32-inch 6K Nano IPS Black panel, Thunderbolt 5 connectivity, and a design that feels more Apple-inspired than previous UltraFine displays. After using it for several weeks in my daily setup, I've found it to be a compelling alternative to Apple's own displays, albeit with a few tradeoffs.

The first thing that stands out about the UltraFine 6K is simply how much workspace it provides. Compared to Apple's 27-inch displays and my trusty 27-inch UltraFine 5K displays that have anchored my workspace for nearly a decade, the extra screen area is immediately noticeable. Multiple apps can sit side by side in large windows without feeling cramped to support my typical "command center" view of our editorial operations, while creative apps that need the canvas all to themselves benefit from the additional room for toolbars and timelines.


Unlike many larger displays, the UltraFine 6K doesn't compromise on sharpness. The 6,144 x 3,456 resolution delivers a true Retina experience, with crisp text and interface elements sized appropriately for the typical viewing distance. That's one of the biggest advantages the display has over most monitors in this size class that deliver only 4K resolution. While those displays can often yield a similarly sized desktop through scaling, the result sometimes lacks a bit of sharpness while the UltraFine 6K feels completely native due to its higher pixel density.

The UltraFine 6K also pairs well with Apple's latest Macs thanks to Thunderbolt 5 support. Using a MacBook Pro, a single cable handled display output, charging, and connected accessories, and you can even daisy chain multiple displays over a single connection. DisplayPort 2.1, HDMI 2.1, and non-Thunderbolt USB-C ports on the display provide additional display connectivity options, plus a downstream Thunderbolt 5 port support to support daisy chain configurations and a pair of upstream USB-C ports for hub functionality.


LG includes up to 96 watts of power delivery in the display, which easily keeps a 16-inch ‌MacBook Pro‌ topped up throughout the day and relatively quickly recharges a depleted one upon connecting the display.

Day-to-day reliability was excellent during testing. The monitor consistently woke from sleep without issue, display scaling options appeared properly in macOS, and there were none of the connection quirks that sometimes affect third-party displays. While that might sound like a small detail, seamless operation remains one of the most important qualities for a monitor intended primarily for Mac users.

LG has also made significant improvements to the industrial design of its UltraFine lineup. Earlier UltraFine displays were known for their Mac compatibility, but they often looked more utilitarian than premium. The 32U990A adopts a cleaner aesthetic with slim bezels and a more refined rear enclosure that doesn't look out of place next to a Mac Studio or ‌MacBook Pro‌. A wide foot provides stability, as does a wide vertical stand arm that features an unobtrusive silver color on the front but some dark blue ribbed plastic on the back to provide a bit of visual interest if the display is used in a setting where it the rear is visible.


Ports and a joystick button for controlling display settings are hidden away on the rear of the display, and there's no distracting pulsing LED to light up a dark bedroom when the display is sleeping.

The included stand offers height, tilt, swivel, and pivot adjustments, providing considerably more flexibility than Apple's standard display configurations to help you get the display in just the right ergonomic position.

Image quality is excellent overall. Colors appear vibrant and accurate, and the Nano IPS Black panel provides solid contrast. And of course the 6K resolution provides the sharpness and clarity many users are looking for.

The matte finish does a good job minimizing reflections, particularly in brighter environments or near windows. Apple's glossy displays still provide a slightly more vibrant appearance, but the tradeoff may be worthwhile for users who work in rooms with significant ambient light.

LG touts the UltraFine 6K's ability to work with macOS keyboard shortcuts for brightness and volume adjustments, although it's not fully baked into the macOS experience. Unlike my older UltraFine 5K displays that integrated perfectly into the built-in macOS functionality for these shortcuts, the UltraFine 6K requires a separate LG Switch app to enable these keyboard shortcuts and they are separate from the macOS-level adjustments while using the same keys, which makes things less seamless than I'd like them to be. Simply put, things can be finicky when using multiple displays and audio output options.


There are a few other areas where Apple's displays continue to maintain an advantage. The ‌Studio Display‌ XDR delivers substantially brighter HDR highlights and more impressive HDR performance overall, thanks to its advanced backlighting technology. Users working extensively with HDR video content will still benefit from Apple's higher-end display. The UltraFine 6K is also limited to a 60Hz refresh rate. For productivity work, that isn't a major concern, but users who spend much of their day on ProMotion-equipped Macs may notice the difference when scrolling or performing other actions resulting in quick onscreen movements.

Those limitations feel relatively minor, however, when viewed in the context of the entire UltraFine 6K package, especially considering the price difference versus the ‌Studio Display‌ XDR. The UltraFine 6K's primary appeal isn't HDR performance or refresh rate. It's the combination of a large 32-inch panel, Retina resolution, Thunderbolt 5 connectivity, and solid Mac compatibility.

The UltraFine 6K delivers the sharpness and ease of use that Apple users expect, while offering considerably more screen real estate than Apple's current display lineup. The result is a display that feels close to purpose-built for Mac users, and one that stands out as one of the strongest premium monitor options currently available for the Mac. The LG UltraFine 6K 32U990A is normally priced at $1,999.99, but LG is currently offering savings of $700 on the display, bringing it down to $1,299.99.

Note: LG provided MacRumors with the UltraFine 6K display for the purposes of this review. No other compensation was received. MacRumors is an affiliate partner with LG. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.Tag: LG
This article, "LG UltraFine 6K Review: A Premium 6K Display Designed With Mac Users in Mind" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI today launched a limited preview of its GPT–5.6 series, which includes flagship model Sol, a balanced everyday work model named Terra, and Luna, a fast and affordable model.


Terra is similar in performance to GPT–5.5 but it is 2x cheaper, and Luna offers "strong capability" at OpenAI's lowest price. GPT–5.6 Sol is OpenAI's strongest model to date, with agentic improvements in coding, biology, and cybersecurity. There is a new "max" reasoning effort and an "ultra" mode that uses sub-agents for complex work.

OpenAI says GPT–5.6 Sol has its most "robust safety stack to date" with protections for high-risk activity, sensitive cyber requests, and misuse. It has been tested for weaknesses and hardened against real-world attacks. OpenAI says safeguards allow the model to deliver "substantial benefit for legitimate defensive work" while limiting prohibited offensive use. It is better at helping users find and fix vulnerabilities than carrying out end-to-end attacks, according to OpenAI.

The Trump administration is limiting the launch of GPT–5.6, and OpenAI agreed to hold back on releasing it to all users. The model is instead available for a small group of trusted partners at the current time, but OpenAI is planning for a wider launch after further testing. In its GPT–5.6 announcement, OpenAI pushed back against the administration's request to hold the model back and said the government AI access process should not become the long-term default.

The Trump administration is putting together a process for benchmarking and assessing new AI models prior to launch, per a June 2 executive order. The administration previously forced Anthropic to remove access to Claude Fable 5 and Mythos 5, even though Anthropic adhered to a voluntary government review process and added guardrails based on government feedback.

The GPT–5.6 models are available through the API and Codex to a trusted set of OpenAI partners and organizations. OpenAI says they will be available more broadly in ChatGPT, Codex, and the API "soon."Tag: OpenAI
This article, "OpenAI Launches GPT-5.6 Sol, Terra, and Luna in Limited Preview" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon Prime Day has reached its fourth and final day, with the sale winding down tonight, June 26, at midnight. Many of the year's best deals are still available to purchase today, including record low prices on AirPods Max 2, AirTag 2, Apple Watch Series 11, and more.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple threw a wrinkle into Prime Day prices yesterday, announcing a price hike on a huge selection of its most popular products. These new price increases are already live on Apple.com, and some of the affected products are now sold out on Amazon as well. You can still find low prices on MacBook Air, MacBook Pro, MacBook Neo, iPad Air, and iPad Pro below.

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

AirPods


Amazon has the AirPods Max 2 on sale for $399.00 in Midnight, down from $549.00. This is an all-time low price on the headphones. This is accompanied by a great discount on the AirPods 4 for Prime Day, available for $99.00, down from $129.00.

$30 OFFAirPods 4 for $99.00
$70 OFFAirPods Pro 3 for $179.00
AirTag 2


Apple's AirTag 2 has hit the new low price of $24.00 for the 1-Pack and $89.00 for the 4-Pack.

$5 OFFAirTag 2 (1-Pack) for $24.00
$10 OFFAirTag 2 (4-Pack) for $89.00

This is the first major discount we've ever seen on the AirTag 2 at Amazon since the device launched earlier in 2026. The new AirTag is equipped with a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous-generation model.

Apple Watch Ultra 3


Amazon is discounting a wide array of Apple Watch Ultra 3 models down to $649.00 for Prime Day, from $799.00. This is a new all-time low price on the 2025 smartwatch, beating the previous record low price by about $50, and it's available in both Natural and Black Titanium color options.

$150 OFFApple Watch Ultra 3 for $649.00
Apple Watch Series 11


Amazon this week has all-time low prices on the Apple Watch Series 11, with $120 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$120 OFFApple Watch Series 11 (42mm GPS) for $279.00
$120 OFFApple Watch Series 11 (46mm GPS) for $309.00

You can get the 42mm GPS Apple Watch Series 11 for $279.00, down from $399.00, and the 46mm GPS model for $309.00, down from $429.00. On Amazon, you'll find three of the 42mm GPS models and three of the 46mm GPS models on sale at these all-time low prices.
Apple Watch SE 3


Amazon is also taking $50 off the Apple Watch SE 3, starting at $199.00 for the 40mm GPS model. These are matches of all-time low prices on the SE 3, and it's been over four months since we last tracked these prices on the wearable.

$50 OFF40mm GPS Apple Watch SE 3 for $199.00
$50 OFF44mm GPS Apple Watch SE 3 for $229.00

You can also get the 44mm GPS Apple Watch SE 3 on sale for $229.00, down from $279.00. Both the 40mm and 44mm GPS models are available in Midnight and Starlight Aluminum at these prices.
MacBook Air


MacBook Air stock is quickly dwindling on Amazon, but there are still a few models seeing discounts of up to $349 off new prices this week.

$349 OFF15-inch M5 MacBook Air (512GB) for $1,149.99
MacBook Pro


Amazon has a few low prices on Apple's M5 Pro/M5 Max MacBook Pro for Prime Day, with up to $299 off select models.

The M5 Pro/M5 Max MacBook Pro models are some of the only remaining products in stock after Apple's price hikes began this week. Starting with the 14-inch models, you can get the 24GB/1TB M5 Pro MacBook Pro for $2,049.99, now a $449 discount on the new price.

$449 OFF14-inch M5 Pro MacBook Pro (24GB/1TB) for $2,049.99
$600 OFF14-inch M5 Pro MacBook Pro (24GB/2TB) for $2,399.00
$799 OFF14-inch M5 Max MacBook Pro (36GB/2TB) for $3,299.99

You can get up to $750 off the 16-inch MacBook Pro right now on Amazon, with the 24GB RAM/1TB M5 Pro model hitting $2,549.99, a $449 discount on the new price.

$449 OFF16-inch M5 Pro MacBook Pro (24GB/1TB) for $2,549.99
$750 OFF16-inch M5 Max MacBook Pro (36GB/2TB) for $3,649.00
iPad Air


Amazon has up to $350 off the M4 iPad Air, although stock is quickly dwindling due to Apple's price hikes.

$210 OFF11-inch M4 iPad Air (512GB Wi-Fi) for $839.00
$230 OFF13-inch M4 iPad Air (512GB Wi-Fi) for $1,019.00
$350 OFF13-inch M4 iPad Air (1TB Wi-Fi) for $1,199.00

Specifically, the 128GB Wi-Fi 11-inch M4 iPad Air has dropped to $519.00, down from $599.00, beating the previous low price by about $40.
iPad Pro


Amazon has $299 off a select handful of iPad Pro models, starting at $899.99 for the 256GB Wi-Fi 11-inch iPad Pro.

$299 OFF11-inch iPad Pro (256GB Wi-Fi) for $899.99
$299 OFF13-inch iPad Pro (256GB Wi-Fi) for $1,199.99
iPad


Amazon is taking $150 off Wi-Fi models of Apple's 11th generation iPad for Prime Day. Prices start at $299.00 for the 128GB Wi-Fi iPad, down from the new price of $449.00.

$150 OFF128GB Wi-Fi iPad for $299.00
$150 OFF512GB Wi-Fi iPad for $599.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Prime Day's Final Hours Bring Rare Low Prices on AirPods, Apple Watches, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
For this week's giveaway, we've teamed up with Astropad to offer MacRumors readers a chance to win an iPad Air, an Apple Pencil Pro, and one of Astropad's Rock Paper Pencil kits to use with it.


Rock Paper Pencil makes writing on your iPad with an ‌Apple Pencil‌ feel like writing on paper instead of a slippery display, offering a more comfortable and natural writing experience.

The Rock Paper Pencil kit includes a super thin NanoCling screen protector for the ‌iPad‌'s display and an ‌Apple Pencil‌ tip that replaces the stock ‌Apple Pencil‌ tip. You can put the NanoCling screen protector on while you're using your ‌Apple Pencil‌, then take it off and put it away when you want to use your ‌iPad‌ without it. Putting the screen protector on and removing it again takes just seconds, and there's no sticky residue left behind on your ‌iPad‌'s screen.


Astropad's Rock Paper Pencil is normally $45, but there is a Prime Day sale going on right now with a 15 percent discount available. If you do a lot of writing or sketching on your ‌iPad‌, it's a deal you won't want to miss out on.

Astropad has iterated on the Rock Paper Pencil over time, perfecting the paper-like feel to get the smoothest writing experience. There's a microscopic texture on the screen protector that mimics the feel of paper, but it doesn't interfere with the vivid colors of the ‌iPad‌'s display.


The ‌Apple Pencil‌ tip from Astropad is made from solid stainless steel that doesn't wear down or degrade over time. The tip is 1mm for the perfect pencil feel, with an ideal balance of friction and durability.

If you hate the slippery, unnatural feeling of writing on a hard screen, the Rock Paper Pencil is worth checking out. It can make you forget that you're writing on a tablet because it feels and sounds like using a pen on paper.


Rock Paper Pencil is compatible with all of Apple's M2, M3, M4, and M5 iPads, and many older models as well. It works with the 6th and 7th-generation iPad mini and the 7th-generation ‌iPad‌ and later.


We have a Rock Paper Pencil kit, an ‌iPad Air‌, and an ‌Apple Pencil‌ Pro for one lucky MacRumors reader. To enter to win, use the widget below and enter an email address. Email addresses will be used solely for contact purposes to reach the winner(s) and send the prize(s). You can earn additional entries by subscribing to our weekly newsletter, subscribing to our YouTube channel, following us on Twitter, following us on Instagram, following us on Threads, or visiting the MacRumors Facebook page.

Due to the complexities of international laws regarding giveaways, only U.S. residents who are 18 years or older, UK residents who are 18 years or older, and Canadian residents who have reached the age of majority in their province or territory are eligible to enter. All federal, state, provincial, and/or local taxes, fees, and surcharges are the sole responsibility of the prize winner. To offer feedback or get more information on the giveaway restrictions, please refer to our Site Feedback section, as that is where discussion of the rules will be redirected.


Astropad Giveaway
The contest will run from today (June 26) at 9:00 a.m. Pacific Time through 9:00 a.m. Pacific Time on July 3. The winner will be chosen randomly on or shortly after July 3 and will be contacted by email. The winner will have 48 hours to respond and provide a shipping address before a new winner is chosen.Related Roundup: iPad Air Tag: GiveawayBuyer's Guide: iPad Air (Buy Now)Related Forum: iPad
This article, "MacRumors Giveaway: Win an iPad Air and Rock Paper Pencil From Astropad" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The lower-end iPhone 18 models set to launch in spring 2027 will feature 9GB DRAM, up from 8GB, according to Apple analyst Ming-Chi Kuo.


Kuo says the A20 chip Apple plans to use for the devices will have 1.5GB x 6 dies for a total of 9GB RAM, instead of 2GB x 4 dies as the current lower-end iPhone 17 models use.

By lower-end iPhones, Kuo is likely referencing the ‌iPhone 18‌ and the iPhone 18e, both of which are rumored to be coming around March or April of 2027. Apple plans to introduce the iPhone 18 Pro, ‌iPhone 18 Pro‌ Max, and foldable iPhone this fall, and those devices are expected to feature 12GB RAM (1.5GB x 8 dies) like the current iPhone 17 Pro models.

Apple will add more RAM to the ‌iPhone 18‌ models to make sure the devices work well with AI workloads and are able to support all of the Apple Intelligence features coming in iOS 27.

Apple yesterday raised prices across its Mac and iPad lines, but ‌iPhone 17‌ pricing hasn't gone up. Apple will likely implement price hikes when the ‌iPhone 18 Pro‌ models come out, and since Apple raised the cost of even the low-end iPad and the MacBook Neo, the ‌iPhone 18‌ and iPhone 18e probably won't be exempt from an increase.Related Roundup: iPhone 18Related Forum: iPhone
This article, "2027 iPhone 18 and iPhone 18e to Get 9GB RAM and A20 Chip" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Enterprises that have turned to AI in order to boost their security defenses may have to reconsider their approach.
Malware containing code that commands LLM-assisted products to abort their analysis or refuse to implement it is already circulating, according to a post from security company SentinelLabs.
SentinelLabs thinks it knows who’s responsible for the malware, which attacks MacOS systems. “Apple’s XProtect detects the sample under the rule MACOS_BONZAI_COBUCH, and SentinelLabs associates the BONZAI signature family with North Korean threat activity,” the company wrote.
It’s calling the malware macOS.Gaslight.
This is not the first example of malware specifically targeting AI-generated analysis. As SentinelLabs noted, Checkpoint first documented such an approach exactly a year ago. And Socket followed suit with a report of a payload that also used code to evade detection by AI models.
This new generation of threats was mentioned in the OPSWAT report, The State of File Security and cybersecurity experts are warning that AI-supported protection is not always the answer.
SentinelLabs would certainly agree with that view. “As LLM-assisted analysis becomes routine, defenders should expect more samples built to exploit it,” it wrote.

View the full article
On this week's episode of The MacRumors Show, we discuss potential price rises for the iPhone 18 lineup following Apple's wave of hikes yesterday, as well as plans for the Apple Watch Ultra 4 and camera-equipped AirPods.

Subscribe to The MacRumors Show YouTube channel for more videos

Apple yesterday raised prices across most of its lineup, including HomePod mini, HomePod, Apple TV, the entire iPad line, the entire Mac line, and Vision Pro, following CEO Tim Cook's warning to The Wall Street Journal that hikes were "unavoidable" due to soaring memory and storage chip costs. Apple's online store was briefly taken offline before returning with the new pricing, with increases ranging from $30 on the ‌HomePod mini‌ to $1,300 on the high end Mac Studio, averaging $246.67 across the affected products.

The iPhone, AirPods, Studio Display, Apple Watch, and accessories such as the Apple Pencil appear to be the only product lines left unaffected. Separately, the 256GB Mac mini has returned to the lineup after disappearing earlier this year, now priced at $799, which is a $200 increase over its earlier price.

The same pressure is likely to hit the iPhone 18 Pro and iPhone 18 Pro Max, which were already speculated to cost more than their predecessors before yesterday's increases. Speaking with the Wall Street Journal, Cook acknowledged Apple isn't immune to these cost pressures, and said clarity on iPhone pricing would come with the lineup's September launch.

Citing research firm TechInsights, the ‌Wall Street Journal‌ reported that DRAM and flash storage costs are projected to roughly quadruple by fall, pushing the iPhone 17 Pro's bill of materials from about $582 up 25% to around $726 for its successor. TechInsights has said Apple would need to raise the iPhone 18 Pro's price by about $270 to preserve current margins, though Apple's preference for standardized pricing makes a $1,299 starting price more likely on its own.

Factoring in the new camera system, which analyst Ming-Chi Kuo says could cost about 50% more than the previous generation, the ‌Wall Street Journal‌ estimates Apple could ultimately set the ‌iPhone 18 Pro‌'s starting price at $1,399 or higher, a $200 to $300 jump over the current model, with the iPhone 18 Pro Max likely starting $100 above that.

The ‌iPhone 18 Pro‌ is rumored to keep the ‌iPhone 17 Pro‌'s aluminum build, with four new colors including Dark Cherry, a muted wine-red expected to be the signature shade. As with last year, there's likely no true black option. Weibo leaker Fixed Focus Digital recently warned the new colors could be prone to the same chipping and surface issues seen on last year's Cosmic Orange and Dark Blue, which Apple reportedly treats as a material characteristic rather than a defect.

The ‌iPhone 18 Pro‌ and ‌iPhone 18 Pro‌ Max are expected to launch in September alongside Apple's first foldable iPhone, the "iPhone Ultra." Shipping could slip slightly later for the foldable. A Chinese leaker recently said any gap would be at most a month, and Bloomberg's Mark Gurman has reported the device remains on track for September, after Barclays analyst Tim Long earlier suggested shipments could slip to December. The foldable is expected to feature a 7.8-inch inner display, 5.5-inch cover display, the A20 chip and C2 modem, Touch ID instead of Face ID, two rear cameras, and a starting price of at least $2,000.

Gurman recently reported that the Apple Watch Ultra 4 and Apple Watch Series 12 will launch alongside the new iPhones. Little is known about the devices, though a faster chip seems highly likely given that both the Series 11 and Ultra 3 stuck with the S10 from the previous year. watchOS 27 will likely add new watch faces, including a variant of the Modular Ultra face.

For 2027, Apple is developing camera-equipped AirPods. The cameras, embedded in the AirPods' stems, are not designed for taking photos or video, and will instead feed information about the wearer's surroundings to Siri, which will be able to answer questions about objects and whatever the wearer is looking at, alongside contextual reminders and improved turn-by-turn directions. An included light will indicate to people nearby when the cameras are active. The AirPods were originally targeted for a 2026 launch, but Apple's broader AI struggles and the need to develop reliable object-identification models apparently pushed the timeline back.

The MacRumors Show has its own YouTube channel, so make sure you're subscribed to keep up with new episodes and clips.

Subscribe to The MacRumors Show YouTube channel!

You can also listen to ‌The MacRumors Show‌ on Apple Podcasts, Spotify, Overcast, or other podcast apps. You can also copy our RSS feed directly into your player.



If you haven't already listened to the previous episode of The MacRumors Show, catch up to hear our further discussion about WWDC 2026 and iOS 27, macOS Golden Gate, and Apple's other new software updates coming this fall.

Subscribe to ‌The MacRumors Show‌ for new episodes every week, where we discuss some of the topical news breaking here on MacRumors, often joined by interesting guests such as Kayci Lacob, Kevin Nether, John Gruber, Mark Gurman, Jon Prosser, Luke Miani, Matthew Cassinelli, Brian Tong, Quinn Nelson, Jared Nelson, Eli Hodapp, Mike Bell, Sara Dietschy, iJustine, Jon Rettinger, Andru Edwards, Arnold Kim, Ben Sullins, Marcus Kane, Christopher Lawley, Frank McShan, David Lewis, Tyler Stalman, Sam Kohl, Federico Viticci, Thomas Frank, Jonathan Morrison, Ross Young, Ian Zelbo, and Rene Ritchie.

‌The MacRumors Show‌ is on X @MacRumorsShow, so be sure to give us a follow to keep up with the podcast. You can also email us at [email protected] or head over to The MacRumors Show forum thread. Remember to rate and review the podcast, and let us know what subjects and guests you would like to see in the future.Related Roundup: iPhone 18 ProTag: The MacRumors Show
This article, "The MacRumors Show: iPhone 18 Pro Has a Pricing Problem" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Micron's chief business officer has hinted, without calling it out by name, that Apple's tough supplier negotiations contributed to the conditions behind the global memory shortage.


In remarks given to The Wall Street Journal on Wednesday, Sumit Sadana explained that Micron was unable to fund capacity expansion during the industry's previous slump, a period when its margins turned negative partly because some buyers pushed relentlessly for lower prices.



Micron is one of Apple's memory suppliers, providing some of the DRAM and NAND flash chips that go into iPhones, Macs, and iPads. Apple has a reputation for getting favorable terms from suppliers like Micron through long-term purchasing contracts.

Sadana's comments came just hours after Apple unveiled a sweeping round of price hikes that touched nearly every part of its hardware lineup. Products across the Mac, iPad, Apple TV, HomePod, and Vision Pro lines all went up in price, with only the iPhone, Apple Watch, and AirPods left untouched. Apple's stock closed down 6% the same day, its worst single-day performance in more than a year, wiping out roughly $265 billion in market value.

Apple CEO Tim Cook forewarned about this outcome more than a week earlier in comments to the same publication, warning that price increases had become unavoidable given how the company was being squeezed on memory and storage costs. Cook said Apple had been trying to shield customers from the worst of it but had reached a breaking point, describing the shortage as a "hundred-year flood" unlike anything he had seen in more than four decades. He pointed to the surge in demand for high-bandwidth memory used in AI servers, arguing that consumer products were now competing for a shrinking pool of supply and that pricing needed to come back down to earth before Apple's own prices could follow.Tag: Micron
This article, "Micron Suggests Apple Helped Cause Memory Price Crisis" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's upcoming high-end MacBook model featuring an OLED touchscreen display will use the company's current M5 Pro and M5 Max chips, according to Bloomberg's Mark Gurman.


The new, top-of-the-line device will launch "between late this year and early next year," Gurman said, adopting the existing high-end Apple silicon chips rather than next-generation M6 versions. Like the MacBook Pro, the touchscreen MacBook will be available in 14- and 16-inch display sizes, code-named "K114" and "K116." The device will also feature a new design and an iPhone-style Dynamic Island. It is expected to be more expensive than the M5 Pro ‌MacBook Pro‌, which now starts at $1,999 as of Apple's recent price rises.

Yesterday, Gurman revealed that Apple plans to skip what would have been the "M6 Pro" and "M6 Max" for more powerful "M7 Pro" and "M7 Max" chips. The M7 series of chips is said to be focused on intense AI workloads, featuring upgraded neural accelerators, graphics enhancements, and increased memory bandwidth. A new entry-level ‌MacBook Pro‌ with the M6 chip is still expected to launch later this year.

Apple is apparently working on a successor to the high-end MacBook model containing the M7 Pro and M7 Max chips, planned for release toward the end of 2027. The company is also planning to refresh the Mac Studio with M7 Max and M7 Ultra chip options in 2028. Tags: Bloomberg, Mark Gurman, OLED
This article, "Apple's OLED 'MacBook Ultra' Will Stick With M5 Pro and M5 Max Chips" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon's stock on select iPads and Macs has begun dwindling in the face of announced price hikes from Apple yesterday. These price changes are now live on Apple.com, but they have yet to hit third party retailers like Amazon. If you're interested in any of these products, now is the time to buy them on Amazon, before the retailer gets these price hikes as well.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Below we've listed all of the biggest products available on Amazon that have price hikes on Apple.com. Given that it's still Prime Day, many of these devices are on sale right now. You can read more about the incoming price changes in our lead article.

MacBook Neo


All of the 256GB MacBook Neo models have sold out on Amazon, but you can still get the 512GB model for $689.99, which is now a $109 discount. If you're looking for the 256GB model, Best Buy has that device for $599.00 right now, which is a $100 discount on the new price.

$100 OFFMacBook Neo (256GB) for $599.00
$109 OFFMacBook Neo (512GB) for $689.99
HomePod


Best Buy is offering up to $50 off HomePod models, now starting at $99.95 for the HomePod mini and $299.99 for the HomePod.

$30 OFFHomePod mini for $99.95
$50 OFFHomePod for $299.99MacBook Pro


Starting with the 14-inch MacBook Pro models, you can get the 24GB/1TB M5 Pro MacBook Pro for $2,049.99, now a $449 discount on the new price.

$449 OFF14-inch M5 Pro MacBook Pro (24GB/1TB) for $2,049.99
$600 OFF14-inch M5 Pro MacBook Pro (24GB/2TB) for $2,399.00
$799 OFF14-inch M5 Max MacBook Pro (36GB/2TB) for $3,299.99

You can get up to $750 off the 16-inch MacBook Pro right now on Amazon, with the 24GB RAM/1TB M5 Pro model hitting $2,549.99, a $449 discount on the new price.

$449 OFF16-inch M5 Pro MacBook Pro (24GB/1TB) for $2,549.99
$750 OFF16-inch M5 Max MacBook Pro (36GB/2TB) for $3,649.00MacBook Air


MacBook Air stock is quickly dwindling on Amazon, but there are still a few models seeing discounts of up to $349 off new prices this week.

$349 OFF13-inch M5 MacBook Air (512GB) for $949.99
$349 OFF15-inch M5 MacBook Air (512GB) for $1,149.99
iPad Air


Amazon has up to $350 off the M4 iPad Air, although stock is quickly dwindling due to Apple's price hikes.

$229 OFF11-inch M4 iPad Air (128GB Wi-Fi) for $519.99
$210 OFF11-inch M4 iPad Air (512GB Wi-Fi) for $839.00
$230 OFF13-inch M4 iPad Air (512GB Wi-Fi) for $1,019.00
$350 OFF13-inch M4 iPad Air (1TB Wi-Fi) for $1,199.00iPad Pro


Amazon has $299 off a select handful of iPad Pro models, starting at $899.99 for the 256GB Wi-Fi 11-inch iPad Pro.

$299 OFF11-inch iPad Pro (256GB Wi-Fi) for $899.99
$299 OFF13-inch iPad Pro (256GB Wi-Fi) for $1,199.99
iPad


Amazon is taking $150 off Wi-Fi models of Apple's 11th generation iPad for Prime Day. Prices start at $299.00 for the 128GB Wi-Fi iPad, down from the new price of $449.00.

$150 OFF128GB Wi-Fi iPad for $299.00
$150 OFF512GB Wi-Fi iPad for $599.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Amazon and Best Buy Still Offering Pre-Hike Prices on iPads and Macs" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Australia’s Security Intelligence Organization (ASIO) has uncovered an attack on a critical infrastructure operator’s network. State-sponsored actors had compromised the network and were preparing to sabotage it, according to its director general, Mike Burgess.
Other countries face similar cyber-threats to critical infrastructure.
It’s impossible to exaggerate the danger that the country is facing from cyberattacks on its infrastructure, he said, presenting ASIO’s annual threat assessment this week. “We categorize them into ‘threats to life’ and ‘threats to our way of life,’” he said.
In this case, the hackers had gained access to login details and passwords for active users of the networks, including the IT professionals guarding it. ASIO had set up a specific team to deal with the issue of cyber sabotage.
Australia isn’t alone in facing threats from the same state actors, Burgess said. “We struggle to find a single country in our region that has not been compromised by this state’s cyber apparatus.”
This meant that Australia is facing a persistent threat in the future, one that could have consequences for the way that the critical infrastructure is deployed and managed. “The biggest challenge is the cumulative one: in a degraded security environment defined by concurrent, cascading, compounding threats, when resources are limited, how and what do you prioritize?” he said.
View the full article
Apple's iPhone 18 Pro lineup and its first foldable iPhone will launch at higher prices than originally predicted this September, according to several known Chinese leakers.


The leaker known as "Fixed Focus Digital" said on Weibo that while Apple's current iPhone models haven't seen a price increase, the ‌iPhone 18 Pro‌ models launching this fall "will definitely see a price hike," adding that the foldable iPhone in particular could be priced 10% to 20% higher than previously expected.

Bloomberg's Mark Gurman reported that the foldable iPhone is expected to "cross the $2,000 threshold" in the U.S., which would make it the most expensive iPhone Apple has ever sold, surpassing even the $1,999 iPhone 17 Pro Max in its 2TB configuration. Analyst Ming-Chi Kuo believes pricing will not be below $2,000, and could even exceed $2,500. Other projections have also fallen within that range. Given that spread of existing estimates, the new Weibo claims about a further 10% to 20% price increase would push even the lowest of those projections well past the $2,099 mark, and could put a higher storage configuration of the device beyond $3,000.

"Digital Chat Station" said it is "highly unlikely" that the ‌iPhone 18 Pro‌ series avoids a price increase altogether. The leaker pointed to the ‌iPhone 17 Pro‌'s 8,999 yuan starting price in China and suggested Apple could push the 18 Pro to a 9,999 yuan starting price to protect its margins, which would put the entire September lineup, including the ‌iPhone 18 Pro‌, ‌iPhone 18 Pro‌ Max, and the foldable iPhone, at 10,000 yuan or more. That would amount to an increase of roughly 11% over the ‌iPhone 17 Pro‌'s Chinese price. Apple has historically kept its Chinese and U.S. starting prices roughly proportional across recent iPhone generations, so an 11% increase applied to the ‌iPhone 17 Pro‌'s $1,099 U.S. starting price would put the ‌iPhone 18 Pro‌ at around $1,220.

The leaker known as "Instant Digital" floated an even steeper number, suggesting the 256GB ‌iPhone 18 Pro‌ Max could start at 10,999 or even 11,499 yuan, calling that an expensive price point for what is a non-foldable phone. At that level, the ‌iPhone 18 Pro‌ Max would be priced roughly 15% to 20% above the current ‌iPhone 17 Pro‌ Max's 9,999 yuan starting price in China, a jump that, if mirrored in the U.S., could put the 256GB model's starting price somewhere in the $1,300 to $1,400 range, up from $1,199 today.

These leaker estimates echo a wave of recent reporting on the rising cost of building the ‌iPhone 18 Pro‌. Research firm TechInsights estimates that Apple paid around $39 for the 12GB of DRAM in the ‌iPhone 17 Pro‌, a figure that could climb to $145 in the ‌iPhone 18 Pro‌, pushing the device's total bill of materials up by roughly 25%. Based on similar cost projections, Apple would need to charge around $1,369 for the ‌iPhone 18 Pro‌ to preserve its current profit margin on the ‌iPhone 17 Pro‌. Once a pricier new camera system is factored in, The Wall Street Journal estimates a starting price of $1,399 or higher.

The latest rumors follow Apple's decision to raise prices on most of its devices this week, with the exception of the iPhone, AirPods, and Apple Watch. Apple CEO Tim Cook confirmed last week that the increases were unavoidable, citing the soaring cost of memory and storage chips as a "hundred year flood." Apple has historically absorbed component cost swings rather than passing them on to customers, making this round of increases a notable shift in approach.
Related Roundup: iPhone 18 ProTags: Digital Chat Station, Fixed Focus Digital, Foldable iPhone, Instant Digital
This article, "iPhone 18 Pro and Foldable iPhone Tipped to Get Price Hikes Too" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Earlier today, we reported that Apple added the MacBook Neo to the refurbished store on its website, and it turns out the new additions go beyond that.


The other products added to Apple's refurbished store in the U.S. and Canada for the first time today include the MacBook Air with the M5 chip, MacBook Pro models with M5 Pro and M5 Max chips, and the second-generation Studio Display (2026). The higher-end Studio Display XDR was also briefly available on Apple's refurbished store in Canada.

All of the products listed above were originally released in March 2026.

Note that the listings incorrectly state that the Studio Display (2026) has an XDR display, which is actually limited to the higher-end Studio Display XDR.

Given that Apple just raised prices on select products, including all Macs, the prices for many of these refurbished models are similar to what Apple was charging for the equivalent brand-new models just a day ago. For example, the MacBook Air with the M5 chip now starts at $1,299, up from $1,099, and refurbished models start at $1,099.

Given the Studio Display did not receive a price increase, though, there are opportunities for savings on that product. In the U.S., the second-generation model starts at $1,599 brand new, whereas the refurbished equivalent starts at $1,359.

Some of these products have also been added to Apple's refurbished store in select European countries, Australia, New Zealand, Singapore, and elsewhere.

Apple says it puts refurbished products through "full functionality testing" and a "thorough cleaning process and inspection," and they are covered by Apple's one-year limited warranty and eligible for extended AppleCare+ coverage. In our view, Apple's own refurbished devices are virtually indistinguishable from brand-new devices.Related Roundups: Studio Display, MacBook Pro, MacBook AirTag: Apple Refurbished ProductsBuyer's Guide: Displays (Buy Now), MacBook Pro (Buy Now), MacBook Air (Buy Now)Related Forums: Mac Accessories, MacBook Pro, MacBook Air
This article, "Apple Adds More 2026 Macs and Studio Display 2 to Refurbished Store" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
In a social media post today, Apple CEO Tim Cook said Apple will be donating to relief efforts on the ground in Venezuela after the country was hit by two catastrophic earthquakes this week.

Apple has donated to the Red Cross for earthquake and hurricane relief efforts in the past — it does not disclose the amounts.
This article, "Apple Donating to Relief Efforts in Venezuela Following Devastating Earthquakes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is developing a smart ring that could potentially rival products like the Oura Ring and Samsung Galaxy Ring, according to the leaker and prototype collector known as "Kosutami."

The latest Oura Ring 5 starts at $399
Apple has toyed with the idea of a smart ring for several years, as indicated by several patents, and there have been previous rumors that Apple has investigated a wearable for the finger to track a user's biometrics.

Reports dating back to 2024 said Apple was weighing up the idea as a viable expansion of its wearables lineup – something that may appeal to people who would prefer a biometric accessory that's more inconspicuous than an Apple Watch.

Rumors have petered out over the last couple of years, but now it seems that the popularity of the latest Oura Ring has caught Apple's attention, if the latest rumor is anything to go by. However, no other details were provided by the leaker.

The original Oura Ring was released by Finnish health technology company Oura back in 2015. The device collects activity, heart rate, respiratory rate, and sleep data, and transmits it via Bluetooth to the Oura app.


Now in it's fifth iteration, the latest Oura Ring is a lot smaller than previous versions and boasts new health-monitoring capabilities including blood pressure trend detection, nighttime breathing analysis, and tools for GLP-1 medication tracking.

Would you be interested in an "iRing" as an alternative to Apple Watch? Let us know in the comments.
This article, "Apple 'iRing' Rumor Re-Emerges Amid Oura Ring Popularity" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today began selling refurbished MacBook Neo units through its Certified Refurbished store, a day after raising prices on the laptop and several other products.


The refurbished ‌MacBook Neo‌ is available in all four colors, Silver, Citrus, Indigo, and Blush, in both configurations. The base model with 256GB of storage starts at $599, while a higher end version with Touch ID and 512GB storage starts at $679. Both configurations are available across the full color lineup, for eight refurbished SKUs in total.

The refurbished pricing undercuts Apple's current new unit pricing for the ‌MacBook Neo‌. Apple yesterday raised prices on many products, including the MacBook Neo, which now starts at $699 in the United States, up from $599 when it launched in March. The higher end configuration with 512GB of storage and a ‌Touch ID‌ button also received a $100 price increase and now starts at $799, up from $699. That means the new refurbished listings are priced at or near to the laptop's original, pre-hike rates.

Apple said the broad range of price increases are due to the ongoing memory chip shortage, which has led to skyrocketing prices for the RAM and SSD storage used in products like the ‌MacBook Neo‌, with the company pointing to AI server demand from companies buying up memory chips as a key driver. The changes extended the same day to Apple's Certified Refurbished store, with the company raising prices across refurbished Macs and iPads alongside the hikes on new hardware.

The ‌MacBook Neo‌ is powered by the A18 Pro chip with 8GB of RAM and features a 13-inch Liquid Retina display. It is still Apple's most affordable Mac.Related Roundup: MacBook NeoTag: Apple Refurbished ProductsBuyer's Guide: MacBook Neo (Buy Now)Related Forum: MacBook Neo
This article, "Refurbished MacBook Neo Models Now Available, a Day After Price Hike" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
I work as a principal specialist at a pipeline operator where Operational Technology (OT) is the backbone of the business. I do not report to the board or act as a CISO, but the issues that get raised to those levels affect my job every single day.
Since the Colonial pipeline ransomware incident in 2021, it has become apparent that our industry has started posing different tones of “Are we zero trust yet?” I frequently witness its intense significance through auditing requests, TSA security directives and conversations around some control project’s goals.
One experience the zero trust role has changed is that it often feels misaligned with OT heavy environments. The NIST’s Zero Trust Architecture (SP 800‑207) model works for all, but is originally written as though for an IT network, not terminals, compressor stations and control rooms where equipment must run 24/7, perhaps more aged than the technology present within the organization. CISA’s guidance on adapting zero trust principles to operational technology helps close that gap, but applying it means satisfying the OT teams and company leadership at the same time.
The zero trust question I hear behind the scenes
I am pretty sure we all know it comes as a jolt of reality after something really major has happened, rather than a bullet point on a slide deck. You have pipeline. The whole distribution stops for six days. In Washington, DC, US congressional hearings are underway, and legislation is coming. TSA Directive 2021-02C requires pipeline operators to attest to several things, like network segmentation and zero-trust architectures.
NERC CIP-013 exists on a similar tack, more around supply chain security. In our case, the decision on how to select and manage a vendor partner and control their remote access is driven by regulatory compliance and governance frameworks. So, you have all those things that happen externally and force change. They say, “Are you zero trust? Yes or no?” We always get “yes.” They know it is not “yes, ” and the vendors know it is not “yes,” and nothing gets done about it until something happens.
How I reframe zero trust for OT in my work
My influence comes from how I frame problems and options in the conversations I am invited into. Zero trust is a good example.
NIST’s SP 800‑207 describes zero trust as a model where access decisions are to be based on strong identity, policy and context rather than network. CISA’s OT guidance narrows it, advising operators on the appearance of devices, identity management and what overlaps with IT instead of the overall replacement. Why zero trust breaks down in IoT and OT environments” highlights that when facing the complications of IoT and OT environments, one needs to be proactive.
During these conversations, I try to focus on three major points when talking about IoT.
Refer to zero trust as its functioning principle. In my experience, teams respond better when I say “Every user and system has to prove who they are and why they need access” than when I talk about abstract architectures. That language matches what NIST and CISA emphasize without overwhelming people with jargon. Focus on where IT and OT converge, like jump hosts, historian connections, remote access paths and shared identity stores that span both worlds. Those are the choke points where zero trust style controls like stronger authentication, least privilege and detailed logging can give us quick wins without disrupting operations that depend on predictable behavior. Tie everything that we need to do to the existing requirements. The conversation moves from “why are we changing this?” to “how do we do this well?” which aligns with TSA Security Directive Pipeline‑2021‑02C, a CISA alert or a NERC CIP‑013 requirement. A 90-day plan OT leaders can execute
While someone operates a gas pipeline, they cannot play around with zero trust. Questions such as: “What can we accomplish before the TSA checks up next quarter?” Or “How can we show the internal audit team we are making progress this month?” comes often. We have established a list of actions we take over in a ninety-day plan, because we find it aligns more with our industrial settings while also being transferable to other OT settings.
Days 1–30: Map assets and identities at the IT/OT boundary
The first 30 days are for increased visibility. I focus on a relatively simple question: “Who and what can currently reach OT, intentionally or accidentally?”
CISA’s guidance on zero trust for OT, alongside other warnings, advocates for identifying and managing assets and communications where IT and OT interfaces exist, in addition to informal remote access routes. Also, TSA requires pipeline operators to regularly update and manage plans detailing which networks, systems and access points they will assess as per their established requirements across both IT and OT.
In my position, it comes down to three actions. First, I work with OT engineers, network staff and asset inventory systems to determine which OT assets threaten operations, safety or compliance if compromised, rather than inventorying every device. Second, I map the users and links that reach into OT, such as internal staff granted advanced privileges, remote vendor support, VPNs and cloud platforms that interact with production data. Third, I categorize these identities and connections based on risk, impact and exposure, not by their roles.
By the close of the first 30 days, the intention is to present leadership with an easily comprehensible overview: outlining the critical OT assets, delineating the entry points from both internal IT systems and external sources and identifying the associated identities. Having established this common understanding makes subsequent zero trust discussions less vague.
Days 31–60: Contain vendor remote access and create early wins
Look for quick wins in the next month, in a high-impact but non-disruptive area. Vendor or third-party remote access often fulfills it, and CISA has warned about it and continues to do so.
Their guidance emphasizes best practices, including using MFA, segmented user privileges and monitoring third-party activity independently. The NERC CIP-013 requires utilities to consider cybersecurity threats and risk management that protect their supply chains and suppliers that connect to critical systems. The TSA’s pipeline directives expect close monitoring and controls of remote access. In my case, early wins look like telling a vendor: OK, instead of an unsecured, remote access method, use an audited brokered remote access solution. MFA for any and all remote OT sessions. Close old vendor RDP connections that are not in service. You are simply saying that times change and since these methods were put in place a few years back, they have evolved; it is reasonable for you to evolve.
Days 61–90: Build a simple maturity scorecard and narrative
The third month is about visibility and repeatable progress. We now will have more clarity on assets and identities traversing the IT/OT boundary and have choked down the most dangerous of remote access paths. Now we will take time to track where we have been over time.
I will consult with leaders within security and OT teams to identify the right-sized set of metrics relevant to the specific context of the organization. While the specific terminology may vary, many will align with common language found in TSA, NERC, CISA and other industry documents. Consider the broad themes of “govern, protect and detect & respond”.
We can then identify solid “now” and “better next quarter” capabilities within each of these themes. “Govern” could incorporate specific OT policies on identity and access management that pull in zero trust directives alongside existing authoritative frameworks. “Protect” might track what fraction of your high-impact OT assets have been put behind better segmentation practices, coupled with the percent of your remote access pathways to OT identified as high-risk that have both MFA and a brokered connection. “Detect & respond” could see tested playbooks in place assuming a remote connection compromise that directly injects malware into an OT system, which aligns with how recent incidents have unfolded throughout North American utilities.
The output is not a scorecard to pass around but will be a meaningful, honest conversation for our leaders. You will know how to accurately frame how your organization applies zero trust in the OT world today, show what you achieved over the past three months and honestly describe where there is more work ahead.
I am not the only one trying to make zero trust ideas actually fit OT, and I pay attention to the CISOs who voice the same frustrations with IoT and OT environments. We are solving the same problem from different seats. What I have found is that a workable 90-day plan, updated monthly, beats any pledge to “Let us achieve zero trust together”
This article is published as part of the Foundry Expert Contributor Network.
Want to join?

View the full article
US lawmakers on Thursday introduced a bill that would require developers of advanced AI models to report major safety and security incidents to the Commerce Department, establishing a federal oversight framework for high-risk AI systems.
The proposed AI Incident Reporting Act would mandate that developers of designated “covered models” disclose incidents within seven days of knowing, or reasonably believing, that one has occurred. For incidents posing an imminent or ongoing risk of serious harm, the Commerce Department would have to notify congressional leadership and the chairs of relevant House and Senate committees within 48 hours after receiving the report.
The bill directs the Secretary of Commerce to establish capability thresholds to determine which AI models and developers are subject to the reporting requirements.
“AI is a powerful engine of innovation, and I want to see it flourish, but not without accountability and not without human oversight,” Moran said in a statement announcing the legislation. “The rule of law should apply to this new frontier. This legislation ensures that when something goes wrong with a high-capability AI system, the US Government has the information needed to act quickly.”
Broad range of reportable incidents
The proposal identifies a broad set of incidents that would require disclosure to the Commerce Department.
According to the bill, developers would have to report attempts by covered AI models to evade human oversight, deceive operators, circumvent safeguards, resist shutdown, or obtain unauthorized access to systems or privileges.
The reporting requirement would also apply to theft or attempted theft of model weights, capabilities that could materially enable offensive cyber operations against important software or critical infrastructure, autonomous development of more capable AI systems, and capabilities that could accelerate the development or use of chemical, biological, radiological, nuclear, or explosive weapons.
The legislation also directs the Commerce Department to develop the capability thresholds in consultation with AI developers, academic researchers, cybersecurity experts, national security officials, and other stakeholders before issuing implementation guidance.
Sanchit Vir Gogia, chief analyst at Greyhound Research, said the proposal would make reporting serious AI incidents a legal obligation rather than a voluntary practice for developers of frontier AI models.
“The serious frontier developers already run the evaluations, the red-teaming and the escalation drills,” Gogia said. “What they have never faced at the federal level is a legal obligation to tell the government, on the clock, when a model behaves dangerously.”
Reporting timelines and enforcement
The bill requires covered developers to submit an initial report within seven days of discovering a reportable incident and supplemental reports as additional information becomes available.
The legislation also authorizes the Commerce Department to investigate compliance, issue subpoenas, require corrective action, and impose civil penalties of up to $2 million for violations. Each day of a continuing violation would constitute a separate violation, the bill states.
Gogia said implementation could hinge on how regulators define reporting triggers.
“Capability thresholds are the visible difficulty, and not the deepest one. Thresholds decide which models enter the regime. Discovery decides whether the regime ever sees the fire,” he said.
Drawing a comparison with cybersecurity regulations, he said reporting requirements should clearly define when an incident becomes reportable.
“Cyber reporting has already taught the lesson. A vague trigger produces either silence or noise: firms stay quiet until they are certain, or they file everything and bury the signal,” Gogia said.
Filling a gap, a recent dispute exposed
The bill follows a US government action that exposed the absence of any such process. On June 12, the Commerce Department took action against the latest models from Anthropic, a US AI developer, on national security grounds, prompting the company to disable global access to those models.
“Export control was the sledgehammer. This proposal is the search for a scalpel,” Gogia noted. The measure is a narrower alternative to the Great American Artificial Intelligence Act, a broader discussion draft released earlier in June that also routes critical safety incidents to Commerce.
The Commerce Department’s Center for AI Standards and Innovation has separately signed agreements to evaluate leading models before deployment.
Compliance burden falls on enterprises
Gogia said the legal duty falls on the developer, but the operational cost reaches the customers. “Regulation may name the lab, but the bill for poor visibility is settled downstream,” he said.
He said the hardest question is not which models qualify but when a reporting clock starts. “Thresholds decide which models enter the regime. Discovery decides whether the regime ever sees the fire,” he said, adding that a model can pass laboratory tests yet behave differently once connected to live tools and enterprise data.
The bill exempts submitted reports from public disclosure requirements and states that submitting a report would not waive trade secret protections or attorney-client privilege.
“The instinct behind this bill is sound, but the balance cannot be scored from a press release,” Gogia said. “The wording will decide everything.”
View the full article
When a new AI capability starts making headlines, I see the same pattern play out in boardrooms and executive staff meetings. The technology is introduced as a looming breakthrough for attackers. The conversation quickly shifts to worst-case scenarios. Then security leaders are asked some version of the same question: Are we suddenly exposed in ways we were not exposed before?
My answer is usually no.
In most organizations, the bigger issue is not that a frontier model such as Mythos will magically create a new category of risk overnight. It is that these models can accelerate work on both sides of the cybersecurity equation. Attackers may use them to move faster, but defenders can use them to identify, prioritize and fix weaknesses that have been sitting in plain sight for years.
That is why I view Mythos as a signal, not a siren. It signals that the economics of cyber offense and defense are changing. It does not signal that security fundamentals no longer matter. If anything, it proves the opposite. The organizations that have clear asset visibility, disciplined patching, strong identity controls and resilient operating models will be in a far better position to absorb whatever AI changes next.
That perspective matters because recent breach reporting still points to familiar failure points. Verizon’s 2025 Data Breach Investigations Report shows that credential abuse and vulnerability exploitation remain central themes in how organizations get compromised, with exploitation continuing to rise. In other words, the path into the enterprise is still usually paved by weaknesses security teams already understand.
The real problem is still the basics
In my experience, many organizations do not have a strategy problem as much as they have an execution problem. Security leaders know the basics. Their teams know the basics. Their auditors, regulators and board committees know the basics. The struggle is sustaining those basics consistently across hybrid estates, aging systems, cloud platforms, remote users and sprawling third-party dependencies.
That is why I am cautious when I hear predictions that AI will fundamentally change which controls are relevant. Most successful breaches still start with a known weakness that was not remediated, not prioritized correctly or not visible in the first place. An unpatched internet-facing system. A misconfigured identity relationship. Excessive privilege. Weak segmentation. A service account nobody has reviewed in years. A business-critical exception that quietly became permanent.
I have seen security programs lose momentum when they over-rotate toward the newest threat narrative. They start funding edge use cases while old control gaps remain open. They buy more tooling before fixing ownership, process discipline and accountability. They treat cybersecurity maturity as a collection of projects instead of an operating model. That approach was risky before frontier AI, and it will be even riskier if these models compress attacker timelines further.
If Mythos changes anything for most enterprises, it changes the urgency of getting the basics right. It increases the cost of delays. It raises the penalty for security debt. It puts more pressure on teams that already struggle to inventory assets, rationalize findings and close the delta between what they know and what they have actually fixed.
That shift should also change the way we prioritize work. In many programs, vulnerability backlogs grow because teams are making decisions in fragments. Infrastructure owns one piece. Security operations own another. Identity, cloud and application teams each see a different slice of the problem. What gets lost is the full risk picture. That is why so many organizations feel busy but not measurably safer. They are addressing issues, but they are not consistently reducing the combinations of weakness that attackers actually exploit.
The practical takeaway is straightforward. Before leaders assume Mythos creates a completely new threat model, they should ask a simpler question: Where are we still weak in ways that an attacker would recognize immediately? In my experience, that question leads to a more honest and productive discussion than any speculative debate about what AI may eventually do.
AI can help defenders close the gaps they already know they have
The more constructive way to think about Mythos is to ask where frontier AI can improve defensive capacity right now. I do not mean replacing analysts or handing sensitive decisions to a model without oversight. I mean using AI to tackle problems security teams have long understood but have not had the scale or time to address consistently.
Identity is a good example. NIST says identity and access management is a fundamental and critical cybersecurity capability. Most CISOs would agree. Yet identity environments remain full of drift: nested groups, inherited entitlements, stale accounts, inconsistent role definitions and privileged access that survives long after the business need is gone. Those issues are rarely invisible. They are just hard to analyze holistically in real time.
This is where AI can become valuable. It can help correlate relationships across directories, cloud control planes, tickets, logs and policy stores. It can help surface unusual combinations of access, identify probable attack paths and prioritize fixes based on business impact rather than raw alert volume. The benefit is not more noise. The benefit is faster understanding.
The same logic applies to vulnerability and patch management. Most enterprises already have scanners, ticketing systems and dashboards. What they often lack is a consistent way to decide which vulnerabilities matter most in the context of exploitability, exposure, compensating controls and asset criticality. Frontier AI can help teams move from a long list of findings to a shorter list of actions that materially reduce risk.
I also see opportunities in configuration management and detection engineering. Security teams are drowning in fragmented data. AI can help normalize evidence from multiple sources, highlight configuration drift and connect seemingly isolated signals into a more realistic picture of operational risk. For lean teams, especially, that matters. It can mean spending more time reducing risk and less time reconciling spreadsheets, duplicate alerts and disconnected workflows.
None of this eliminates the need for skilled practitioners. It simply gives them leverage. And in a field where the volume of exposure routinely outpaces available staff, leverage matters.
The most important point is that this is not a call to hand the keys to a model. It is a call to use AI where the return is clearest: accelerating analysis, improving prioritization and helping teams close long-standing control gaps. In other words, the biggest opportunity is not building a futuristic security theater. It is finally operationalizing the fundamentals at a speed the business can sustain.
The board conversation should shift from fear to resilience
The most important shift Mythos should trigger may not be technical at all. It should change the way CISOs talk to boards, CEOs and operating leaders.
Too often, emerging technologies force security leaders into reactive conversations rooted in fear. The implied message is that a new attacker capability has arrived, so the organization now needs a new budget line, another platform or a fresh round of urgent exceptions. Sometimes that is true. Often it is not. More often, the better response is to connect the new development to existing risk priorities and reinforce the investments that improve resilience across multiple scenarios.
When I speak with executives about AI-driven cyber risk, I try to keep the conversation grounded in three points:
Most cyber losses still stem from preventable weaknesses. That is not a comforting message, but it is an actionable one. Improvements in identity, asset governance, patch discipline, third-party oversight and response readiness create value beyond any single threat cycle. The organizations that manage complexity best will usually outperform those that react most dramatically. That framing also helps boards ask better questions. Instead of asking, “What are we doing about Mythos?” they should ask, “Where would AI make our current weaknesses more expensive or more exploitable?” Instead of asking for a point solution, they should ask whether security and IT operations are aligned on the highest-risk remediation work. Instead of measuring activity, they should measure whether security debt is shrinking.
For CISOs, that is an opportunity. Mythos can be used to justify another round of panic, or it can be used to elevate the quality of the risk conversation. I believe the better path is clear. Use the attention to tighten fundamentals. Use the technology to improve prioritization. Use the moment to reduce chronic control failures that attackers have exploited for decades.
That is why I do not see Mythos as a siren demanding overreaction. I see it as a signal that the enterprises most prepared for the AI era will be the ones that finally operationalize what security leaders have been saying for years: resilience is built through disciplined execution, not headline-driven improvisation.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official RussianView the full article
Ten years have passed since the General Data Protection Regulation (GDPR) came into force, and the results are mixed. While data protection has become more firmly established in European companies — and beyond — than ever before, the business world remains critical of the regulation due to increasing bureaucracy, legal uncertainty, and competitive disadvantages.
From a data protection perspective, this is a success story. According to a 2018 Bitkom study, shortly before GDPR came into effect that year, only 7% of German companies had fully or largely implemented the requirements. Six years later, 71% of German companies said they had done so.
Furthermore, GDPR has significantly increased awareness of the protection of personal data — both among companies and consumers. Customers are paying closer attention to transparency, consent, and data security. For many companies, data protection has now become a competitive factor in building customer trust.
At the same time, record fines against data giants such as Meta, TikTok, and Uber show that the GDPR is serious business, with the total amount of publicly known GDPR fines having exceeded €6 billion for the first time in March 2026. Still, just 60% of fines have been paid to date, with other fines having been annulled or remaining under appeal.
Also, according to law firm CMS, there has been a clear shift in focus for GDPR enforcement: Supervisory authorities are increasingly concentrating on practical compliance issues and less on isolated, high-profile cases. What began with landmark proceedings and record fines has now evolved into a routine, operational review of companies’ day-to-day data protection practices.
Companies complain of increasing burden
At the same time, dissatisfaction within the business community is increasing. What was originally intended to provide greater legal certainty and uniform rules across Europe is now perceived by many companies as a constant burden.
In a Bitkom survey from 2025, 81% of companies surveyed stated that the GDPR was making their business processes more complicated. In 2016, only 25% held this view. By 2025, 97% rated the effort required as high, with 44% rating it as very high.
There are many reasons for this discontent. Four out of five companies surveyed (82%) by Bitkom cited uncertainty regarding the precise data protection regulations as a challenge in 2025. At the same time, 86% believe that implementation is never truly complete because companies must continuously react to technical and legal developments. Data protection is thus perceived as a particularly challenging, ongoing compliance task.
AI: GDPR’s new test
Data-driven projects are particularly affected. In 2025, 59% of study participants reported that the development of data pools had failed or not even been initiated due to data protection regulations. The figures remain high for data analysis tools, AI applications, and the digitization of business processes as well. Data protection regulations are thus perceived as a hurdle primarily where — as is particularly the case with AI — innovations depend on large volumes of data.
The result: According to Bitkom, 59% of companies see European data protection as an advantage for AI development in Germany and Europe compared to other countries. In practice, however, they experience the opposite. For example, in 2025, 69% of respondents stated that data protection makes it difficult to train AI models with sufficient data.
“The reality is: AI is not being developed in Europe because of our data protection practices, but the models are still being used here,” commented Bitkom President Ralf Wintergerst on the findings. “This means nothing is gained for the protection of European citizens’ data, but much is lost for Europe as a business location.”
Bitkom is therefore calling for a reform that strengthens data protection where real risks to people arise — and relieves companies of the burden where formal obligations offer no additional protection. Specifically, this means a consistent risk-oriented approach to the GDPR and a unified understanding that the training and operation of AI systems must also be possible in Europe, says Wintergerst.
Whether the industry association’s demand for a relaxation of data protection standards in favor of technological competitiveness is also in the interest of consumers is another matter. What is certain is that the GDPR has not lost its relevance even 10 years after its entry into force (or eight years since its application).
Or, as lawyer Anna Lena Füllsack from CMS puts it: “The enforcement of the GDPR has outgrown its infancy and is now an integral part of the regular legal landscape throughout Europe. For companies, it will remain a key strategic issue in the coming years.”
View the full article
The Russian state-sponsored threat actor known as Turla has been attributed to a previously undocumented .NET backdoor called STOCKSTAY that has been deployed against government and military organizations in Ukraine, and entities that have an interest in Italian foreign policy. Describing the Windows backdoor as continually developed by the hacking group, Google Threat Intelligence Group (View the full article
According to Omdia’s 2026 software supply chain security report, 86% of organizations find SBOM generation challenging. A major driver is tool sprawl: teams cobbling together different scanners for different artifact types, getting inconsistent output across pipelines, and spending engineering time reconciling the results rather than acting on them.
SBOMs have become important to how security teams respond to vulnerability disclosures, how compliance teams satisfy auditors, and how procurement decisions get made. That makes the generation step load-bearing. If the SBOM your pipeline produces misses transitive dependencies, records declared versions instead of resolved ones, or is not cryptographically bound to the artifact it describes, every downstream decision built on that data inherits the gap.
This post covers the decisions that determine SBOM quality: when and where to generate, what separates actionable output from data that just checks a box, and how to keep generation reliable as your image portfolio grows.
When to generate: Build-time vs. post-build
The single decision that most affects SBOM quality is when you generate it. There are two broad approaches, and they produce meaningfully different results.
Build-time generation
Build-time generation hooks into the build system itself. The generator has access to the resolved dependency tree, the package manager files, and the full build context. It knows exactly what went into the artifact because it was present when the artifact was assembled.
Container build systems with native attestation support can produce an SPDX SBOM during the image build, attach it as an in-toto attestation, and push both the image and the SBOM to the registry in a single operation. Language-specific build plugins take a similar approach for application dependencies, generating SBOMs as part of the standard build lifecycle.
The advantage is structural: build-time generation captures the resolved state of every dependency, including transitive dependencies that post-build scanners may miss.
Post-build scanning
Post-build tools scan a finished artifact and reverse-engineer its contents. They work by identifying package manager metadata, file signatures, and known patterns within the artifact. This approach works on any OCI-compatible image, regardless of how it was built.
The trade-off is coverage. Statically linked binaries, vendored dependencies, and OS packages installed in intermediate build stages may commonly be missed by post-build scanners. The scanner can only report what it can detect, and detection is heuristic-based rather than derived from the actual build graph.
When you have build system access, generate at build time. Post-build scanning is the right choice for third-party images you consume but did not build, or for legacy artifacts without build system integration.
For container images, our documentation covers how to configure build-time SBOM attestation in detail, including the specific flags and generator options for different build workflows.
What makes an SBOM useful
Generating an SBOM is not the same as generating a useful one. The file format is standard, but the quality of the content varies dramatically depending on how and when the SBOM was produced. Five criteria separate actionable SBOMs from checkbox artifacts.
1. Completeness
A complete SBOM accounts for every component in the artifact across all layers and all package types. This includes OS packages from the base image, application dependencies from every package manager in the build, and any tooling or utilities added during the build process. 
This is where multi-stage and minimal base images create real gaps. A Dockerfile with a Node frontend, a C or C++ component compiled into a static binary, and a distroless final stage presents three distinct challenges: the Node layer has deep transitive dependency trees, the statically linked binary often carries no dependency manifest on disk, and the distroless base has no package manager at all. Post-build scanners can miss the statically linked dependencies and may undercount the Node tree. Build-time generation with access to each stage’s resolved dependency graph is the only way to get a complete picture.
2. Accuracy
Accuracy means the SBOM records resolved versions, not declared ranges. A package manifest might declare “^4.17.0” but the resolved version in the lock file is 4.17.21. The SBOM must reflect what was actually installed, not what was requested.
3. Freshness
An SBOM is a point-in-time snapshot tied to a specific build. Every time the artifact is rebuilt, the SBOM should be regenerated. Stale SBOMs create a false sense of visibility.
4. Verifiability
A verifiable SBOM is one that consumers can confirm was produced by the build system and has not been tampered with. Cryptographic signing and attestation frameworks bind the SBOM to a specific artifact digest, along with build provenance that records where and how the artifact was built.
5. Format compliance
Standard formats like SPDX and CycloneDX define required and optional fields. An SBOM that validates against the schema is interoperable across scanning tools, policy engines, and compliance workflows. One that does not may work with your current tools but will break when you change them.
Some base images already ship with SBOMs that meet all five criteria, along with SLSA Build Level 3 provenance and exploitability data. These SBOMs were generated at build time on hardened build platforms with non-falsifiable provenance, cryptographically signed, and attached as in-toto attestations bound to the image digest. They are continuously regenerated with every rebuild, so freshness is maintained without manual intervention. For those images, the generation question is answered for the most critical layer of the stack, and your effort shifts to generating a complete SBOM for the application layer you add on top.
Your generation toolchain is attack surface
The tools you use to generate SBOMs run with elevated access to your build environment. They read your source code, your dependency trees, and your build artifacts. A compromised generator does not just produce bad output; it has the access to exfiltrate or modify what it scans.
This is not a theoretical concern. Version tags on GitHub Actions and container images are mutable. A tool you pinned to v2.1 today can silently become something different tomorrow if a maintainer account is compromised or a tag is force-pushed. The exposure window for incidents like these is typically measured in hours, but automated pipelines can pull compromised versions within minutes.
Treat your generation tooling with the same rigor you apply to any other build dependency:
Pin to immutable references (commit SHAs, not version tags). Verify checksums before execution. Run generation in CI, not on developer machines, for reproducible and auditable output. Monitor for upstream security advisories on your generation tools. This is one dimension of a broader software supply chain security challenge: every tool in your pipeline is a dependency that needs the same scrutiny as your application code. For base images, you can sidestep this risk entirely. Images built on hardened build platforms with non-falsifiable provenance carry their supply chain metadata from the point of origin, cryptographically verified end-to-end.
Integrating SBOM generation into CI/CD
Manual SBOM generation works for one-off audits. For production workflows, generation needs to be automatic, reproducible, and wired into the rest of your delivery pipeline. The pattern is consistent across CI systems.
Generate at build
Add SBOM generation as a build stage step, immediately after the image is produced. For container images, BuildKit attestation flags are the most reliable approach. For application dependencies, language-specific plugins (CycloneDX for Maven/Gradle, npm/yarn for Node) produce the highest-quality output because they access the resolved dependency graph.
For multi-stage builds, generate from the final stage only. Intermediate stages often install build tools and test frameworks that do not ship in the production image. Generating against intermediate stages inflates the SBOM with components that are not deployed, creating noise in vulnerability scans.
Choose an attestation format
SPDX is the native output format for BuildKit attestation and the stronger choice if license compliance is a primary concern. CycloneDX has richer vulnerability correlation support and more granular component classification, making it the better fit for security-focused workflows. If your consumption tools (policy engines, vulnerability scanners, compliance dashboards) have a preference, follow it. If they support both, default to SPDX for container images since it requires no additional tooling beyond BuildKit’s built-in generator.
Attach to the artifact
Store the SBOM alongside the artifact it describes. For container images, this means attaching it as an OCI attestation in the registry rather than saving it as a separate file in an artifact store. Attestation-based storage keeps the SBOM discoverable, versioned, and bound to the specific image digest. When the image is promoted from dev to staging to production, the SBOM travels with it through every registry, rather than requiring a separate copy-and-sync workflow that inevitably drifts.
Validate before publishing
Add a validation step between generation and registry push. Run the SBOM through a format validator (SPDX and CycloneDX both provide official schema validators), check that the component count is reasonable for the artifact, and verify that the SBOM references the correct image digest. A build that produces 12 components for an image you know contains 200+ packages should fail the pipeline, not ship silently.
Scan and enforce continuously
SBOM generation at build time captures what’s shipped. Continuous scanning tells you what’s become vulnerable since. New CVEs drop daily, and an SBOM that was clean at build time can have critical exposures within weeks. Continuous analysis against SBOM data matches new disclosures against your inventory without re-pulling images, and surfaces policy violations as they emerge. With SBOMs attached to every image, you can gate deployment: no image ships without a valid SBOM, no image deploys with a known-vulnerable package above your severity threshold.
Implementation details vary by CI system. Our documentation covers the specific flags and configuration for generating and attaching SBOM attestations across common container build workflows.
Verifying your SBOM output
Before relying on your SBOM output for compliance reporting or vulnerability management, verify that it meets the quality criteria below.
Component count sanity check: Compare the number of components in your SBOM against what you expect from the Dockerfile, lock files, and base image. A Node.js app with 200 declared dependencies should produce substantially more entries once transitive dependencies are included. Resolved versions, not ranges: Spot-check entries to confirm the SBOM records specific versions (4.17.21) rather than declared ranges (^4.17.0). Transitive dependency depth: Verify that transitive dependencies appear, not just top-level packages. If your app declares 30 direct dependencies but the SBOM contains 32 entries, transitive coverage is likely incomplete. OS package coverage: Confirm that base image OS packages appear alongside application dependencies. Digest binding: Verify the attestation references the correct image digest. An unbound SBOM cannot be trusted to describe its artifact. Format validation: Run the SBOM through a schema validator (SPDX and CycloneDX both provide official tools). Start generating, then start verifying
The best time to add SBOM generation to your pipeline is the next time you touch your CI configuration. Start with your highest-traffic production image. Configure build-time generation, attach the SBOM as an attestation, and validate the output against the checklist above. Then expand to the rest of your portfolio.
If you want a head start, Docker Hardened Images ship with complete SBOMs, SLSA Build Level 3 provenance, and OpenVEX data already attached, so you can skip the generation step for your base layers entirely. For everything you build on top, Docker Scout provides continuous vulnerability matching against your SBOM data and enforces policies across your image portfolio.
Get started with Docker Hardened Images → Explore vulnerability monitoring with Docker Scout → Frequently asked questions
What is the best format for an SBOM?
For container images, default to SPDX since it is the native BuildKit attestation output and requires no additional tooling. Choose CycloneDX if your primary use case is security scanning and your downstream tools prefer it.
Do I need to generate an SBOM if my images already come with one?
If you are using base images that ship with pre-built SBOMs, provenance, and exploitability data, you do not need to regenerate for that layer. The included SBOM was generated at build time with full access to the build graph and is cryptographically bound to the image.
To verify the pre-built SBOM is trustworthy, check two things: 
Is the SBOM attached as a signed attestation (not a loose file)? Does the attestation include SLSA provenance? If the provenance traces back to a hardened build platform with non-falsifiable provenance, you can treat the SBOM as authoritative for that layer. You still need to generate an SBOM for the application dependencies you add on top.
How often should I regenerate my SBOM?
Every time the artifact is rebuilt. If your CI pipeline produces a new image, it should produce a new SBOM to match. Between rebuilds, the existing SBOM is still accurate because the artifact has not changed.
Is SBOM generation required for compliance?
In the United States, Executive Order 14028 helped set SBOM requirements in motion for software sold to federal agencies. The EU Cyber Resilience Act extends SBOM requirements to all products with digital elements sold in the EU.
And as AI workloads come under newer regulations like the EU AI Act with its technical documentation and transparency expectations, component-level inventories are becoming a practical way for teams to show what is inside high-risk systems. Industry frameworks like NIST SSDF and CISA’s SBOM guidance increasingly reference SBOMs as a baseline expectation. Whether legally required today, SBOMs are becoming a procurement prerequisite.
Sources
Omdia, Securing the Software Supply Chain: Strategic Approaches to Support Scaling Development with AI Adoption, May 2026.

View the full article
Apple had its worst day on the stock market in more than a year today, according to CNBC, after it raised prices on Macs, iPads, HomePods, the Apple TV, and the Vision Pro.

Apple's stock price dropped 6% on the day — its largest single-day loss since April 2025. AAPL closed at $275.15.
This article, "Apple's Stock Has Worst Day in More Than a Year After Price Increases" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple could launch an updated base model 14-inch MacBook Pro with an M6 chip as soon as this year, reports Bloomberg. There could also be M6 chip updates for the Mac mini, iMac, and MacBook Air, but Apple is testing an M6 ‌MacBook Pro‌.


Apple plans to introduce the M6 in late 2026, and for the first time, it will be a standalone chip. Apple is not working on M6 Pro or M6 Max chips, and will hold off on higher-end chip options until the M7 series launches in 2027.

The M6 chip will be the first built on a 2-nanometer process instead of the 3-nanometer process that Apple has used for the last several chip generations. Rumors suggest Apple will use TSMC's N2 process. Compared to the 3nm process, the 2nm process cuts down on transistor size so more can be packaged on a chip. Decreases in node size typically bring improved processor speeds and better power efficiency.

TSMC's new chips also transition from InFo (Integrated Fan-Out) packaging to WMCM (Wafer-Level Multi-Chip Module). WMCM integrates individual chip components like the CPU, GPU, DRAM, and Neural Engine more closely together, improving communication between the components.

According to Bloomberg, the M6 will be the most powerful in the industry for its class. The chip will have higher memory bandwidth at approximately 200GB/s (up from 153GB/s in the M5). Increased memory bandwidth will improve graphics performance and speed up on-device AI tasks.

The M6 will have an updated memory architecture, an upgraded Neural Engine for AI processing, and improvements to video encoding and decoding. Performance will improve for all of the processing cores, and the GPU will also get an update to optimize it for AI. Apple is testing versions of the chip with a 12-core GPU. The M5 chip is limited to a 10-core GPU.

Apple last updated the base 14-inch ‌MacBook Pro‌ with an M5 chip in October 2025, so an M6 update around the one-year mark would make sense. The base ‌Mac mini‌ and ‌iMac‌ have not been updated since October 2024, but Bloomberg recently said those machines would get M5 chips, not M6 chips, so Apple's plans are unclear. Bloomberg's newest report on the M6 mentions plural entry-level Macs getting the M6, but it only specifically references the ‌MacBook Pro‌.

Apple added the M5 chip to the iPad Pro in October 2025, but it is not known if the device will get an M6 chip this year because prior rumors have said no 2026 refresh is planned. The ‌MacBook Air‌ was refreshed in March 2026, so it may not get a new chip until 2027.Related Roundup: MacBook ProBuyer's Guide: MacBook Pro (Buy Now)Related Forum: MacBook Pro
This article, "M6 MacBook Pro Expected This Year With Apple's First 2nm Chip" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Despite price increases across the Mac line, Apple is still planning to release a new Mac Studio as soon as this year, reports Bloomberg.


Apple plans to introduce a new M5 Ultra chip as the final option in the M5 family before it transitions to the M6, M7, M7 Pro, and M7 Max. The M5 Ultra will come in a new version of the ‌Mac Studio‌, which hasn't been updated since March 2025.

The ‌Mac Studio‌ refresh was supposed to come earlier in 2026, but Apple reportedly postponed the launch because of memory chip supply issues and price increases. In April, Bloomberg said the ‌Mac Studio‌ would launch sometime around October 2026.

It's not clear if Apple will make an October launch. The current M3 Ultra ‌Mac Studio‌ already has delivery estimates ranging into October.

The M5 Ultra chip is expected to have around 36 CPU cores and 80 GPU cores, which is not too far off from the M3 Ultra. The M3 Ultra has up to a 32-core CPU and up to an 80-core GPU. Apple has tested support for up to 768GB of unified memory, but supply constraints could prevent it from launching with an option for that much memory.

Apple was selling the M3 Ultra ‌Mac Studio‌ with up to 512GB RAM, but the 512GB model was removed back in March. Apple has been temporarily cutting higher-tier Macs, and the current M3 Ultra ‌Mac Studio‌ can only be purchased with 96GB RAM.

Even if Apple does plan to release a ‌Mac Studio‌ with an M5 Ultra chip and 768GB RAM, it would be astronomically expensive. When Apple raised Mac prices today, the 96GB ‌Mac Studio‌ went from $3,999 to $5,299, an increase of $1,300. 8x more RAM during the memory crisis could see the ‌Mac Studio‌ priced at over $10,000.Related Roundup: Mac StudioBuyer's Guide: Mac Studio (Don't Buy)Related Forum: Mac Studio
This article, "M5 Ultra Mac Studio Could Launch in 2026 With Up to 768GB of RAM" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded a new beta of watchOS 27 for the Apple Watch Ultra 3, with the update coming over two weeks after the launch of the first beta. This beta is only available for the ‌Apple Watch Ultra 3‌, which did not get the second beta update that came out earlier this week.


The beta can be downloaded through the Watch app on the iPhone with a free developer account. The Apple Watch will need to be on the charger, connected to Wi-Fi, and have a battery level of 50 percent or above for new software to be installed.

‌watchOS 27‌ will include Siri AI, the smarter, more capable version of ‌Siri‌. ‌Siri‌ can hold back-and-forth conversations, plus it has access to general world knowledge and your personal data to answer questions and find information. ‌Siri‌ AI on Apple Watch requires an iPhone that supports Apple Intelligence, including the iPhone 15 Pro and later.

There's a new Dynamic app grid that highlights ‌Siri‌ suggested apps, and more intuitive Smart Stack Suggestions. You can find your parked car, see pinned messages, get noise alerts, and view identity and transit cards.

Liquid Glass has been updated to improve legibility, and Workout Buddy works on the Apple Watch even when an iPhone isn't nearby. Workout Buddy also gains new metrics like progressive increases to distance, pace, or duration. Apple added a new all-in-one Find My app with support for Precision Finding, and there are performance optimizations that improve battery life.

More on what's new in ‌watchOS 27‌ is available in our watchOS 27 roundup.Related Roundups: Apple Watch Ultra 3, watchOS 26, watchOS 27Buyer's Guide: Apple Watch Ultra (Neutral)Related Forum: Apple Watch
This article, "Apple Seeds New watchOS 27 Beta for Apple Watch Ultra 3" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today raised prices on many of its products, including all Macs and iPads, as well as the Apple TV, HomePod, HomePod mini, and Vision Pro. We shared a list of the price increases, which range from $30 for the HomePod mini to up to $1,300 for the Mac Studio. iPhone, Apple Watch, and AirPods prices have not changed, at least for now.


In a statement shared with MacRumors, Apple said it raised prices because of the ongoing memory chip shortage, resulting from companies like OpenAI and Nvidia building out data centers with powerful AI servers. The supply-demand imbalance has led to skyrocketing prices for RAM and SSD storage chips used in a wide range of Apple products.

Apple's full statement:Apple indicating that it needs to "begin" raising prices suggests that additional price increases might occur later. On the other hand, Apple noting that it is "working tirelessly to find solutions" suggests that prices might eventually come down again.

Apple is far from the only tech company that has raised prices in response to the memory chip shortage, with others including Microsoft, Samsung, Lenovo, HP, Dell, and more. Memory chip supplier Micron expects the shortage to last through 2027, so elevated prices could be the norm for another year and a half or longer.
This article, "Apple Explains Why It Raised Prices on These 14 Products Today" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is changing its Apple silicon launch timeline to speed up the debut of chips designed for artificial intelligence workloads, reports Bloomberg.


Apple plans to release an M6 chip for entry-level Macs as soon as this year, but it has canceled plans for higher-end M6 Pro and M6 Max chips. Instead, Apple's next Pro and Max chips will be part of its M7 chip lineup, with the first M7 chips launching in 2027. An M5 Ultra chip could also come as soon as this year.

M5 Ultra - Late 2026
M6 - Late 2026
M7 - First half of 2027
M7 Pro - End of 2027
M7 Max - End of 2027
M7 Ultra - 2028

Apple is speeding up development on M7 chips because they have technologies supporting on-device AI and GPU-intensive software. Since the launch of the first Apple silicon chips, Apple has always had at least three variants, including the base M-series chip, a Pro version, and a Max version. The M6 will mark the first time that Apple is not coming out with a Pro or Max chip for the line.

Apple could update the entry-level MacBook Pro with an M6 chip as soon as this year. It is expected to have around 200GB/s memory bandwidth for better graphics and faster AI processing and video editing. The base M5 chip has 153GB/s memory bandwidth, and the base M7 chip could have 240GB/s bandwidth.

Bloomberg says the M6 will also include an updated memory architecture and an upgraded Neural Engine, along with performance improvements across all of the processor cores and a redesigned GPU with up to 12 cores. Prior rumors have suggested the M6 will be the first built on Apple's new 2-nanometer process.

The base M6 could also be used in the entry-level Mac mini and iMac, along with upcoming iPad Pro and iPad Air models. The higher-end ‌MacBook Pro‌ models and higher-end ‌Mac mini‌ will use the M7 Pro and M7 Max. The Mac Studio will use the M7 Max and M7 Ultra.

Bloomberg says Apple still plans to release an M5 Ultra for a refreshed version of the ‌Mac Studio‌ as soon as this year. The M5 Ultra will have approximately 36 CPU cores and 80 GPU cores. An M5 Ultra ‌Mac Studio‌ could have as much as 768GB of unified memory.

Apple is working on a high-end "MacBook Ultra" with an OLED display and a touchscreen, and rumors suggested it could come as soon as late 2026. That seems unlikely now with the M7 Pro and M7 Max chips slated for late 2027, unless Apple equips the high-end ‌MacBook Pro‌ with an M6, the M5 Max, or the M5 Ultra chip.

News of Apple's updated chip launch timeline comes just after the company raised prices across all of its Macs and iPads.Related Roundups: Mac Studio, MacBook ProBuyer's Guide: Mac Studio (Don't Buy), MacBook Pro (Buy Now)Related Forums: Mac Studio, MacBook Pro
This article, "2027 Macs to Get AI-Focused M7 Chips as Apple Skips High-End M6" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's annual Back to School promotion will return by next week, according to Bloomberg's Mark Gurman.

Last year, college students and educational staff could receive a free accessory like AirPods 4 or an Apple Pencil Pro with the purchase of a qualifying Mac or iPad model. It is unclear what Apple plans to offer this year, but given the company has just raised prices on all Macs and iPads, this year's Back to School promotion will be rather bittersweet.
This article, "Apple's 2026 Back to School Offer Expected to Begin by Next Week" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The EU Cyber Resilience Act (CRA) was officially introduced on December 10th 2024, to protect foundational EU values in the face of rising cyberattack threats. As cyberattacks targeting products with digital elements have grown more frequent and costly, the regulation establishes the first horizontal cybersecurity baseline for all hardware and software products sold in Europe. The urgency is real given that in Omdia’s 2026 software supply chain security report, 77% of organizations reported experiencing a supply chain incident in the last year.
The regulation will take full effect on December 11, 2027, but mandatory vulnerability reporting obligations take effect on September 11, 2026. For teams building and shipping containerized software, the CRA turns practices like SBOM generation, vulnerability disclosure, and image hardening from voluntary best practices into legal requirements.
This guide covers what the EU CRA requires, who it applies to, how its SBOM mandate connects to container build workflows, and what teams need to do before the compliance deadlines arrive.
What is the EU Cyber Resilience Act (CRA)?
Before the CRA, the EU had no single, cross-sector regulation setting cybersecurity baselines for  products with digital elements. A smart thermostat, an enterprise database, and a container runtime were all subject to different (or no) cybersecurity obligations. There was no general obligation to patch vulnerabilities, disclose security incidents, or document the software of products with digital elements launched in the EU market. The CRA closes that gap with a horizontal regulation that applies across several industries, placing the primary burden on manufacturers.
The regulation defines a product with digital elements as any software or hardware product, including its remote data processing solutions and any components placed on the market separately. That scope is intentionally broad: it covers everything from consumer IoT devices to enterprise software platforms to container images distributed through registries. Manufacturers must design products securely, handle vulnerabilities throughout the product lifecycle, and provide transparency about software composition.
How the CRA relates to NIS2
The CRA is one part of the broader EU cybersecurity strategy that includes other regulatory frameworks, like NIS2 and DORA. Since the CRA and NIS2 both deal with cybersecurity obligations, they’re easy to conflate, but they target different things. The CRA applies to cybersecurity of products with digital elements, while NIS2 applies to the cybersecurity of essential and important entities.
Recital 12 of CRA even affirms that SaaS, PaaS, or IaaS solutions are subject to NIS2, in principle carving them out of its own scope. However, the line is blurry for products depending on cloud infrastructure.
The European Commission’s March 2026 draft guidance introduced a three-part test for determining when a cloud component falls under CRA scope:
Does the processing happen remotely? Would the product lose a core function without it? Did the manufacturer design, develop, or is control of that remote component under its responsibility? If the answer to all three is yes, the cloud component is part of the product for CRA purposes. Where that test pulls a cloud component into scope and the component processes personal data, the GDPR applies on top of the CRA rather than in place of it, so you still need to assign controller and processor roles and confirm a lawful basis.
Who the CRA applies to
The CRA assigns obligations based on your role in bringing a product to market.
Role
Obligations
Manufacturers
The heaviest set of obligations.
The manufacturer has assessment obligations before placing the product on the market, in order to ensure compliance with the cybersecurity requirements set out in the CRA.
After this process, the manufacturer can affix the CE marking and attach a declaration of conformity to its products. After placement on the market, the manufacturer is required to handle vulnerabilities in the products throughout their lifetime and to report actively exploited vulnerabilities and severe incidents.
Importers and distributors
Fewer obligations.
Both must ensure that the manufacturer complied with a set of obligations, but also retain documentation and act upon becoming aware of non-conformity of the product with the CRA or a vulnerability.
Open-source software stewards
A new CRA category.
Mainly for micro-enterprises and small and medium-sized enterprises, including start-ups, individuals, non-profit organizations and academic research organizations, that systematically support open-source used in commercial activity.
Scaled-down obligations covering, in particular, putting in place a cybersecurity policy and vulnerability handling, but also cooperation with market surveillance authorities and certain reporting obligations.
Key requirements for the EU CRA
The CRA organizes its requirements into two main areas, both defined in Annex I of the regulation: essential cybersecurity requirements for product properties, and vulnerability handling obligations for the product lifecycle.
Security by design
Products must be designed, developed, and produced to ensure an appropriate level of cybersecurity based on a risk assessment. In practice, this means shipping with secure default configurations, minimizing the attack surface by removing unnecessary components, protecting the confidentiality and integrity of stored and transmitted data, and providing mechanisms for secure updates.
For container images, the security-by-design requirement maps directly to image hardening:
minimal base layers no unnecessary shells or package managers secure defaults out of the box. The essential requirements also include data minimization: a product should process only personal or other data that is adequate, relevant, and limited to what is necessary for its intended purpose.
Vulnerability handling
Manufacturers must maintain processes for identifying, documenting, and remediating vulnerabilities throughout the support period they define for each product. This includes coordinated vulnerability disclosure policies, timely security updates, and public disclosure of fixed vulnerabilities with enough detail for users to assess impact and apply remediation.
Security updates must be provided free of charge for the duration of the support period. Public disclosures should be limited to the technical detail users need and must not expose personal data, such as the identity of a reporter or of affected users, consistent with the CRA’s expectation that disclosures avoid increasing risk and with GDPR limits on publishing personal data.
Transparency and SBOMs
The CRA also requires manufacturers to include a software bill of materials in the technical documentation for every product with digital elements. The SBOM must be in a commonly used, machine-readable format and must include, at minimum, the top-level dependencies of the product. However, the regulation does not mandate a specific format, but in practice that typically means SPDX or CycloneDX.  Scope the generated SBOM to package and dependency metadata and keep embedded secrets and personal data out of the artifact.
An important nuance: The CRA does not require manufacturers to publish SBOMs publicly. SBOMs must be included in technical documentation and provided to market surveillance authorities on request. Also, the documentation must be retained for ten years after the product is placed on the market, or for the duration of the support period, whichever is longer.
Incident and vulnerability reporting
Manufacturers must report actively exploited vulnerabilities and severe security incidents to the relevant national Computer Security Incident Response Team (CSIRT) and to ENISA through a single reporting platform. The reporting timelines are:
Reporting timelines:
– 24 hours: early warning notification
– 72 hours: full notification with technical details
– 14 days: final report after a corrective measure is available (for actively exploited vulnerabilities)
– 1 month: final report from the 72-hour submission (for severe incidents)
Note for Privacy: These reports can contain personal data, such as a reporter’s identity or affected-user details, so limit each report to the technical information the CSIRT and ENISA actually need and handle any personal data in line with the GDPR.  Notifications should also avoid disclosing information that would increase risk to users.
Conformity assessment
Before placing a product on the EU market, manufacturers must complete a conformity assessment to verify compliance with the essential cybersecurity requirements. The type of assessment depends on how the product is classified under the CRA.
Product categories and conformity assessment
The CRA classifies products into three tiers based on their cybersecurity risk, with each tier subject to increasingly rigorous conformity assessment procedures.
If you’re shipping container runtimes, you likely fall into the Important Class II category and will need a third-party assessment. Products that pass their conformity assessment receive the CE marking, which indicates compliance with the CRA and allows them to be sold on the EU market. Products that fail, or that are found to be non-compliant after placement, can be ordered withdrawn or recalled by national market surveillance authorities.
CRA timeline: 3 Deadlines that matter
The CRA entered into force on December 10, 2024, but its obligations phase in over three years. Each milestone introduces a distinct set of requirements.
Date
Milestone
What takes effect
June 11, 2026
Conformity assessment bodies
Member states must designate notifying authorities. Conformity assessment bodies begin formal notification and can start conducting assessments.
September 11, 2026
Reporting obligations
Manufacturers must report actively exploited vulnerabilities and severe security incidents to CSIRTs and ENISA. This retroactively applies to all products already on the EU market, not just new ones.
December 11, 2027
Full enforcement
All essential cybersecurity requirements take effect: security by design, SBOM in technical documentation, vulnerability handling, conformity assessment, CE marking. Non-compliance triggers fines.
The key detail most teams miss: the September 2026 reporting obligation is applicable to products that are already in the market. It retroactively applies to products already on the EU market, not just new releases. If you are selling container images to EU customers today, your 24-hour reporting clock starts in months, not years.
Penalties for non-compliance
Article 64 of the CRA establishes three penalty tiers for non-compliance, with fines set at the member-state level but capped by the regulation:
Up to €15 million or 2.5% of global annual turnover (whichever is higher) for failure to comply with essential cybersecurity requirements and other core obligations (Art. 64 (2))  Up to €10 million or 2% of global annual turnover (whichever is higher) or failure to comply with other CRA obligations (Art. 64 (3)) Up to €5 million or 1% of global annual turnover (whichever is higher) for supplying incorrect, incomplete, or misleading information to authorities (Art. 64 (4)) Beyond fines, market surveillance authorities can order product withdrawals, recalls, or outright bans from the EU market. For organizations selling software products into the EU, losing market access is often a more significant consequence than the fine itself.
Microenterprises and small enterprises are generally exempt from fines for missing the 24-hour early warning deadline on vulnerability and incident reporting. Open-source software stewards are not subject to fines for any CRA infringement.
Open-source software and the CRA
The CRA’s treatment of open source was one of the most debated aspects during the legislative process. The final text draws a clear line based on commercial activity.
Free and open-source software that’s not used in the course of a commercial activity, either directly or through support, is outside the CRA’s scope. Individual developers and volunteer maintainers are not classified as manufacturers under the regulation, as long as they operate outside a commercial activity. And the CRA explicitly does not apply to open-source software supplied for distribution outside the scope of a commercial activity.
However, the regulation introduces a new role: the open-source software steward. 
A “steward” is a legal person (a company or foundation, not an individual) that systematically supports the development of open source software intended for commercial activities. The CRA applies a light-touch regime for stewards with limited obligations. They must mainly:
Maintain a cybersecurity policy. Report actively exploited vulnerabilities. Cooperate with market surveillance authorities.  Critically, stewards are not subject to financial penalties for CRA infringements.
Organizations that distribute open-source software under a commercial model, whether through paid support or commercial container image registries, are classified as manufacturers, not stewards. The distinction matters because manufacturers carry the full weight of CRA obligations, including conformity assessment and CE marking.
What the CRA means for container teams
Everything above applies to the full universe of digital products. Here’s where it gets specific. Container images and runtimes distributed commercially into the EU qualify as products with digital elements under the CRA. If your organization publishes container images in a registry that EU customers can pull from, and those images are part of a commercial offering, the CRA applies and you may be considered a manufacturer. This is true regardless of where your organization is headquartered.
The practical implications span the entire container lifecycle:
Image composition transparency: Every image needs a machine-readable SBOM that documents at least the top-level dependencies. Image-layer SBOMs generated at build time, which capture OS packages, runtime libraries, and transitive dependencies, go further than the CRA’s minimum. Vulnerability management: Organizations must have processes to track, remediate, and report vulnerabilities in the components their images contain. Starting September 2026, all vulnerability and incident reporting obligations listed in Article 14 come into effect. Security by design: Images should ship with minimal attack surfaces, secure default configurations, and no unnecessary components. Hardened base images with shells, package managers, and debug tools removed satisfy this requirement more directly than standard community images. Provenance and integrity: The CRA’s essential requirements include protecting the integrity of the product and verifying that components have not been tampered with. Cryptographic signatures and provenance attestations address this directly. Support periods: Manufacturers must define and communicate a support period during which they will handle vulnerabilities. For container images, that means committing to a patch and rebuild cadence for the lifecycle of each supported image tag. Compliance starts at the image layer
The CRA raises the bar for every organization that ships software into the EU. For container teams, the requirements map directly to practices the industry has been moving toward: hardened images, build-time SBOMs, provenance attestations, vulnerability monitoring, and defined support lifecycles. The difference is that these practices are no longer optional.
Thankfully, Docker Hardened Images ship with the artifacts the CRA demands: complete SBOMs, SLSA Build Level 3 provenance with non-falsifiable attestations, OpenVEX exploitability data, and cryptographic signatures. The images are minimal by default, continuously rebuilt against upstream fixes, and backed by defined support periods. Pair that with continuous vulnerability monitoring against SBOM data limited to package and component metadata and excluding personal data and embedded secrets, and the CRA’s 24-hour reporting clock starts with a known blast radius rather than a manual triage.
Get started with Docker Hardened Images → Explore vulnerability monitoring with Docker Scout → Frequently asked questions
Does the CRA apply to container images?
Yes, generally. Container images distributed commercially into the EU qualify as products with digital elements under the CRA. This applies whether the images are distributed as part of a software product, sold as managed services, or published in a commercial registry. The regulation applies based on commercial availability in the EU market, not on where the manufacturer is headquartered.
What SBOM format does the CRA require?
The CRA requires a commonly used, machine-readable format but does not name a specific standard. In practice, that usually means SPDX or CycloneDX. For container workflows, SPDX is the format BuildKit generates natively as an image attestation. Whichever format you use, scope the SBOM to package and dependency metadata and exclude embedded secrets and personal data from the generated artifact.
Do I have to publish my SBOM publicly?
No. The CRA requires SBOMs to be included in technical documentation and provided to market surveillance authorities upon request. There is no obligation to make them publicly available. However, organizations that do publish SBOMs as attestations attached to their images make it easier for downstream consumers to verify compliance and assess risk. If you do publish, scrub the SBOM and attestations of secrets, internal hostnames, and any personal data first, because a published artifact is difficult to retract.
Are open-source projects exempt?
Open-source software is outside the CRA’s scope as far as they are not made available on the market, and therefore supplied for distribution or use in the course of a commercial activity. Individual volunteer maintainers are not classified as manufacturers as far as they operate outside a commercial activity. However, organizations that distribute open-source software commercially (through paid support, managed services, or commercial registries) may be classified as manufacturers and subject to the full set of CRA obligations.
When do the CRA’s SBOM requirements take effect?
The SBOM requirement is part of the essential cybersecurity requirements in Annex I, which take full effect on December 11, 2027. However, the vulnerability reporting obligations that begin on September 11, 2026 are operationally much harder to meet without SBOM data, so the practical imperative to have SBOMs in place arrives well before the formal deadline.
Source
Omdia, Securing the Software Supply Chain: Strategic Approaches to Support Scaling Development with AI Adoption, May 2026.
View the full article
Apple has raised the prices of Macs and iPads across its Certified Refurbished online store, following the sweeping new product price hikes introduced earlier today.


Across the affected products in Apple's refurb inventory, prices went up by around $160 to $180 on average, but it was the Mac increases that were generally more eye-watering than the iPad increases.

The Mac increases averaged about $204 at the low end and $330 at the high end. Some of the smaller Mac changes included the 14-inch MacBook Pro with an M4 Pro chip rising from $1,699 to $1,779 – the Nano-texture version of the same model rose from $1,829 to $1,909. Elsewhere, a 16-inch MacBook Pro with an M4 Pro chip and Nano-texture display increased from $2,249 to $2,339.

But it was the higher end of the Mac lineup that saw the biggest price increases. A refurbished 14-inch MacBook Pro with the M5 chip rose from $1,359 to $1,439, while the highest-priced configuration in that group increased from $2,629 to $3,309. A 14-inch MacBook Pro with the M2 Max chip also jumped from $4,249 to $4,839.

As for the iPad, the increases were more consistent. Many refurbished iPad models went up by around $120 to $150. In terms of lower-end models, examples include the 10th-generation iPad Wi-Fi 256GB models rising from $339 to $409, while iPad mini 6 models increased from $379 to $459 or from $449 to $529. Some higher-end iPad Pro configurations also saw larger increases of around $230 to $250.

The refurbished price changes are in line with Apple's broader pricing reset for new products, which are said to be due to the company having to grapple with the impact of rising memory and storage chip costs owing to the ongoing AI data center buildout. In other words, if new Macs and iPads become more expensive, refurbished versions also need to rise so that they remain discounted by roughly the same amount.

That said, many of Apple's refurbished units likely contain original memory, storage, and logic boards, or service parts purchased before the latest component cost spike. So this appears to be more a case of increased prices based on Apple's updated pricing structure, rather than the actual cost of each device.Tag: Apple Refurbished Products
This article, "Apple Raises Refurbished Mac and iPad Prices After New Product Hikes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
AI SOC triage agents are getting a lot of attention, but the market is still ahead of the standard many buyers are using to evaluate them. In this blog, we look at what a triage agent should actually do inside real security operations, where it should create measurable value, and where it should stop short of replacing analyst judgment. The goal is not a faster interface. It is better triage, better case quality, and less wasted analyst effort.
View the full article
While the Apple TV, HomePod, and HomePod mini have not been updated in several years, all three products received price increases worldwide today.


Here is a summary of the price changes for these products in the United States:Apple TV (Wi-Fi): $129 → $199
Apple TV (Wi-Fi + Ethernet): $149 → $249
HomePod: $299 → $349
HomePod mini: $99 → $129Apple also raised prices on Macs, iPads, and more, with the company blaming the ongoing memory chip shortage, which has resulted in skyrocketing prices for RAM and SSD storage used in its products. "We have never seen a component price increase this much, this quickly," said Apple, in a statement shared with the media.

The price increases come amid a long wait for new Apple TV, HomePod, and HomePod mini models. All three devices are expected to be updated later this year with support for the more personal and intelligent version of Siri, which is currently available to test across the iOS 27, iPadOS 27, macOS 27, and visionOS 27 developer betas.

The trio of devices are between three and six years old. Apple unveiled the HomePod mini all the way back in October 2020, while the current Apple TV and HomePod models debuted in October 2022 and January 2023, respectively.

The current Apple TV 4K has an A15 Bionic chip from the iPhone 13 series, while the HomePod mini uses the S5 chip from the Apple Watch Series 5, and the second-generation full-sized HomePod uses the S7 chip from the Apple Watch Series 7.

Earlier rumors claimed the next Apple TV would be equipped with the A17 Pro chip, which is the oldest chip that supports Apple Intelligence. The device is also expected to feature Apple's N1 chip for Wi-Fi 7, Bluetooth 6, and Thread.

No major design changes have been rumored for the next Apple TV.

Bloomberg's Mark Gurman was told that the Apple TV's Siri Remote may be "refreshed" in some form, but he did not provide any specific details or guarantee that there will be any outward-facing design changes to the accessory.


As for the HomePod mini, it is expected to use an Apple Watch's S9 chip or newer. Other previously-rumored features for the speaker include the N1 chip, improved sound quality, a newer Ultra Wideband chip, and a red color option.

Apple is also expected to release an all-new smart home hub as early as this year.Related Roundups: Apple TV, HomePod, HomePod miniBuyer's Guide: Apple TV (Don't Buy), HomePod (Caution), HomePod Mini (Don't Buy)Related Forums: Apple TV and Home Theater, HomePod, HomeKit, CarPlay, Home & Auto Technology
This article, "Apple TV and HomePod Just Went Up in Price Amid Wait for New Models" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon Prime Day has reached its third day, and is set to end tomorrow, June 26. Many of the year's best deals are still available to purchase today, including record low prices on AirPods Max 2, AirTag 2, Apple Watch Series 11, iPad Air, and more.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple threw a wrinkle into Prime Day prices today, announcing a price hike on a huge selection of its most popular products. These new price increases are already live on Apple.com, but third party retailers like Amazon have not yet received the updated prices. This means many of the Prime Day deals we're sharing below could be your last chance to get these devices at their current best-ever prices.

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

AirPods


Amazon has the AirPods Max 2 on sale for $399.00 in Midnight, down from $549.00. This is an all-time low price on the headphones. This is accompanied by a great discount on the AirPods 4 for Prime Day, available for $99.00, down from $129.00.

$30 OFFAirPods 4 for $99.00
$70 OFFAirPods Pro 3 for $179.00
$150 OFFAirPods Max 2 for $399.00
AirTag 2


Apple's AirTag 2 has hit the new low price of $24.00 for the 1-Pack and $89.00 for the 4-Pack.

$5 OFFAirTag 2 (1-Pack) for $24.00
$10 OFFAirTag 2 (4-Pack) for $89.00

This is the first major discount we've ever seen on the AirTag 2 at Amazon since the device launched earlier in 2026. The new AirTag is equipped with a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous-generation model.

Apple Watch Ultra 3


Amazon is discounting a wide array of Apple Watch Ultra 3 models down to $649.00 for Prime Day, from $799.00. This is a new all-time low price on the 2025 smartwatch, beating the previous record low price by about $50, and it's available in both Natural and Black Titanium color options.

$150 OFFApple Watch Ultra 3 for $649.00
Apple Watch Series 11


Amazon this week has all-time low prices on the Apple Watch Series 11, with $120 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$120 OFFApple Watch Series 11 (42mm GPS) for $279.00
$120 OFFApple Watch Series 11 (46mm GPS) for $309.00

You can get the 42mm GPS Apple Watch Series 11 for $279.00, down from $399.00, and the 46mm GPS model for $309.00, down from $429.00. On Amazon, you'll find three of the 42mm GPS models and three of the 46mm GPS models on sale at these all-time low prices.
Apple Watch SE 3


Amazon is also taking $50 off the Apple Watch SE 3, starting at $199.00 for the 40mm GPS model. These are matches of all-time low prices on the SE 3, and it's been over four months since we last tracked these prices on the wearable.

$50 OFF40mm GPS Apple Watch SE 3 for $199.00
$50 OFF44mm GPS Apple Watch SE 3 for $229.00

You can also get the 44mm GPS Apple Watch SE 3 on sale for $229.00, down from $279.00. Both the 40mm and 44mm GPS models are available in Midnight and Starlight Aluminum at these prices.
MacBook Air


You'll find $150 off a few models of the 13-inch M5 MacBook Air on Amazon this week, starting at $949.00 for the 512GB model, down from $1,099.00.

$150 OFF13-inch M5 MacBook Air (512GB) for $949.00
$150 OFF13-inch M5 MacBook Air (16GB/1TB) for $1,149.00
MacBook Pro


Amazon has a few low prices on Apple's M5 Pro/M5 Max MacBook Pro for Prime Day, with up to $299 off select models.

Starting with the 14-inch models, you can get the 24GB/1TB M5 Pro MacBook Pro for $2,034.00, down from $2,199.00. The biggest overall savings this time around is on the 36GB/2TB model, available for $3,299.99, which is a $299 discount and all-time low price.

$165 OFF14-inch M5 Pro MacBook Pro (24GB/1TB) for $2,034.00
$200 OFF14-inch M5 Pro MacBook Pro (24GB/2TB) for $2,399.00
$299 OFF14-inch M5 Max MacBook Pro (36GB/2TB) for $3,299.99

You can get up to $250 off the 16-inch MacBook Pro right now on Amazon, with the 24GB RAM/1TB M5 Pro model hitting a new all-time low price of $2,494.00, down from $2,699.00. Most of the MacBook Pro devices in this sale have an estimated delivery date of June 29 with free shipping.

$205 OFF16-inch M5 Pro MacBook Pro (24GB/1TB) for $2,494.00
$242 OFF16-inch M5 Pro MacBook Pro (48GB/1TB) for $2,857.00
$250 OFF16-inch M5 Max MacBook Pro (36GB/2TB) for $3,649.00
iPad Air


Amazon has brought back all-time low prices on a handful of M4 iPad Air tablets for Prime Day. This includes both 11-inch and 13-inch models of the brand new 2026 M4 iPad Air.

$80 OFF11-inch M4 iPad Air (128GB Wi-Fi) for $519.00

Specifically, the 128GB Wi-Fi 11-inch M4 iPad Air has dropped to $519.00, down from $599.00, beating the previous low price by about $40.
iPad


Amazon is taking up to $52 off Wi-Fi and cellular models of Apple's 11th generation iPad for Prime Day. Prices start at $299.00 for the 128GB Wi-Fi iPad, down from $349.00, a second-best price on this model.

$50 OFF128GB Wi-Fi iPad for $299.00
$52 OFF512GB Wi-Fi iPad for $597.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "Prime Day Deals Still Going Strong on AirPods, AirTag, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today raised the price of the Vision Pro to $3,699, up from $3,499, as part of a sweeping round of price increases across its lineup.


The change came after Apple's online store was briefly taken offline earlier today and brought back up with new pricing across the HomePod mini, HomePod, Apple TV, iPad, iPad mini, iPad Air, iPad Pro, MacBook Neo, MacBook Air, MacBook Pro, iMac, Mac mini, both Mac Studio configurations, and Vision Pro. The iPhone, AirPods, Studio Display, and accessories such as the Apple Pencil were seemingly the only product lines left untouched.

No Apple product carries more baggage around its price tag than Vision Pro. The headset launched in February 2024 at $3,499 for the base 256GB configuration, a figure that was widely flagged at the time as a major barrier to mainstream adoption. Today's increase pushes the entry price to $3,699, with the 512GB and 1TB configurations similarly rising in step to $3,899 and $4,199.

A product like the ‌MacBook Air‌ going up by $200 is naturally an unwelcome change for consumers, but it's a shift on a product with an enormous addressable market. The Vision Pro was already priced roughly seven times higher than Meta's $499.99 Quest 3, and reviewers and analysts have repeatedly pointed to that gap as the headset's defining weakness. the Vision Pro's share of the XR market is estimated to be around 5%, against roughly 75% for ‌Meta‌, a split that reflects just how badly the price has limited Vision Pro's reach relative to its technical ambitions.

When the company refreshed Vision Pro with an M5 chip and a new Dual Knit Band in October 2025, it kept the $3,499 starting price exactly where it was.

The increase is tied to a broader cost problem for the technology industry. Apple CEO Tim Cook told The Wall Street Journal last week that price increases across Apple's lineup had become "unavoidable" because of the soaring cost of memory and storage chips.Related Roundup: Apple Vision ProBuyer's Guide: Vision Pro (Neutral)Related Forum: Apple Vision Pro
This article, "Apple Vision Pro Just Got Even More Expensive" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today announced price hikes across a wide array of its biggest products, including iPads, Macs, HomePod, and Vision Pro.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

These price changes are now live on Apple.com, but they have yet to hit third party retailers like Amazon. If you're interested in any of these products, now is the time to buy them on Amazon, before the retailer gets these price hikes as well.

Below we've listed all of the biggest products available on Amazon that will be getting price hikes soon. Given that it's still Prime Day, many of these devices are on sale right now. You can read more about the incoming price changes in our lead article.

iPads

iPad - $299.00 (now $449.00 at Apple)
M4 iPad Air - $519.00 (now $749.00 at Apple)
M5 iPad Pro - $899.00 (now $1,199.00 at Apple)
Macs

MacBook Neo - $589.99 (now $699.00 at Apple)
M5 MacBook Air - $949.00 (now $1,299.00 at Apple)
M5 MacBook Pro - $1,549.00 (now $1,999.00 at Apple)
Miscellaneous

HomePod - $299.00 (now $349.00 at Apple)

With these changes, some products that weren't considered steeply discounted before are now much more enticing. For example, the M5 MacBook Air discount to $949.00 was originally a $150 discount, and is now technically a $350 discount on the new price.

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Beat Apple's Price Hike: Last Chance to Score Cheap iPads and Macs for Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today increased the starting price of the Mac mini with M4 Pro chip by $200, taking the higher-tier model up to $1,599 on its online store.


When the M4 Pro model launched in October 2024, the starting price was $1,399, but Apple has been hit by the rapid expansion of AI data centres, which has driven up the demand for memory and storage chips across the tech industry.

Apple had already raised the Mac mini's effective starting price in May by discontinuing the $599 configuration with 16GB of RAM and a 256GB SSD, leaving the $799 model with a 512GB SSD as the new entry-level option. Interestingly, the 16GB RAM / 256GB storage option has now been reinstated, but the $799 starting price remains.

"We have now reached a point where we need to begin raising prices," Apple said in a statement given to The Wall Street Journal. "We have never seen a component price increase this much, this quickly," it added.

Apple briefly took down its online store earlier today as it typically does when announcing new products. But when it came back online, the price tags for Mac computers rose approximately 15 percent to 20 percent and iPad prices rose 15 percent to 25 percent. Apart from the price hikes, there were no other changes to the site.Related Roundup: Mac miniBuyer's Guide: Mac Mini (Caution)Related Forum: Mac mini
This article, "Apple Hikes M4 Pro Mac Mini Starting Price Amid Rising Memory Costs" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today announced that it is raising prices on many products, including the MacBook Neo, which now starts at $699 in the United States.


The price increases are due to the ongoing memory chip shortage, which has led to skyrocketing prices for the RAM used in products like the MacBook Neo. Tech giants such as OpenAI and Nvidia have been purchasing large amounts of memory chips for AI servers, resulting in a supply-demand imbalance that is driving up prices.

"We have never seen a component price increase this much, this quickly," said Apple.

When it was released in March, the MacBook Neo started at $599 in the U.S. with 256GB of storage, so the colorful laptop has received a $100 price increase.

The higher-end configuration with 512GB of storage and a Touch ID button also received a $100 price increase and now starts at $799, up from $699.

The price increases extend to Apple's education store, with the MacBook Neo now starting at $599 for college students in the U.S., up from $499.

Here is a summary of the MacBook Neo pricing changes in the U.S. today:MacBook Neo (256GB): $599 → $699
MacBook Neo (512GB/Touch ID): $699 → $799
MacBook Neo (256GB/Education Store): $499 → $599
MacBook Neo (512GB/Touch ID/Education Store): $599 → $699The increases also apply to other countries around the world, with the exact price changes varying based on local currencies. In Canada, for example, the MacBook Neo now starts at $949 with 256GB of storage, up from $799 when it launched.

Powered by an iPhone-class A18 Pro chip and 8GB of RAM, the MacBook Neo remains Apple's most affordable MacBook available right now. The colorful laptop is positioned below the MacBook Air, which now starts at $1,299 in the U.S., up from $1,099.Related Roundup: MacBook NeoBuyer's Guide: MacBook Neo (Buy Now)Related Forum: MacBook Neo
This article, "Apple Just Raised the Price of the MacBook Neo" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today dramatically increased device prices across multiple product lines.


After temporarily taking it down earlier today, Apple's online store is back up with a series of product price increases. The changes are as follows:


HomePod mini: $129, up from $99 (+$30)
HomePod: $349, up from $299 (+$50)
Apple TV: $199, up from $129 (+$70)
iPad Air: $749, up from $599 (+$150)
iPad Pro: $1,199, up from $999 (+$200)
MacBook Neo: $699, up from $599 (+$100)
MacBook Air: $1,299, up from $1,099 (+$200)
MacBook Pro: $1,999 up from $1,699 (+$300)
iMac: $1,499, up from $1,299 (+$200)
Mac mini (M4 Pro): $1,599, up from $1,399 (+$200)
Mac Studio (M4 Max): $2,499, up from $1,999 (+$500)
Mac Studio (M3 Ultra): $5,299, up from $3,999 (+$1,300)
Vision Pro: $3,699, up from $3,499 (+$200)


The average price increase is $269.23. The iPhone, AirPods, Studio Display, and accessories such as the Apple Pencil are seemingly the only unaffected product lines.

Last week, Apple announced that it was preparing to raise prices across its product lineup, with CEO Tim Cook confirming that that the move was inevitable. Cook made the announcement in an interview with The Wall Street Journal, citing the soaring cost of memory and storage chips. "Unfortunately, price increases are unavoidable," he said. "We're doing our best to mitigate the huge increases that are being passed to us, and we've been trying to shield our customers from the increases, but the situation has become unsustainable." Cook described the scale of the memory shortage as a "hundred-year flood," adding, "I've never seen anything like it in any area in over 40 years."

Apple has historically absorbed component cost swings rather than passing them on to customers, so this marks a notable shift in approach. Tag: Apple Store
This article, "Apple Just Increased Prices: Here's What's Changed" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's online store has gone down with the message "We'll be right back," for reasons that are currently unclear.


The change could be due to the launch of Apple's 2026 "Back to School" program, impending price increases, or the launch of new devices.

Apple's annual Back to School promotion for the U.S. and Canada is widely expected to launch any day now, since it still hasn't gone live despite the keynote-driven pattern Apple has followed in recent years. In three of the last five years, the sale has started 8 to 10 days after the WWDC keynote, and with the 2026 keynote held on June 8, that would have pointed to a start the week of June 15, a date that's now passed, making it seemingly overdue.

Apple has typically offered free AirPods or Beats headphones, gift cards, or other accessories with qualifying Mac and iPad purchases, with offers in North America and Europe usually launching in the June to July timeframe, and last year's U.S. version ran a free AirPods 4 with Active Noise Cancellation offer worth $179 through the end of September.

Apple could raise device prices any day now because the signals have moved from speculative to nearly confirmed in the past week. Apple CEO Tim Cook told The Wall Street Journal that price increases are "unavoidable" due to memory and storage costs, saying Apple is no longer able to absorb the increases and will need to pass some of the cost on to consumers.

Bloomberg's Mark Gurman believes the timing of Cook's comments indicates price hikes are "imminent" and has linked them to Apple's Back to School sale, theorizing Apple may bundle the two together as a "buffer," with Gurman noting the increases are "not a fall thing."

Apple regularly takes its online store offline to quietly swap in new pricing, new product pages, and back-end configurator changes. This typically happens when Apple is about to launch new products or kick off a promotional campaign, so whatever they are, changes to the store are almost certainly imminent.Tag: Apple Store
This article, "Apple's Online Store Is Down" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OLED panel mass production has reportedly begun for several upcoming Apple products, including the long-rumored OLED iPad mini and OLED MacBook Pro.


According to a Korean-language ETNews report, Samsung Display started mass production of OLED panels for Apple's first OLED iPad mini this month. The report adds that production of OLED panels for the MacBook Pro is scheduled to begin in July, coinciding with the startup of Samsung's new 8.6-generation OLED production line.

The OLED iPad mini has been rumored for several years now as Apple gradually expands OLED technology beyond the iPhone and Apple Watch. Apple brought OLED to the iPad Pro in 2024, and display industry analysts have long expected the iPad mini to follow before the technology eventually reaches the iPad Air.

OLED will replace the current LCD technology used in the iPad mini 7, offering higher contrast, deeper blacks, and improved power efficiency. There are no rumors suggesting exactly when the next ‌iPad mini‌ will be released, but a late 2026 launch is widely expected.
OLED iPad Mini: Release Date, Pricing, and What to Expect
The rumored upcoming MacBook Pro redesign – possibly marketed with a higher-tier "MacBook Ultra" moniker – is believed to be next in line in Apple's product lineup to adopt OLED, replacing the current mini-LED technology. Multiple supply chain reports have indicated Samsung Display's dedicated Gen 8.6 OLED production line is key to Apple's Mac transition.

According to Bloomberg's Mark Gurman and Apple analyst Ming-Chi Kuo, the OLED MacBook Pro will also be the first Mac to adopt touchscreen technology. The machine is expected to be released towards the end of the year or early 2027, depending on how well Apple contends with industry-wide memory chip shortages.

ETNews says Samsung Display and LG Display are supplying all of Apple's OLED panels for products launching in the second half of the year. Samsung and LG are reportedly sharing production of OLED panels for the iPhone 18 Pro and iPhone 18 Pro Max, while LG Display is said to be the sole supplier for the Apple Watch Series 12. Meanwhile, Samsung will reportedly be the exclusive supplier for the foldable iPhone, OLED iPad mini, and OLED MacBook Pro displays.
MacBook Ultra: 5 Features That Could Justify the Name
The report also claims Chinese display maker BOE is not participating in the iPhone 18 supply chain after quality issues reportedly delayed shipments for iPhone 17 Pro displays. Related Roundup: iPad miniTag: OLEDBuyer's Guide: iPad Mini (Don't Buy)Related Forum: iPad
This article, "Report: iPad Mini OLED Panel Mass Production Has Begun" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
The new CIO mandate is clear: facilitate AI adoption across the enterprise at speed.
According to CIO.com’s State of the CIO survey, CEOs’ top priority for their IT executives is to capitalize on AI. From researching to evaluating AI products, CIOs are now the central figures in their organizations’ AI strategies.
And company leaders are looking for real outcomes. Almost two-thirds of senior leaders report there is more pressure to prove ROI on their AI investments than a year ago, according to Kyndryl’s 2025 Readiness Report.
Numerous sources — from the board, to the CEO, to business units and competitors — are behind this pressure, says Jonathan Tushman, chief AI officer and CTO at Hi Marley, a customer conversational platform for the property and casualty insurance industry.
Succeeding in the task ahead of them requires complex conversations, and getting through legal, compliance, and other checks “at a reasonable clip,” adds Tushman, who added CAIO to his remit more than 18 months ago but has felt added urgency in the past six months. In professional gatherings, board conversations, and almost everywhere across the business world, the conversation turns to AI — and then quickly the fear of failing behind.
That includes employees as well. “It’s the engineering team and there’s everybody else — marketing, sales, finance. It’s people who are not AI-native, but they’re very eager to use these tools at an early level,” he says.
As CIOs find themselves facing pressure to scale and demonstrate real value, the challenge is keeping up with risk considerations — without creating unnecessary friction.
“CIOs cannot be risk averse on this,” says Karthik Chakkarapani, SVP, CIO, and head of enterprise AI at Zuora. “We need to do security and governance, but we don’t want to be seen as slowing down the process. You have to build the highway with enough guardrails and fewer speed breakers.”
Moreover, he adds, “this is not about automating existing work. This is reimagining how work gets done.”
AI is a step-change in risk management
Most IT leaders are a long way from feeling comfortable with the new AI risk management balancing act. Just 31% of respondents feel completely ready across external business risks, Kyndryl’s survey reports.
Tushman believes two things are genuinely different about the risks AI introduces. The first is that AI is indeterminate, whereas most technology is deterministic. “You can’t prove an AI system will or won’t do X, so the traditional ‘put controls around it and verify’ model breaks down,” he says. “We need a different way to govern something whose behavior you fundamentally can’t pin down.”
The second is the gravitational pull on end-users. “With most tech, IT could take its time evaluating before rollout,” he says. “With AI, if you don’t put powerful tools in front of people fast, they’ll route around you — and shadow use creates more risk than controlled access ever would. The timeline compresses at the same time the control model gets harder.”
Tony Vizza, founder and managing partner of Novera, agrees that the instinct to move fast can lead to the exact failures everyone fears.
“This might be staff putting sensitive information into public tools without a proper governance structure, or people copying and pasting straight out of AI and sending incorrect deliverables to customers,” says Vizza.
Organizations should avoid jumping into AI because of the fear of missing out without first clarifying where and how it will be used. All risk decisions should flow from these questions, he says. “What problems are you trying to solve — is it better customer service or deeper insight into your data? What are you actually trying to do?”
Vizza recommends guiding AI decisions with a risk assessment that considers expected outcomes, size of investment, and its importance to the organization’s objectives. “You define your risk appetite, build a risk register, and define what risk treatment should be for each risk,” he says. “For example, if you’re going to use a public AI model, you might treat that risk by not putting sensitive data in or buying the right license so that if you do, you’re covered, or getting guidance from the regulator before you proceed.”
Organizations must also consider AI services as a third-party risk, and not leave all accountability with AI providers, Vizza says. “You can’t outsource the responsibility,” he adds.
Due diligence is required to understand what is in the AI provider’s contract, who is responsible if they have a data breach, and how your organization can pursue them if something goes wrong.
“Some organizations build that into their risk management process. Others are quite flippant or don’t even know they should be asking those questions — and that’s what gets them stuck down the track,” he says.
The importance of organizational design
At Hi Marley, Tushman and team have made structural decisions to foster “healthy internal tensions” that are intended to surface and address AI risk considerations. This includes separation between the “AI adopters” in the product and technical teams and the “AI oversight” teams in compliance and legal. Compliance owns the audits, security concerns, and ongoing oversight, while legal owns the documentation that describes the boundaries. “The key is that it’s independent from the teams pushing AI forward,” he says.
“Companies need to invest seriously in these compliance functions. Hire smart, nuanced people. These roles can’t just be ‘no’ machines, but they can’t rubber-stamp everything either. The value is in the judgment,” he says.
Tushman’s role is the AI innovation steward, spearheading AI adoption that includes being challenged on risk, compliance, and legal considerations. “We have a senior leadership team and we have ‘conflict by design’ within that group,” he says. “I play the CAIO role and next to me, I have our head of legal and our head of compliance. So in that leadership team, if we have ‘conflict,’ we’re able to understand the trade-offs and make a decision as a group.”
Tushman believes this creates healthy tension: Innovation-minded leaders push boundaries while compliance and risk leaders counterbalance them. But if a decision can’t be reached, it goes to the CEO. “I do recommend a [split decision] goes to another officer in the organization,” he says.
Decisions about organizational structure could prove to be as consequential as the AI adoption decisions themselves, Tushman says. “The companies that get the organizational design right early will have a real advantage,” he explains.
Desire for AI advances the risk equation
One of the features of the AI wave is the thirst for access — from the board to employees — to use the tools, build applications, and start putting them to work. “Right now, everyone’s dying to try it,” says Tushman.
Hi Marley is in the “activation” phase — meeting the appetite for the tools with safety wrappers. “My main goal here is to have people learn the tools, start using them, and gain some competency with them,” he says. “We will get to the measurement phase, but I think spending too much time on measuring right now is not worth the effort.”
Tushman, like many, is watching how quickly models improve. “AI has huge implications for how you organize, how you hire, and what buy‑versus‑build decisions you make,” he says.
Zuora, which specializes in software for subscription and recurring revenue businesses, is three years into its AI journey. Chakkarapani is adamant that speed for speed’s sake is not the goal.
“We don’t want to take an existing process and just make it faster. You’re just making a process more chaotic. Can we make it fast, smarter, and reorganize it?”
Vizza believes a good percentage of CIOs will need external help to navigate the push for rapid AI adoption. “Or they’ll need to upskill themselves, because AI operates very differently to traditional IT,” he says.
His advice is threefold. First, “make your decisions on the right basis — either learn how AI really works or bring in someone who can advise you properly,” he says. Second, bring it back to the business purpose. “There are opportunities with AI, but the core question is, ‘What are we trying to achieve by bringing this in?’” And third, work out how you’re going to manage the risk. “Risk isn’t necessarily a bad thing — Formula 1 cars are risky, but they have very good braking systems so they can go faster,” he says. “It’s the same with AI: You put the right risk management in place so the business can move quickly without suffering adverse consequences.”
In its almost three-year AI journey, Zuora started with experimentation before moving 12 enterprise-wide pilots into production, Chakkarapani says, adding that there are three pillars to assess potential AI projects against: effort, value, and confidence. “Effort includes the security risk,” he says. “Is it low, medium, or high?”
Chakkarapani’s team started with simple executions, although the first experiments didn’t go as hoped — providing valuable lessons for the following ones. “We learned AI is only good when you have the right data — the right content, context, and governance,” he says.
They moved on to IT service management and that’s when the practical learnings really started, gaining feedback from internal teams and users, answering the security and governance questions, and iterating as they went.
Early applications include marketing, sales, product, and technology, achieving 10x to 25x throughput improvements. Success is measured in business outcomes such as growth, cost saving, customer engagement.
Through this process, the team has been doing the “behind the scenes” work to speed AI adoption across the company. “We realized that to go at speed and scale, we need to have the right trust, security, and governance underlying it,” he says.
An enterprise-wide platform connects Zuora’s approved AI services, including ChatGPT and domain-specific tools, to its structured and unstructured data. On top of this is the context layer and services so that people can build their own applications. It uses each employee’s existing login and organizational profile, and it respects the same role-based security.
“We slowly developed the framework that became our blueprint with the 10 to 12 things that need to be considered when creating an AI-driven application. When someone is interested, they’re taken to the self-directed process with these do’s and don’ts that is automatically downloaded as a markdown file to that person’s computer,” he says.
The ultimate aim is delivering up to 100x business value through an enterprise-wide governed platform — covering IT, HR, finance, legal, procurement, sales, and product. IT plays the role of orchestrator, providing the platform to access the tools and agents and collaborating with the business team to reorganize that workflow.
The AI maturity model
Chakkarapani believes the more secure the environment, the more it paves the way for experimentation, adoption, and, in time, business results. At Zuora, Chakkarapani has evolved this process through three levels of organizational AI maturity to date:
Level 1: IT provides a platform and services. Employees have controlled access to data based on their role and security privileges. They can create their own agent for themselves. If something doesn’t pass the minimal security and compliance and requirements, it cannot move ahead.
Level 2: An employee-built agent goes through an IT governance check for duplication or overlap, model improvements, security scans, and manual reviews. If approved, it’s shared with the wider enterprise. “We’re doing well on that, but it’s still a lot of manual work because there are no tools in the market that can automate this,” he says.
Level 3: At this stage of maturity, an organization has established a secure foundation across its applications so AI can scale safely. At Zuora, over six to eight months the team tightened endpoint and application security, enforced mobile device management, introduced AI usage monitoring (including what staff upload into prompts), and disabled Google authentication to block personal or bulk email accounts from accessing unapproved apps.
Earlier this year, the team embarked on working toward Level 4 maturity, where anyone can create a functioning application with minimal human involvement. Realistically, they expect to be 80% to 85% zero-touch because the final mile will still require human involvement.
“My goal is to provide a zero-touch service for anybody in the organization to create applications. If we do, they can go from a concept to an idea, prototype, design, and production — and they do it in less than two weeks,” he says.
View the full article
Apple's second-generation foldable iPhone has officially been given the go-ahead for development, a prominent Chinese leaker claimed today.


In a post on Weibo, the account known as Digital Chat Station said that the "iPhone Ultra 2 project" has been formally approved, and that the second book-style device will likely use the same display as the first-generation model expected later this year.

The first foldable iPhone will use a foldable 7.8-inch OLED panel supplied by Samsung, based on reports. The display uses a newer design that eliminates one of the traditional screen layers and instead builds the color-filtering layer directly into the display stack, making the screen thinner, lighter, and more power-efficient.

Last weekend, Bloomberg's Mark Gurman reported that Apple is planning to launch a second-generation foldable iPhone in fall 2027 alongside two 20th-anniversary iPhone models, which could take the names iPhone 20 Pro and iPhone 20 Pro Max.

Digital Chat Station's post on Weibo also said that the iPhone Air 3 has not entered the prototype stage yet, and that its emergence may depend on how sales hold up for the iPhone Air 2, which is expected to be released in the spring of 2027. That model is set to introduce a second camera and will likely offer battery life improvements, per Gurman's report.

Digital Chat Station was the originator of the claim that Apple will call its first foldable the "iPhone Ultra." The leaker has more than three million followers on Weibo, and has a track record of accurately leaking Apple-related information. Still, as with all such reports, the details remain unconfirmed.Tags: Digital Chat Station, iPhone Ultra
This article, "iPhone Ultra 2 Gets Green Light for Development, Says Leaker" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
We are auditing a curated version of history.
I’ve worked in security long enough now to know something most of us don’t really say out loud. A lot of compliance is theatre. Not all of it, and not all auditors or frameworks, but enough of it that most experienced CISOs know exactly what I mean. If you understand how audits work, know how controls are interpreted and can manage scope and narrative well enough, you can often steer things where you need them to go.
That’s uncomfortable to admit, but it’s true. The market now treats things like SOC 2 and ISO 27001 as direct statements about operational maturity and security posture when they really aren’t. They are snapshots. Point-in-time reviews based on selected evidence and sampled testing. That doesn’t make them useless. These frameworks were built for a completely different world where cloud infrastructure was less dynamic, APIs weren’t everywhere and continuous telemetry at scale simply wasn’t realistic. Sampling existed because there wasn’t much of an alternative. That’s before we even mention AI, where technology now changes on a monthly cadence against a regulatory backdrop that speaks in years.
The issue is that the world moved on, but assurance largely didn’t. The team behind  FedRAMP 20x are attempting to address exactly that problem, pushing assurance towards automation, machine-readable evidence and continuous validation rather than documentation-heavy compliance exercises. Most compliance programs still revolve around screenshots, exported evidence, manually curated narratives and carefully staged representations of reality. And that word, reality, is the important bit because in many cases, we are not auditing reality at all. We are auditing a curated version of history.
That’s why one of the most important things I’ve heard said around FedRAMP 20x is this: Passing audits does not equal security.
Exactly. A company can pass an audit while engineers bypass processes every Friday night to hit deadlines. Controls can drift quietly over time while nobody notices because the evidence only exists for a specific audit window. The audit passes because the story passes, and honestly, I think that’s the bit the industry is becoming increasingly uncomfortable with. How many times a year is the production push made as a “hot fix”?
And honestly, I think that’s why movements like GRC engineering are getting so much traction. Not because people suddenly wanted a trendy new title for compliance. But because there’s growing frustration with how artificial parts of the industry have become.
A few months ago, I gave a talk in Seattle comparing the rise of GRC engineering to the rise of grunge music. I’m a huge Nirvana fan, so maybe the analogy was inevitable, but the more I thought about it, the more it made sense. Grunge didn’t emerge because people desperately wanted something shiny and new. It emerged because people stopped believing the polished version was real. Hair metal had become overproduced and performative. Grunge felt rough around the edges, but it also felt honest.
That’s exactly where GRC feels like it is right now. Too much compliance has become about presenting the cleanest possible version of reality instead of exposing operational truth. Too many clean reports. Too many green ticks on trust centers. Too many perfect policies.
The sat nav problem
Which brings me to one of the dumbest weekends of my life.
Many years ago, my wife decided she wanted to go glamping in the Lake District for Valentine’s Day.
We drove north through classic, miserable British weather in a tiny little car completely unsuited for what was coming.
As we got closer to the Lakes, the rain slowly turned into heavy snow.
Then a full blizzard.
The sat nav confidently directed us up a tiny snow-covered road that we physically could not drive up.
We got stuck.
Eventually, we got free.
The sat nav recalculated and sent us up another equally impossible road.
Same outcome.
This happened multiple times until we eventually ended up buried in a snow drift somewhere in the middle of nowhere, waiting for a bloke in a 4×4 to rescue us while trying not to laugh too hard at the idiots in the tiny car.
After about seventeen hours of driving, we gave up and drove home.
Completely failed Valentine’s trip.
But honestly, I think about that weekend a lot when I think about GRC because the sat nav had data. What it lacked was context. It didn’t understand the environment, the conditions, the capability of the vehicle or even the actual outcome we were trying to achieve. We became obsessed with following the prescribed route instead of stepping back and asking whether the route itself still made sense. It reminds me of stories like tourists literally driving into the sea while blindly following GPS directions. The problem wasn’t the absence of data. The problem was understanding the context around the data.  Tourists drive into sea following GPS directions.
A lot of compliance programs behave the same way. The objective quietly becomes “pass the audit” instead of “reduce meaningful risk”, and once that happens, teams start optimising for the framework rather than the security outcome. That’s the shift I think FedRAMP 20x and the broader GRC engineering movement are trying to force. Not just better automation or more integrations, but a fundamentally different way of thinking about trust.
Compliance becomes an engineering problem
One of the central ideas behind FedRAMP 20x is that assurance increasingly needs to be treated as an engineering challenge rather than a documentation exercise.
Historically, most compliance has been based on samples. Sampled pull requests, sampled access reviews and sampled infrastructure evidence. FedRAMP 20x pushes in a very different direction with machine-readable evidence, APIs, telemetry and complete datasets instead of manually curated snapshots. Many of these principles closely mirror those outlined in the GRC Engineering Manifesto, which argues that modern assurance should be built on automation, telemetry and engineering disciplines rather than static evidence collection.
One of the biggest mindset shifts for our engineering teams was realising FedRAMP wasn’t really asking for selected evidence anymore. They wanted the underlying operational data itself. Not a screenshot proving something was configured correctly on one specific day, but the actual flow of telemetry that underpinned the control or assurance statement. That’s a completely different way of thinking about compliance because the conversation moves away from “prove this existed once” and towards “show me the operational reality continuously.”
Instead of showing a screenshot proving a virtual machine was configured correctly on one day, you expose every VM in the environment alongside drift data over time.
Instead of selecting a handful of GitHub pull requests, you expose the entire development workflow, including the messy bits where processes were bypassed.
Instead of showing sampled JML evidence, you expose the full lifecycle history of identity management over years.
Honestly, it should feel uncomfortable because that discomfort is probably a sign you’re finally exposing operational truth instead of polishing it away. Trust shouldn’t come from perfection. It should come from transparency.
We thought we were ready
And honestly, that’s exactly why our own FedRAMP 20x journey became so interesting.
We originally planned to move towards moderate through a much longer runway. Then the programme timings changed, government shutdowns caused disruption, and suddenly we found ourselves with around six or seven weeks before audit activity started.
We thought we had a solid plan.
We didn’t.
Or at least not one that was mature enough yet.
We had missed the low pilot earlier in the journey and entered the moderate phase without having already gone through that foundational learning process. We were also the only organization in our pilot group that hadn’t already completed the low pathway first.
That mattered.
We didn’t yet have the operational muscle memory.
No established playbook.
No previous iteration.
No deeply embedded understanding of how this model actually behaved in practice.
At the same time, we weren’t trying to approach FedRAMP 20x like traditional compliance.
We built direct API connectivity that allowed FedRAMP and auditors to pull complete machine-readable datasets in JSON format directly from the platform. Human-readable exports still existed where required, but the focus was on exposing operational truth rather than curating static evidence.
That’s also one of the core principles behind FedRAMP 20x itself. Controls increasingly need to be both machine-readable and human-readable. The baseline expectation is that a large percentage of controls should be automated with continuous evidence flowing behind them instead of static evidence being manually assembled before an audit.
What that means in practice is that auditors no longer just review a point-in-time evidence pack. They gain ongoing visibility into operational datasets and can interrogate those environments in a much more dynamic way.
That’s a very different mindset from traditional compliance.
And honestly, I think that difference is part of what made the journey so valuable.
We didn’t fail. We iterated
Because I don’t actually think what happened next was failure.
I think it was iteration.
Modern engineering teams don’t release perfect software on day one. They test, rebuild, refactor, improve and iterate continuously based on telemetry and feedback.
Applications go through:
Testing User feedback Redesign Bug fixing Telemetry analysis Continuous improvement Nobody expects version one to be perfect.
Yet historically, GRC has behaved completely differently.
Build the controls.
Collect the evidence.
Pass the audit.
Repeat next year.
The audit becomes the finish line. Our finish line became a “good effort,” “we think you’re ready for a Low authorization, but not Moderate just yet.” For a moment, it felt like failure. It hurt. It felt fundamentally different from any other assessment or audit as we genuinely didn’t know what we’d achieved. In fact, FedRAMP 20x feels fundamentally different and maybe that’s the whole point.
The process itself became feedback.
Not: Can you tell a convincing enough story?
But: What does your environment actually look like and how do you continuously improve it?
That’s a completely different mindset.
One of the recurring themes throughout FedRAMP 20x is that assurance should improve through continuous iteration rather than annual point-in-time validation.
Exactly.
That’s how engineering works.
The Low authorization wasn’t the end state. It was a checkpoint and a recalibration moment that helped us understand where the next iteration needed to go.
And honestly, if you can speedrun moderate FedRAMP with perfectly polished dashboards and no uncomfortable truths exposed, then the framework probably isn’t doing its job.
That’s one of the things I genuinely appreciate about FedRAMP 20x.
It challenges your assumptions.
It forces you to rethink approaches that have become normalized across large parts of the compliance industry.
Historically, proving infrastructure security often meant screenshots or exported configs. Now we can expose every VM, every drift event and the full history of posture changes across the environment.
That changes behavior massively because you can no longer optimize around the cleanest possible sample. You have to maintain the actual posture continuously.
Historically, proving SDLC maturity meant selecting a handful of pull requests. Now we can expose the entire workflow, including every bypassed approval or manual push into production.
Historically, proving identity governance meant sampled JML reviews. Now we can expose the operational history of the full identity lifecycle over years.
And honestly, that was one of the areas that challenged some of our own assumptions the most.
Traditional sampled evidence can make processes look consistently successful because you’re only reviewing selected examples. But operational truth is different. You only need one joiner, mover or leaver process to fail in the wrong way for the risk to become real.
That’s exactly the kind of thing continuous operational visibility exposes much more quickly than traditional evidence collection.
That’s not just better evidence.
It’s a fundamentally different philosophy of assurance.
The rise of GRC engineering
And this is where I think GRC engineering becomes genuinely important.
Not because everybody suddenly needs to become a software engineer, but because the discipline itself is evolving from a documentation exercise into an operational engineering problem.
Modern GRC teams are increasingly building telemetry pipelines, integrations, APIs, infrastructure visibility and continuous assurance layers. And honestly, some of those pipelines are much harder to build than people realize. Cloud infrastructure, CSPM tooling and application security platforms are relatively straightforward because the data is already fairly structured and accessible. The really difficult parts are the messy operational systems that organizations historically handled through process and human coordination.
Things like policy management workflows, budget approvals, software bill of materials tracking and non-standard operational processes are far harder to standardize and expose consistently.
That’s another reason this shift matters so much. It forces organizations to operationalize areas that historically lived in spreadsheets, meetings or tribal knowledge.
That’s a very different skillset from managing spreadsheets and coordinating screenshots.
More importantly, it changes the conversations.
One of the things I enjoyed most throughout the FedRAMP 20x process was that discussions increasingly stopped being: How do we satisfy this control?
And became: What risk are we actually trying to reduce here?
That’s such a healthier conversation for security teams to have. Because not every risk matters equally to every organization. Not every control meaningfully improves security posture. Not every framework requirement deserves the same operational investment.
Traditional compliance often struggles with that nuance because it optimizes around consistency and uniformity.
Modern engineering-led assurance feels different.
It feels more contextual, more operational and honestly far more honest.
And honestly, honesty is probably the biggest thing missing from large parts of compliance today.
We’ve built an industry where everyone feels pressure to look perfect.
Perfect dashboards. Perfect controls. Perfect audit outcomes.
But real engineering environments are never perfect.
They have bugs, drift, exceptions, failures, temporary workarounds and weird edge cases.
That doesn’t automatically mean the environment is insecure. It means it’s real.
I actually think one of the biggest mindset shifts FedRAMP 20x and the broader GRC engineering movement are pushing is this: nonconformities should not automatically destroy trust. Handled correctly, they should build it.
Because mature organizations are not the ones pretending problems don’t exist. They’re the ones capable of identifying issues quickly, exposing them honestly and improving continuously. That’s engineering. And maybe that’s where compliance finally starts becoming useful again.
The future of trust
For organizations participating in the current pilots, many of these concepts are already being tested through automation-first assessments, machine-readable evidence and continuous visibility.  FedRAMP 20x Phase 2.
Because right now, most compliance still works like we’re printing MapQuest directions in 2004 and hoping nothing changes between point A and point B.
The environment changes constantly. Cloud infrastructure drifts, engineers move quickly, businesses evolve and threat actors adapt far faster than annual audits ever could.
Yet most assurance still relies on frozen snapshots and sampled evidence that were already out of date the second they were exported into a PDF.
That’s the bit I think FedRAMP 20x genuinely understands. This isn’t just about modernising audits. It’s about acknowledging that modern systems are living systems.
They are transient, constantly changing and impossible to understand properly through static evidence alone.
That’s why the move towards APIs, telemetry and machine-readable evidence matters so much.
Not because APIs are trendy.
Because they allow us to expose operational truth continuously instead of periodically reconstructing it after the fact.
And honestly, I think that changes the future of trust.
In five years, I don’t think organizations will primarily send customers PDFs and certifications.
I think they’ll expose assurance layers.
APIs.
Telemetry.
Machine-readable evidence.
Instead of saying: Here’s our SOC 2.
They’ll say: Here’s the operational data. Query it yourself.
Auditors won’t disappear, but I think their role changes significantly.
Less time auditing screenshots and selected controls. More time validating whether the underlying evidence pipelines are complete, accurate and trustworthy.
Modern audit becomes less about auditing controls and more about auditing data integrity.
And honestly?
That feels like a much healthier future than the one we’ve built today.
Because the future of trust probably isn’t polished dashboards and carefully curated evidence. It’s operational truth, and operational truth is messy. It contains drift, exceptions, bypasses, gaps and uncomfortable findings, but that’s exactly why it’s valuable.
Stop rewarding the best storytellers
Maybe that’s the biggest shift FedRAMP 20x is trying to create. Not better paperwork. Better visibility.
For years, we’ve rewarded organizations for telling the cleanest story. Maybe it’s finally time we reward them for exposing the truth instead. That’s the revolution FedRAMP 20x and GRC engineering are leading.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant. The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privilegesView the full article
As a result of the lawsuit Epic Games filed against Google, Google is making major changes to its Play Store worldwide. Google today said it would soon lower fees and start accepting alternative payment options.


App developers will be able to offer payment options other than Google's in-app billing system in the UK, European Economic Area, and United States. Developers can use the billing system of their choice and link users to websites for purchases.

As for fees, Google will charge between 10% and 25% (not including billing fee), based on annual earnings. There's a base 10% service fee on the first $1 million in annual earnings. For earnings over $1 million, fees are 20% for new installs and 25% for existing installs (apps installed prior to the new rules) with the exception of auto-renewing subscriptions. Link-out fees are 20% for apps earning over $1 million annually.

There is an additional 5% fee for transactions that use the Google Play billing system, which is on top of the base service fees. Google's full fee structure is outlined on its website.

Google also has lower pricing options for apps that qualify for its Games Level Up and Apps Experience programs, with fees ranging from 10 percent to 20 percent. Those programs will be open to developers starting in September.

Fees and billing options go into effect on June 30 in the UK, United States, and European Economic Area. The updated fee structure will expand to Australia, Japan, and South Korea by the end of 2026, and the rest of the world by September 2027.

Google's antitrust lawsuit with ‌Epic Games‌ went differently than Apple's antitrust lawsuit, and Google was found to have an app store monopoly resulting in higher fees for developers. Google and ‌Epic Games‌ came to a settlement agreement, and Google said it would lower fees, support alternative app stores, and offer alternative payment options.

‌Epic Games‌ and Apple are continuing to fight in court, with Apple appealing to the Supreme Court. Apple is currently barred from charging commissions on U.S. apps with links to purchase options on the web and it has to comply with the Digital Markets Act in the European Union, but Apple does not have one worldwide policy like Google does now.

Until fee calculations happen in the ‌Epic Games‌ v. Apple case, Apple is charging $0 for links in the App Store, while Google is charging between 10 and 20 percent.

It is possible that Google's Play Store changes could impact the eventual outcome of Apple's legal dispute with ‌Epic Games‌. Apple and Google have historically charged developers similar fees, and though Apple is fighting ‌App Store‌ regulation in multiple countries, it is having to implement a disjointed set of fees and restrictions on a per-country basis to keep up with local laws.Tags: Epic Games, Google, Play Store
This article, "Google Lowering Play Store Fees and Allowing Alternative Payments Worldwide" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Researchers have identified a new backdoor program that has been used in enterprise intrusions since April and appears to be linked to an initial access broker that sells network footholds to ransomware gangs.
Dubbed Mistic by researchers from Symantec, the malware program has been deployed on networks belonging to organizations from multiple sectors, including insurance, education, IT, and professional services. In some cases it has been used alongside ModeloRAT, a piece of malware written in Python that’s associated with threat actor Woodgnat, also known as KongTuke.
“Woodgnat reportedly functions primarily as an IAB [initial access broker],” the Symantec researchers said in their report. “Its goal is not to deliver the final payload, but to establish highly durable remote access within an enterprise and sell this high-level access to ransomware affiliates and other attackers for a fee. The Symantec Threat Hunter Team has observed ModeloRAT being used in attacks delivering the Qilin ransomware.”
Woodgnat has been operating since at least May 2024 and has served multiple ransomware gangs over the past two years, including Interlock, Rhysida, Akira, 8Base, and Black Basta. Its attacks are largely opportunistic by routing web visitors through a variety of ClickFix social engineering campaigns.
A backdoor with credential stealing capabilities
The Mistic backdoor is launched through a technique called DLL sideloading, where a legitimate executable belonging to another program is executed first and searches for a DLL of a particular name to load into memory. This is a very popular technique for avoiding detection, as many legitimate programs perform dynamic DLL searches across multiple folders and are vulnerable to DLL poisoning.
Ironically in this case the attackers deliver and execute a file called MpExtMs.exe, which is digitally signed and belongs to Microsoft Defender. This file searches for a DLL called version.dll, which in turn searchers for and loads another one called EndpointDlp.dll. The attackers have named their backdoor EndpointDlp.dll so it gets loaded directly in memory.
The backdoor itself reaches out to a command-and-control (C2) server and can execute code delivered from it directly in memory, without saving any file on disk. Other features include the ability to write, delete, and move files on the victim machine and to download and upload files to the C2 server.
The researchers have also observed a credential-stealing .NET DLL being downloaded and executed on victims’ networks, in addition to ModeloRAT. Common system tools used by the attackers include curl, reg.exe, net.exe, PowerShell, certutil.exe, and the Windows Management Instrumentation (WMIC).
“The fact that Mistic executes in memory and also has a kill switch built in means that it is very stealthy, potentially allowing for long-term, stealthy access for attackers,” the researchers said.
ClickFix infection chains
The Woodgnat group’s attack campaigns often involved tricking users into executing malicious PowerShell commands on their computers using a variety of social engineering tricks that include displaying fake CAPTCHA tests on websites and crashing the user’s browser and asking them to paste commands to fix the crash.
Since April the attackers have also started messaging victims on Microsoft Teams impersonating IT support staff and guiding them through a series of malicious paste-and-run steps.
“While the initial compromise may be opportunistic, the attackers profile the machines for potential interest to determine their value and if they can sell access to them,” the researchers said.
The Mistic backdoor is the latest example of initial access brokers and ransomware gangs returning to the use of custom malware tools they developed in-house instead of solely relying on living-off-the-land and dual-use system administration tools.
The Symantec report includes a list of indicators of compromise for this new backdoor and other malicious files and IP addresses used in the recent Woodgnat attacks.
View the full article
Apple updated the Home app with some useful new features that rely on Apple Intelligence. The updates improve the way HomeKit Secure Video cameras work on Apple's HomeKit platform.


Apple Intelligence Summaries

The Home app generates written summaries for motion alerts and what's detected, using AI to determine what's been recorded. It can recognize people, animals, vehicles, packages, and general motion, giving a summary of what's happening even if you're not looking at the video footage.

It is intelligent enough to give detail, so you'll see alerts like "a person walked through the room," "two people were in the room," "a dog sat on the floor," or "a cat played in the room."

‌HomeKit Secure Video‌ cameras have facial recognition, so they can also recognize people who are in your Photo Library, sending alerts and summaries with names.

Grouped Footage

Along with analyzing footage, the Home app can now group footage from separate cameras capturing the same event. If a person walks by one camera and continues on to another, the Home app knows those two events are related. During video playback, you can see relevant footage from multiple cameras with a summary of something that happened across the entire home.

Highlights

If there are noteworthy recordings available, they are shown in a separate section above the general recordings in the camera view.

Search

The Home app supports natural language search for camera footage, so if you're looking for something like when a package was delivered, you can search for it. It can recognize objects, colors, and more. Search works in the Home app and directly in Spotlight.

Notification Summaries

Notifications update in real-time and related alerts are combined instead of being shown as separate notifications. The net result is fewer Home app notifications. Summaries can be turned on in the Home app settings on a per-camera basis, plus there are options for multiple languages.

Video Previews

Long pressing on an incoming video notification plays a preview clip of the footage and includes access to nearby accessories like lights that you might want to turn on quickly.

Reduce Notifications

There is an ‌Apple Intelligence‌ section in the Home app where you can turn on video summaries and cut down on notifications. The Reduce Notifications toggle combines related activities like someone arriving and unlocking the door.

4K Recording

‌HomeKit Secure Video‌ cameras are no longer limited to 1080p recording. If supported, cameras can stream and record at up to 4K.

Energy Monitoring

Accessories able to track energy usage like smart plugs now display that information in the Home app in the Energy tab. There is no way to create automations based on the data as of now.

Remote Apple TV Updates

It's now possible to update the Apple TV remotely using the Home app, similar to how HomePod updates are installed.


Reliability

Apple says capturing and storing ‌HomeKit Secure Video‌ footage is more reliable than it was before and it is less likely to miss activity.

Connectivity for Thread home accessories has also been improved with Apple adopting Thread 1.4, and ‌HomeKit‌ accessories now pair faster. Apple also says smart home accessory updates are faster than before.

When adding a new device to the Home app, there's a simplified interface that's useful for configuring Matter accessories in particular.

Compatibility and Requirements

The ‌Apple Intelligence‌ features in the Home app require a device that supports ‌Apple Intelligence‌, which includes the iPhone 15 Pro and later. The Home features also need an Apple TV running tvOS 27 or a ‌HomePod‌ running the ‌HomePod‌ Software 27.

‌HomeKit Secure Video‌ requires an iCloud+ plan. The 50GB plan supports a single camera, the 200GB plan supports up to five cameras, and the 2TB and above plans support unlimited cameras.

4K video recording does not require ‌Apple Intelligence‌.Related Roundups: iOS 27, iPadOS 27Tag: HomeKit
This article, "iOS 27 Home App: 10+ New HomeKit Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
We're in the second day of Prime Day 2026, and deals on everything from Apple products to TVs and monitors are in abundance. Below we're focusing on some of the best audio discounts you can find during Prime Day this year, from brands like Beats, Sony, Sonos, Soundcore, and more.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Of course, the best overall audio deal for Prime Day 2026 is on the AirPods Max 2. You can still get the Midnight color for the all-time low price of $399.00 today on Amazon, but we aren't sure how much longer this sale will last.

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

Beats


Amazon this week is discounting a collection of Beats headphones and speakers for Prime Day, including a new low price on the Powerbeats Pro 2. You can get this new 2025 model for $179.95 in all four colors, down from $249.99. This deal on the Powerbeats Pro 2 is being matched at Best Buy, along with a few other Beats deals.

UP TO 50% OFFBeats Deals on Amazon
Beats Studio Buds+ - $89.95, down from $169.95
Beats Pill - $99.95, down from $149.95
Beats Solo 4 - $99.95, down from $199.95
Beats Studio Pro - $149.95, down from $349.99
Powerbeats Pro 2 - $179.95, down from $249.99
Beats USB-A to USB-C Woven Cable - $5.00, down from $18.99
Beats iPhone 17 Case - $18.99, down from $45.00
Beats iPhone 17 Pro Rugged Case - $30.50, down from $79.00
Beats iPhone 17 Pro Max Case - $28.50, down from $45.00
Sony


LinkBuds Open-Ear Wireless Earbuds - $178.00, down from $229.99
WH-1000XM5 Premium Noise Canceling Headphones - $198.00, down from $399.99
PS-LX3BT Wireless Bluetooth Turntable - $248.00, down from $398.00
WF-1000XM6 Wireless Noise Cancelling Earbuds - $265.99, down from $329.99
WH-1000XM6 The Best Noise Canceling Wireless Headphones - $378.00, down from $459.99
Sonos


The highlight of Prime Day deals for Sonos products is the Sonos Ace Headphones down to just $279.00, from $399.00. This is a new all-time low price on the over-ear headphones, beating the previous low by over $20.

Sonos Era 100 SL Speaker - $159.00, down from $189.00
Sonos Era 100 Speaker - $179.00, down from $219.00
Sonos Ace Headphones - $279.00, down from $399.00
Sonos Five Wireless HiFi Speaker - $449.00, down from $599.00
Soundcore


P30i Noise Cancelling Earbuds - $23.69, down from $39.99
Soundcore Boom 2 Outdoor Speaker - $84.99, down from $129.99
Soundcore Sleep A20 Earbuds - $107.99, down from $179.99
Soundcore Space 2 Noise Cancelling Headphones - $109.99, down from $129.99
Soundcore Sleep A30 Earbuds - $159.99, down from $229.99
More Deals

JBL Tune 770NC Over-Ear Headphones - $89.95, down from $149.95
JBL Flip 7 Speaker - $94.95, down from $149.95
SteelSeries Arctis Nova 7P Gaming Headset - $159.99, down from $199.99
Sennheiser MOMENTUM 4 Wireless Noise Cancelling Headphones - $179.95, down from $270.50
Nothing Headphone (1) - $213.75, down from $299.00
For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "Prime Day Brings Major Deals on Headphones and Speakers From Popular Brands" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
With every iOS update, Apple adds new features to the AirPods. In iOS 27, the AirPods work with Siri AI, and there's a long-requested custom EQ option.

Subscribe to the MacRumors YouTube channel for more videos.
Custom EQ

Apple resisted custom EQ for the AirPods for years, preferring to require users to stick with Apple's sound profiles. That's changing in ‌iOS 27‌, and there are finally adjustable equalizer settings.

When the AirPods are connected to an iPhone running ‌iOS 27‌ and have the latest firmware, custom EQ can be accessed by going to Settings > [AirPods Name] > Audio & Routing > Equalizer > Custom.

There are options for adjusting lows, mids, and highs.

Custom EQ is available for AirPods with an H2 chip, which includes the AirPods Pro 2, AirPods Pro 3, AirPods 4, and AirPods Max 2.

Redesigned Settings Menu

There's a more compact settings interface available when the AirPods are connected to an iPhone. It's still located under Settings > AirPods, but all of the AirPods features are better organized and easier to get to.

The Transparency, Noise Cancellation, and Adaptive modes are still accessible at the top of the screen for quick switching, but Apple also added a volume slider for adjusting sound in the same interface.

Instead of expanded menus for Hearing Health, Call Controls, and gestures, the options are organized into separate menus. Apple has logically aggregated controls into categories that include Audio & Routing, Hearing Health, Controls & Gestures, Live Translation, Accessibility, Battery, Find My, and Privacy.

Siri AI

The smarter version of ‌Siri‌, ‌Siri‌ AI, works on the AirPods through a connected iPhone. When you're wearing AirPods, you can ask ‌Siri‌ AI questions and make requests.

‌Siri‌ AI isn't a standalone feature on the AirPods, and it requires an iPhone that supports it. ‌Siri‌ AI has a long list of new capabilities, which are outlined in our Siri guide. Apple is rumored to be developing AirPods with cameras that will feed visual data to ‌Siri‌ AI, and the current integration is a precursor to that deeper feature set.

Precision Finding

The ‌AirPods Pro 3‌ charging case features Ultra Wideband (UWB), and it works with Precision Finding on the iPhone. With the update to ‌iOS 27‌ and watchOS 27, you can also use an Apple Watch for ‌AirPods Pro 3‌ Precision Finding.

GymKit Syncing

GymKit works with the iPhone in ‌iOS 27‌, and it can sync heart rate data collected from the ‌AirPods Pro 3‌ to gym equipment like treadmills and indoor bikes.

Accessibility

Apple added Name Recognition in ‌iOS 27‌, so users who are deaf or hard of hearing can be alerted if someone says their name. It's a feature that works with the AirPods Hearing Health options, and it supports more than 50 languages globally.

Compatibility

Some of the new AirPods features require an H2 chip, and for ‌Siri‌ AI, you'll need an Apple Intelligence-compatible iPhone. The Precision Finding and GymKit features are limited to ‌AirPods Pro 3‌.

Launch Date

The new AirPods features require ‌iOS 27‌ and updated AirPods firmware. Developers have access now, and Apple plans to release a public beta in July. ‌iOS 27‌ will launch in September alongside new iPhone models. Related Roundups: AirPods 4, AirPods Max 2, AirPods Pro 3, iOS 27, iPadOS 27Buyer's Guide: AirPods (Caution), AirPods Max (Buy Now), AirPods Pro (Neutral)Related Forum: AirPods
This article, "Every New AirPods Feature in iOS 27" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Prime Day deals are in full swing today, and they feature all-time low prices across the Apple Watch lineup, including Apple Watch Series 11 for $120 off, Apple Watch SE 3 for $50 off, and Apple Watch Ultra 3 for $150 off.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple Watch Series 11

Amazon this week has all-time low prices on the Apple Watch Series 11, with $120 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$120 OFFApple Watch Series 11 (42mm GPS) for $279.00
$120 OFFApple Watch Series 11 (46mm GPS) for $309.00

You can get the 42mm GPS Apple Watch Series 11 for $279.00, down from $399.00, and the 46mm GPS model for $309.00, down from $429.00. On Amazon, you'll find three of the 42mm GPS models and three of the 46mm GPS models on sale at these all-time low prices.

Apple Watch SE 3

Amazon is also taking $50 off the Apple Watch SE 3, starting at $199.00 for the 40mm GPS model. These are matches of all-time low prices on the SE 3, and it's been over four months since we last tracked these prices on the wearable.

$50 OFF40mm GPS Apple Watch SE 3 for $199.00
$50 OFF44mm GPS Apple Watch SE 3 for $229.00

You can also get the 44mm GPS Apple Watch SE 3 on sale for $229.00, down from $279.00. Both the 40mm and 44mm GPS models are available in Midnight and Starlight Aluminum at these prices.

Apple Watch Ultra 3

Finally, Amazon is discounting a wide array of Apple Watch Ultra 3 models down to $649.00 for Prime Day, from $799.00. This is a new all-time low price on the 2025 smartwatch, beating the previous record low price by about $50, and it's available in both Natural and Black Titanium color options.

$150 OFFApple Watch Ultra 3 for $649.00

Head to our full Deals Roundup to get caught up with all of the latest deals and discounts that we've been tracking over the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "Prime Day Brings Huge Discounts to Every Apple Watch Model" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Two members of the Scattered Spider cybercrime collective have admitted launching a cyberattack against Transport for London (TfL) that caused millions in damages.
Thalha Jubair, 20, from East London, and Owen Flowers, 18, from Walsall, West Midlands, were due to stand trial for computer hacking offences at Woolwich Crown Court on Monday but changed their pleas to guilty on the first day of what was scheduled to be a six-week trial.
Sentencing for the pair is due to take place in the same outer London court on July 22.
Mind the gap
Jubair and Flowers compromised TfL’s network between Aug. 31 and Sept. 3, 2024, in an attack that disrupted in-station services such as information boards, and online services such as TfL’s refunds portal and Oyster photocard application systems for young people.
The same attack also meant all 28,000 employees of the London transport network were obliged to attend a TfL office for a password reset. A BBC investigation in March 2026 revealed that the hack had exposed the names, email addresses, mobile phone numbers and physical addresses of an estimated 10 million people.
TfL suffered a reported £29 million ($38.2 million) in losses, incident response, and other recovery costs.
The attack was investigated by the UK’s National Crime Agency and City of London Police. Police investigators quickly identified Flowers as a suspect prior to his arrest at his home on Sept. 6, 2024.
Forensic analysis on the laptops, tower computers, hard drives, and USB sticks seized at the time of Flower’s arrest uncovered evidence that he had also broken into the systems of US healthcare companies SSM Health Care and Sutter Health.
One Acer laptop seized during the arrest held videos showing Jubair accessing TfL systems during the attack, according to a police statement on the case. The pair were messaging each other through the Telegram messaging service as well as using a common workspace that they shared with other cybercriminals.
Web of destruction
The Scattered Spider group burst onto the scene with ransomware attacks against Caesars Entertainment and MGM Resorts in 2023. Attacks against a wide variety of targets across multiple industries, including retail, hospitality, telecoms, and aviation, followed.
UK attacks linked to Scattered Spider include high-profile attacks on Jaguar Land Rover and retailer Marks and Spencer.
Scattered Spider is best viewed as an overlapping network of largely English-speaking crews and affiliates rather than a tightly knit organisation.
The group’s tradecraft is characterised by social engineering, help-desk impersonation, SIM swapping in the furtherance of ransomware-enabled extortion, and other scams. In particular, Scattered Spider targeted outsourced IT support and help-desk providers to reset credentials and bypass multi-factor authentication controls to expand their access into victim’s networks.
A loose alliance or collective of cybercrime groups including Scattered Spider, Lapsus$, and ShinyHunters was established last year.
Jubair and Flowers are among a growing number of members of the group to be convicted for computer crime offences.
Tyler Buchanan, a senior figure in the group, was arrested at a Spanish airport in June 2024.
Buchanan, 24, of Dundee, Scotland, was extradited to the US and pleaded guilty in April 2026 to a scam that aimed to steal $8 million in virtual currency from at least a dozen companies as well as numerous individuals.
Co-conspirator Noah Michael Urban of Palm Coast, Florida, was jailed for 10 years in April 2025 after pleading guilty to aggravated identity theft and wire fraud offences.
Other prosecutions remain pending.
View the full article

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.