Skip to content
View in the app

A better way to browse. Learn more.

hosang I.T.

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Tech

Tech Articles from a wide variety of topics and categories
Prime Day is in full swing this week, offering massive savings on everything from AirPods to MacBook Pro and much more. We've been keeping an eye on these Apple-related Prime Day discounts all week, but now we're also tracking great sales on other categories, including TVs.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Below we've collected some of the best TV deals you can find during Prime Day, including those from Samsung, Sony, Hisense, LG, Panasonic, Toshiba, and more. Shoppers should remember that Prime Day sales are typically time sensitive, so purchase quickly if you're interested.

UP TO 50% OFFAmazon Prime Day TV Deals

There are a few rival Prime Day TV discount events this year as well, including Sony's own four-day sale. During this event, you can get the 65-inch BRAVIA II Google TV for $2,299.99 at Crutchfield and direct through Sony, down from $2,599.99. You'll also find Sony's popular noise canceling headphones and more on sale at their best prices ever this week.

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

50-Inch TVs


50-inch Insignia LED 4K Smart Fire TV - $149.99, down from $299.99
50-inch Amazon Ember Fire TV - $239.95, down from $399.99
50-inch Hisense mini LED 4K Smart Fire TV - $399.99, down from $699.00
55-inch Toshiba mini LED Smart Fire TV - $549.99, down from $898.99
55-inch Samsung The Frame 4K QLED - $697.99, down from $1,097.99
55-inch Sony OLED 4K Smart Google TV - $998.00, down from $1,499.99

60-Inch TVs


65-inch Hisense QLED 4K Smart Fire TV - $379.99, down from $478.00
65-inch TCL mini LED QLED 4K TV - $529.99, down from $799.99
65-inch Hisense QLED CanvasTV Series 4K Google Smart TV - $849.99, down from $1,299.99
65-inch Sony OLED 4K Smart Google TV - $1,198.00, down from $1,999.99
65-inch LG OLED evo AI 4K Smart TV - $1,199.00, down from $1,396.99
65-inch Samsung The Frame Pro Smart TV - $1,497.99, down from $2,397.99

70-Inch TVs


75-inch Samsung mini LED Smart TV - $897.99, down from $1,197.99
75-inch Toshiba Mini-LED 4K Smart Fire TV - $899.99, down from $1,499.99

80-Inch TVs

85-inch Samsung QLED 4K Smart TV - $1,297.99, down from $1,697.99
85-inch Sony BRAVIA 3 II 4K Smart Google TV - $1,498.00, down from $1,599.99
85-inch Sony BRAVIA 9 Smart Google TV - $2,998.00, down from $3,798.00


If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Best Prime Day TV Deals Feature Lowest Prices of the Year Across Top Brands" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon has a few low prices on Apple's M5 Pro/M5 Max MacBook Pro for Prime Day, with up to $299 off select models. These join a few M5 MacBook Air Prime Day deals that we started tracking yesterday.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Starting with the 14-inch models, you can get the 24GB/1TB M5 Pro MacBook Pro for $2,034.00, down from $2,199.00. The biggest overall savings this time around is on the 36GB/2TB model, available for $3,299.99, which is a $299 discount and all-time low price.

$165 OFF14-inch M5 Pro MacBook Pro (24GB/1TB) for $2,034.00
$200 OFF14-inch M5 Pro MacBook Pro (24GB/2TB) for $2,399.00
$299 OFF14-inch M5 Max MacBook Pro (36GB/2TB) for $3,299.99

You can get up to $250 off the 16-inch MacBook Pro right now on Amazon, with the 24GB RAM/1TB M5 Pro model hitting a new all-time low price of $2,494.00, down from $2,699.00. Most of the MacBook Pro devices in this sale have an estimated delivery date of June 29 with free shipping.

$205 OFF16-inch M5 Pro MacBook Pro (24GB/1TB) for $2,494.00
$242 OFF16-inch M5 Pro MacBook Pro (48GB/1TB) for $2,857.00
$250 OFF16-inch M5 Max MacBook Pro (36GB/2TB) for $3,649.00

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Prime Day Discounts Hit 2026 MacBook Pro With Up to $299 Off Select Models" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's retail store at the Briarwood Mall in Ann Arbor, Michigan will be relocating to a larger space at the mall as early as the end of July, according to Bloomberg's Mark Gurman.

Simon Property Group has been redeveloping a portion of the surface parking lot at the Briarwood Mall, and previous reports have indicated that Apple will be moving its store to this new mixed-use area.Tag: Apple Store
This article, "Apple Store in Ann Arbor, Michigan is Moving Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
We're now in the second day of Prime Day 2026, and one of the best deals of this year's event is starting to sell out. You can still get the AirPods Max 2 for $399.00, but it's now only available in the Midnight color option. This sale started out with every color on sale over the weekend, so this could be your last chance to get the headphones at this record low price this week.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Free delivery has the AirPods Max 2 arriving around June 29, but Prime members should see same-day delivery options in many locations. You can also shop solid deals on the AirPods 4 and AirPods Pro 3 during Prime Day this year.

$150 OFFAirPods Max 2 for $399.00

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "This May Be Your Last Chance to Get AirPods Max 2 for $399 During Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's rumored foldable iPhone "Ultra" is expected to begin mass production at the end of July, according to a new report by The Elec.


Although some recent reports suggested the book-style device could be delayed due to hinge-related issues, the Korean outlet's sources indicate that Apple is still targeting a September launch as planned.

Bloomberg's Mark Gurman reported in March that the new foldable iPhone won't ship to customers in the same September timeframe as the iPhone 18 Pro and ‌iPhone 18 Pro‌ Max. A month later, Gurman said that the foldable iPhone remained on track for a September debut alongside the iPhone 18 Pro models, and that Apple is aiming to put it on sale at roughly the same time or slightly later.

Gurman noted at the time, however, that "the release is six months away and production has yet to ramp up" and "the timing isn't final."

The foldable iPhone will use a foldable 7.8-inch OLED panel supplied by Samsung. The display uses a newer design that eliminates one of the traditional screen layers and instead builds the color-filtering layer directly into the display stack, making the screen thinner, lighter, and more power-efficient.

The hinge will reportedly be supplied by Taiwan's Shin Zu Shing and U.S.-based Amphenol. Both companies are said to be providing hinges manufactured using 3D-printing techniques.

The Elec's latest sources said Apple did encounter some challenges with the hinge during testing. After undergoing durability tests involving millions of folds, the mechanism reportedly began producing slight "noise," while wider-than-expected manufacturing tolerances in parts of the assembly process contributed to higher defect rates. However, most of these issues have since been addressed, according to one Taiwan-based industry source cited by the outlet.

In addition to the inner display, the foldable iPhone is expected to feature a 5.5-inch cover display, as well as Apple's A20 chip and C2 modem, a Touch ID power button instead of Face ID, and two rear cameras, with pricing rumored at around $2,000. Apple's book-style foldable could launch as the "iPhone Ultra," as suggested by reports.Tags: Foldable iPhone, The Elec
This article, "Foldable iPhone 'Ultra' Set for Production in July Despite Hinge Issues" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon today has brought back a few $99 discounts on the iPad mini 7 for Prime Day, starting at $399.99 for the 128GB Wi-Fi tablet, down from $499.00. It's been nearly three months since we last tracked prices this low on the iPad mini 7.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Additionally, you can get the 256GB Wi-Fi iPad mini 7 for $499.99 and the 512GB Wi-Fi iPad mini 7 for $699.99, both $99 discounts and available in multiple colors. These sales are all solid second-best prices on the iPad mini 7.

$99 OFF128GB Wi-Fi iPad mini 7 for $399.99
$99 OFF256GB Wi-Fi iPad mini 7 for $499.99
$99 OFF512GB Wi-Fi iPad mini 7 for $699.99

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "iPad Mini 7 Gets Rare $99 Discounts During Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Earlier this week we highlighted some of the best Apple-related product discounts that you can find on Amazon during Prime Day, and now we're focusing on third-party accessory markdowns during the event. In this article you'll find all the best accessories for charging, smart homes, smartphones, and more.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

Anker


Anker's Prime 3-in-1 Wireless Charging Station is available for $99.74 on Amazon this week, down from $149.99. This is one of Anker's newest accessories, and Amazon's sale today is a new all-time low price on the device.

$49 OFFAnker Prime 3-in-1 Wireless Charging Station for $99.74

The Prime 3-in-1 Wireless Charging Station features Qi2.2 support, which lets a compatible MagSafe ‌iPhone‌ charge at up to 25W. It's the same speed as Apple's ‌MagSafe‌ charger, and it is 10W faster than the standard Qi2 ‌MagSafe‌ chargers. You can also simultaneously charge an Apple Watch and AirPods with the device.

Wall Chargers

Anker 140W 4-Port GaN USB-C Charger - $59.99, down from $99.99
Anker 3-Port Prime Charger - $99.99, down from $149.99
Wireless Chargers

Anker 3-in-1 MagSafe-Compatible UFO Charger - $59.99, down from $89.99
Anker 3-in-1 MagSafe-Compatible Foldable Charging Station - $59.00, down from $109.99
Anker 3-in-1 MagSafe-Compatible Charging Cube - $77.54, down from $129.99
Anker 3-in-1 Prime Wireless Charging Station - $99.74, down from $149.99
Anker Prime MagSafe-Compatible 3-in-1 Charging Station - $137.99, down from $229.99
Portable Chargers

Nano Power Bank with Built-In USB-C - $19.99, down from $26.99
Anker Nano 10,000 mAh Portable Charger - $41.99, down from $59.99
Anker MagGo Power Bank 10,000 mAh - $60.79, down from $79.99
Anker Prime Power Bank 20,100 mAh - $119.69, down from $179.99
Anker Prime Power Bank 26,250 mAh - $159.99, down from $229.99
Portable Power Stations

Anker SOLIX C300 Power Station with Lantern - $149.99, down from $249.00
Anker SOLIX C300 - $209.30, down from $299.99
Anker SOLIX C1000 Gen 2 - $399.00, down from $799.00
Anker SOLIX S2000 - $599.00, down from $1,199.00
Anker SOLIX C2000 Gen 2 - $699.99, down from $1,499.00
Anker SOLIX F3800 - $1,599.99, down from $2,299.00
Docks

Anker Nano 13-in-1 Laptop Docking Station - $104.49, down from $149.99
Anker Prime 14-Port Docking Station - $161.49, down from $269.99

Monitors


27-inch LG Ultrafine 4K Monitor - $170.05, down from $249.99
27-inch Samsung Odyssey G5 Gaming Monitor - $179.99, down from $249.99
32-inch Samsung Odyssey G55C Curved Monitor - $189.99, down from $329.99
27-inch Dell Plus 4K Monitor - $229.99, down from $299.99
27-inch LG Gaming Monitor - $255.55, down from $499.99
27-inch Samsung Odyssey OLED G5 Monitor - $339.95, down from $499.99
27-inch ASUS ProArt Display - $349.00, down from $429.00
49-inch Samsung Odyssey OLED G9 Curved Monitor - $799.99, down from $1,299.99
32-inch Samsung Smart Monitor M9 - $1,199.99, down from $1,599.99

Beats


Amazon this week is discounting a collection of Beats headphones and speakers for Prime Day, including a low price on the Powerbeats Pro 2. You can get this new 2025 model for $179.95 in all four colors, down from $249.99. This deal on the Powerbeats Pro 2 is being matched at Best Buy, along with a few other Beats deals.

UP TO 50% OFFBeats Deals on Amazon
Beats Studio Buds+ - $89.95, down from $169.95
Beats Pill - $99.95, down from $149.95
Beats Solo 4 - $99.95, down from $199.95
Beats Studio Pro - $149.95, down from $349.99
Powerbeats Pro 2 - $179.95, down from $249.99
Beats USB-A to USB-C Woven Cable - $5.00, down from $18.99
Beats iPhone 17 Case - $18.50, down from $45.00
Beats iPhone 17 Pro Rugged Case - $30.50, down from $79.00
Beats iPhone 17 Pro Max Case - $28.50, down from $45.00

Amazon Devices


Of course, some of the best discounts can be found on Amazon's own line of products. This includes Kindle e-readers, Blink security cameras, Fire tablets, and more.

Echo Dot - $34.99, down from $49.99
Echo Spot - $44.99, down from $79.99
Ring Battery Doorbell - $49.99, down from $99.99
Echo Show 5 - $59.99, down from $89.99
Ring Floodlight Cam Wired Plus - $89.99, down from $179.99
Kindle Paperwhite - $124.99, down from $159.99
Blink Outdoor 4 Camera - $119.99, down from $399.99
Kindle Scribe Colorsoft - $519.99, down from $679.99

TVs


50-inch Insignia LED 4K Smart Fire TV - $149.99, down from $299.99
50-inch Amazon Ember Fire TV - $239.95, down from $399.99
50-inch Hisense mini LED 4K Smart Fire TV - $399.99, down from $699.00
65-inch TCL mini LED QLED 4K TV - $529.99, down from $799.99
55-inch Toshiba mini LED Smart Fire TV - $549.99, down from $898.99
55-inch Samsung The Frame 4K QLED - $697.99, down from $1,097.99
75-inch Samsung mini LED Smart TV - $897.99, down from $1,197.99
55-inch Sony OLED 4K Smart Google TV - $998.00, down from $1,499.99

Jackery


Jackery's Prime Day deals include a large selection of portable power stations at big discounts.

Explorer 300 - $188.99, down from $259.00
Explorer 1000 v2 Portable Power Station - $399.99, down from $799.00
Explorer 500 - $459.00, down from $799.00
Explorer 2000 v2 - $749.00, down from $1,499.00
Solar Generator 1000 v2 with Solar Panel - $599.99, down from $1,299.00
HomePower 3600 Plus - $1,424.05, down from $2,799.00
Explorer 2000 Plus + Expandable Battery + Solar Panel - $1,869.00, down from $2,199.00

Sonos


The highlight of Prime Day deals for Sonos products is the Sonos Ace Headphones down to just $279.00, from $399.00. This is a new all-time low price on the over-ear headphones, beating the previous low by over $20.

Sonos Era 100 SL Speaker - $159.00, down from $189.00
Sonos Era 100 Speaker - $179.00, down from $219.00
Sonos Ace Headphones - $279.00, down from $399.00
Sonos Beam Gen 2 - $369.00, down from $499.00
Sonos Five Wireless HiFi Speaker - $449.00, down from $599.00
Sonos Arc Ultra Soundbar - $899.00, down from $1,099.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "Prime Day 2026: Top Savings on Anker, Beats, TVs, and More Accessories" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple appears to have closed the loophole that let Mac users skip the Siri AI waitlist in the latest macOS 27 Golden Gate beta.


As we covered earlier this month, beta 1 testers can switch on the enhanced version of Siri straight away using a single Terminal command, effectively sidestepping Apple's waitlist.

However, many users who are running the second developer beta of macOS 27, which was released on Monday, are finding that the command does not work for them. Users who enabled Siri AI this way in the original beta are also reporting that they have been kicked back to the waitlist after updating.

Apple has not said anything about the reported change, but one possibility is that the entitlement check that the Terminal command taps into has been switched from a local feature flag to a server-validated state.

Apple could still be building out its server capacity for the redesigned Siri, which is why it is granting access to testers in batches as more comes online. It's likely the reason why the workaround is no longer working for some people.

In any case, if you applied the bypass trick in macOS 27 beta 1 and want to retain access, you probably won't want to update to beta 2.

Some users are suggesting alternative methods involving submitting Apple Intelligence feedback to accelerate approval, but the claims remain anecdotal, and at this point it may just be worth waiting in the queue. Apple appears to be granting access to new beta testers in a matter of days.

Siri AI is now a fully fledged chatbot, and can draw on personal context understanding to search across messages, emails, photos, and more. It can now get things done across apps thanks to even more system-wide app actions.

On Mac, ‌Siri‌ AI is also integrated into Spotlight and available via right-click context menus on any file or window.

Note that Siri AI remains unavailable in the EU on iPhone and iPad, but the limitation does not apply to the Mac. Tag: Siri
This article, "Apple Seemingly Killed Siri AI Waitlist Workaround in macOS 27 Beta 2" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A critical Cisco Unified CM vulnerability is now under active exploitation, weeks after the company issued patches warning it could allow attackers to gain root access.
Threat intelligence firm Defused reported the exploitation on June 23. The company said it observed the activity over the weekend.
“This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys,” Defused said on X.
The flaw is tracked as CVE-2026-20230 and carries a CVSS base score of 8.6. Cisco published the advisory and patches on June 3, when it stated it was not aware of any malicious use of the vulnerability at the time of disclosure.
“This vulnerability is due to improper input validation for specific HTTP requests,” Cisco said in the advisory.  “An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device.”
The flaw could allow an unauthenticated, remote attacker to “conduct server-side request forgery (SSRF) attacks through an affected device,” the advisory said. A successful exploit could let the attacker write files to the underlying operating system and elevate privileges to root, it added.
No prior record of exploitation
Defused said the weekend activity was the first exploitation of the flaw it had recorded. “No previously recorded exploitation, and not yet listed in CISA KEV,” it wrote in the X post.
Weeks before Defused reported the attacks, Cisco had acknowledged in its advisory that proof-of-concept exploit code for the flaw was already available. The Cisco Product Security Incident Response Team (PSIRT) was not aware of any malicious use of the vulnerability when the advisory was published, the company said.
Cisco did not immediately respond to a request for comment.
WebDialer service must be enabled
The flaw affects Cisco Unified CM and Unified CM SME products widely used by enterprises to manage voice, video, messaging, mobility, and conferencing services across corporate environments.
The company said the flaw can be exploited remotely if the targeted system is running a vulnerable software release and has the WebDialer service enabled.
“WebDialer is disabled by default,” Cisco noted in the advisory.
Cisco said it found no workaround that would completely address the vulnerability.
“There are no workarounds that address this vulnerability,” the company said in its advisory. “However, as a mitigation, administrators may disable the WebDialer service until a patch can be applied.”
Researcher details the file-write chain
The flaw was reported to Cisco by an independent security researcher working with SSD Secure Disclosure, Cisco said.
While Cisco’s advisory describes the issue as an SSRF vulnerability, SSD’s analysis indicates that multiple weaknesses can be combined to achieve a broader compromise of an affected system.
“The CUCM product faces a few vulnerabilities that when bundled together allow a remote attacker to gain the ability to write arbitrary files on the server, which in turn allow an unauthenticated attacker to execute code,” SSD Secure wrote in a technical write-up.
SSD said the attack chain begins with an SSRF vulnerability and can be leveraged to write arbitrary files to the server. According to the disclosure, those file-write capabilities can then be used to execute code on the affected system.
Patching and mitigation
Cisco said there are no workarounds that address the vulnerability and advised customers to upgrade to fixed software releases.
The company said the fix for the Cisco Unified CM and Unified CM SME 14 release train is 14SU6, and for the 15 train, the fix is in 15SU5, due in September 2026, or in an interim COP patch.
Neither Cisco nor Defused has publicly attributed the attacks to a specific threat actor, released indicators of compromise, or disclosed whether any organizations have been successfully compromised through exploitation of the flaw.
View the full article
A fake AI agent skill that passed security checks reached over 26,000 users through Instagram, highlighting new risks as enterprises rely on AI-driven tools.
Some of the agents involved were tied to corporate accounts, AIR said. The company said a similar attack could have exposed private conversations and internal systems. AIR said no agents were harmed in the research and that the test payload collected only users’ email addresses so they could be notified.
The experiment centered on a skill called brand-landingpage, which was presented as a tool for helping users build a landing page with Google’s Stitch design tool. AIR said it chose the use case because it would appeal to non-technical corporate users, including marketers, salespeople, and designers.
To make the skill appear credible, AIR said it sought two trust signals: GitHub reputation and safe verdicts from security scanners. Rather than building credibility from scratch, it submitted the skill to a popular open-source agents repository that AIR said had about 36,000 GitHub stars and 156 skills. The pull request was merged after a few days.
AIR then promoted the skill through an Instagram ad, which drove users to install and run it.
The malicious technique did not depend on suspicious code inside the submitted files. Instead, the skill instructed agents to set up a Stitch SDK by following installation instructions hosted at stitch-design.ai, a domain controlled by AIR. Google’s actual Stitch domain is stitch.withgoogle.com.
AIR said it configured the fake domain to redirect to the real Stitch site, making the issue difficult to detect from a static review of the skill alone.
“Current skill security scanners all share the same design – they analyze the skill’s SKILL.md and bundled resources, using a combination of static heuristics and LLM agents,” AIR said.
The company said it tested the skill against scanners from Cisco, Nvidia, and skills.sh, and that all marked brand-landingpage as safe.
Once the skill had gained distribution, AIR changed the content behind the fake Stitch documentation. The revised page instructed agents to download and run a script. In AIR’s test, that script collected the user’s email address, but the company said the same approach could have been used to compromise machines running the agent.
AIR said the experiment showed that AI agent skills cannot be assessed only by scanning their packaged files at the time of approval or installation. The issue, it said, is that a skill can pass review while still pointing an agent to a web page that changes later.
AI skills pose dependency risk
For security teams, the concern is not only that the skill passed review, but that its behavior could change after trust had already been granted.

The test suggests CISOs may need to treat AI skills as part of the enterprise software supply chain, rather than as simple prompts or text files, according to cybersecurity researcher Devashri Datta.
“Treating agent skills as mere text or prompts is a fundamental architectural misunderstanding,” Datta said. “They are executable instruction bundles that dictate how an agent operates, interacts with enterprise systems, and routes data, and they must be governed with the same rigor as third-party open-source packages or SaaS integrations.”
Keith Prabhu, founder and CEO at Confidis, said AI agent skills should be treated as “living third-party dependencies,” rather than static plugins.
“A one-time security scan is no longer sufficient; enterprises need continuous validation and strict runtime controls,” Prabhu said.
That starts with an enterprise-wide AI skills inventory that gives security teams clear ownership records and visibility into each skill’s external connections and permitted data flows.
The case also underlines why point-in-time static scanning is poorly suited to LLM-orchestrated environments, Datta said. The skill passed the scanners because the payload sat behind a mutable external URL that was changed after distribution, rather than inside the submitted package.
Runtime checks become critical
Enterprises should require version pinning and immutable reference tracking for any skill that fetches external instructions or software components, according to Datta. Such content should be localized, tied to a cryptographic hash, and hosted within an enterprise-controlled environment.
Security teams should also enforce least privilege at the agent level, so a skill does not inherit the full data access rights of the user running it.

Prabhu said security leaders should assess AI agent skills throughout their lifecycle, not only when they are first approved. Enterprises should limit employees to approved marketplaces and pre-approved skills, validate external URLs referenced by those skills, and test installation behavior in a sandbox before deployment.
At runtime, network calls should be restricted to approved domains and monitored for unusual activity, Prabhu added. That layer is critical because a skill that appears safe at installation can change behavior after it has already been trusted.
View the full article
Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work.
The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward phrasing. Sender domains that looked almost right. URLs that revealed something suspicious on hover. We trained a generation of employees to play Where’s Waldo with their inbox, scanning for the one visible artifact that would mark a message as malicious.
Those artifacts are gone. AI-generated attacks are fluent. The infrastructure behind them looks legitimate. The surface signals we trained users to rely on no longer exist. Even if they did, the model would still depend on something humans cannot deliver. Sustained vigilance across hundreds of messages a day, every day, with one lapse leading to compromise. No human attention system works that way.
If user attention is not the answer, what is?
Kahneman applied to organizations, not individuals
Most discussions of phishing lean on author Daniel Kahneman’s System 1 and System 2. Fast thinking is automatic and easy to fool. Slow thinking is deliberate and more accurate. The conclusion is always the same. Train people to slow down.
The framing is true about cognition and incomplete as a security strategy. It asks individuals to sustain behavior that breaks under real conditions.
The more useful application is at the organizational level.
Every company has processes that run fast and processes that run slow. The difference is not accidental. Fast processes are the ones where trust has already been granted and friction has been removed. Wire transfers between known parties. Vendor banking updates. Calendar invites accepted without inspection. Help desk verification over the phone.
Slow processes are the opposite. Trust is being established in real time. Employee logins with conditional access. New vendor onboarding. Any interaction with someone outside the organization.
Most companies did not design this split deliberately. It emerged over time. Someone removed friction because it helped the business move faster. Often, that decision made sense at the time. The threat landscape that justified it no longer exists.
Attackers understand this better than we do. They map where the fast paths are. They wait for moments where scrutiny is minimal. Then they step directly into those lanes.
The Nexus pass as a security primitive
Border control solved a problem that security still struggles with. Uniform scrutiny does not work. Check everyone the same way and movement stops. Check no one and the border disappears.
The solution was risk tiering. Pre-vetted travelers earn a fast lane based on evidence. Everyone else goes through full inspection. The trust is continuously verified and can be revoked the moment new information appears.
The fast lane is not a flaw. The full check is not overkill. Both exist because the system asks the right question. Not whether to trust or verify, but which interactions deserve speed and what evidence supports that decision.
Apply that lens to an enterprise and the gaps become obvious.
Which processes are running on a fast lane that no longer make sense? A vendor whose banking details change over email. A supplier using a typosquatted domain that slips through. A calendar invite from a name that looks familiar enough. An API credential tied to a vendor that has not been active in years.
Each of these is a fast path. Each one has been exploited at scale by attackers who know the assignment was never revisited.
The answer is not to slow everything down. That is the same mistake as awareness training, just applied to processes instead of people. It would destroy productivity and still fail to stop attacks.
The real work is targeted. Identify which fast paths were built on outdated assumptions. Re-tier those. Pull the fast lane from the processes that no longer deserve it. Leave it where it still holds.
The trust inversion no one wants to admit
This leads to a harder question about architecture.
Over the last decade, we applied zero trust to employees and standing trust to suppliers. Employees authenticate constantly. They deal with device checks, session limits and conditional access. Suppliers send a SOC 2 report once and receive long-lived access to critical systems.
That asymmetry deserves scrutiny.
Suppliers are often the path of least resistance for attackers. They hold legitimate credentials. They have access across systems. Many major breaches over the past five years started with a compromised vendor account that was already trusted.
SOC 2 does not solve this. It measures internal control discipline. It answers whether a company follows its processes. It does not tell you whether that company is secure right now.
Yet many organizations treat it as if it does. They make high-stakes access decisions based on a document that was never designed to answer that question.
Compliance automation has made this worse. It turned an annual exercise into a continuous one without changing what is being measured. The bar stayed the same. We just got faster at producing evidence that it was met.
A clean report next to a vendor with an old, compromised credential still active in production is not an edge case. It is a common state.
What deliberate design actually looks like
The work ahead is not glamorous. It will not show up neatly on a dashboard.
Start by mapping processes across the organization. Identify which ones run fast and which run slow. For every fast path, ask three questions.
What evidence originally justified the speed? Does that evidence still hold given current attacker capability? If you remove the fast lane, is the cost lower or higher than the expected impact of a breach tied to that process?
When the evidence no longer holds and the cost of change is lower than the potential loss, the assignment needs to change.
That change will have a cost. Vendor updates that took seconds may take minutes. Help desk interactions may require secondary verification. Onboarding new suppliers may slow down.
The case for accepting that cost is not that caution is good in theory. It is that the original speed was based on assumptions that no longer apply. The efficiency was borrowed from a future failure.
If you cannot explain why a process still deserves a fast lane, you are not making a business decision. You are accepting risk without acknowledging it.
This is what it means to design deliberately. Not forcing everyone to slow down, but making conscious decisions about where speed belongs and where scrutiny is required. Revisiting those decisions as conditions change. Removing fast lane status, the moment it is no longer justified.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Security awareness training as a defense against phishing is dead. It has been dead for a while. The industry never held a funeral because the training budget is comfortable, the compliance box gets checked and no CISO wants to tell the board that the program everyone funds does not work.
The premise was simple. With enough education, users would learn to spot the tells. Misspelled words. Awkward phrasing. Sender domains that looked almost right. URLs that revealed something suspicious on hover. We trained a generation of employees to play Where’s Waldo with their inbox, scanning for the one visible artifact that would mark a message as malicious.
Those artifacts are gone. AI-generated attacks are fluent. The infrastructure behind them looks legitimate. The surface signals we trained users to rely on no longer exist. Even if they did, the model would still depend on something humans cannot deliver. Sustained vigilance across hundreds of messages a day, every day, with one lapse leading to compromise. No human attention system works that way.
If user attention is not the answer, what is?
Kahneman applied to organizations, not individuals
Most discussions of phishing lean on author Daniel Kahneman’s System 1 and System 2. Fast thinking is automatic and easy to fool. Slow thinking is deliberate and more accurate. The conclusion is always the same. Train people to slow down.
The framing is true about cognition and incomplete as a security strategy. It asks individuals to sustain behavior that breaks under real conditions.
The more useful application is at the organizational level.
Every company has processes that run fast and processes that run slow. The difference is not accidental. Fast processes are the ones where trust has already been granted and friction has been removed. Wire transfers between known parties. Vendor banking updates. Calendar invites accepted without inspection. Help desk verification over the phone.
Slow processes are the opposite. Trust is being established in real time. Employee logins with conditional access. New vendor onboarding. Any interaction with someone outside the organization.
Most companies did not design this split deliberately. It emerged over time. Someone removed friction because it helped the business move faster. Often, that decision made sense at the time. The threat landscape that justified it no longer exists.
Attackers understand this better than we do. They map where the fast paths are. They wait for moments where scrutiny is minimal. Then they step directly into those lanes.
The Nexus pass as a security primitive
Border control solved a problem that security still struggles with. Uniform scrutiny does not work. Check everyone the same way and movement stops. Check no one and the border disappears.
The solution was risk-tiering. Pre-vetted travelers earn a fast lane based on evidence. Everyone else goes through full inspection. The trust is continuously verified and can be revoked the moment new information appears.
The fast lane is not a flaw. The full check is not overkill. Both exist because the system asks the right question. Not whether to trust or verify, but which interactions deserve speed and what evidence supports that decision.
Apply that lens to an enterprise and the gaps become obvious.
Which processes are running on a fast lane that no longer make sense? A vendor whose banking details change over email. A supplier using a typosquatted domain that slips through. A calendar invite from a name that looks familiar enough. An API credential tied to a vendor that has not been active in years.
Each of these is a fast path. Each one has been exploited at scale by attackers who know the assignment was never revisited.
The answer is not to slow everything down. That is the same mistake as awareness training, just applied to processes instead of people. It would destroy productivity and still fail to stop attacks.
The real work is targeted. Identify which fast paths were built on outdated assumptions. Re-tier those. Pull the fast lane from the processes that no longer deserve it. Leave it where it still holds.
The trust inversion no one wants to admit
This leads to a harder question about architecture.
Over the last decade, we applied zero trust to employees and standing trust to suppliers. Employees authenticate constantly. They deal with device checks, session limits and conditional access. Suppliers send a SOC 2 report once and receive long-lived access to critical systems.
That asymmetry deserves scrutiny.
Suppliers are often the path of least resistance for attackers. They hold legitimate credentials. They have access across systems. Many major breaches over the past five years started with a compromised vendor account that was already trusted.
SOC 2 does not solve this. It measures internal control discipline. It answers whether a company follows its processes. It does not tell you whether that company is secure right now.
Yet many organizations treat it as if it does. They make high-stakes access decisions based on a document that was never designed to answer that question.
Compliance automation has made this worse. It turned an annual exercise into a continuous one without changing what is being measured. The bar stayed the same. We just got faster at producing evidence that it was met.
A clean report next to a vendor with an old, compromised credential still active in production is not an edge case. It is a common state.
What deliberate design actually looks like
The work ahead is not glamorous. It will not show up neatly on a dashboard.
Start by mapping processes across the organization. Identify which ones run fast and which run slow. For every fast path, ask three questions.
What evidence originally justified the speed? Does that evidence still hold given current attacker capability? If you remove the fast lane, is the cost lower or higher than the expected impact of a breach tied to that process?
When the evidence no longer holds and the cost of change is lower than the potential loss, the assignment needs to change.
That change will have a cost. Vendor updates that took seconds may take minutes. Help desk interactions may require secondary verification. Onboarding new suppliers may slow down.
The case for accepting that cost is not that caution is good in theory. It is that the original speed was based on assumptions that no longer apply. The efficiency was borrowed from a future failure.
If you cannot explain why a process still deserves a fast lane, you are not making a business decision. You are accepting risk without acknowledging it.
This is what it means to design deliberately. Not forcing everyone to slow down, but making conscious decisions about where speed belongs and where scrutiny is required. Revisiting those decisions as conditions change. Removing fast lane status, the moment it is no longer justified.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
The U.S. Department of Justice (DoJ) on Tuesday announced the seizure of a cloud computing account put to use by subsidiaries of Cambodia-based corporate conglomerate HuiOne Group, as the Treasury unveiled fresh sanctions against nine individuals and 26 entities linked to Prince Group. "These subsidiaries are alleged to have assisted individuals and organizations in transferring proceeds ofView the full article
Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow.
Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are used on existing workflows; through AI-augmented, which uses new workflows based on AI; to the AI-native organization, where AI “becomes a core participant in the delivery and operations of a business.”
Those three stages require very different approaches to securing AI. They also present challenges for AI security vendors, whose platforms must fit in multiple places in a corporate network and interact with a broad spectrum of applications — especially as agentic AI expands. As analyst David Linthicum recently posted, “the conversation now has to shift from model fascination to operational discipline. The question is how those agents should be governed once they begin touching workflows that affect customers, employees, suppliers, compliance, and revenue.” 
Making matters worse is that the average enterprise manages 37 agents, with more than half running without security oversight or logging, according to Microsoft’s 2026 Cyber Pulse report, which also found that, while 80% of Fortune 500 companies use active AI agents, only 10% have a clear strategy for managing them.
That lack of strategy also opens the door for attackers to abuse corporate AI systems for malicious purposes, as the recent exploit of Meta’s account recovery using chatbots demonstrated.
The trick to securing AI systems is in understanding how much protection is needed and where it should be applied in the expanding AI universe. While one could rent a well-meaning AI agent called Sentry for $7,400 per month to automate the daily work of a SOC analyst, many organizations rolling out AI across their business would be best served by considering AI security posture management (AI-SPM) tools.
Over the past two years, this emerging field has matured, with many security vendors incorporating or acquiring SPM features as part of their general security product portfolio.
Some vendors, such as SentinelOne and Concentric, don’t specifically sell AI-SPM per se, but offer an SPM tool that is part of a larger package of AI security services. Others offer AI-SPM in conjunction with their other SPM tools or CNAPP security offerings. Some vendors, such as Cyera and Palo Alto, offer multiple AI-SPM packaging alternatives with differing feature sets.
Choosing the right product requires careful examination of the roster of features and integrations each product offers to ensure that it doesn’t duplicate existing security tooling or worse, leave important coverage gaps.
Here we take a deeper look at the AI-SPM product category, with a breakdown of offerings from 14 of the leading vendors in this increasingly important security ecosystem.
AI security posture management explained
AI security posture management is an evolving cybersecurity discipline focused on ensuring the integrity and security of AI and machine learning systems. AI-SPM encompasses strategies, tools, and techniques for monitoring, assessing, and enhancing the security of AI models, data, pipelines, applications, and services, even as threats to those entities continually evolve.
In the past, security posture management tools were designed for two situations: to protect general cloud operations against misconfigurations and abuse, which is the province of cloud security posture management tools; and to protect against data leakage or malware infections, which is the province of data security posture management tools. With the rise of AI and large language models (LLMs), a third SPM product category is needed to check AI cloud services and their SDKs (like Hugging Face Transformers or Azure Open AI SDK) to prevent model abuses. This is because numerous studies have documented how AI training data can be the subject of an attack or how bad data can be injected into models to manipulate results, including creating malicious backdoors for attackers to use to enter your enterprise.
The latest reports about attacks on AI and AI abuse can help you better understand the scope of security challenges rapidly evolving today. MITRE continues to enhance its comprehensive database of adversary tactics — Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS) — based on real-world attack observations. ATLAS currently spans 170 techniques and 57 case studies. MIT researchers also maintain a growing database of more than 1,700 AI-related risks that they have observed from various AI sources. Another great source of AI-related attack methods is from the Open Worldwide Application Security Project (OWASP), which maintains a Top 10 list of LLM exploits. Security managers should examine them before choosing any AI-SPM product. They should also consult Richard Stiennon’s Guardians of the Machine Age, the most comprehensive collection of general security vendors, listing more than 100 AI security vendors. The printed book offers a deeper dive into the specifics of these tools.
The AI-SPM vendor landscape is quickly evolving, as incumbent security vendors have made numerous acquisitions. Palo Alto Networks bought Protect.ai last year; Cato Networks acquired Aim.security; Orca acquired Opus for AI agentic security; SentinelOne acquired Prompt.Security; Varonis acquired a variety of companies, including Cyral, SlashNext, and AllTrue.ai; and Google acquired Wiz.
Why enterprises need AI-SPM
AI-SPMs have been designed to protect enterprise networks and applications from a range of threats to AI systems. Just like no modern business would assemble a network without an appropriate firewall, AI-SPMs “ensure that AI models stay explainable, fair, accountable, transparent and equitable,” Forrester analyst Andras Cser tells CSO. “Further good security hygiene dictates that AI infrastructure should not be allowed to be used as a steppingstone for hackers for lateral movement and data exfiltration, and should include policies to prevent and fix configuration drift.”
AI-SPM can also help organizations standardize on a series of AI policies, procedures, tools, and workflows that can boost their security. Guido’s talk — linked above — is chock full of suggestions on how Trail of Bits accomplished this.
Major AI-SPM trends and product features
All AI-SPM vendors make use of agentless configurations, accessing cloud-based models and leaving data on their existing platforms. This is both a security measure and to avoid moving the massive data repositories involved across the internet.
AI-SPM vendors also make use of AI-related mechanisms to classify and track these vast data collections and to protect them against potential abuse and attack. Many have integrated their AI-SPM solutions in one of three directions:
Bolting AI-SPM onto their existing cloud or data SPM platforms with rules, compliance checking, best practices, and protection policies that bridge all three types of security postures. Stitching AI-SPM into their general AI security product that can be used to formulate AI-specific policies and perform AI-based red team and penetration testing in an effort to protect AI pipelines and workloads and uncover ways that shared AI services and platforms could be compromised. Incorporating AI-SPM to help identify sensitive data referenced by an AI model and to examine training data exposed to a third-party or external application. Some vendors, especially established security vendors such as CrowdStrike, Proofpoint, Palo Alto, Varonis, and Wiz, have hundreds of third-party integrations that cover the AI waterfront (such as AI assistants and model suppliers) and general IT security arena (such as development pipelines, data feeds, and tools such as SOAR and SIEM). All three types of integrations can provide better guiderails and limit an AI’s blast radius.
But AI-SPM is still evolving. Some vendors’ tools just perform a top-level inspection of one or two services from each of the big three cloud platforms’ AI services (Amazon, for example, has dozens of AI-related service offerings), whereas others (such as Palo Alto Networks, Cato, Cyera, Varonis, and Wiz) take a deeper dive, performing a more comprehensive examination of AI data from the AI vendors themselves and other model sources.
There are two open source efforts as well: Orca’s GOAT is a free learning platform that is based on the OWASP top 10 risks. Palo Alto’s Protect.ai has its collection of open-source tools on GitHub for scanning models and discovering AI interactions and automated red teaming called ProtectAI OSS. However, neither of these projects has been recently updated.
How to choose an AI-SPM tool
Here are several considerations when deciding on the best AI-SPM tool for your enterprise: 
Does the vendor work with your existing security tool collection? This has two dimensions: integrating with other SPM products (such as data or cloud protection), and integrating with third-party tools such as SOARs, SIEMs, or DLP products. We have included some vendors that don’t have a specific AI-related SPM (such as Concentric and CrowdStrike) but have deeply embedded AI protection into their platforms. How deep is the coverage across the cloud platform providers? The big three (AWS, Azure, and GCP) have many services that touch various aspects of AI, and some products only work with a few of them, or only connect with PaaS security “hubs.” Does the vendor continuously scan your infrastructure looking for vulnerabilities? AI can be quickly adopted and is very dynamic, so discrete scans are less useful. How important is having a tool that can help with AI red teaming? Understanding the dynamic nature of how AI operates means having a different approach to penetration testing, and this can be a very useful feature. Only a few vendors offer this feature (such as Concentric, Palo Alto Networks, and Varonis). Leading AI-SPM vendors and products
We reached out to a range of leading AI-SPM security vendors to demonstrate their AI-related tools. Below are more details about each of the 14 we had the opportunity to preview. We have also summarized each vendor’s offerings in the features table, which also provides links, when available, to pricing and third-party integration details. Several vendors didn’t respond to our inquiries, including Baffle.io, Invicti, SecurityCompass, Tonic Security, and Zscaler.
VendorProduct/URLEntry-level pricingPackagingIntegrations linkApp runtime securityContinuous scanning?MCP/Agent protection?AI Red Teaming?Arthur.aiArthur PlatformFree and paid versionsSingle productDeep PaaS coverageYesYesYesNoCato NetworksAI Security for End UsersSASE platformNumerousYesYesYesNoConcentricNo specific AI-SPM productAWS $50,000/yr, variesPart of its DSPM platformNumerousNoYesNoYesCrowdStrikeNo specific AI-SPM productPart of Falcon AI platformNumerousYesYesYesSeparate serviceCyeraAI GuardianAWS $50,000/yrSold in two bundles, see descriptionNumerousYesYesYesNoGuardrail TechnologiesTraffic Light for Code and AIFree and monthly plansAlso sell AI Command CenterSomeYesYesNoNoMicrosoftPurview$12.60/user/moPart of larger CSPM platformSomeYesNoYesNoOneTrustAI GovernanceSubscriptionsSingle product with SPM featuresSomeYesYesNoNoOrca SecurityAI-SPMAWS $84,000/yrHas other AI security toolsNumerousYesYesYesNoPalo Alto NetworksPrisma AI SecuritySold in two bundles, see descriptionNumerousYesYesYesYesProofpointAI Access SecurityAWS $96,000/yrPeople Protection PlatformNumerousYesYesYesNoSentinelOneNo specific AI SPM product$80/yr/endpointPart of larger Singularity platformNumerousYesYesYesYesVaronisAtlasAWS $108,000/yrBundled with AI InventoryHundredsYesYesYesYesWiz/GoogleAI App Protection PlatformAWS $38,000/yrVariety of bundles availableNumerousYesYesYesNo Arthur.ai
Arthur.ai’s platform is a single product that offers deep PaaS coverage with both AWS and Google Cloud Platform, although unlike other AI-SPMs it doesn’t offer a wide range of third-party integrations. It includes application runtime security protection. It also scans network traffic continuously and watches for agent activity, along with policy guardrails to protect against prompt injection and sensitive data leakage. It includes behavioral analytics and governance that catch abusive agentic activities. There are free and paid versions starting at $10,000 annual plans for smaller networks.
Cato Networks AI Security for End Users
Cato Networks AI Security for End Users is one of three separate AI security packages that work together with Cato’s SASE platform, the other two being protection for applications (both runtime and across the software development lifecycle) and for real-time agentic operations. The three AI packages are meant to be purchased together to provide audit trails showing what users are doing with their AI tools and to help understand and illustrate the risks. Cato’s tools can also prevent prompt injection and data leaks and find compliance blind spots. Its platform has a wide collection of third-party integrations, including CrowdStrike, Microsoft, and Splunk SIEMs, and various data sources such as Google’s Chronicle and Rapid7. Cato Networks did not reveal pricing.
Concentric AI and Data Security Governance
Concentric sells a DSPM platform labelled “AI and Data Security Governance.” There is no specific AI tool, although AI pervades its product in a variety of places, including scanning various models for prompt injection, automated remediation, and the discovery and classification of data flows. It offers a wide collection of third-party integrations. On the AWS Marketplace, it sells an entry-level version for $50,000 per year that covers up to 25TB of data, with higher fees for larger data collections.
CrowdStrike Falcon AI-SPM
CrowdStrike Falcon AI-SPM is not a separate product, but part of the overall Falcon Cloud security platform. It can correlate risk findings with other security services monitored by the full Falcon platform. It includes discovery of AI services and models across a variety of cloud platforms, including containers and virtual images, and can detect misconfigurations and dependencies with other software. It scans OpenAI, Amazon Bedrock, Amazon SageMaker, and Vertex AI models. Falcon has more than 250 integrations available to a wide collection of third-party security tools. You can request a free 15-day trial, but no further pricing information was disclosed.
Cyera AI Guardian
Cyera.io specializes in data file level classification. It packages its AI-SPM product in two separate bundles: either with its flagship DSPM product that has added what you might think of as AI-enriched data link protection as part of the default product’s features, or with a more complete set of security features called AI Guardian. Cyera also offers a specialized add-on module used for Microsoft Copilot data scanning that can detect data used by insiders, for example. Cyera’s AWS Marketplace pricing can be found here and starts at $50,000 per year. 
Guardrail Technologies Traffic Light for Code and AI
Guardrail Technologies Traffic Light for Code and AI is designed to be a simple way to flag potential AI abuse by scanning AI-generated code and returning a red/yellow/green result to indicate potential for compromise. There is no remediation, but the tool integrates across the major AI vendors, including Anthropic, Azure Open AI, Hugging Face, and AWS Bedrock, and general security tools such as Wiz and Snyk. Guardrail has a custom AI security consulting business as well called AI Guardian. Very transparent pricing page and a 60-day free trial is available.
Microsoft Purview
Microsoft has bundled its various security posture tools into its Purview offering, which includes a series of AI-based Copilot apps, data SPM and classification tools, and data loss prevention extensions tuned to its various SaaS platforms such as 365, Azure, and Windows endpoints. This extends the AI security features that were originally part of its Defender for Cloud offerings. It has a limited number of third-party integrations. One-month free trials are available, and the entire suite is available for $12.60 per month per user. Microsoft has stepped up its involvement with AI with its Scout, a collection of autonomous AI agents built on top of OpenClaw. It is designed to work with its applications, using built-in security and privacy controls.
OneTrust AI Governance
OneTrust offers AI Governance, a platform that automates compliance and provides continuous monitoring of the AI landscape, across the software lifecycle starting with any AI usage at the beginning of any build. It can detect policy violations, and which AI agents are running. It offers a series of third-party integrations such as Amazon’s Bedrock and Sagemaker; Azure Foundry, ML Studio, and OpenAI; Databricks Unity Catalog and ML flow; and Google Vertex. Its subscription price is based on the number of admin users and number of AI inventory records, although no specifics were provided.
Orca AI-SPM
Orca Security’s AI-SPM is tightly integrated into the company’s security platform. It continues to expand its features, offering detections of more than 50 AI models, including training data and runtime threats, remediation, and support for Model Context Protocol to connect to other Orca-based telemetry. It continues to expand its nearly 100 integrations across SIEM and SOAR systems and various cloud providers’ services. For example, it works with AWS S3, SQS, SNS, CodeBuild, CloudTrail, and Security Hub. It comes with dozens of best-practice security rules that initially focused on compliance. It also alerts when sensitive data is detected inside models and when secrets are exposed. Orca’s overall security platform shows an AWS Marketplace annual pricing that ranges from $84,000 to $360,000, depending on the number of workloads scanned.
Palo Alto Networks AIRS AI Security
Palo Alto Networks has been busy acquiring point security vendors (Dig, ProtectAI, and an offer on Portkey) and incorporating their code into its two major product lines, Prisma and Cortex. You can purchase AI-SPM functionality in either Palo Alto product line, but they cover different aspects of the AI ecosystem. Cortex offers AI-SPM alongside the data and cloud SPMs integrated into the CNAPP suite. Prisma offers AI-SPM as part of a total AI security package called AIRS AI Security, which includes runtime protection, model scanning, and a more comprehensive platform. We focus on AIRS AI, which supports top-level scans of Amazon, Google Cloud, and Azure AI services to discover AI content and can classify and examine model data and secrets and comes with many built-in AI-related policies. Prisma has a long list of third-party integrations, including significant depth in AWS security services. That link will also take you to detailed instructions on how to set up these integrations. To complicate matters further, Palo Alto also sells a separate Prisma secure browser extension that works with these products to protect your endpoints, and that originated from technology it purchased from Talon Cyber Security in 2023. While pricing was not disclosed, our estimate is that AIRS will cost in the low six figures annually.
Proofpoint People Protection Platform
Proofpoint includes a general AI security product as part of its People Protection Platform that covers a wide range of protective services integrated across its other non-AI security tools. It provides runtime inspection of potential AI misconfigurations, as well as policies that include detection of agent, tools, and MCP connections, and it can generate forensic audits of AI interactions. Proofpoint’s general security platform starts at $96,000 annually on AWS Marketplace. It has several integrations with third-party services across the major cloud platform providers.
SentinelOne Singularity Platform
SentinelOne’s Singularity platform offers several AI protective features, including misconfiguration detection, attack path analysis, automated AI inventory and remediation, and integration with a variety of AI PaaS platforms such as Azure OpenAI, Google’s Vertex AI, and various AWS services. It is bundled within the company’s Cloud Native Security tool. Some of these features originated with Singularity’s purchase of Prompt.Security. Access to all the features requires purchasing the enterprise edition, which is offered with custom pricing, but lower feature tiers are available for $80 per year on this public pricing page. There are also numerous integrations with its Marketplace.
Varonis Atlas AI Security
Varonis Atlas AI Security is a multipurpose security platform that offers a variety of modules, including red team/penetration testing, compliance, and third-party risk management. Its AI-SPM module is combined with an AI inventory scanner and can be used to help development teams classify data used in the AI ecosystem, such as scanning for bad AI behavior, leveraging identities improperly, and examining data flows. Automated remediation processes are built into the tool as well. There are several hundred third-party integrations available for a wide collection of security tools, such as JFrog, Jira, Okta, and Salesforce. Varonis has two pricing components; one based on per user and per protected application and an additional price for resource consumption. Atlas is sold on the AWS Marketplace starting at $108,000 per year and free risk assessments are available to qualified customers.
Wiz/Google AI Application Protection Platform
Google has acquired Wiz but kept its operation independent. It has a multipurpose security platform that comes from a strong posture management (cloud and data) background. Its advanced version has been augmented with a comprehensive AI-related series of policies, detection algorithms, and pipeline, model, and data scanners. These are assembled into a separate AI dashboard page. It can also detect AI pipeline abuses, protect AI runtimes, identify and classify tools and agents, map dependencies graphically and suggest remediation steps. It also contains core AI-SPM features such as discovery, attack path analysis, and supply chains. Pricing for the Wiz Advanced bundle on AWS Marketplace is $38,000 annually.
What about AI-SPM pricing?
Pricing and packaging of AI-SPM tools vary widely. Many vendors offer free trials limited to differing periods (an option that is also available on the AWS Marketplace). We pointed out the open-source alternatives earlier, which is also a good way to see how the products work, but we wouldn’t recommend relying on these tools given their lack of recent updates. The only vendors that have (mostly) transparent pricing are Guardrail Technologies (with both free and monthly plans) and SentinelOne (with various annual plans starting at $80 per endpoint). Most of the vendors didn’t want to provide pricing directly but have published pricing on the AWS Marketplace, which can give you a rough indication that most start in the low six figures for annual contracts. For a typical situation with 1,000 users the total could be in the low six-figure range annually.
View the full article
Widespread enterprise adoption of AI has created a pressing need for security solutions — a tall order given that AI’s reach into organizational infrastructure and data is enormous and continues to grow.
Moreover, where an organization sits on the AI maturity curve impacts its security needs. Trail of Bits CEO Dan Guide describes the AI journey as a migration from AI-assisted, where AI tools are used on existing workflows; through AI-augmented, which uses new workflows based on AI; to the AI-native organization, where AI “becomes a core participant in the delivery and operations of a business.”
Those three stages require very different approaches to securing AI. They also present challenges for AI security vendors, whose platforms must fit in multiple places in a corporate network and interact with a broad spectrum of applications — especially as agentic AI expands. As analyst David Linthicum recently posted, “the conversation now has to shift from model fascination to operational discipline. The question is how those agents should be governed once they begin touching workflows that affect customers, employees, suppliers, compliance, and revenue.” 
Making matters worse is that the average enterprise manages 37 agents, with more than half running without security oversight or logging, according to Microsoft’s 2026 Cyber Pulse report, which also found that, while 80% of Fortune 500 companies use active AI agents, only 10% have a clear strategy for managing them.
That lack of strategy also opens the door for attackers to abuse corporate AI systems for malicious purposes, as the recent exploit of Meta’s account recovery using chatbots demonstrated.
The trick to securing AI systems is in understanding how much protection is needed and where it should be applied in the expanding AI universe. While one could rent a well-meaning AI agent called Sentry for $7,400 per month to automate the daily work of a SOC analyst, many organizations rolling out AI across their business would be best served by considering AI security posture management (AI-SPM) tools.
Over the past two years, this emerging field has matured, with many security vendors incorporating or acquiring SPM features as part of their general security product portfolio.
Some vendors, such as SentinelOne and Concentric, don’t specifically sell AI-SPM per se, but offer an SPM tool that is part of a larger package of AI security services. Others offer AI-SPM in conjunction with their other SPM tools or CNAPP security offerings. Some vendors, such as Cyera and Palo Alto, offer multiple AI-SPM packaging alternatives with differing feature sets.
Choosing the right product requires careful examination of the roster of features and integrations each product offers to ensure that it doesn’t duplicate existing security tooling or worse, leave important coverage gaps.
Here we take a deeper look at the AI-SPM product category, with a breakdown of offerings from 14 of the leading vendors in this increasingly important security ecosystem.
AI security posture management explained
AI security posture management is an evolving cybersecurity discipline focused on ensuring the integrity and security of AI and machine learning systems. AI-SPM encompasses strategies, tools, and techniques for monitoring, assessing, and enhancing the security of AI models, data, pipelines, applications, and services, even as threats to those entities continually evolve.
In the past, security posture management tools were designed for two situations: to protect general cloud operations against misconfigurations and abuse, which is the province of cloud security posture management tools; and to protect against data leakage or malware infections, which is the province of data security posture management tools. With the rise of AI and large language models (LLMs), a third SPM product category is needed to check AI cloud services and their SDKs (like Hugging Face Transformers or Azure Open AI SDK) to prevent model abuses. This is because numerous studies have documented how AI training data can be the subject of an attack or how bad data can be injected into models to manipulate results, including creating malicious backdoors for attackers to use to enter your enterprise.
The latest reports about attacks on AI and AI abuse can help you better understand the scope of security challenges rapidly evolving today. MITRE continues to enhance its comprehensive database of adversary tactics — Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS) — based on real-world attack observations. ATLAS currently spans 170 techniques and 57 case studies. MIT researchers also maintain a growing database of more than 1,700 AI-related risks that they have observed from various AI sources. Another great source of AI-related attack methods is from the Open Worldwide Application Security Project (OWASP), which maintains a Top 10 list of LLM exploits. Security managers should examine them before choosing any AI-SPM product. They should also consult Richard Stiennon’s Guardians of the Machine Age, the most comprehensive collection of general security vendors, listing more than 100 AI security vendors. The printed book offers a deeper dive into the specifics of these tools.
The AI-SPM vendor landscape is quickly evolving, as incumbent security vendors have made numerous acquisitions. Palo Alto Networks bought Protect.ai last year; Cato Networks acquired Aim.security; Orca acquired Opus for AI agentic security; SentinelOne acquired Prompt.Security; Varonis acquired a variety of companies, including Cyral, SlashNext, and AllTrue.ai; and Google acquired Wiz.
Why enterprises need AI-SPM
AI-SPMs have been designed to protect enterprise networks and applications from a range of threats to AI systems. Just like no modern business would assemble a network without an appropriate firewall, AI-SPMs “ensure that AI models stay explainable, fair, accountable, transparent and equitable,” Forrester analyst Andras Cser tells CSO. “Further good security hygiene dictates that AI infrastructure should not be allowed to be used as a steppingstone for hackers for lateral movement and data exfiltration, and should include policies to prevent and fix configuration drift.”
AI-SPM can also help organizations standardize on a series of AI policies, procedures, tools, and workflows that can boost their security. Guido’s talk — linked above — is chock full of suggestions on how Trail of Bits accomplished this.
Major AI-SPM trends and product features
All AI-SPM vendors make use of agentless configurations, accessing cloud-based models and leaving data on their existing platforms. This is both a security measure and to avoid moving the massive data repositories involved across the internet.
AI-SPM vendors also make use of AI-related mechanisms to classify and track these vast data collections and to protect them against potential abuse and attack. Many have integrated their AI-SPM solutions in one of three directions:
Bolting AI-SPM onto their existing cloud or data SPM platforms with rules, compliance checking, best practices, and protection policies that bridge all three types of security postures. Stitching AI-SPM into their general AI security product that can be used to formulate AI-specific policies and perform AI-based red team and penetration testing in an effort to protect AI pipelines and workloads and uncover ways that shared AI services and platforms could be compromised. Incorporating AI-SPM to help identify sensitive data referenced by an AI model and to examine training data exposed to a third-party or external application. Some vendors, especially established security vendors such as CrowdStrike, Proofpoint, Palo Alto, Varonis, and Wiz, have hundreds of third-party integrations that cover the AI waterfront (such as AI assistants and model suppliers) and general IT security arena (such as development pipelines, data feeds, and tools such as SOAR and SIEM). All three types of integrations can provide better guiderails and limit an AI’s blast radius.
But AI-SPM is still evolving. Some vendors’ tools just perform a top-level inspection of one or two services from each of the big three cloud platforms’ AI services (Amazon, for example, has dozens of AI-related service offerings), whereas others (such as Palo Alto Networks, Cato, Cyera, Varonis, and Wiz) take a deeper dive, performing a more comprehensive examination of AI data from the AI vendors themselves and other model sources.
There are two open source efforts as well: Orca’s GOAT is a free learning platform that is based on the OWASP top 10 risks. Palo Alto’s Protect.ai has its collection of open-source tools on GitHub for scanning models and discovering AI interactions and automated red teaming called ProtectAI OSS. However, neither of these projects has been recently updated.
How to choose an AI-SPM tool
Here are several considerations when deciding on the best AI-SPM tool for your enterprise: 
Does the vendor work with your existing security tool collection? This has two dimensions: integrating with other SPM products (such as data or cloud protection), and integrating with third-party tools such as SOARs, SIEMs, or DLP products. We have included some vendors that don’t have a specific AI-related SPM (such as Concentric and CrowdStrike) but have deeply embedded AI protection into their platforms. How deep is the coverage across the cloud platform providers? The big three (AWS, Azure, and GCP) have many services that touch various aspects of AI, and some products only work with a few of them, or only connect with PaaS security “hubs.” Does the vendor continuously scan your infrastructure looking for vulnerabilities? AI can be quickly adopted and is very dynamic, so discrete scans are less useful. How important is having a tool that can help with AI red teaming? Understanding the dynamic nature of how AI operates means having a different approach to penetration testing, and this can be a very useful feature. Only a few vendors offer this feature (such as Concentric, Palo Alto Networks, and Varonis). Leading AI-SPM vendors and products
We reached out to a range of leading AI-SPM security vendors to demonstrate their AI-related tools. Below are more details about each of the 14 we had the opportunity to preview. We have also summarized each vendor’s offerings in the features table, which also provides links, when available, to pricing and third-party integration details. Several vendors didn’t respond to our inquiries, including Baffle.io, Invicti, SecurityCompass, Tonic Security, and Zscaler.
VendorProduct/URLEntry-level pricingPackagingIntegrations linkApp runtime securityContinuous scanning?MCP/Agent protection?AI Red Teaming?Arthur.aiArthur PlatformFree and paid versionsSingle productDeep PaaS coverageYesYesYesNoCato NetworksAI Security for End UsersSASE platformNumerousYesYesYesNoConcentricNo specific AI-SPM productAWS $50,000/yr, variesPart of its DSPM platformNumerousNoYesNoYesCrowdStrikeNo specific AI-SPM productPart of Falcon AI platformNumerousYesYesYesSeparate serviceCyeraAI GuardianAWS $50,000/yrSold in two bundles, see descriptionNumerousYesYesYesNoGuardrail TechnologiesTraffic Light for Code and AIFree and monthly plansAlso sell AI Command CenterSomeYesYesNoNoMicrosoftPurview$12.60/user/moPart of larger CSPM platformSomeYesNoYesNoOneTrustAI GovernanceSubscriptionsSingle product with SPM featuresSomeYesYesNoNoOrca SecurityAI-SPMAWS $84,000/yrHas other AI security toolsNumerousYesYesYesNoPalo Alto NetworksPrisma AI SecuritySold in two bundles, see descriptionNumerousYesYesYesYesProofpointAI Access SecurityAWS $96,000/yrPeople Protection PlatformNumerousYesYesYesNoSentinelOneNo specific AI SPM product$80/yr/endpointPart of larger Singularity platformNumerousYesYesYesYesVaronisAtlasAWS $108,000/yrBundled with AI InventoryHundredsYesYesYesYesWiz/GoogleAI App Protection PlatformAWS $38,000/yrVariety of bundles availableNumerousYesYesYesNo Arthur.ai
Arthur.ai’s platform is a single product that offers deep PaaS coverage with both AWS and Google Cloud Platform, although unlike other AI-SPMs it doesn’t offer a wide range of third-party integrations. It includes application runtime security protection. It also scans network traffic continuously and watches for agent activity, along with policy guardrails to protect against prompt injection and sensitive data leakage. It includes behavioral analytics and governance that catch abusive agentic activities. There are free and paid versions starting at $10,000 annual plans for smaller networks.
Cato Networks AI Security for End Users
Cato Networks AI Security for End Users is one of three separate AI security packages that work together with Cato’s SASE platform, the other two being protection for applications (both runtime and across the software development lifecycle) and for real-time agentic operations. The three AI packages are meant to be purchased together to provide audit trails showing what users are doing with their AI tools and to help understand and illustrate the risks. Cato’s tools can also prevent prompt injection and data leaks and find compliance blind spots. Its platform has a wide collection of third-party integrations, including CrowdStrike, Microsoft, and Splunk SIEMs, and various data sources such as Google’s Chronicle and Rapid7. Cato Networks did not reveal pricing.
Concentric AI and Data Security Governance
Concentric sells a DSPM platform labelled “AI and Data Security Governance.” There is no specific AI tool, although AI pervades its product in a variety of places, including scanning various models for prompt injection, automated remediation, and the discovery and classification of data flows. It offers a wide collection of third-party integrations. On the AWS Marketplace, it sells an entry-level version for $50,000 per year that covers up to 25TB of data, with higher fees for larger data collections.
CrowdStrike Falcon AI-SPM
CrowdStrike Falcon AI-SPM is not a separate product, but part of the overall Falcon Cloud security platform. It can correlate risk findings with other security services monitored by the full Falcon platform. It includes discovery of AI services and models across a variety of cloud platforms, including containers and virtual images, and can detect misconfigurations and dependencies with other software. It scans OpenAI, Amazon Bedrock, Amazon SageMaker, and Vertex AI models. Falcon has more than 250 integrations available to a wide collection of third-party security tools. You can request a free 15-day trial, but no further pricing information was disclosed.
Cyera AI Guardian
Cyera.io specializes in data file level classification. It packages its AI-SPM product in two separate bundles: either with its flagship DSPM product that has added what you might think of as AI-enriched data link protection as part of the default product’s features, or with a more complete set of security features called AI Guardian. Cyera also offers a specialized add-on module used for Microsoft Copilot data scanning that can detect data used by insiders, for example. Cyera’s AWS Marketplace pricing can be found here and starts at $50,000 per year. 
Guardrail Technologies Traffic Light for Code and AI
Guardrail Technologies Traffic Light for Code and AI is designed to be a simple way to flag potential AI abuse by scanning AI-generated code and returning a red/yellow/green result to indicate potential for compromise. There is no remediation, but the tool integrates across the major AI vendors, including Anthropic, Azure Open AI, Hugging Face, and AWS Bedrock, and general security tools such as Wiz and Snyk. Guardrail has a custom AI security consulting business as well called AI Guardian. Very transparent pricing page and a 60-day free trial is available.
Microsoft Purview
Microsoft has bundled its various security posture tools into its Purview offering, which includes a series of AI-based Copilot apps, data SPM and classification tools, and data loss prevention extensions tuned to its various SaaS platforms such as 365, Azure, and Windows endpoints. This extends the AI security features that were originally part of its Defender for Cloud offerings. It has a limited number of third-party integrations. One-month free trials are available, and the entire suite is available for $12.60 per month per user. Microsoft has stepped up its involvement with AI with its Scout, a collection of autonomous AI agents built on top of OpenClaw. It is designed to work with its applications, using built-in security and privacy controls.
OneTrust AI Governance
OneTrust offers AI Governance, a platform that automates compliance and provides continuous monitoring of the AI landscape, across the software lifecycle starting with any AI usage at the beginning of any build. It can detect policy violations, and which AI agents are running. It offers a series of third-party integrations such as Amazon’s Bedrock and Sagemaker; Azure Foundry, ML Studio, and OpenAI; Databricks Unity Catalog and ML flow; and Google Vertex. Its subscription price is based on the number of admin users and number of AI inventory records, although no specifics were provided.
Orca AI-SPM
Orca Security’s AI-SPM is tightly integrated into the company’s security platform. It continues to expand its features, offering detections of more than 50 AI models, including training data and runtime threats, remediation, and support for Model Context Protocol to connect to other Orca-based telemetry. It continues to expand its nearly 100 integrations across SIEM and SOAR systems and various cloud providers’ services. For example, it works with AWS S3, SQS, SNS, CodeBuild, CloudTrail, and Security Hub. It comes with dozens of best-practice security rules that initially focused on compliance. It also alerts when sensitive data is detected inside models and when secrets are exposed. Orca’s overall security platform shows an AWS Marketplace annual pricing that ranges from $84,000 to $360,000, depending on the number of workloads scanned.
Palo Alto Networks AIRS AI Security
Palo Alto Networks has been busy acquiring point security vendors (Dig, ProtectAI, and an offer on Portkey) and incorporating their code into its two major product lines, Prisma and Cortex. You can purchase AI-SPM functionality in either Palo Alto product line, but they cover different aspects of the AI ecosystem. Cortex offers AI-SPM alongside the data and cloud SPMs integrated into the CNAPP suite. Prisma offers AI-SPM as part of a total AI security package called AIRS AI Security, which includes runtime protection, model scanning, and a more comprehensive platform. We focus on AIRS AI, which supports top-level scans of Amazon, Google Cloud, and Azure AI services to discover AI content and can classify and examine model data and secrets and comes with many built-in AI-related policies. Prisma has a long list of third-party integrations, including significant depth in AWS security services. That link will also take you to detailed instructions on how to set up these integrations. To complicate matters further, Palo Alto also sells a separate Prisma secure browser extension that works with these products to protect your endpoints, and that originated from technology it purchased from Talon Cyber Security in 2023. While pricing was not disclosed, our estimate is that AIRS will cost in the low six figures annually.
Proofpoint People Protection Platform
Proofpoint includes a general AI security product as part of its People Protection Platform that covers a wide range of protective services integrated across its other non-AI security tools. It provides runtime inspection of potential AI misconfigurations, as well as policies that include detection of agent, tools, and MCP connections, and it can generate forensic audits of AI interactions. Proofpoint’s general security platform starts at $96,000 annually on AWS Marketplace. It has several integrations with third-party services across the major cloud platform providers.
SentinelOne Singularity Platform
SentinelOne’s Singularity platform offers several AI protective features, including misconfiguration detection, attack path analysis, automated AI inventory and remediation, and integration with a variety of AI PaaS platforms such as Azure OpenAI, Google’s Vertex AI, and various AWS services. It is bundled within the company’s Cloud Native Security tool. Some of these features originated with Singularity’s purchase of Prompt.Security. Access to all the features requires purchasing the enterprise edition, which is offered with custom pricing, but lower feature tiers are available for $80 per year on this public pricing page. There are also numerous integrations with its Marketplace.
Varonis Atlas AI Security
Varonis Atlas AI Security is a multipurpose security platform that offers a variety of modules, including red team/penetration testing, compliance, and third-party risk management. Its AI-SPM module is combined with an AI inventory scanner and can be used to help development teams classify data used in the AI ecosystem, such as scanning for bad AI behavior, leveraging identities improperly, and examining data flows. Automated remediation processes are built into the tool as well. There are several hundred third-party integrations available for a wide collection of security tools, such as JFrog, Jira, Okta, and Salesforce. Varonis has two pricing components; one based on per user and per protected application and an additional price for resource consumption. Atlas is sold on the AWS Marketplace starting at $108,000 per year and free risk assessments are available to qualified customers.
Wiz/Google AI Application Protection Platform
Google has acquired Wiz but kept its operation independent. It has a multipurpose security platform that comes from a strong posture management (cloud and data) background. Its advanced version has been augmented with a comprehensive AI-related series of policies, detection algorithms, and pipeline, model, and data scanners. These are assembled into a separate AI dashboard page. It can also detect AI pipeline abuses, protect AI runtimes, identify and classify tools and agents, map dependencies graphically and suggest remediation steps. It also contains core AI-SPM features such as discovery, attack path analysis, and supply chains. Pricing for the Wiz Advanced bundle on AWS Marketplace is $38,000 annually.
What about AI-SPM pricing?
Pricing and packaging of AI-SPM tools vary widely. Many vendors offer free trials limited to differing periods (an option that is also available on the AWS Marketplace). We pointed out the open-source alternatives earlier, which is also a good way to see how the products work, but we wouldn’t recommend relying on these tools given their lack of recent updates. The only vendors that have (mostly) transparent pricing are Guardrail Technologies (with both free and monthly plans) and SentinelOne (with various annual plans starting at $80 per endpoint). Most of the vendors didn’t want to provide pricing directly but have published pricing on the AWS Marketplace, which can give you a rough indication that most start in the low six figures for annual contracts. For a typical situation with 1,000 users the total could be in the low six-figure range annually.
View the full article
Threat actors have begun to exploit a recently disclosed critical security flaw impacting Cisco Unified Communications Manager (Unified CM) and Unified Communications Manager Session Management Edition (Unified CM SME). The vulnerability, tracked as CVE-2026-20230 (CVSS score: 8.6), is a case of improper input validation for specific HTTP requests that could allow an unauthenticated, remoteView the full article
There are no new AI features in the iOS 27 Weather app, but Apple did make improvements to the layout. It's now easier to see at-a-glance information for weather conditions.


Highlights

The top of the Weather app now has a Highlights section that shows you need-to-know weather information for the day.


Conditions

There are new views for the Conditions section of the main Weather app interface. In addition to viewing temperature and current condition on an hourly basis, you can toggle over to a precipitation or wind view.


Precipitation shows you an hour-by-hour chance of rain forecast, while wind displays a breakdown of wind speed.

10-Day View

The 10-day view also changes when you swap between the different condition options so you can see precipitation and wind overviews for the next 10 days without having to tap into a more detailed view.

Widgets

There's a new extra large size available for Home Screen widgets, which is applicable to the Weather app. You can set the Weather app to take up an entire app page.


More iOS 27 Features

There are a long list of new features in ‌iOS 27‌, with details available in our iOS 27 roundup.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 Weather App: All the New Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today released updated beta firmware for the AirPods Pro 2, AirPods Pro 3, AirPods 4, and AirPods Max 2. The firmware is limited to developers at the current time, and it has a build number of 9A5304b.


In iOS 27, iPadOS 27, and macOS Golden Gate, Apple is adding a new AirPods interface and support for custom EQ. AirPods are also compatible with the new Siri AI.

With iOS 26, iPadOS 26, and macOS Tahoe, Apple added a beta firmware update installation option that's available from the AirPods settings interface when the AirPods are connected to an iPhone, iPad, or Mac, which facilitates beta testing.

Developers can use the beta option to turn on beta downloads.Related Roundups: AirPods 4, AirPods Pro 3, iOS 27, iPadOS 27Buyer's Guide: AirPods (Caution), AirPods Pro (Neutral)Related Forum: AirPods
This article, "Apple Releases Updated AirPods Beta Firmware With iOS 27 Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple updated its Invites app to add a co-hosting feature that lets two or more people plan and manage a party or event.


There are also new event background options available, and hosts have the option to make invited guests visible to all attendees. Apple's notes for the update are below:

Apple introduced the Invites app in early 2024, and has continued to introduce updates since then. Invites is available on the iPhone and via iCloud, so invitations can be sent to anyone. Guests are able to RSVP from the iPhone app or from the web.Tag: Apple Invites
This article, "Apple Invites App Gets Co-Hosting" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is making more of an effort to turn the iPhone into a physical wallet replacement in iOS 27, and there are several upgrades to the Wallet app.


Pass Upgrades

Apple upgraded airline boarding passes in the Wallet app with iOS 26, and in ‌iOS 27‌, upgrades are coming to additional types of passes. Memberships, gift cards, loyalty cards, and rewards cards can use a bolder "Poster Generic" card style with full background images, primary logo, header fields, footer field, primary fields, and an optional barcode.


Each pass is able to include up to two actions that can be tapped from the bottom of the pass, such as getting directions to a venue or checking a rewards point balance.

Apple is also allowing users to check the pass issuer certificate to ensure that a digital pass is legitimate (not applicable to Create a Pass), and there are four new barcode types supported, including EAN–13, Code 39, Codabar, and ITF.

There is a new Pass Designer Mac app for developers that makes it easier to create a pass using a WYSIWYG editor.
Create a Pass

There's a "Create a Pass" feature in the Wallet app for adding tickets, memberships, and more using Visual Intelligence. If you have a ticket for an event and there's not a digital version available for the Wallet app already, you can create one using the physical pass.



You can scan a pass and add it with Visual Intelligence if there's a barcode or QR code, or a pass can be added manually. Pass templates include Standard, Membership, and Event.

Each type includes relevant information like name, location, or admission type, along with a scannable code drawn from an included barcode or QR code that you take a photo of. There are 12 background colors to choose from with different texture options, or seven custom backgrounds for categories like theater, music, sports, and movies.

Fields can be added or removed as needed when creating a custom pass, with options like label, date, membership, contact, coupon code, VIN, insurance, and more, so most physical cards are able to be stored digitally.
Hotel Keys

When you add a digital hotel key from a participating hotel to the Wallet app, you can now view more details about the trip. Hotels can provide updates on booked activities and allow access to different services.
AI Bill Splitting

Using the new Siri Mode in the Camera app, or a feature in the Messages and Wallet apps, you can take a photo of a bill and use Apple Intelligence to figure out what each person owes. ‌Visual Intelligence‌ scans the receipt and makes a digital copy of everything on the list, and each person can select what they consumed. Tax and tip portions are also calculated automatically.

Payments can be made using Apple Cash, which is a U.S.-only feature.
Insights

‌iOS 27‌ includes an "Insights" feature where you can add financial accounts to the Wallet app to monitor spending.



Insights is an expansion of the Connected Accounts feature in earlier versions of iOS, and it includes spending, recurring transactions, account balances, and more. It works for financial institutions that have implemented Connected Cards support, including several UK banks.
Order Tracking

Order tracking in the Wallet app is expanding to Australia and Canada in ‌iOS 27‌. In ‌iOS 26‌, it was limited to the United States and UK.
Tap to Share

Tap to Share is an ‌iOS 27‌ feature that lets customers connect to a participating merchant's iPhone for quicker digital checkout.
Device Requirements

‌Visual Intelligence‌ is an ‌Apple Intelligence‌ feature requiring an iPhone 15 Pro or newer. Many of the other features should work on all iPhones.Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 Wallet App Gets 7 New Features" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
US President Donald Trump on Monday signed a pair of executive orders aimed at accelerating the federal government’s transition to post-quantum cryptography while expanding US investment in quantum technologies, establishing what the administration describes as a coordinated strategy to prepare for the opportunities and risks posed by quantum computing.
The actions include an executive order, “Securing the Nation Against Advanced Cryptographic Attacks,” and a companion order, “Ushering in the Next Frontier of Quantum Innovation.” Accompanying White House fact sheets frame the initiatives as part of the administration’s broader national security, economic competitiveness, and cybersecurity strategy.
For security leaders, the most immediate impact comes from the cryptography order, which establishes federal migration deadlines for quantum-resistant encryption, directs agencies to inventory cryptographic assets, and signals future procurement requirements for government contractors.
“It’s a great step and definitely in alignment with what we’ve seen from other jurisdictions around the world,” Chris Hickman, CISO at post-quantum cryptography company Keyfactor, tells CSO. “It compels action.”
Hickman said the deadlines could have effects far beyond federal agencies because contractors and critical infrastructure operators will face increasing pressure to demonstrate readiness for post-quantum cryptography.
“A lot of suppliers out there don’t want to lose revenue from the federal government, so it’s time to take this stuff seriously,” he said.
The administration argues that adversaries may already be collecting encrypted communications and sensitive data in anticipation of future breakthroughs that could render today’s public key cryptography obsolete.
The White House described the threat as a “harvest now, decrypt later” scenario in which information stolen today could be stored and decrypted years from now once sufficiently powerful quantum computers become available.
Although experts continue to debate how long it will take to build cryptographically relevant quantum computers, federal officials argue that organizations cannot wait until such systems exist before beginning preparations.
The White House said the order builds on a broader administration cybersecurity agenda, including a June 2025 cybersecurity executive order and the Cyber Strategy for America released earlier this year. Officials said the effort is intended not only to protect federal systems but also to accelerate adoption of quantum-resistant security technologies across critical infrastructure sectors and the broader digital ecosystem.
Ilona Cohen, chief legal and policy officer at HackerOne and former general counsel of the White House Office of Management and Budget, said in a statement that recent administration cybersecurity initiatives reflect growing concern about the role contractors play in federal cyber risk. “Federal networks are only as resilient as the contractors supporting them,” Cohen said.
Federal migration deadlines established
The executive order directs federal agencies to accelerate migration to post-quantum cryptography standards developed by the National Institute of Standards and Technology.
NIST finalized its first post-quantum cryptography standards in 2024 and continues to evaluate additional algorithms intended to replace cryptographic systems vulnerable to future quantum attacks.
Under the order, federal agencies must complete migration of key-establishment mechanisms by Dec. 31, 2030. Migration of digital-signature systems must be completed by Dec. 31, 2031. Within 30 days, agencies must designate senior officials responsible for overseeing post-quantum cryptography migration efforts.
The Office of Management and Budget must issue implementation guidance within 90 days, while agencies are expected to develop plans for replacing vulnerable cryptographic systems across federal environments.
The deadlines represent one of the clearest federal mandates to date regarding the timeline for government adoption of post-quantum cryptography.
Cryptographic bill of materials requirements
The order also introduces measures intended to improve visibility into cryptographic dependencies throughout government systems and software supply chains.
Among the most significant is a directive requiring NIST and the Cybersecurity and Infrastructure Security Agency to develop minimum elements for a cryptographic bill of materials (CBOM) within 270 days.
The concept is similar to a software bill of materials but focuses specifically on identifying cryptographic algorithms, libraries, and dependencies embedded within products and systems.
Security practitioners have long argued that organizations cannot effectively migrate to post-quantum cryptography without first understanding where cryptography exists throughout their environments.
The administration also directed NIST to establish a federal post-quantum cryptography migration pilot program by the end of 2027 to identify implementation challenges and develop migration best practices.
Contractors likely to face new compliance obligations
The executive order also signals significant future implications for federal contractors.
The Federal Acquisition Regulatory Council was directed to develop procurement requirements that would require covered contractors to comply with applicable NIST post-quantum cryptography standards by the end of 2030.
While details remain to be determined, the provision suggests federal purchasing requirements may become a major driver of post-quantum cryptography adoption across the technology industry.
Security vendors, cloud providers, software developers, and managed service providers that do business with federal agencies may ultimately need to demonstrate compliance with emerging post-quantum cryptography requirements.
The order’s emphasis on cryptographic inventories, migration planning, and standards compliance suggests federal agencies will increasingly expect suppliers to understand and document the cryptographic components embedded within their products.
Quantum innovation initiative expands
Alongside the cybersecurity order, Trump signed a separate executive order, which intends to accelerate the development of quantum computing and related technologies.
The administration argues that quantum technologies could eventually transform industries, including pharmaceuticals, manufacturing, logistics, energy, and defense, while providing strategic advantages in scientific research and national security.
At the center of the initiative is a government-wide effort known as Quantum Computing for Accelerated Discovery and Development for Science (QC-ADDS), which aims to develop at least one quantum computer capable of enabling what the administration calls “quantum-enabled scientific discovery.”
The Department of Energy, Department of Commerce, Department of Defense, National Science Foundation, NASA, National Security Agency, and elements of the intelligence community are directed to coordinate research and development activities under the program.
Agencies are tasked with developing technical requirements within 90 days and implementation plans within 180 days.
Industry leaders said the order reflects a growing recognition that leadership in quantum computing will require coordinated investment across multiple layers of the technology stack.
“The United States has a window of opportunity to lead in this domain,” Stefan Leichenauer, vice president of engineering at SandboxAQ, said in a statement. “It requires coordinated investment across the stack: cryptography, compute infrastructure, data generation, and application development. It also requires strong partnerships between government, industry, and academia.”
The order also calls for expanded support for quantum networking and quantum sensing technologies and directs the creation of a national capability for evaluating and benchmarking quantum computing systems.
Commercialization, workforce, and security priorities
A major focus of the innovation initiative is moving quantum technologies from research laboratories into commercial deployment.
The White House said the United States must strengthen domestic quantum supply chains, support technology transfer, and ensure federally funded discoveries translate into commercial products and economic growth.
Ankur Saxena, investment director at TDK Ventures, thinks the order reflects the industry’s growing focus on turning scientific advances into deployable technologies. “Quantum is shifting from a scientific frontier to an engineering and industrial race,” Saxena said in a statement. “US leadership will depend not just on breakthrough hardware, but on resilient supply chains and the enabling infrastructure that makes quantum deployable at scale.”
The administration also announced plans to reconstitute the National Quantum Initiative Advisory Committee and expand activities of the Quantum Counterintelligence Protection Team to help protect sensitive research and intellectual property.
The order places significant emphasis on workforce development as well, directing agencies to support quantum-related education, credentialing, and apprenticeship programs and to establish National Quantum Information Science and Technology Workforce Development Institutes.
Two sides of the same strategy
The executive orders reflect an effort to pursue what administration officials view as two sides of the same challenge: accelerating development of quantum technologies while preparing for the security consequences those technologies may eventually create.
For cybersecurity leaders, the post-quantum cryptography provisions are likely to have the most immediate impact. The combination of migration deadlines, cryptographic inventory requirements, pilot programs, and anticipated procurement mandates signals that federal agencies are moving from planning for post-quantum cryptography to implementing it.
For the broader technology sector, the orders underscore a growing consensus in Washington that quantum computing is no longer merely a long-term research project but a strategic technology that requires simultaneous investment, governance and risk management.
View the full article
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespokeView the full article
Apple today seeded the second beta of watchOS 27 to developers, with the update coming two weeks after the launch of the first beta.


The beta can be downloaded through the Watch app on the iPhone with a free developer account. The Apple Watch will need to be on the charger, connected to Wi-Fi, and have a battery level of 50 percent or above for new software to be installed. The beta is available for all Apple Watch models compatible with ‌watchOS 27‌ except for the Apple Watch Ultra 3.

‌watchOS 27‌ will include Siri AI, the smarter, more capable version of ‌Siri‌. ‌Siri‌ can hold back-and-forth conversations, plus it has access to general world knowledge and your personal data to answer questions and find information. ‌Siri‌ AI on Apple Watch requires an iPhone that supports Apple Intelligence, including the iPhone 15 Pro and later.

There's a new Dynamic app grid that highlights ‌Siri‌ suggested apps, and more intuitive Smart Stack Suggestions. You can find your parked car, see pinned messages, get noise alerts, and view identity and transit cards.

Liquid Glass has been updated to improve legibility, and Workout Buddy works on the Apple Watch even when an iPhone isn't nearby. Workout Buddy also gains new metrics like progressive increases to distance, pace, or duration. Apple added a new all-in-one Find My app with support for Precision Finding, and there are performance optimizations that improve battery life.

More on what's new in ‌watchOS 27‌ is available in our watchOS 27 roundup.Related Roundups: watchOS 26, watchOS 27Related Forum: Apple Watch
This article, "Apple Seeds watchOS 27 Beta 2 to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
As Prime Day continues, we're highlighting all of the best Apple deals you can get for under $100 on Amazon. This includes AirPods, Apple Pencil Pro, AirTag, iPhone cases, USB-C chargers, and more.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

You can find every Apple deal available during Prime Day in our dedicated post. Remember that you'll need an Amazon Prime membership to get Prime Day deals, and you can sign up for Prime on Amazon if you don't have the service yet.

$30 Or Under


In the cheapest category, you can get Apple's 20W USB-C Power Adapter for $14.99, down from $19.00, and the AirTag 1-Pack for $24.00, down from $29.00. This sale is on the new second generation AirTag model, and it's the first notable discount we've ever seen on this device.

$4 OFF20W USB-C Power Adapter for $14.99
$5 OFFAirTag 2 (1-Pack) for $24.00
$20 OFFMagSafe Charger (2m) for $28.00

$50 Or Under


For accessories priced between $30 and $50, there are a few sales on Amazon for Prime Day. You can get the Apple Crossbody Strap in Black for $35.99, down from $59.00, plus numerous discounts on iPhone 17 model Silicone and TechWoven Cases.

$23 OFFApple Crossbody Strap for $35.99
$9 OFFiPhone 17 Pro Silicone Case for $39.99
$20 OFF35W Dual USB-C Power Adapter for $39.00
$15 OFFFineWoven Wallet for $43.99

$100 Or Under


Lastly, we're tracking a few deals on Apple products that are just under $100 for Prime Day. You can get an AirTag 2 4-Pack for $89.00 ($10 off), an Apple Pencil Pro for $99.00 ($30 off), and AirPods 4 for $99.00 ($30 off).

$10 OFFAirTag 2 (4-Pack) for $89.00
$30 OFFAirPods 4 for $99.00
$30 OFFApple Pencil Pro for $99.00

If you're on the hunt for more Prime Day discounts, be sure to visit our big Prime Day post where we recap the best Apple-related bargains of the event.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "The 10 Best Apple Prime Day Deals You Can Get for Under $100" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today shared a video showing off the Apple Watch in use at the World Surf League Championship Tour, with surfers describing how they use the watch when competing.


Surfers can be hundreds of meters away from the beach during competitions and can't hear announcements over the sound of the water and the wind. The World Surf League has adopted the Apple Watch to solve the problem, linking the device to the scoring system. Surfers can get up-to-date information right on the watch.

"I know what it was like competing without this piece of technology," said professional surfer Lakey Peterson. "There's nothing more frustrating than being in a competitive heat without this piece of technology."

The Apple Watch makes sure surfers know how much time is left in a heat, who has priority, and what the score is. The watch is updated in real time, with surfer Isabella Nichols calling the information "crucial" to the outcome in a competition. Mateus Herdy said the watch vibrates when priority changes, so competitors don't even have to look at the screen.

"The Apple Watch has become part of our equipment," said Nichols. "It's like a surfboard or rashie."

The World Surf League hasn't lost an Apple Watch despite the intense conditions surfers put the device through. Surfers have worn the watch at dangerous surfing spots like Pipeline in Hawaii and Teahupo'o in Tahiti, and it has come out unscathed.

The video appears to be part of a new "Apple at Play" series. Apple previously had a partnership with the World Surf League, and the 2021 and 2022 championship tours were shown on Apple TV in the "Make or Break" docuseries.Related Roundup: Apple Watch 11Tag: Apple AdsBuyer's Guide: Apple Watch (Caution)
This article, "Apple Shares Video on How Pro Surfers Use Apple Watch During Competition" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
In Omdia’s 2026 software supply chain security report, 73% of organizations that generate SBOMs say they enable more efficient vulnerability mitigation, yet 86% still find the generation process challenging. That gap between recognized value and operational difficulty is where most teams are stuck. For teams building and securing containerized applications, understanding what an SBOM is, and how to make it useful, is no longer optional.
This guide covers what SBOMs contain, why they matter for software supply chain security, how standard formats and tooling work, and where the industry is headed with regulations and enforcement.
What is an SBOM?
Every software artifact ships with dependencies. A container image based on Alpine Linux might include dozens of system packages, each with its own version, license, and upstream maintainer. An application layer on top adds frameworks, libraries, and transitive dependencies that the developer may never have explicitly chosen. The deeper the stack, the harder it becomes to answer a basic question: what is actually running in production?

A software bill of materials answers that question. It’s a structured, machine-readable inventory of every component, library, and module inside a software artifact. Where a package manifest like package.json or requirements.txt lists declared dependencies, an SBOM captures the resolved dependency tree after the build, including transitive dependencies, system-level packages, and metadata about each component’s origin, version, and license. Think of it as a nutrition label for software.
What an SBOM contains
A well-formed SBOM includes several categories of metadata for each component:
Component identity: Package name, version, and supplier (e.g., openssl 3.1.4, maintained by the OpenSSL Project) Licensing: The license type governing redistribution and use (MIT, Apache 2.0, GPL) Dependency relationships: How components depend on each other, including direct and transitive dependencies Unique identifiers: Package URLs (purl) or SWID tags that enable cross-referencing against vulnerability databases Checksums and digests: Cryptographic hashes that let consumers verify the component has not been tampered with
This data is structured using open standards, primarily SPDX or CycloneDX, to keep it machine-readable and interoperable across tools, registries, and compliance workflows. In practice, an SPDX SBOM entry for a single package looks like this: { "name": "openssl", "SPDXID": "SPDXRef-Package-openssl", "versionInfo": "3.1.4", "supplier": "Organization: OpenSSL Project", "licenseDeclared": "Apache-2.0", "checksums": [{ "algorithm": "SHA256", "value": "a1b2c3..." }] } A real SBOM contains one entry like this for every component in the artifact, from the base image’s OS packages up through the application’s runtime dependencies.
Why SBOMs matter for software supply chain security
The value of an SBOM becomes clear the moment something goes wrong. When the Log4Shell vulnerability was disclosed in December 2021, organizations with current SBOMs could query their inventories and identify every affected image within minutes. Teams without them spent days manually tracing dependencies across registries and deployment manifests.
Sonatype’s research found that nearly 65% of open source CVEs lack an NVD-assigned CVSS score, and when scored independently, 46% turned out to be high or critical. Without an SBOM, those unscored vulnerabilities are invisible.
Faster incident response
When a new CVE drops, the first question is always where are we exposed? An SBOM makes that question answerable in seconds rather than days. Cross-reference the affected package and version against your SBOM library, and you have an immediate blast radius. Pair the SBOM with continuous vulnerability scanning and the process becomes automated: new CVEs are matched against existing SBOMs, and affected images are flagged without manual intervention.
Customer spotlight: JWP, a video streaming platform serving more than 1 billion users, enabled vulnerability scanning across 400+ repositories in under an hour. With SBOMs feeding their scanning pipeline, the team fixed thousands of vulnerabilities while filtering out tens of thousands of non-critical issues, reducing noise and accelerating remediation.
Regulatory compliance
SBOMs are moving from best practice to legal requirements. In the United States, Executive Order 14028 helped set SBOM requirements in motion for software sold to federal agencies. CISA’s 2025 Minimum Elements guidance aims to clarify what a useful SBOM should include. The EU’s Cyber Resilience Act (EU CRA) extends similar requirements to products sold in the European market. For organizations operating in regulated industries, finance, healthcare, defense, and critical infrastructure, SBOM delivery is becoming a procurement gate.
Proactive verification, not reactive trust
SBOMs shift the security model from assuming software is safe to verifying that it is. Rather than trusting that a base image is clean because the registry says so, teams can inspect the SBOM to confirm which packages are present, which versions are running, and whether any known vulnerabilities apply.
In practice, that means writing policies against SBOM data: no image ships if it contains a package from an unapproved supplier, no end-of-life component persists past a defined grace period, no image deploys without a matching SBOM attestation. These checks can run automatically in CI, turning the SBOM from a passive document into an active gate.
When combined with provenance attestations and cryptographic signatures, the SBOM becomes one layer in a verifiable chain of custody from source to deployment. You’re no longer taking the registry’s word for it. You’re cryptographically verifying it.
SBOM formats and standards
For an SBOM to be useful across teams, tools, and organizations, it needs a shared language. Two open standards dominate the landscape, each designed for a different primary use case.
SPDX (Software Package Data Exchange)
Developed by the Linux Foundation (ISO/IEC 5962:2021), SPDX is the most widely adopted format for license compliance and open source auditing. It is also the format used by BuildKit’s built-in SBOM generator, which attaches an SPDX document as an attestation to the container image during the build.
CycloneDX
Developed by the OWASP Foundation, CycloneDX is optimized for security workflows and DevSecOps pipelines. It includes fields for vulnerability metadata and dependency graphs, and integrates well with tools like OWASP Dependency-Track.
SBOM Formats at a Glance
SPDX
CycloneDX
Primary focus
License compliance, open source auditing
Security, vulnerability management
Governed by
Linux Foundation (ISO/IEC 5962:2021)
OWASP Foundation
Format types
JSON, YAML, tag-value, RDF/XML
JSON, XML, Protocol Buffers
Best for
Compliance, due diligence, audits
DevSecOps pipelines, CI/CD integration
Container ecosystem support
Native in BuildKit attestations
Also produced by tools like Syft and Trivy
If you’re building container images, start with SPDX. It’s the format BuildKit generates natively, so you get an SBOM as a build output with zero additional tooling. Your downstream scanning tools may prefer CycloneDX, and that’s fine. The two formats are interoperable, and converters exist for moving between them. Let the build produce SPDX; let consumption tools handle conversion if they need it.
SWID (Software Identification Tags), a third format governed by ISO/IEC 19770-2, is primarily used for IT asset management in enterprise and government procurement. But it has largely lost traction in cloud-native and container workflows.
How SBOMs fit into container workflows
In traditional software development, SBOMs are often generated after the fact, bolted on as a compliance artifact during release. Container workflows offer a better approach: generating the SBOM at build time, as a native output of the image build process.
Build-time generation
When you build a container image with BuildKit, the builder scans the final image filesystem and produces an SBOM that reflects what actually shipped, not just what was declared in the Dockerfile. Because it captures the resolved state after all build stages complete, it includes OS-level packages, application-level dependencies, and any files copied from external sources.
Source-level SBOMs, generated from manifest files before the build, frequently miss transitive dependencies and system packages. An image-layer SBOM reflects reality.
Attestation and provenance
An SBOM tells you what’s in an image. Provenance attestations tell you how it was built: which builder, which source commit, which build platform. Together, they form a verifiable chain of evidence that auditors and policy engines can evaluate programmatically. This is the model described by SLSA (Supply-chain Levels for Software Artifacts), where Build Level 3 requires hardened build platforms with non-falsifiable provenance. SLSA is the specification; in-toto is the attestation format it uses.
The SBOM itself is attached to the image as an in-toto attestation using the SPDX predicate format. Provenance is attached the same way, so both travel with the image as verifiable, machine-readable metadata.
Registry storage
Once the image and its attestations are built, they need to live somewhere consumers can access them. Pushing the image to an OCI-compliant registry keeps the SBOM co-located with the artifact it describes. This matters because an SBOM that lives in a separate system, a shared drive, a compliance portal, or a CI artifact bucket, will eventually drift out of sync with the image it was generated from. Co-location eliminates that gap: pull the image, and you pull its SBOM and provenance with it.
Continuous scanning
With SBOMs attached to images and stored in a registry, they become inputs for continuous vulnerability monitoring. New CVEs are matched against the components listed in the SBOM without re-analyzing the image itself. Instead of re-scanning every image when a new vulnerability is disclosed, the scanner cross-references the SBOM inventory and flags affected images immediately.
Policy enforcement
Scanning identifies risk. Enforcement acts on it. Policy engines can consume SBOM data to gate deployments based on rules the team defines: no image ships if it contains a package from an unapproved supplier, no end-of-life component persists past a defined grace period, no image deploys without a matching SBOM attestation.
These checks run automatically in CI, turning the SBOM from a passive document into an active gate. You’re no longer relying on manual review to catch a problematic dependency. The pipeline catches it before the image reaches production.
SBOM maturity: Where does your organization stand?
SBOM adoption isn’t binary. Most organizations fall somewhere on a spectrum from ad hoc to fully scaled. The following maturity model helps teams assess where they are and what to prioritize next.
Level
Generation
Storage
Scanning
Governance
Ad hoc
Manual, on request
Local files or shared drives
Occasional, tool-dependent
No formal policy
Pilot
Automated for 1–2 apps or services
Alongside build artifacts
Integrated into CI for pilot apps
Basic policy drafted
Production
Automated for all new images
Attached to images in OCI registries
Continuous, with alerting
Policies enforced in pipelines
Scaled
All images, including third-party ingestion
Centralized SBOM management platform
Continuous with policy gating
Cross-org governance, audit trails, supplier requirements
Omdia’s 2026 software supply chain security survey surfaced that more than half of the organizations generating SBOMs are only generating them on a case-by-case basis. 
Common misconceptions about SBOMs
SBOMs are just a compliance checkbox
Teams that generate SBOMs solely to satisfy a procurement requirement are missing the operational value. SBOMs are most useful as a live data source for vulnerability management, incident response, and dependency tracking. A one-time SBOM generated for an audit and then filed away provides a false sense of coverage.
They’re the same as SCA
Software composition analysis (SCA) tools scan code or images for known vulnerabilities. An SBOM is the inventory that makes that scanning possible. SCA and SBOMs generally work together. The SBOM is the inventory, and SCA tools use that inventory, often generating their own, to check for known vulnerabilities. The distinction matters because scanning tends to be only as good as the inventory behind it.
SBOMs are a one-time artifact
An SBOM is tied to a specific image digest. Every time you rebuild an image, the SBOM should be regenerated to reflect any dependency changes. Stale SBOMs create a gap between what you think is running and what’s actually deployed. Automated build-time generation eliminates this drift.
SBOMs substitute runtime security
SBOMs tell you what shipped. They do not tell you what’s happening at runtime. An SBOM will not catch a zero-day that hasn’t been disclosed yet, detect anomalous process behavior inside a running container, or verify that the application logic is correct. SBOMs are one layer in a defense-in-depth model: they handle inventory and composition. Runtime monitoring, network policies, and access controls handle the rest.
What can go wrong without SBOMs
Let’s say a zero-day vulnerability is disclosed in a widely used library. Without SBOMs, the security team starts a manual triage: checking Dockerfiles, querying registries, asking developers which versions they use. Hours pass. Some images are missed because the affected package is a transitive dependency three levels deep. By the time the blast radius is mapped, the vulnerability has been public for two days.
With SBOMs attached to every image, the same triage takes minutes. Query the SBOM database for the affected package and version, get a list of every image that includes it, and prioritize remediation based on deployment context.
Getting started with SBOMs
The most common mistake teams make is treating SBOM adoption as a large-scale transformation project that’ll derail workflows. It doesn’t need to be.
Start with one image. Pick a production image and enable SBOM generation on the next build. With BuildKit, that is a single flag: docker buildx build –attest type=sbom –tag myapp:latest .
Review the output. This single step often reveals transitive dependencies and OS packages you did not know were in the image.
Automate generation in CI. Extend the flag to your CI pipeline so every image build produces an SBOM automatically. Store SBOMs alongside images. Attach SBOMs as attestations in your OCI registry so the SBOM stays co-located with the artifact it describes. Connect to monitoring. Feed SBOMs into a vulnerability monitoring tool that can continuously match components against new CVEs. This closes the loop between inventory and action. Set policies. Define what is acceptable: maximum CVE age, required minimum SBOM completeness, blocked licenses. Enforce these policies in the pipeline so non-compliant images are flagged before deployment. Build with visibility, ship with confidence
SBOMs are the foundation of software supply chain security. They turn opaque software artifacts into transparent, auditable inventories that security teams, compliance officers, and developers can all use. But an SBOM alone is not enough. The real value comes when SBOMs are generated at build time, paired with provenance attestations, and continuously monitored against emerging threats.
Docker makes this workflow native. Docker Hardened Images ship with complete SBOMs, SLSA Build Level 3 provenance, OpenVEX exploitability data, and cryptographic signatures on every image. Meanwhile, Docker Scout provides continuous vulnerability monitoring powered by the SBOM data attached to your images, surfacing actionable insights across your entire image portfolio. Together, they give teams a verifiable chain of custody from source to production, with no manual assembly required.
Frequently asked questions
What does SBOM stand for?
SBOM stands for software bill of materials. It’s a structured inventory of every component, dependency, and metadata element inside a software artifact, formatted in a machine-readable standard like SPDX or CycloneDX.
Are SBOMs required by law?
In the United States, Executive Order 14028 requires SBOMs for software sold to federal agencies. CISA’s 2025 draft guidance proposes an updated set of minimum elements. The EU Cyber Resilience Act extends similar requirements to products sold in the European market. For organizations in regulated industries, SBOMs are increasingly a procurement prerequisite rather than a voluntary practice.
What is the difference between an SBOM and a package manifest?
A package manifest (package.json, requirements.txt, go.mod) lists the dependencies a developer declared. An SBOM captures the fully resolved dependency tree after the build, including transitive dependencies, system-level packages, and metadata like licenses and checksums. The manifest is an input to the build; the SBOM is an output that reflects what was actually shipped.
How often should an SBOM be updated?
An SBOM should be regenerated every time the associated artifact is rebuilt. For container images, this means generating a new SBOM with each image build. Between rebuilds, the existing SBOM remains valid for the specific image digest it describes, but new CVEs may be discovered against the components it lists. Continuous monitoring against the stored SBOM catches these without requiring a rebuild.
Source
Omdia, Securing the Software Supply Chain: Strategic Approaches to Support Scaling Development with AI Adoption, May 2026.
View the full article
Two men pleaded guilty in the United Kingdom this week to criminal charges stemming from an August 2024 cyberattack that crippled Transport for London, the entity responsible for the public transport network in the Greater London area. The duo were key members of a prolific cybercrime group known as Scattered Spider, and their guilty pleas came on the first day of what was expected to be a six-week trial.
Owen Flowers (left) 18, and Thalha Jubair, 20. Image: UK National Crime Agency (NCA).
Thalha Jubair, 20, of East London and 18-year-old Owen Flowers of Walsall admitted conspiring to commit unauthorized acts against Transport for London computer systems and causing risk of serious damage to human welfare. According to a report from the BBC, Flowers alone admitted to being part of a conspiracy to hack into U.S. based healthcare providers SSM Health Care Corporation and Sutter Health in September 2024.
Jubair is also wanted by U.S. law enforcement agencies. In September 2025, prosecutors in New Jersey unsealed an indictment alleging Jubair and other Scattered Spider members committed computer fraud, wire fraud, and money laundering in relation to 120 computer network intrusions involving 47 U.S. entities between May 2022 and September 2025, and that the group’s victims paid at least $115 million in ransom payments.
In July 2025, KrebsOnSecurity reported that Flowers and Jubair were arrested in the United Kingdom in connection with Scattered Spider ransom attacks against the retailers Marks & Spencer and Harrods, and the British food retailer Co-op Group. Multiple sources familiar with those investigations said Flowers was the Scattered Spider member who anonymously gave interviews to the media in the days after the group’s September 2023 ransomware attacks disrupted operations at Las Vegas casinos operated by MGM Resorts and Caesars Entertainment.
According to prosecutors, Jubair co-ran a bustling Telegram channel called Star Chat, the home of a SIM-swapping group that used voice- and SMS-based phishing attacks to steal credentials from employees at the major wireless providers in the U.S. and U.K. The group would then use that access to sell a service that could redirect a target’s phone number to a device the attackers controlled and intercept the victim’s calls and text messages (including one-time codes for multi-factor authentication).
A receipt from Star Fraud Chat’s SIM-swapping service targeting a T-Mobile customer after the group gained access to internal T-Mobile employee tools. “Rocket Ace” was one of Jubair’s hacker handles, according to U.S. prosecutors.
New Jersey prosecutors also allege Jubair also was involved in a mass SMS phishing campaign during the summer of 2022 that stole single sign-on credentials from employees at hundreds of companies. That weeks-long SMS phishing campaign led to intrusions and data thefts at more than 130 organizations, including LastPass, DoorDash, Mailchimp, Plex and Signal.
KrebsOnSecurity reported last year that one of Jubair’s alter egos at age 15 was “Everlynn,” a hacker who sold fraudulent “emergency data requests” that used compromised police and government email addresses to demand subscriber data (e.g. username, IP/email address) from major tech companies, claiming the requests concerned urgent matters of life and death and could not wait for a court order.
In April 2026, 24-year-old British national and Scattered Spider member Tyler “Tylerb” Buchanan pleaded guilty to wire fraud conspiracy and aggravated identity theft for participating in the group’s SMS phishing spree in the summer of 2022. The government said Buchanan, Jubair and others used the credentials harvested in that phishing campaign to steal at least $8 million in cryptocurrency from victims throughout the United States. Buchanan is currently scheduled to be sentenced on October 2.
In August 2025, 20-year-old Scattered Spider member from Florida named Noah Michael Urban was sentenced to 10 years in federal prison and ordered to pay $13 million in restitution, after pleading guilty to charges of wire fraud and conspiracy.
The U.S. Department of Justice says three alleged Scattered Spider defendants indicted along with Buchanan still face charges, including Ahmed Hossam Eldin Elbadawy, 24, a.k.a. “AD,” of College Station, Texas; Evans Onyeaka Osiebo, 21, of Dallas, Texas; and Joel Martin Evans, 26, a.k.a. “joeleoli,” of Jacksonville, North Carolina.
Flowers and Jubair are slated to be sentenced in a London court on July 15, 2026.
View the full article
A group of 48 China-based iOS developers have filed an antitrust complaint against Apple with the country's market regulator over the App Store's commission rates, the South China Morning Post reports.


The developers sent an open letter to China's State Administration for Market Regulation (SAMR), alleging that Apple failed to deliver on a promise to offer the lowest commission rate to the Chinese market. The group asked the SAMR to investigate and penalize Apple for allegedly abusing its market dominance to impose "unfair and excessively high" costs on local developers.

Apple currently charges a 25% commission on paid apps and in-app purchases in China, down from 30% after a cut made in March. The commission on subscription renewals, along with the rate for qualified developers in Apple's Small Business and Mini Apps Partner programs, was lowered to 12% from 15% at the same time.

The complaint follows a series of similar challenges to Apple's China ‌App Store‌ policies dating back nearly a decade. A Beijing law firm filed a complaint in 2017 over app removals and high fees, a Chinese consumer sued over ‌App Store‌ fees in 2021 (a claim ultimately rejected by a Shanghai court in 2024), and another Chinese law firm sued again in 2025.

The 48 developers point to Apple's recent moves elsewhere as evidence the company can do better. Apple lowered its Brazil commission last week to between 10% and 21% of a transaction, plus a 5% processing fee, while also letting Brazilian developers distribute iOS apps through other app marketplaces for a 5% fee. Apple made comparable adjustments in Japan late last year.

The developers want more than Brazil-style pricing. They argue that allowing third-party app stores in China, as Apple already does in the European Union under the Digital Markets Act, would push its effective commission down to as low as 5%.

Apple has faced mounting regulatory pressure over ‌App Store‌ fees worldwide in recent years. The company was fined €500 million ($572.2 million) last year for violating the EU's Digital Markets Act and has appealed the decision, while in the U.S. it has been ordered to allow external payment links following its legal fight with Epic Games. Apple said earlier this month that its ‌App Store‌ ecosystem generated more than $1.4 trillion in developer billings and sales in 2025, with China contributing the largest share at $562 billion.Tags: Apple Antitrust, App Store, China, South China Morning Post
This article, "Apple Faces New App Store Complaint From Chinese Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Anker's popular Prime 3-in-1 Wireless Charging Station has dropped to $99.74 on Amazon for Prime Day, down from $149.99. This is one of Anker's newest accessories, and Amazon's sale today is a new all-time low price.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

The Prime 3-in-1 Wireless Charging Station features Qi2.2 support, which lets a compatible MagSafe ‌iPhone‌ charge at up to 25W. It's the same speed as Apple's ‌MagSafe‌ charger, and it is 10W faster than the standard Qi2 ‌MagSafe‌ chargers. You can also simultaneously charge an Apple Watch and AirPods with the device.

$50 OFFAnker Prime 3-in-1 Wireless Charging Station for $99.74

There are plenty of other Anker discounts happening on Amazon for Prime Day, including Anker's Prime 14-in-1 Docking Station for $319.99, down from $399.99. Below you'll find a list of the best Anker discounts on Amazon this week, also including wall chargers, portable chargers, and more.

$80 OFFAnker Prime 14-in-1 Docking Station for $319.99
Wall Chargers

Anker Nano USB-C Wall Charger - $25.99, down from $39.99
Anker 140W 4-Port GaN USB-C Charger - $59.99, down from $99.99
Anker 3-Port Prime Charger - $99.99, down from $149.99
Wireless Chargers

Anker 3-in-1 MagSafe-Compatible UFO Charger - $59.99, down from $89.99
Anker 3-in-1 MagSafe-Compatible Foldable Charging Station - $59.00, down from $109.99
Anker 3-in-1 MagSafe-Compatible Charging Cube - $77.54, down from $129.99
Anker 3-in-1 Prime Wireless Charging Station - $99.74, down from $149.99
Anker Prime MagSafe-Compatible 3-in-1 Charging Station - $137.99, down from $229.99
Portable Chargers

Nano Power Bank with Built-In USB-C - $19.99, down from $26.99
Anker Nano 10,000 mAh Portable Charger - $41.99, down from $59.99
Anker MagGo Power Bank 10,000 mAh - $60.79, down from $79.99
Anker Prime Power Bank 20,100 mAh - $119.69, down from $179.99
Anker Prime Power Bank 26,250 mAh - $159.99, down from $229.99
Portable Power Stations

Anker SOLIX C300 Power Station with Lantern - $149.99, down from $249.00
Anker SOLIX C300 - $209.30, down from $299.99
Anker SOLIX C1000 Gen 2 - $399.00, down from $799.00
Anker SOLIX S2000 - $599.00, down from $1,199.00
Anker SOLIX C2000 Gen 2 - $699.99, down from $1,499.00
Anker SOLIX F3800 - $1,599.99, down from $2,299.00
Docks

Anker Nano 13-in-1 Laptop Docking Station - $104.49, down from $149.99
Anker Prime 14-Port Docking Station - $161.49, down from $269.99

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "Anker's 3-in-1 Foldable Wireless Charger Drops to $99.74 for Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon is taking $150 off multiple models of the M5 MacBook Air for Prime Day, including a match of the all-time low price on the 16GB/1TB 15-inch MacBook Air. This model is on sale for $1,349.00 in Starlight and Midnight, down from $1,499.00.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

In terms of 13-inch models, Amazon has the 512GB 13-inch MacBook Air for $949.00, down from $1,099.00, and the 16GB/1TB model for $1,149.00, down from $1,299.00. Both of these represent solid second-best prices for the M5 MacBook Air.

$150 OFF13-inch M5 MacBook Air (512GB) for $949.00
$150 OFF13-inch M5 MacBook Air (16GB/1TB) for $1,149.00

Regarding the 15-inch models, you'll also find $150 off the M5 MacBook Air, with multiple color options on sale for each configuration. Prices start at $1,149.00 for the 512GB model, down from $1,299.00, and also include both 1TB models on sale.

$150 OFF15-inch M5 MacBook Air (512GB) for $1,149.00
$150 OFF15-inch M5 MacBook Air (16GB/1TB) for $1,349.00
$149 OFF15-inch M5 MacBook Air (24GB/1TB) for $1,549.99

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "M5 MacBook Air Gets a Major Price Cut for Prime Day Shoppers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
LG is hosting an early Fourth of July sale on its website this week, with deals on monitors, TVs, home appliances, and more. LG's discounts have been automatically applied and do not require any discount codes or special memberships.

Note: MacRumors is an affiliate partner with LG. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Highlights of the event include up to $700 off select LG monitors and up to $1,700 off LG's best TV sets. Regarding the TVs, discounts include big savings on the new 2026 LG OLED evo AI sets, like the 65-inch LG OLED evo AI C6 4K Smart TV for $1,999.99 ($700 off) and the 65-inch LG OLED evo AI G6 4K Smart TV for $2,999.99 ($400 off).

SITEWIDE SALELG Fourth of July Sale
TVs

55-inch LG UHD 4K Smart TV - $299.99 ($80 off)
75-inch LG Mini LED 4K Smart TV - $699.99 ($100 off)
86-inch LG QNED 4K Smart TV - $999.99 ($299 off)
65-inch LG OLED 4K Smart TV - $1,199.99 ($800 off)
77-inch LG evo AI 4K Smart TV - $1,999.99 ($1,700 off)
65-inch LG OLED evo AI C6 4K Smart TV - $1,999.99 ($700 off)
65-inch LG OLED evo AI G6 4K Smart TV - $2,999.99 ($400 off)
Monitors

34-inch UltraGear Curved Monitor - $229.99 ($170 off)
34-inch UltraWide Curved Monitor - $299.99 ($200 off)
34-inch UltraGear OLED Curved Gaming Monitor - $799.99 ($500 off)
27-inch UltraGear OLED Gaming Monitor - $699.99 ($300 off)
32-inch UltraFine 6K Monitor - $1,299.99 ($700 off)
Appliances

24-inch QuadWash Front Control Dishwasher - $549.00 ($250 off)
24-inch FlushFit Top Control Dishwasher - $749.00 ($400 off)
26 cu. ft. Wide Bottom Freezer Refrigerator - $1,699.00 ($500 off)
27 cu. ft. Side-by-Side InstaView Refrigerator - $1,699.00 ($900 off)
Single Unit Front Load WashTower - $1,699.00 ($900 off)
27 cu. ft. Smart InstaView French Door Refrigerator - $1,899.00 ($1,000 off)
Washer/Dryer LG WashCombo All-in-One - $1,999.00 ($1,300 off)
30 cu. ft. Smart French Door Refrigerator - $2,499.00 ($1,500 off)

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "LG Drops Major Fourth of July Deals: OLED TVs, UltraWide Monitors, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
GitHub is moving to strengthen software supply chain security by updating "actions/checkout" to block pwn request attacks that exploit the risky use of the "pull_request_target workflow" trigger to run malicious code with the workflow's full privileges. Effective June 18, 2026, the latest version of "actions/checkout," the official GitHub action for checking out a repository into theView the full article
The latest beta of Apple's Reality Composer Pro 3, the content creation tool used to build spatial experiences for Apple Vision Pro, appears to contain traces of "The Machinery," an ambitious game development project that abruptly shut down in 2022 without explanation.


Based on code discovered by Nicolás Alvarez and independently confirmed by MacRumors, binaries included with Reality Composer Pro 3 beta contain at least 40 mentions of "the machinery" or "our machinery," and match aspects of The Machinery's project structure, asset management system, and database architecture.

The findings are notable because The Machinery was developed by Our Machinery – a company made up of veterans of the Bitsquid game engine. The project earned a devoted following among engine programmers for its unconventional approach to content creation workflows. And yet it disappeared without trace.

Central to the project was a system known as "The Truth," a database-driven architecture designed to unify assets, objects, dependencies, and editor state. Many of the same concepts appear in Apple's latest Reality Composer Pro release, announced during WWDC 2026. Things like reusable prototypes, live editing, asset dependency tracking, and rapid iteration workflows all pop up – ideas that have notable technological similarities to how The Machinery worked. The direct references in the code appear to confirm the connection.

The links don't just extend to code strings, either. Tricia Gray, co-founder and CEO of Our Machinery, now works on Apple's spatial computing developer tools team, as evidenced in her LinkedIn profile.

It's not clear whether Apple licensed The Machinery or acquired the company, or in some way inherited the referenced technology, but the presence of the identifiers throughout Apple's code suggests at least some of the project's ideas have somehow found their way into Apple's spatial computing development toolset.

The discovery is particularly notable because The Machinery's development ended so suddenly, surprising many developers at the time who had followed the project's progress. We've reached out to Apple to comment on the findings and will update this story if we hear back.Related Roundup: Apple Vision ProBuyer's Guide: Vision Pro (Neutral)Related Forum: Apple Vision Pro
This article, "Apple's Latest Vision Pro Tool Contains Traces of Defunct Game Engine 'The Machinery'" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Meta today unveiled its first smart glasses sold under its own brand rather than Ray-Ban or Oakley, undercutting its existing lineup on price as it works to expand its lead in the category before Apple enters the market.


The new Adventurer and Fury models are priced at $299, $80 less than the second-generation Ray-Ban ‌Meta‌ Wayfarer that launched last year. A third model, the Starfire, was designed in collaboration with Kylie Jenner and costs $399.

EssilorLuxottica, the parent company of Ray-Ban and Oakley, is manufacturing the glasses despite ‌Meta‌ designing them in-house and putting its own name on them, with EssilorLuxottica's logo appearing on the temple arms and packaging alongside ‌Meta‌'s.

The Adventurer has a rectangular Wayfarer-like shape available in standard and large sizes, while the Fury shares that silhouette but is thicker. The Starfire takes a slimmer oval shape and includes a small gemstone on the right lens near the camera, a metal nose pad designed to resist makeup residue, and the option to set an AI-generated version of Jenner's voice for the assistant and onboarding prompts. The Starfire's case includes a handwritten note from Jenner and a built-in mirror.

Across all three styles, ‌Meta‌ added a three-way adjustable nose pad, adjustable temple tips, and overextension hinges so the arms flare out slightly for wider head shapes. The companies are offering 26 color and lens combinations between the Adventurer and Fury alone, including tortoise, black, and green finishes, plus transition, polarized, and clear lens options, and the glasses support prescription lenses with a power range of -12 to +2.25.

The new glasses carry over the same 12-megapixel camera, 3K video capture, five-microphone array, and eight-hour battery life as the existing Ray-Ban ‌Meta‌ Gen 2 glasses, with the included case adding about 40 hours of additional charge. ‌Meta‌ is also offering a separate ‌Meta‌ Glasses Charging Stand compatible with the new models as well as the Ray-Ban ‌Meta‌ and Oakley ‌Meta‌ HSTN lines.

The glasses ship with ‌Meta‌'s Muse Spark AI model, which the company says improves response quality and adds 14 new languages to live translation support, including Mandarin, Korean, Japanese, Arabic, and Hindi, bringing the total to 20. A new "Dynamic Photo" feature captures a burst of images and selects the best shot, and pedestrian turn-by-turn navigation is coming to the camera-equipped lineup after debuting on ‌Meta‌'s display glasses.

According to Bloomberg, ‌Meta‌ also hinted that it's considering a version of its glasses without a camera, focusing on an audio-only experience for phone calls, media playback and interacting with its AI tools. A camera-free option could both lower the price point and enable new styles, it said, given the need to include fewer components.

The company also addressed Apple directly, calling the iPhone maker "formidable" in the space ahead of its own glasses debut. "I think you need to take anything they do seriously," ‌Meta‌'s Alex Himel said, adding, "they're good at hardware, they're good at design. There's a number of places where we won't necessarily be able to build the same quality consumer experience when paired with the phone, and so I think they're taking advantage of that."

Apple is widely expected to release its first smart glasses in 2027, designed in-house rather than through a partner brand. Apple's glasses will likely rely on a camera, microphones, and Siri for AI-driven features without an integrated display, putting them in direct competition with ‌Meta‌'s camera-equipped lineup rather than higher-end display models like ‌Meta‌'s Ray-Ban Display glasses.

‌Meta‌ said it explored facial recognition tools for identifying people the wearer knows but has not put the feature into active development while it works through privacy and societal concerns.

The Adventurer, Fury, and Starfire glasses are available starting today through ‌Meta‌ and EssilorLuxottica retail partners including LensCrafters.Tag: Meta
This article, "Meta Launches Its Own $299 Smart Glasses Ahead of Apple's Debut" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon has brought back a major sale on the M4 iPad Air for Prime Day, with all-time low prices on nearly every model of the tablet. This includes both 11-inch and 13-inch models of the brand new 2026 M4 iPad Air.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Specifically, the 128GB Wi-Fi 11-inch M4 iPad Air has dropped to $519.99, down from $599.00, which is a match of the record low price. You'll also find low prices on the 256GB Wi-Fi 11-inch model and two 13-inch models, all of which we're only tracking on Amazon.

$79 OFF11-inch M4 iPad Air (128GB Wi-Fi) for $519.99
$89 OFF11-inch M4 iPad Air (256GB Wi-Fi) for $609.99
$99 OFF13-inch M4 iPad Air (128GB Wi-Fi) for $699.99
$109 OFF13-inch M4 iPad Air (256GB Wi-Fi) for $789.99

The new iPad Air features the M4 chip, C1X modem, and N1 networking chip, which brings support for Wi-Fi 7 and Bluetooth 6. In terms of design, the 2026 models are identical to the 2025 iPad Air tablets, with an edge-to-edge display, slim bezels, and aluminum chassis.

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "Prime Day Delivers Steep Price Cuts on 2026 M4 iPad Air" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon Prime Day has arrived, and today you can find record low prices on nearly every AirPods model on Amazon. This includes the AirPods Pro 3, AirPods 4, and AirPods Max 2.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

The highlight of AirPods deals this Prime Day is the AirPods Max 2 on sale for $399.00 in all colors, down from $549.00, which is a new all-time low price on the headphones. This is accompanied by a great discount on the AirPods 4 for Prime Day, available for $99.00, down from $129.00.

$30 OFFAirPods 4 for $99.00
$69 OFFAirPods Pro 3 for $179.99
$150 OFFAirPods Max 2 for $399.00

In terms of the AirPods Pro 3, we're tracking these at $179.99 as of writing, down from $249.00. These were about $10 cheaper in early Prime Day sales, but we aren't sure if or when that sale will return. For now, the current price is still a solid second-best offer on the AirPods Pro 3.

Shoppers should note that many sales during Amazon Prime Day require you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

For even more Prime Day deals, be sure to visit our main article recapping all of the best Apple deals for Prime Day. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "AirPods Prime Day Deals Arrive With AirPods Max 2 at $399 and AirPods 4 at $99" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A new resale value study suggests that a $2,000 foldable iPhone could lose as much as $1,292 of its value within its first 12 months on the market, based on current foldable depreciation trends.


The estimate comes from SellCell, which analyzed the 12-month resale performance of flagship smartphones from Apple, Samsung, Google, Motorola, and OnePlus. The site found that foldable smartphones lose an average of 64.6% of their value within a year, the worst depreciation rate of any smartphone category, compared with 55.3% for traditional smartphones.

SellCell calculates that foldable phone owners lose $997.69 on average after 12 months, compared with $605.32 for owners of traditional smartphones, a gap of $392.37. Foldables retain just 35.4% of their launch value after a year, versus 44.7% for non-folding phones.

Apple is widely rumored to be preparing its first foldable iPhone, expected to be called the "iPhone Ultra," for launch alongside the iPhone 18 Pro and ‌iPhone 18 Pro‌ Max in fall 2026, with a price of around $2,000.

Using that rumored price point, SellCell modeled what a foldable iPhone's resale value might look like after a year if it depreciated at the average rate seen across today's foldables, landing at around $708 after 12 months. This would represent a loss of roughly $1,292.

SellCell notes Apple has historically outperformed competitors on resale value. The iPhone 16 lineup retained 51.5% of its value after 12 months, the strongest of any major manufacturer in the study, ahead of OnePlus (46.8%), Google (40.8%), Samsung (39.5%), and Motorola (24.5%). If a foldable iPhone matched the ‌iPhone 16‌ lineup's depreciation rate instead, SellCell estimates it could be worth around $1,030 after a year, over $300 less depreciation than a typical foldable.

Real-world depreciation would likely land closer to Apple's existing figures. The base ‌iPhone 16‌ retained 51.4% of value after a year and the 256GB ‌iPhone 16‌ Pro Max retained 56.4%, though even at those rates, the total loss on a $2,000 device would still come out to roughly $1,000 over 12 months.Related Roundup: iPhone FoldTags: Foldable iPhone, SellCell
This article, "Apple's Foldable iPhone Could Lose Almost $1,300 in Value in First Year, Study Suggests" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
What began as a routine ransomware investigation uncovered two unrelated attackers operating inside the same victim network at the same time, each obscuring the other’s activity and complicating the response.
The discovery emerged during a Microsoft Detection and Response Team (DART) engagement involving Storm-2603, a threat actor associated with ransomware deployment. Investigators initially believed they were tracking a single intrusion before identifying a separate attack chain involving a different set of tools, infrastructure, and objectives.
“This case highlights a growing reality: modern attacks are not always isolated events. Sometimes they are overlapping campaigns,” Microsoft said in its latest cyberattacks series report.
The company said activity linked to one actor initially obscured evidence associated with the other, complicating efforts to determine the full scope of the compromise and reconstruct the attack timeline.
“Only by correlating identity, endpoint, and cloud telemetry together did the full scope of the attack become clear,” the report added.
The investigation ultimately expanded beyond the original environment and led DART to identify a second compromised organization connected to the broader attack chain, according to Microsoft.
Two attackers, one environment
The investigation began after attackers exploited vulnerabilities in on-premises SharePoint servers and established persistence inside the victim environment.
Microsoft attributed that activity to Storm-2603, which used Cloudflare Tunnel, Zoho Assist, Visual Studio Code Remote SSH, and Velociraptor during the intrusion. The actor also created unauthorized administrator accounts and used a vulnerable driver to disable security controls before deploying ransomware, the report said.
As investigators reconstructed the attack timeline, they identified activity that did not align with the ransomware operator’s tactics, techniques, and procedures.
Further analysis uncovered what Microsoft described as a separate intrusion. According to the report, the second actor used DLL sideloading techniques, custom backdoors, VPN access through virtual private server infrastructure, and attempted access to Active Directory credential databases.
Microsoft said the activity represented a separate attack chain operating within the same environment.
“Two distinct threat actors operated simultaneously within the same environment,” Microsoft said in its report, with each one masking the other and obscuring the full scope of the intrusion.
Overlapping intrusions are more common than vendors admit, said Vibhum Dubey, an independent cybersecurity researcher and red teamer.
“Most incident responders hesitate to conclude that multiple unrelated actors are operating in the same environment, so they may spend considerable time trying to build a single coherent kill chain from what are actually separate intrusions,” Dubey said.
Two groups landing on the same exposed SharePoint server is rarely coordinated, he said, but “two separate groups scanning the same CVE feeds and getting lucky around the same window.” The result, he added, is “same environment, zero shared intent.”
That overlap is also what makes such cases hard to untangle, Dubey said.
How the breach spread
The investigation widened when forensic evidence showed the attackers had moved beyond the first network. DART contacted a second organization and confirmed it had been hit by the same Storm-2603 ransomware activity, showing the actor’s reach extended beyond the first victim.
Containment is where overlapping intrusions bite hardest, Dubey said. Evicting one group and rotating credentials can tip off a second actor that was never fully scoped. “Actor B, who you never fully scoped, goes loud because you just shook their environment,” he said. What DART got right, he added, was using threat intelligence to separate the artifact clusters before acting, “the discipline that made the difference.”
DART contained both intrusions using a structured response playbook, the report said, pulling telemetry from identities, endpoints, and cloud services into a single view to spot abnormal behavior, flag credential misuse, and track the attackers. It briefed the affected customer daily and worked with Microsoft Threat Intelligence to confirm the two actors were active in parallel. Only by “correlating identity, endpoint, and cloud telemetry together,” Microsoft said, did the full scope of the attack become clear.
What enterprises should take away?
Microsoft urged organizations to prioritize patching for internet-facing systems, especially on-premises SharePoint, and to treat privileged identities as a primary attack surface, with tighter controls and monitoring.
It also recommended deploying endpoint protection broadly, centralizing telemetry, restricting remote-access and developer tools that attackers abuse, and keeping tested incident response playbooks ready to isolate compromised accounts quickly.
For Dubey, the root cause is simpler than the forensics that followed: “an internet-facing box sat unpatched long enough for more than one actor to walk through the door.” Everything after that, he said, “was downstream of that single failure.”
Microsoft did not immediately respond to a request for comment.
View the full article
One of Apple's key manufacturing partners in India has confirmed it was recently the target of a cyberattack that has resulted in confidential Apple documents being leaked on the dark web.


Tata Electronics said on Monday it had detected a "cybersecurity incident," after security researchers told Reuters that ransom group World Leaks had shared more than 200,000 files belonging to Apple and Tesla, both of which are customers of the Indian group.
Apple has not commented on the leak, but a source familiar with the matter told the outlet that Apple was investigating the breach and ​a "full analysis was going on." Tata is believed to have received a ransom demand related to the incident, but the group declined to comment.

Many of the leaked files allegedly contain component design and specification papers. For example, one 52-page document has Apple's proprietary markings and purportedly details quality inspection standards ⁠for iPhone circuit ​board components. The files are ⁠also said to contain emails, event logs spanning several years, and passport copies of employees including foreign nationals.

Reuters wasn't able to independently verify the documents, which have been available on the dark web – which is beyond the reach of search engines – since at least June 10, according to researchers.

Tata is emerging as one of Apple's most important manufacturing ​partners outside China, and the breach is another setback for the group. It is also currently facing a health probe over alleged contamination of farmlands near one of its iPhone parts plants.Tag: India
This article, "Confidential Apple Files Leaked on Dark Web After Supplier Cyberattack" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
OpenAI has launched a program with cybersecurity firm Trail of Bits to use AI to find and fix vulnerabilities in widely used open-source software, as enterprises face growing risks from flaws buried deep in their software supply chains.
The initiative, called Patch the Planet, uses AI-assisted vulnerability research alongside human review to help turn security findings into tested fixes that can be disclosed through existing project channels.
Initial participants include Python, Go, cURL, Sigstore, NATS Server, aiohttp, freenginx, pyca/cryptography, and python.org. These projects support software development, networking, cryptography, and supply chain infrastructure used across a wide range of enterprise applications and services.
OpenAI said each engagement will begin with consultation with maintainers to identify where security support is most needed. Researchers will then investigate potential vulnerabilities, validate meaningful issues, develop or refine patches, support testing, and coordinate disclosure through the project’s existing channels.
Participating security researchers will use the company’s models and Codex Security to analyze code and help move fixes toward release. Trail of Bits engineers will review findings before they are sent to maintainers, a step meant to filter out false positives and duplicate reports before they add to the workload of open-source projects.
The company is also working with HackerOne and Calif to support vulnerability triage, coordinated disclosure, and additional discovery work as the program expands.
OpenAI said work under the program has already identified “hundreds of security issues and merged dozens of patches, with many more still undergoing coordinated disclosure.”
The work has also produced tools for fuzzing, historical CVE analysis, and differential testing, along with systems to filter inaccurate findings before patches are generated, OpenAI added.
The focus on open-source security follows incidents such as Log4Shell and the XZ Utils backdoor, which showed how quickly a flaw in a shared component can move through enterprise software.
Analysts said Patch the Planet changes the risk equation only if enterprises treat AI-assisted vulnerability research as an input to a broader software supply chain risk program, not as a substitute for one.
“The key shift is speed: AI-assisted research can help find, validate, patch, test, and document issues faster, while human reviewers reduce false positives before maintainers are burdened,” said Biswajeet Mahapatra, principal analyst at Forrester. “But the dependency on scarce expertise does not go away; it moves to triage, exploitability judgment, patch safety, disclosure timing, and production rollout.”
Guardrails before deployment
CISOs should put governance controls in place before using AI-assisted vulnerability research in enterprise security pipelines, to ensure unverified findings do not overwhelm engineering teams, said Devashri Datta, an open-source cybersecurity architect.
“CISOs should demand a Safety Relevance Layer in their risk modeling, a structured framework that requires every AI-generated finding to pass automated verification, including dynamic proof-of-concept validation and strong false-positive filtering, before it reaches a human analyst,” Datta said.
Those controls should also cover disclosure, particularly when AI tools identify flaws in third-party open-source components that the enterprise does not control, Datta said. Organizations need predefined escalation paths, notification timelines, and role assignments that take effect once a confirmed issue is found in an external dependency.
“Ad hoc disclosure in an AI-accelerated environment isn’t just a process gap; it’s a liability,” Datta said. “Trusting AI in the production pipeline requires verifiable auditability: organizations must be able to trace why the AI flagged a line of code, how it validated the exploit, and how it determined that the patch would not break downstream production systems.”
Continuous exposure reduction
AI-assisted vulnerability research could force enterprises to move away from periodic patching cycles and toward more continuous risk assessment, analysts said. If variant analysis and differential testing can be compressed from weeks to days, security teams may need faster ways to decide which findings matter most in their own environments.
That shift also means enterprises can no longer rely only on generic CVSS scores to prioritize remediation, Datta said. Findings will need to be assessed against the affected system, its business role, runtime exposure and the likelihood that a flaw can be exploited.
“We have to move toward context-aware, safety-critical prioritization,” Datta said. “Enterprise SBOM and VEX programs must evolve from passive compliance spreadsheets into live, machine-readable data feeds. For AI-assisted pipelines specifically, that means extending the VEX model to cover AI-introduced risk surfaces.”
Mahapatra said vulnerability management programs will also need to become more closely tied to software ownership, supplier response, and business impact.
“Security teams should move from periodic vulnerability handling to continuous exposure reduction,” Mahapatra said.
That means SBOMs should be treated as live inventories tied to runtime exposure and supplier response, rather than static compliance documents. Patch decisions should also account for asset criticality, exploitability, compensating controls, and business impact.
View the full article
Introduction
If you find yourself stuck in a cycle of endless tutorials without feeling confident enough to handle real-world infrastructure, you are likely missing the most critical component of DevOps mastery: hands-on experience. Theory alone can only take you so far; the true transition from a learner to an engineer happens when you stop watching and start building in a safe environment. A DevOps home lab
serves as your personal proving ground, allowing you to bridge the gap between “knowing” and “doing” by simulating real production systems where you can experiment, break, and fix configurations without consequence. By creating this space, you transform abstract concepts into tangible skills, building the professional confidence that textbooks simply cannot provide. Whether you are navigating your first Linux server or orchestrating a complex containerized pipeline, DevOpsSchool emphasizes that learning by doing is the only path to career readiness, and establishing your own lab is the first, most decisive step you can take toward becoming a proficient DevOps professional.
What Is a DevOps Home Lab?
A DevOps home lab is a dedicated computing environment—virtual or physical—where you simulate real-world production scenarios to practice development and operations workflows. It is your personal sandbox.
Unlike a standard desktop setup, a home lab is intentionally configured to host multiple services, including version control systems, container runtimes, orchestration engines, and automation servers. Its primary purpose is to mirror the complexity of a real enterprise environment, albeit on a smaller, localized scale. By having this space, you can test configurations, try out new tools, and automate tasks without worrying about breaking a production server.
Why You Need a DevOps Home Lab
Theory is a map, but a home lab is the territory. Here is why you cannot afford to skip this step in your learning journey:
Practical Learning Advantage: You learn by solving real errors, not by following scripted demos that always work perfectly. Interview Preparation: When an interviewer asks how you handled a specific infrastructure failure, you need a story. Building your own lab gives you that story. Real-World Simulation: You get to touch every layer of the stack—from the OS kernel to the application deployment. Safe Experimentation: If you delete a database or misconfigure a Kubernetes cluster, you lose nothing but a few hours of time. In production, that would be a career-ending event. Basic Requirements for DevOps Home Lab Setup
You do not need a supercomputer. A modern laptop or desktop is sufficient to get started.
ComponentRequirementRecommendationProcessorMulti-core CPUIntel Core i5 or AMD Ryzen 5 (or better)RAM16 GB minimum32 GB is preferred if running Kubernetes clustersStorageSSD256 GB+ (SSD is crucial for VM performance)Operating SystemHost OSWindows 10/11, macOS, or LinuxInternetStable connectionHigh-speed for downloading images and packagesVirtualizationHypervisorVirtualBox, VMware Workstation, or KVM Step-by-Step DevOps Home Lab Setup
Let us build your environment from the ground up.
Step 1: Install Virtualization Tool
Download and install Oracle VirtualBox or VMware Workstation Player. These are industry standards for creating virtual machines (VMs) on a single physical host. Once installed, ensure virtualization is enabled in your computer’s BIOS/UEFI settings.
Step 2: Install Linux VM (Ubuntu)
Download the Ubuntu Server LTS (Long Term Support) ISO. Create a new VM in your hypervisor. Allocate at least 2 vCPUs and 4GB of RAM. Follow the installation prompts, ensuring you select “OpenSSH Server” during setup so you can manage the VM remotely from your main OS terminal.
Step 3: Configure Network Settings
Set your network adapter to “Bridged Mode.” This assigns your VM an IP address on your local home network, making it accessible from your host machine. Use the ip a command to find your IP, then test the connection by SSHing into it: ssh username@your-vm-ip.
Step 4: Install Git & Basic Tools
Update your package manager: sudo apt update && sudo apt upgrade. Install essential utilities: sudo apt install git curl wget vim htop. Configure Git with your identity: git config --global user.name "Your Name" and git config --global user.email "[email protected]".
Step 5: Install Docker
Docker is the heart of modern DevOps. Install it using the official script or package manager. Run sudo apt install docker.io, start the service with sudo systemctl start docker, and enable it to run on boot with sudo systemctl enable docker. Add your user to the docker group so you don’t need sudo for every command: sudo usermod -aG docker $USER.
Step 6: Install Jenkins (CI/CD Setup)
Jenkins remains a foundational tool. Install Java first, then add the Jenkins repository. Use sudo apt install jenkins. Start the service and access the web interface via http://your-vm-ip:8080. Complete the initial setup wizard to create your admin account.
Setting Up a CI/CD Pipeline in Your Home Lab
Once you have your VM and Jenkins running, create your first pipeline.
Create a Repo: Create a simple HTML file in a GitHub repository. Jenkins Job: In Jenkins, create a “Freestyle Project” or “Pipeline.” Source Code: Point Jenkins to your GitHub repo. Build Step: Create a script that copies the HTML file to a directory served by a simple Nginx container. Trigger: Configure a webhook so that every time you push code, Jenkins automatically builds and deploys your site. Docker Setup in DevOps Home Lab
Move beyond installing Docker. Start managing containers:
Container Lifecycle: Practice pulling images (docker pull), running containers (docker run), stopping them (docker stop), and removing them (docker rm). Networking: Create a user-defined bridge network so two containers can communicate with each other. Volumes: Learn to persist data by mounting a directory from your host machine into the container. This ensures your data survives even if the container is destroyed. Kubernetes Setup for Beginners
Kubernetes is complex, so start simple. Use Minikube or Kind (Kubernetes in Docker).
Install Minikube: Follow the documentation to install the binary. Cluster Start: Run minikube start. Deployments: Create a deployment.yaml file that specifies a container image. Testing: Apply the file using kubectl apply -f deployment.yaml. Scaling: Use kubectl scale to increase the number of replicas and watch how Kubernetes handles the load. Real DevOps Projects You Can Practice in Home Lab
To truly learn, you need a project with a start and an end:
CI/CD Pipeline Project: Automate the build, test, and deployment of a Python “Hello World” application. Dockerized Application Deployment: Build a multi-tier app (e.g., a web frontend and a database backend) and run them together using Docker Compose. Kubernetes Deployment Project: Migrate your Docker Compose project into a Kubernetes manifest and deploy it to your local cluster. Git-based Automation Workflow: Use Git hooks to trigger linting and unit tests before code is even pushed to your repository. Common Mistakes in Home Lab Setup
Overcomplicating Setup: Trying to build a 10-node cluster on day one. Start with one VM, master it, then expand. Skipping Linux Basics: Many beginners try to skip learning the terminal. You cannot be a DevOps engineer if you are afraid of the command line. No Documentation: If you cannot replicate your setup from scratch, you haven’t learned it. Document every command you run. Not Practicing Regularly: DevOps is a muscle. If you don’t use it, it atrophies. Spend at least 30 minutes a day in your lab. Ignoring Troubleshooting: When an installation fails, don’t just search for the answer. Read the logs first. The logs are your best teacher. Best Practices for Maintaining DevOps Home Lab
Keep It Clean: Use scripts to automate the setup of your environment. If you break it, wipe it and run your setup script again. Document Everything: Create a README.md file in your main lab directory detailing how everything is installed and configured. Break and Rebuild: Once you get something working, delete it and build it again. You will learn more from the second attempt than the first. Version Control: Store your configuration files, scripts, and YAML files in a private Git repository. Treat your lab configuration as code. Real-World Example: Learner Without Home Lab
Meet “Student A.” They watch tutorials on CI/CD pipelines daily. They understand the concepts of Jenkins and Docker perfectly. In an interview, when asked how they would handle a build failure, they provide a textbook answer. They falter when asked about specific CLI flags, error log locations, or how to troubleshoot a locked container process. They lack the “finger memory” and the scar tissue of having fixed real problems.
Real-World Example: Learner With Home Lab Experience
Meet “Student B.” They built a Jenkins server in a VM at home. When the Jenkins service wouldn’t start because of a Java version mismatch, they had to dig through /var/log/jenkins/jenkins.log. They had to learn how to change permissions on the /var/lib/jenkins directory. In the interview, they don’t just explain the concept; they explain the specific troubleshooting steps they took to solve an issue. That level of detail is what gets them hired.
Role of DevOpsSchool in Learning Awareness
As you progress through your home lab journey, you will reach a point where self-learning hits a ceiling. You may have the environment set up, but you lack the architectural perspective of a senior engineer. This is where DevOpsSchool becomes valuable. It provides a structured roadmap that ensures your hands-on practice is aligned with industry-standard workflows. Rather than wandering through disjointed tutorials, mentorship and structured training provide the “why” behind the “how,” helping you connect your lab experiments to enterprise-grade DevOps practices.
Career Benefits of Building a DevOps Home Lab
DevOps Engineer: You will demonstrate an ability to manage pipelines and automation tools. Cloud Engineer: You will understand how virtual machines and networks function, which is the basis of all cloud providers. SRE (Site Reliability Engineer): You will develop the debugging mindset required to ensure system uptime. Platform Engineer: You will build the foundation for creating internal developer platforms for others to use. Future of DevOps Learning Through Labs
The future of labs is becoming increasingly integrated. We are moving toward:
Cloud-based Labs: Using Terraform to spin up temporary test environments in AWS or Azure. AI-Assisted Environments: Using AI to help diagnose configuration errors in real-time. Automated Practice Systems: Platforms that automatically provision a broken environment for you to fix as an exercise. FAQs
What is a DevOps home lab? It is a localized setup of servers and containers used to practice DevOps tools and workflows. How do I start a DevOps lab at home? Start by installing a virtualization hypervisor, then create a Linux VM to host your tools. Is a home lab necessary for DevOps? It is not mandatory, but it is the fastest way to gain the experience required for a job. What tools are needed for DevOps practice? Focus on Linux, Git, Docker, Jenkins, Kubernetes, and Terraform. Can I build a lab on a low-end laptop? Yes, use lightweight Linux distributions and limit the number of active VMs. How do I learn Docker in a lab? Build, run, stop, and remove containers daily until the commands are second nature. How do I practice Kubernetes at home? Use Minikube or Kind to run a cluster on your local machine. What projects should I build in a lab? Start with a simple CI/CD pipeline that deploys a basic website. Do I need a server? No, your main laptop is perfectly adequate for a beginner lab. How often should I practice? Consistency is better than intensity. 30 minutes a day is more effective than 5 hours once a week. What if I break my setup? That is the goal. Use it as an opportunity to learn how to restore your system. Should I use Windows or Linux? Use Linux for your lab environment, as it is the standard for server infrastructure. How do I document my work? Create a Git repository and commit your scripts, configs, and notes there. Is a home lab expensive? No, almost all the tools required are open-source and free. Does a home lab help with certifications? Yes, hands-on practice makes passing exams like CKAD or AWS Solutions Architect significantly easier. Final Thoughts
The distance between an aspiring DevOps engineer and a professional is often measured by the time spent in the terminal. You cannot read your way into this career. You must build, break, fix, and repeat. A DevOps home lab is not just a collection of software; it is your personal proving ground. Use it to foster curiosity and build the muscle memory that will sustain your career for years to come.
View the full article
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below - aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads) All the packages were published over the past month by an npm user namedView the full article
A class action lawsuit accusing Apple of overcharging U.K. iCloud users has been certified to go ahead, putting the £3 billion ($3.9 billion) claim on track for a trial in October 2028.


According to BBC News, the Competition Appeal Tribunal cleared consumer group Which? to bring the case on behalf of an estimated 40 million U.K. iPhone and iPad owners, each of whom could receive up to £77 if the claim succeeds.

Which? alleges that Apple has locked customers into iCloud since 2015 by limiting how rival cloud services work on its devices, and then charged inflated subscription prices as a result. Apple gives users 5GB of free storage and pushes them toward paid tiers once that fills up, with U.K. pricing running from 99p a month for 50GB to £54.99 a month for 12TB.

The consumer group filed its claim against Apple at the tribunal on behalf of affected consumers in November 2024.

Anabel Hoult, Which?'s chief executive, said the group wanted to make clear that no company "no matter how powerful, can get away with abusing its position." She said the green light from the tribunal meant Which? was "one step closer to getting consumers the redress we believe they are owed from Apple."

"This should send a strong message to any other companies using anti-competitive tactics," she added.

Apple has called the claims unfounded, and argues that no customer is required to use iCloud and that alternatives exist. The company said it strongly disagrees with the tribunal's decision and plans to appeal.

Eligibility covers anyone who used iCloud on a U.K. device between November 8, 2018 and June 8, 2026. Those living in the U.K. on June 8 are included automatically unless they opt out by October 8, while non-U.K. residents from that date must opt in by the same deadline. Customers who first used iCloud after June 8, 2026 are excluded.

(Thanks, Alan!)Tags: iCloud, Apple Lawsuits, United KingdomRelated Forum: Apple Music, Apple Pay/Card, iCloud, Fitness+
This article, "Apple's £3 Billion UK iCloud Case Cleared for Trial" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Introduction
In the modern business landscape, digital transformation has evolved from a strategic advantage into an existential necessity, forcing enterprises to abandon siloed, legacy IT models in favor of agile, cloud-native frameworks. As organizations strive to balance increasing market demands with the need for operational resilience, DevOps has emerged as the critical bridge between business strategy and technical execution, effectively transforming IT departments from mere cost centers into engines of sustainable innovation. By prioritizing speed, automation, and a culture of shared responsibility, DevOps provides the architectural foundation for success in a digital-first economy; however, mastering this transition requires guided expertise and a commitment to continuous improvement, which is why forward-thinking leaders leverage specialized ecosystems like DevOpsSchool to equip their teams with the requisite skills. This guide explores how integrating these practices enables a more responsive, scalable, and automated enterprise, ensuring that technology serves as a true catalyst for long-term growth.
What Is Digital Transformation in Enterprises?
Digital transformation is the profound transformation of business activities, processes, competencies, and models to fully leverage the changes and opportunities of digital technologies and their accelerating impact across society.
At its core, this process involves:
Business Model Evolution: Moving from legacy, product-centric models to service-oriented, customer-centric digital ecosystems. Technology Modernization: Replacing fragmented, on-premise legacy systems with cloud-native, scalable, and modular architectures. Customer Experience Focus: Using real-time data to personalize interactions and reduce friction in the user journey. Data-Driven Decision-Making: Shifting from intuition-based planning to real-time analytics, allowing for rapid pivots based on market feedback. Digital transformation is not a project with a start and end date; it is an organizational evolution toward continuous innovation.
Why DevOps Is Central to Digital Transformation
DevOps is not just a set of tools; it is a philosophy that mandates a fundamental shift in how an organization works. Without a DevOps mindset, digital transformation initiatives often stall because the underlying delivery processes remain slow and siloed.
Speed of Delivery: DevOps removes the bottlenecks that prevent code from moving from development to production. Automation-First Mindset: By automating repetitive tasks, DevOps frees up high-value engineering resources to focus on business innovation rather than “keeping the lights on.” Collaboration: DevOps destroys the wall between “Dev” (who want change) and “Ops” (who want stability), creating a shared responsibility for business outcomes. Continuous Improvement: The feedback loop inherent in DevOps allows for constant refinement, which is essential for any transformation effort. How DevOps Accelerates Digital Transformation
The correlation between DevOps maturity and digital transformation success is direct. Enterprises that adopt these practices see measurable improvements in key performance indicators (KPIs).
Business BenefitDevOps ContributionFaster Software DeliveryCI/CD pipelines automate testing and deployment, slashing lead times.Reduced Time to MarketShortened feedback cycles allow features to reach customers weeks faster.Improved ReliabilityAutomated testing and infrastructure management reduce human error in production.Enhanced ScalabilityInfrastructure as Code (IaC) ensures environments can scale automatically with demand. DevOps as a Cultural Transformation Driver
The greatest hurdle in any digital transformation is not technology—it is culture. Transitioning to DevOps requires a shift from hierarchical, siloed thinking to a model of autonomy and accountability.
Breaking Silos:
When development teams own their code in production, they gain empathy for operations. When operations teams are involved in the design phase, they anticipate deployment challenges earlier.
Shared Responsibility:
In a DevOps culture, “it works on my machine” is no longer an acceptable excuse. The goal is a shared commitment to the stability, performance, and security of the application.
Agile Collaboration:
DevOps complements Agile methodologies by ensuring that the agility requested by product owners is actually executable by engineering. It creates a continuous feedback loop where developers are informed by user behavior in real-time.
Role of CI/CD in Digital Transformation
Continuous Integration and Continuous Deployment (CI/CD) are the mechanical heart of DevOps. They enable the “continuous” aspect of digital transformation.
Automated Pipelines: By automating the build, test, and deploy stages, organizations can deploy updates multiple times a day instead of once a quarter. Continuous Integration: Developers merge code changes frequently, allowing for early detection of integration issues and preventing “merge hell.” Continuous Deployment: Once code passes automated quality gates, it is automatically deployed to production, ensuring that business value is realized as soon as the feature is ready. Reduced Manual Intervention: Automating deployment eliminates the risk associated with human error and manual configuration drifts. Cloud Adoption and DevOps Transformation
Cloud computing provides the elasticity required for digital transformation, but DevOps provides the management discipline to utilize that elasticity effectively.
Infrastructure as Code (IaC): This allows IT teams to manage infrastructure with the same rigor as application code. You can version, test, and deploy infrastructure changes automatically. Scalable Environments: Cloud-native DevOps allows for the creation of on-demand environments, enabling rapid experimentation without the risk of breaking production. Cost Optimization: Through automated monitoring and resource management, DevOps practices help enterprises avoid “cloud sprawl” and unnecessary expenditure. DevSecOps in Digital Transformation
Security cannot be an afterthought in a digital-first enterprise. DevSecOps integrates security controls directly into the CI/CD pipeline.
Security Automation: Instead of waiting for a manual security audit at the end of a cycle, automated scanning tools detect vulnerabilities in code or dependencies in real-time. Compliance as Code: Regulatory requirements (like GDPR or HIPAA) are baked into the infrastructure configuration, ensuring the organization is always audit-ready. Risk Reduction: By shifting security “left” (earlier in the development process), organizations can patch vulnerabilities before they reach production, drastically reducing the attack surface. Real-World Example: Traditional Enterprise Before vs. After DevOps
Consider a mid-sized retail organization transitioning to an e-commerce model.
Before DevOps (The Legacy State):
Deployment Frequency: Monthly, accompanied by high anxiety and long downtime. Collaboration: Development and Operations are in separate buildings, communicating only through tickets. Customer Impact: If a bug reaches production, it takes 48 hours to fix, resulting in lost revenue and customer churn. After DevOps-Driven Transformation:
Deployment Frequency: Daily, with zero-downtime deployments. Collaboration: Integrated product teams work together to solve customer issues. Customer Impact: A bug is identified and patched in hours, and the release cycle aligns with seasonal shopping trends, significantly increasing revenue. Challenges in DevOps-Driven Transformation
Adoption is rarely without friction. Leadership must anticipate these common obstacles:
Legacy System Integration: Older mainframe or monolithic applications are difficult to automate. Cultural Resistance: Mid-level management may feel threatened by the shift toward engineer autonomy. Skill Gaps: Existing staff may require significant upskilling in modern tools like Kubernetes, Terraform, and CI/CD platforms. Toolchain Complexity: Managing a massive stack of open-source tools requires strong governance and platform engineering. Governance Issues: Balancing the need for speed with the necessity of corporate compliance and oversight. Best Practices for DevOps-Led Transformation
Start with Pilot Projects: Do not attempt a “big bang” transformation. Pick a non-critical application to pilot your new DevOps workflows. Automate Incrementally: You do not need to automate everything on day one. Start with the most painful, manual bottleneck in your deployment process. Focus on Culture First: Ensure buy-in from leadership and incentivize cross-team collaboration over individual performance metrics. Measure Outcomes: Focus on DORA metrics (Deployment Frequency, Lead Time for Changes, Mean Time to Recovery, Change Failure Rate). Align IT with Business Goals: Ensure the IT roadmap directly supports revenue-generating business initiatives. Role of DevOpsSchool in Transformation Learning
Successful transformation relies on the competency of the team. As organizations pivot toward DevOps, the demand for trained professionals who understand both the theory and the practical application of these technologies is immense.
Enterprises often utilize structured learning paths provided by organizations like DevOpsSchool to help their teams bridge the gap between legacy operations and modern engineering. Whether it is understanding complex CI/CD workflows, mastering cloud-native architecture, or implementing security-first development practices, access to expert-led curriculum is essential. Providing teams with clear, standardized training ensures that the organization moves in the same direction, reducing the “tool sprawl” that often occurs when teams adopt disparate technologies without a unified strategy.
Industries Benefiting from DevOps Transformation
Banking & Finance: Improving security and compliance while accelerating fintech innovation. Healthcare: Ensuring 99.999% system availability while protecting patient data. Retail & E-Commerce: Scaling infrastructure rapidly to handle seasonal traffic spikes. Telecom: Automating network management and speeding up the rollout of new digital services. SaaS Companies: Enabling the rapid iteration and deployment cycles that are the lifeblood of software-as-a-service businesses. Government Systems: Modernizing citizen-facing portals to be more responsive and accessible. Future of DevOps in Digital Transformation
The future of DevOps lies in the move toward autonomous operations.
AI-Driven Automation (AIOps): Using machine learning to predict system failures and automatically remediate them before they impact the user. Platform Engineering: Building internal developer platforms (IDP) that provide developers with a self-service experience, reducing cognitive load. Autonomous Infrastructure: Environments that can self-heal, scale, and optimize costs without manual intervention. Fully Cloud-Native Enterprises: Organizations will stop viewing “cloud” as a location and start viewing it as an operating model. FAQs
How does DevOps support digital transformation?It acts as the delivery engine, enabling the speed, scalability, and agility required to execute digital business models. What is the role of CI/CD in transformation?CI/CD automates the delivery pipeline, allowing for faster, more reliable code releases that directly impact customer satisfaction. Why is DevOps important for enterprises?It bridges the gap between IT operations and business goals, reducing waste and increasing innovation speed. How does DevOps improve business speed?By removing manual bottlenecks and fostering a culture of continuous delivery. What is DevSecOps in transformation?It is the practice of embedding security directly into the development pipeline, ensuring safety at speed. Is cloud required for DevOps transformation?While possible on-premise, cloud provides the infrastructure flexibility that maximizes the benefits of DevOps. What are the biggest challenges in DevOps adoption?Cultural inertia, legacy technical debt, and skill gaps within existing IT teams. How do companies measure transformation success?By tracking DORA metrics such as deployment frequency and mean time to recovery. Can DevOps be implemented in legacy environments?Yes, but it requires wrapping legacy apps in modern interfaces or incrementally refactoring them into microservices. What is the difference between DevOps and Agile?Agile is a methodology for project management and software development; DevOps is a culture and set of practices that extends this to operations and delivery. Who should lead a DevOps transformation?It requires a coalition of leaders from Development, Operations, and Security, supported by top-level executive sponsorship. How long does a DevOps transformation take?It is a continuous journey, though teams often see efficiency gains within 6–12 months of focused effort. Is DevOps expensive to implement?It requires initial investment in training and tooling, but it pays for itself by reducing operational costs and accelerating time-to-revenue. How do I start a DevOps transformation?Start with a single pilot team, identify a common bottleneck, and solve it with automation. Does DevOps eliminate the need for IT operations?No, it evolves the role of IT operations from manual server maintenance to platform engineering and reliability management. Final Thoughts
DevOps is not a silver bullet, nor is it merely a suite of tools. It is the foundational pillar upon which successful digital transformation is built. In a world where customer expectations are fluid and competitive landscapes shift overnight, the ability to deliver value continuously, reliably, and securely is your most significant competitive advantage.
Technology alone will not save an enterprise. The real change happens when leaders empower their teams to automate the mundane, collaborate across boundaries, and take shared responsibility for the success of their digital initiatives. Success is defined not by the technology you adopt, but by how well that technology enables your people to innovate.
View the full article
For years, cybersecurity professionals have been repeating the same warning: Every company will eventually be breached.
Fine. Let’s accept that.
Then why do so many organizations still behave as if the near sole purpose of cybersecurity is to prevent the breach from ever happening?
That is the contradiction at the heart of modern cybersecurity strategy. We say, “Assume the breach,” but we budget, govern, architect, and rehearse as if the wall will hold. We tell boards compromise is inevitable, then ask for more money to make the wall higher, thicker, smarter, and more AI-enabled. We buy more tools. We tune more dashboards. We polish the gate. We call it maturity. And then, when the wall of our gloriously protected city cracks, it turns out that half the city has no food, no command structure, no working roads, no backup water supply, and no idea who is supposed to organize the response.
That is not security. Or at least, it should no longer be understood as security.
Pure prevention is the past
The age of having a pure prevention focus has ended. Not because prevention is dead. That would be a childish argument. WAFs matter. MFA matters. Patching matters. Hardening matters. The familiar machinery still matters: hardened systems, sane configurations, patching discipline, identity controls, endpoint visibility, email defenses, logging, segmentation, and the rest of the security plumbing. Nobody serious is suggesting we kick open the gates and invite the attackers in.
But prevention alone is no longer a credible operating model. It no longer works as the primary focal point. The strategic question is no longer simply, “Can we stop the attack?” The better question is, “Can the organization continue to function when the attack succeeds?” That is the shift. Cybersecurity is not primarily about protection anymore. It is about survival.
Survival means breach readiness. It means continuity. It means recoverability. It means identity restoration when the identity provider is compromised. It means knowing which systems can be rebuilt cleanly and which ones are held together by duct tape, vendor promises, and one engineer we are all praying will never retire. It means backup integrity, crisis governance, legal and communications alignment, supplier fallback, product resilience, clean deployment pipelines, tested incident response, and executives who understand that cyber risk is not a quarterly awareness slide. Survival means designing organizations that can absorb breach, disruption, AI acceleration, supplier failure, regulatory pressure, and systemic shock without collapsing entirely.
This is not just philosophy. The world is moving there whether companies enjoy the view or not.
The critical question
In Europe, under the EU legislative umbrella, cyber resilience is becoming explicit regulatory language. DORA makes digital operational resilience a serious financial-sector obligation. NIS2 widens the net around essential and important entities. The Cyber Resilience Act pushes security into the lifecycle of products with digital elements, from planning and design to development and maintenance. Europe, in its very European way, is saying: You shall be resilient, and there shall be paperwork.
The US is taking a different, perhaps more laissez-faire path. It is pushing accountability through disclosure, enforcement, sector rules, procurement pressure, and public-private nudging. The SEC wants material cyber risk and incidents visible to investors. CIRCIA aims to force critical infrastructure operators to report substantial incidents and ransom payments. CISA pushes Secure by Design pledges. All that sounds good. But there is a catch, and it lies in the unresolved question of criticality.
Critical for whom?
Critical for the government? For consumers? For markets? For the company’s customers? Critical for a supply chain that no regulator has fully mapped because the economy now runs on a cesspool of unmanaged SaaS dependencies?
Europe is increasingly trying to define resilience as an obligation. The US, more characteristically, is trying to produce accountability through disclosure, enforcement, procurement pressure, and market signaling. The problem is that market signaling collapses when nobody wants to admit they are part of the market’s critical nervous system. This is where the comfortable policy language starts to wobble.
“Critical infrastructure” is treated as if it were a natural category. It is not natural. It is political, legal, economic, operational, and worst of all, highly fluid. Companies are trying to avoid being seen as critical when the label brings obligations, reporting duties, scrutiny, liability, and expense. That is not cynicism. That is incentives doing what incentives do: rewarding ambiguity, punishing transparency, and giving everyone a reason to stay conveniently uncritical until the blast radius proves otherwise.
The deeper issue is not only critical infrastructure. It is critical dependency.
A company may not be critical to the state, but it may be critical to every customer that relies on it. A vendor may avoid the regulatory label, but not the blast radius. A minor-looking SaaS provider, identity layer, CI/CD platform, payment processor, LLM tool, MSP, open-source package, or API gateway can become the point where hundreds of organizations discover that their business continuity plan was a PDF bundled in mindless optimism.
This is why voluntary pledges are useful but insufficient. They create norms and language. They help responsible companies signal intent. But a pledge is not a control. A pledge without evidence, enforcement, procurement consequences, customer pressure, or liability is policy theater with potential. Better than silence, yes. Better than mandatory resilience? Not even close.
And then AI permeates the world as an accelerant poured across the entire problem.
The AI uprising
AI compresses time. It lowers attacker skill barriers. It improves phishing, reconnaissance, exploit development, malware support, impersonation, fraud, and social engineering. It also expands the attack surface inside companies through shadow AI, AI agents, sensitive data leakage, automated decisions, insecure integrations, and systems that can act without anyone fully understanding how far their permissions reach.
The uncomfortable part is that defenders need AI, too. Nobody is going to manually out-click, out-triage, and out-correlate machine-speed attacks with heroic analysts and vibes. Defensive AI is necessary. AI-assisted testing is necessary. Runtime analysis is becoming more important. Agentic security workflows will grow. Humans matter, of course, but they will need to move from being button-pushers to decision-makers, validators, and designers of boundaries.
Recent Mythos revelation, whatever one thinks of it, exposed the broader truth: AI is not merely another asset to secure. It changes the tempo of security. It changes what “timely” means. If attackers can move from discovery to exploitation faster than a company can schedule a change committee meeting, prevention-first chest-thumping becomes blind, brainless bravado.
Consequently, that is also where application security becomes central, but not in the narrow old sense.
AppSec shows the way
AppSec has traditionally been treated as prevention: find bugs, fix bugs, block exploit paths, test before release, scan the API, harden the app, stop the vulnerability from becoming an incident. That is still true. But modern AppSec is also resilience. Secure-by-design systems fail less catastrophically. Well-tested applications reduce blast radius. Strong API authorization protects business logic when identity is abused. Good software supply-chain controls make recovery possible because you know what you shipped, where it came from, and whether you can trust it. Continuous testing shortens the time between exposure and correction. Runtime visibility tells you what is actually happening, not what the architecture diagram claimed would happen in calmer weather.
The mature AppSec question is no longer only whether a vulnerability exists. It is how quickly the organization can discover exposure, validate exploitability, prioritize business impact, reduce blast radius, and prove the fix actually reduced risk.
So AppSec is preventive in method, but resilient in strategic value.
That matters because the old budget logic still lingers. Many organizations talk about resilience at the board level while still spending and operating like the real work is another tool, another dashboard, another rule, another exception queue, another heroic security team tuning SIEM alerts at midnight. There is a widening gap between the talk and the walk. The talk says resilience. The walk still mainly says prevention, compliance, and hope.
Resilience becomes duty
This is not to mock prevention. Prevention is valuable. It reduces noise and buys time. It blocks commodity attacks. Prevention keeps the easy doors closed and the lazy criminals moving. Good. Keep it. Fund it. Improve it.
But stop pretending it is the whole castle.
At some point, reinforcing the gate drains us of good iron. Or cash, as may be the case. The cannon is already here. Sometimes the cannon is ransomware. Sometimes it is a supplier compromise. Sometimes it is an AI-assisted vulnerability chain. Sometimes it is a cloud identity failure. Sometimes it is a security vendor update that helpfully demonstrates the concept of systemic risk by taking half the planet down before breakfast.
The organizations that survive will not be the ones with the prettiest walls. They will be the ones that know what happens when the walls fail.
They will know which services matter most. They will know their dependencies, how to isolate blast radius, how to restore from clean sources. They will know who decides, who communicates, who pays, who informs regulators, who speaks to customers, and who has authority to shut something down before the whole environment becomes a crime scene with invoices.
They will practice. Not once a year in a tabletop exercise where everyone nods politely and pretends Legal will respond in real-time. They will practice seriously. They will break assumptions. They will test recovery. They will challenge vendors. They will treat incident response as an organizational muscle, not a binder.
This is also where CISO accountability must be discussed honestly. It is easy to demand accountability from the security leader after the fire. It is harder to ask whether the CISO had budget, authority, board access, engineering influence, product leverage, procurement power, and documented risk acceptance before the fire. If a company wants the CISO to be accountable for survival, then the CISO must be empowered to design for survival. Otherwise, accountability is just corporate theater, and the CISO is one person selected in advance to stand under the falling chandelier.
The same applies to boards. A board that funds only prevention but expects resilience after failure is not governing cyber risk. It is buying a bucketload of denial. Cybersecurity cannot remain a narrow technical department expected to compensate for fragile business architecture, reckless supplier dependence, poor software practices, underfunded recovery, unclear executive authority, and magical thinking about AI.
If cybersecurity is survival, then everyone who shapes organizational resilience shapes cybersecurity. Engineering shapes it. Procurement shapes it. Legal shapes it. Finance, Product, HR, Communications — they all shape it. The board, too, and the CEO. Security may lead the discipline, but it cannot be the only organ responsible for keeping the body alive.
That is the point. Not that prevention no longer matters. Not that we should abandon controls and have minstrels sing of resilience while attackers empty the database. The point is that protection is no longer enough to define security. A company that collapses when prevention fails was never truly secure. It was only protected until the first failure.
The cybersecurity paradigm of today and tomorrow must be built around survival: surviving breach, surviving disruption, surviving AI acceleration, surviving dependency failure, surviving regulatory scrutiny, and surviving the moment when the neat diagram meets the ugly incident.
We still need walls, gates, and guards.
But the wall is not the city, nor its citizens. And if the city and the citizens cannot survive after the wall falls, then maybe the wall was never a viable strategy.
Maybe it was just a waste of that good iron.
View the full article
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan, Australia,View the full article
OpenAI on Monday said it's releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its "strongest model yet for finding and helping patch software vulnerabilities," OpenAI said the model can "sustain deeper analysis across large codebases" to identifyView the full article
CSOs must re-write their cyber risk strategies because threat actors are increasing using AI to evade defenses, says a group of national cybersecurity agencies – a call that one expert immediately complained is too vague to be of use.
In its call to action on Monday, the group warned that “frontier Al models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities. The timeline is not years, it is months.”
Because of this, cyber resilience is integral to advancing business continuity, market confidence, and long-term value, the statement says.
The statement comes from the US Cybersecurity and Infrastructure Security Agency (CISA), the UK National Cybersecurity Centre, the Canadian Centre for Cyber Security (CCCS), the Australian Cyber Security Centre, and the New Zealand Cyber Security Directorate, collectively known as Five Eyes.
It urges business and infosec leaders to understand and assess cyber risk, readiness to face an attack, and accountability; prioritize foundational cyber security practices and controls; empower cyber leaders with authority and resources; and stay actively engaged as threats and guidance evolve.
 The Canadian Centre for Cyber Security told CSO that the Five Eyes statement was issued now “because we are seeing real, recent shifts in how AI tools are being used, including to speed up the discovery and exploitation of vulnerabilities. As these capabilities become more accessible, the risk is no longer theoretical.”
The statement clearly signals that the pace of change has reached a point where organizations need to act, CCCS added, noting, “waiting will only narrow the window to respond. Our shared purpose was to be direct and accessible to senior leaders: AI is already affecting cyber risk, and it needs to be addressed as part of core business risk management.”
Get the basics right
In the statement, the agencies warn, “Success will come from getting the basics right, acting quickly, and integrating cyber security into core business strategy. Those that do not will face growing operational and strategic disadvantage.”
Cyber risk can no longer be treated as a purely technical issue, they point out. “This is a core business risk and leadership responsibility. Boards and executives should ensure cyber resilience is in place and works under pressure. It is not enough to have controls. Leaders must be confident those controls will perform during a real incident. This requires reassessing long-standing trade-offs and using AI deliberately to strengthen defense, not just improve efficiency.”
For leaders, the statement offers three core principles to act on, including making sure secure-by-design and secure-by-default are standard IT practice and not aspirations, implementing defense in depth, and being prepared to face new zero-day vulnerabilities.
It also recommends five practical actions, including reducing attack surface, accelerating patching, addressing legacy systems, strengthening identity and access controls, and preparing for breaches of security controls through testing response plans and focusing on containing a breach.
“These actions are not new,” the agencies admit, “but are now urgent to reduce not only technical risk, but also operational, financial and reputational exposure.”
The agencies also urge infosec defenders to use AI to strengthen enterprise defenses.
[Related content: How SOCs can leverage AI]
Experts unimpressed
However, the advice doesn’t impress some experts.
It “seems to be a generic statement that states the obvious, and, quite frankly, does not provide meaningful guidance about addressing AI risks,” complained Joseph Steinberg, a US-based cybersecurity and AI advisor to businesses and governments.
 “Not only does the statement not discuss many aspects of risk that AI creates, and for which businesses should already be planning and implementing countermeasures, but four out of the five recommended Practical Actions contained within the statement do not even mention AI, and have applied well before the dawn of the AI era.”
The statement should have discussed AI’s total transformation of social engineering and its ability to perform greater reconnaissance, he said, and recommended techniques for social engineering-specific targets. It should have also have explained that generative AI can leak data about a company’s internal work, and that if an AI is fed poisoned data it may “learn” incorrect things; that training issue is hard to undo.
Asked for comment on complaints that the Five Eyes statement is too generic, a CISA spokesperson pointed to the agency’s artificial intelligence guidance website, which contains articles on AI data security, how AI must be secure by design, and other resources.
Rob Enderle, head of the Enderle Group, said that the Five Eyes warning is “incredibly late.”
“AI-driven threats and deepfakes have been heavily impacting corporate landscapes for some time now,” he said in an email. “However, while late, the guidance is completely consistent with the severity and scale of the threat we are actively facing, providing a needed baseline for agencies trying to catch up to the current environment.”
The advice itself is solid, he acknowledged, “but acts more as a critical wake-up call than a prescient roadmap. It successfully emphasizes that AI is fundamentally altering the threat vector, and organizations can no longer afford to treat cybersecurity as a siloed technical problem. Rather than being overly generic, it accurately underscores the immediate operational vulnerabilities that corporations need to address.”
[Related content: Risk tolerance vs risk appetite]
“Crucially,” Endele added, “this is no longer just a discussion for CSOs. To manage this risk effectively, CSOs, CIOs, and CEOs all must be aligned and actively involved. Because AI impacts everything from operational infrastructure to brand trust and corporate governance, cyber risk strategy must be treated as a core business continuity issue driven straight from the top.”
Ilia Kolochenko, CEO of ImmuniWeb and adjunct professor of cybersecurity practice and cyber law at US-based Capitol Technology University, said the Five Eyes statement “makes perfect sense. However, it should have been sent in late 2023. Today, careless implementation and imprudent use of legitimate AI systems is a much bigger threat than any misuse of AI.”
He added that while the practical recommendations, such as the reduction of organization’s external attack surface, are relevant, they have little direct relationship with the modern AI risks. AI accelerates and amplifies the detection of misconfigured, obsolete, or vulnerable systems exposed to the internet, he agreed, but such issues have been around for more than a decade. “There are thousands of freely available non-AI tools that can quickly find the low-hanging fruit, which are oftentimes even better and much cheaper than LLMs, so AI is not even relevant here,” he said.
The biggest risk, Kolochenko said, stems from within organizations. Driven by the fear of missing out, corporate leadership frequently decides to precipitately deploy various AI systems across their organizations without even informing their CSO, let alone conducting a comprehensive risk assessment. Eventually, he said, AI introduces countless new attack vectors and vulnerabilities, becoming a much bigger risk than cybercriminals with AI.
He added that, in 2026, threat actors really don’t need more zero-days, because virtually every large company has so much shadow IT and so many misconfigured assets that cybercriminals can simply download all of the organization’s crown jewels in one click. “No zero-days or faster exploitation cycle with AI are needed to get everything any more,” he said.
View the full article
Stung by a surge in cyberattacks that have run amok in developer environments, GitHub has strengthened the security of actions/checkout to block ‘pwn request’ attacks that exploit insecure use of the pull_request_target workflow trigger to run an attacker’s code with the workflow’s full privileges.
Announced on June 18, actions/checkout v7 now automatically blocks and fails workflows when used inside pull_request_target or workflow_run events when attempting to fetch unreviewed fork pull request code.
From now on, the only away around these checks will be for developers to implement an opt out by adding an explicit allow-unsafe-pr-checkout to actions/checkout, GitHub said in its V7 changelog.
The change signals the beginning of a new ‘secure by default’ era in which security will be defined by the GitHub system rather than being left to discretion of developers. As part of that effort, on July 16, the new defaults will be backported to all supported major versions.
“Workflows pinned to a floating major tag (e.g., actions/checkout@v4) will automatically pick up the change. Workflows pinned to a specific SHA, minor, or patch version aren’t affected by the backport and will need to upgrade using Dependabot or through established upgrade processes,” GitHub explained.
However, because pwn request attacks can happen in other ways, “further hardening of additional events may be explored in future releases,” the changelog added.
Blind spot
If there’s a criticism that can be levelled at GitHub over this, it’s that it has taken so long to address a weakness that’s been known about for years.
The issue is with GitHub Actions, which allows triggers to run workflows, including pull_request, which processes third-party forks without giving access to secrets such as API keys, service tokens, and credentials. The downside is that this restriction prevents some automations from working, which is why developers turn to an alternative trigger, pull_request_target, which grants the required access.
At some point, attackers realized that where pull_request_target was configured carelessly with actions/checkout to pull in untrusted fork code, it offered a back door into repositories and their secrets.
In other words, the weakness in pull_request_target isn’t the trigger itself, which is legitimate and secure when correctly used, but in its  incorrect use. As GitHub’s changelog puts it: “Checking out the head of an unreviewed pull request from a fork inside one of these workflows typically lets attacker-controlled code execute with the workflow’s full privileges.”
The arrival of actions/checkout v7, however, should make this harder, automatically blocking risky workflows regardless of their configuration.
Unfortunately, a lot of damage has already been done. Open source repositories have recently come under sustained attacks from the TeamPCP hacking group, using a variety of techniques, including pwn requests.
A notable example was its attack last month, which compromised 170 node package manager (npm) packages, including the TanStack Router ecosystem, thanks to a pwn request exploit. Embarrassingly, in a separate incident not involving a pwn request, GitHub itself was breached and the attackers exfiltrated source code from around 3,800 of the company’s internal repositories.
Better late than never, GitHub has sprung into action, plotting a series of security reforms on the platform, including, earlier this month, limiting automatic install script execution in npm.
This article originally appeared on InfoWorld.

View the full article
Apple released the second beta of iOS 27 today, and as is common with a second beta, there are multiple changes. There are new features and updates to existing features as Apple prepares for a July public beta and a September software launch.


Write with Siri

There is a new Write with Siri button above the keyboard in Notes, Mail, Messages, and more. It makes it easier to locate the option to use ‌Siri‌ for writing. In the first beta, the Write with ‌Siri‌ tool was only available when selecting text.


Siri Voice Customization

The ‌Siri‌ voice customization feature available on the iPhone 17 Pro and iPhone Air now has Pace and Expressivity labeled as "Coming Soon." The options did not work in the first ‌iOS 27‌ beta.


Wallet App Insights

The Wallet app has a new "Insights" feature that's accessible by tapping on the three-dot icon in the upper right corner.


Insights is not fully implemented, but a splash screen for the feature says users will be able to connect accounts to Wallet to see spending insights, recurring transactions, account balances, and more. Apple says up-to-date account information will be available through the feature.

Apple TV

In ‌iOS 27‌ beta 2, Apple updated the Home app to add support for remotely updating an Apple TV.


The ‌Apple TV‌ is now listed in the Updates section of the Home app's Settings interface, and tapping on the ‌Apple TV‌ update button installs the latest software without needing to turn on the ‌Apple TV‌.

RCS

Apple added support for replying to a specific message in an RCS conversation with an Android user.


You can now long press on a message to get to the option to reply to a message, and it works the same way that it does with iMessages.

‌iOS 27‌ also displays tapback/reaction emoji on images and videos properly. In iOS 26, it would use a text descriptor, such as [x loved an image] instead of showing the emoji. In ‌iOS 27‌, the emoji shows up on the image or video as it does in an iMessage conversation.

iCloud Backup Notifications

Code in ‌iOS 27‌ suggests Apple will now send notifications if an iCloud backup doesn't work properly.

"There's a problem with our server, so you may not be able to backup or restore your device right now. Try again later," reads the notification.

AirPort Utility

Apple says the AirPort Utility app will no longer be available for download in ‌iOS 27‌. Users who already have the app can re-download it, but AirPort Utility functionality is not guaranteed in ‌iOS 27‌.



Visual Intelligence

In the ‌Siri‌ section of the Settings app, there's a new Visual Intelligence option. Highlight to Image Search is turned off by default, and Apple says turning it on will automatically send images to third parties when highlighting subjects to find similar images.


Camera App

There are now yellow highlights around the camera tools button when a hidden camera feature like exposure adjustment is enabled.


Create a Pass

In the Create a Pass feature in Wallet, there are texture options available when choosing a color.


HomeKit Cameras

You can long press on incoming notifications from HomeKit Secure Video cameras to watch the video from the motion alert and to turn on lights that are located near the camera.


HomeKit Accessories

If you had HomeKit accessories like Philips Hue lights that were unresponsive after installing ‌iOS 27‌ and tvOS 27, the beta 2 updates fix the problem.

Weather

Some of the light blue text in the Weather app has been updated to be lighter and brighter, making it easier to read. Precipitation levels, condition descriptor, and wind mph reading are now the brighter color.


Siri App

There's a new option to select multiple conversations to delete in the ‌Siri‌ app.


Photos

The AI tools in the Photos app are now available for RAW images.

iOS 27 Info

‌iOS 27‌ is available to developers right now, but Apple plans to release a public beta in July. ‌iOS 27‌ is set to launch in September alongside new iPhones. Related Roundups: iOS 27, iPadOS 27
This article, "Everything New in iOS 27 Beta 2" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is working on AirPods that have cameras for feeding data to Siri. The new earbuds will be Apple's first AI wearable, and current rumors suggest they're going to come out in late 2027.

Subscribe to the MacRumors YouTube channel for more videos.Design

The AirPods will look similar to the current AirPods Pro 3, but with cameras embedded in the stem. Apple also plans to include a light that will come on when visual data from the AirPods is being sent to the cloud. The LED will let people around the wearer know the cameras are in use.



Size, design, and fit are expected to remain the largely same for the earbuds and the charging case, with the exception of the changes to the stem.

Rumors suggest Apple will use tiny infrared cameras, similar to the infrared camera used for Face ID.

Features

The cameras in the AirPods will be used for sending data about the wearer's surroundings to ‌Siri‌, giving ‌Siri‌ more information about where the user is and what's nearby.

‌Siri‌ will be able to answer questions about objects or whatever the wearer happens to be looking at. The camera-equipped AirPods could be useful for more exact turn-by-turn directions when walking, contextual reminders, 3D mapping, and more.

The iPhone already has Visual Intelligence, which uses AI to identify plants, animals, landmarks, art, books, and more. Camera-equipped AirPods will be able to supply data for ‌Visual Intelligence‌ without the need to use the Camera app.

Users aren't likely to be able to use the cameras to capture photos and videos.

H3 Chip

Apple is working on an upgraded H3 chip and it could make its first appearance in the next AirPods Pro. The H3 chip is expected to bring latency improvements and better audio quality.

Naming

Initial rumors about the AirPods with cameras said they wouldn't be a full new model and wouldn't be called the AirPods Pro 4, but launch timing has since changed. It's now likely the AirPods will be part of the AirPods Pro line, but naming is still unsettled.

Apple could call them the AirPods Pro 4, but AirPods Ultra is also a possibility.

Pricing

With the addition of cameras, the AirPods could be more expensive than the current $249 ‌AirPods Pro 3‌.

Compatibility

Since the AirPods will feed data to ‌Siri‌, an iPhone that supports Apple Intelligence will be required to use the features. ‌Apple Intelligence‌ is available on the iPhone 15 Pro and later.

Release Date

There were rumors suggesting the camera-equipped AirPods could come out as soon as this year, but the latest information indicates the new earbuds will launch in late 2027 alongside the 20th anniversary iPhone and a second-generation foldable iPhone.

Apple reportedly needed more time for the AirPods to design visual AI models capable of identifying objects.

Apple is testing the new AirPods with iOS 28, an update that Apple is already developing.Related Roundups: AirPods 4, AirPods Pro 3Buyer's Guide: AirPods (Caution), AirPods Pro (Neutral)Related Forum: AirPods
This article, "Apple's Camera-Equipped AirPods Ultra: What to Expect" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is working on a macOS Tahoe 26.5.2 update that's expected to come out in the near future. The second macOS Golden Gate beta includes an upgrade path from ‌macOS Tahoe‌ 26.5.2, which suggests 26.5.2 is an upcoming build that Apple expects devices to be running soon.


The update will be released alongside iOS 26.5.2, which we've already confirmed is in testing based on MacRumors visitor logs.

‌macOS Tahoe‌ 26.5.2 and iOS 26.5.2 are expected to be minor updates with bug fixes and security updates.

Apple is also testing ‌macOS Tahoe‌ 26.6 and iOS 26.6 updates, and two betas have been released so far. With the 26.6 software not too far off, it's likely we'll get iOS 26.5.2 and ‌macOS Tahoe‌ 26.5.2 this week.Related Roundups: iOS 26, iPadOS 26, macOS TahoeRelated Forums: iOS 26, macOS Tahoe
This article, "macOS Tahoe 26.5.2 and iOS 26.5.2 Updates Coming Soon" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple is planning to remove the AirPort Utility app from the App Store in the near future, according to the release notes for iOS 27 beta 2. The app is no longer fully supported in ‌iOS 27‌, and Apple warns that it is not guaranteed to work.



Users who have downloaded AirPort Utility in the past will be able to re-download it if needed.

Apple also plans to remove AirPort Utility from new installations of macOS, but users who already have it installed will continue to be able to use it after updating to new versions of macOS. As with ‌iOS 27‌, Apple says it isn't guaranteed to work in macOS Golden Gate.

AirPort Utility lets users manage AirPort base stations like the AirPort Extreme, AirPort Express, and AirPort Time Capsule. Apple discontinued its AirPort routers back in 2018, but has continued to support them through the AirPort Utility app.

With ‌macOS Golden Gate‌, Apple is eliminating AFP support, which means the Time Machine feature on Macs will no longer work with the AirPort Time Capsule.

With Time Capsule support ending and Apple sunsetting the AirPort Utility app, it's clear Apple does not plan to continue offering updates to users who are still holding on to their AirPort devices.Related Roundups: iOS 27, iPadOS 27Tag: App Store
This article, "Apple Dropping AirPort Utility From the App Store With iOS 27" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon Prime Day 2026 is here, and it will last for four days, ending this Friday, June 26. As it does every year, Prime Day offers shoppers a huge selection of deals across Amazon's storefront, and we're tracking numerous all-time low prices on Apple gear right now.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

For our coverage, we're focusing on discounts for Apple and Apple-related products that can be purchased right now on Amazon. As of today, this includes deals on AirPods, Apple Watch, iPad, monitors, charging accessories, and more. We're also sharing deals being matched at retailers like Best Buy in some cases.

YEAR'S BEST PRICESAmazon Prime Day 2026

As is typical for Prime Day deals, these markdowns are very time sensitive, so sales listed below may disappear fast, and new ones may appear even faster. With this in mind, we'll keep this article updated over the next few days, and keep an eye on the MacRumors front page as we'll be posting particularly great deals in separate articles next week.

Lastly, and perhaps most importantly, Amazon Prime Day requires you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

AirPods


Amazon has the AirPods Max 2 on sale for $399.00 in all colors, down from $549.00. This is an all-time low price on the headphones. This is accompanied by a great discount on the AirPods 4 for Prime Day, available for $99.00, down from $129.00.

$30 OFFAirPods 4 for $99.00
$59 OFFAirPods Pro 3 for $189.99
$150 OFFAirPods Max 2 for $399.00

AirTag 2


Apple's AirTag 2 has hit the new low price of $24.00 for the 1-Pack and $89.00 for the 4-Pack.

$5 OFFAirTag 2 (1-Pack) for $24.00
$10 OFFAirTag 2 (4-Pack) for $89.00

This is the first major discount we've ever seen on the AirTag 2 at Amazon since the device launched earlier in 2026. The new AirTag is equipped with a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous-generation model.

Apple Watch Ultra 3


Amazon is discounting a wide array of Apple Watch Ultra 3 models down to $649.00 for Prime Day, from $799.00. This is a new all-time low price on the 2025 smartwatch, beating the previous record low price by about $50, and it's available in both Natural and Black Titanium color options.

$150 OFFApple Watch Ultra 3 for $649.00

Apple Watch Series 11


Amazon this week has all-time low prices on the Apple Watch Series 11, with $120 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$120 OFFApple Watch Series 11 (42mm GPS) for $279.00
$120 OFFApple Watch Series 11 (46mm GPS) for $309.00

You can get the 42mm GPS Apple Watch Series 11 for $279.00, down from $399.00, and the 46mm GPS model for $309.00, down from $429.00. On Amazon, you'll find three of the 42mm GPS models and three of the 46mm GPS models on sale at these all-time low prices.

Apple Watch SE 3


Amazon is also taking $50 off the Apple Watch SE 3, starting at $199.00 for the 40mm GPS model. These are matches of all-time low prices on the SE 3, and it's been over four months since we last tracked these prices on the wearable.

$50 OFF40mm GPS Apple Watch SE 3 for $199.00
$50 OFF44mm GPS Apple Watch SE 3 for $229.00

You can also get the 44mm GPS Apple Watch SE 3 on sale for $229.00, down from $279.00. Both the 40mm and 44mm GPS models are available in Midnight and Starlight Aluminum at these prices.

MacBook Air


You'll find $149 off a few models of the 13-inch M5 MacBook Air on Amazon this week, starting at $949.99 for the 512GB model, down from $1,099.00.

$149 OFF13-inch M5 MacBook Air (512GB) for $949.99
$149 OFF13-inch M5 MacBook Air (16GB/1TB) for $1,149.99

iPad Air


Amazon has brought back all-time low prices on a handful of M4 iPad Air tablets for Prime Day. This includes both 11-inch and 13-inch models of the brand new 2026 M4 iPad Air.

$79 OFF11-inch M4 iPad Air (128GB Wi-Fi) for $519.99
$89 OFF11-inch M4 iPad Air (256GB Wi-Fi) for $609.99
$99 OFF13-inch M4 iPad Air (128GB Wi-Fi) for $699.99
$109 OFF13-inch M4 iPad Air (256GB Wi-Fi) for $789.99

Specifically, the 128GB Wi-Fi 11-inch M4 iPad Air has dropped to $519.99, down from $599.00, beating the previous low price by about $40.

iPad


Amazon is taking up to $52 off Wi-Fi and cellular models of Apple's 11th generation iPad for Prime Day. Prices start at $299.00 for the 128GB Wi-Fi iPad, down from $349.00, a second-best price on this model.

$50 OFF128GB Wi-Fi iPad for $299.00
$50 OFF256GB Wi-Fi iPad for $399.00
$52 OFF512GB Wi-Fi iPad for $597.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "The Best Prime Day Deals on AirPods, Apple Watch, AirTag, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Amazon Prime Day 2026 is here, and it will last for four days, ending this Friday, June 26. As it does every year, Prime Day offers shoppers a huge selection of deals across Amazon's storefront, and we're tracking numerous all-time low prices on Apple gear right now.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

For our coverage, we're focusing on discounts for Apple and Apple-related products that can be purchased right now on Amazon. As of today, this includes deals on AirPods, Apple Watch, iPad, monitors, charging accessories, and more. We're also sharing deals being matched at retailers like Best Buy in some cases.

YEAR'S BEST PRICESAmazon Prime Day 2026

As is typical for Prime Day deals, these markdowns are very time sensitive, so sales listed below may disappear fast, and new ones may appear even faster. With this in mind, we'll keep this article updated over the next few days, and keep an eye on the MacRumors front page as we'll be posting particularly great deals in separate articles next week.

Lastly, and perhaps most importantly, Amazon Prime Day requires you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

AirPods


Amazon has the AirPods Max 2 on sale for $399.00 in all colors, down from $549.00. This is an all-time low price on the headphones. This is accompanied by a great discount on the AirPods 4 for Prime Day, available for $99.00, down from $129.00.

$30 OFFAirPods 4 for $99.00
$69 OFFAirPods Pro 3 for $179.99
$150 OFFAirPods Max 2 for $399.00

AirTag 2


Apple's AirTag 2 has hit the new low price of $24.00 for the 1-Pack and $89.00 for the 4-Pack.

$5 OFFAirTag 2 (1-Pack) for $24.00
$10 OFFAirTag 2 (4-Pack) for $89.00

This is the first major discount we've ever seen on the AirTag 2 at Amazon since the device launched earlier in 2026. The new AirTag is equipped with a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous-generation model.

Apple Watch Ultra 3


Amazon is discounting a wide array of Apple Watch Ultra 3 models down to $649.00 for Prime Day, from $799.00. This is a new all-time low price on the 2025 smartwatch, beating the previous record low price by about $50, and it's available in both Natural and Black Titanium color options.

$150 OFFApple Watch Ultra 3 for $649.00

Apple Watch Series 11


Amazon this week has all-time low prices on the Apple Watch Series 11, with $120 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$120 OFFApple Watch Series 11 (42mm GPS) for $279.00
$120 OFFApple Watch Series 11 (46mm GPS) for $309.00

You can get the 42mm GPS Apple Watch Series 11 for $279.00, down from $399.00, and the 46mm GPS model for $309.00, down from $429.00. On Amazon, you'll find three of the 42mm GPS models and three of the 46mm GPS models on sale at these all-time low prices.

Apple Watch SE 3


Amazon is also taking $50 off the Apple Watch SE 3, starting at $199.00 for the 40mm GPS model. These are matches of all-time low prices on the SE 3, and it's been over four months since we last tracked these prices on the wearable.

$50 OFF40mm GPS Apple Watch SE 3 for $199.00
$50 OFF44mm GPS Apple Watch SE 3 for $229.00

You can also get the 44mm GPS Apple Watch SE 3 on sale for $229.00, down from $279.00. Both the 40mm and 44mm GPS models are available in Midnight and Starlight Aluminum at these prices.

MacBook Air


You'll find $149 off a few models of the 13-inch M5 MacBook Air on Amazon this week, starting at $949.99 for the 512GB model, down from $1,099.00.

$149 OFF13-inch M5 MacBook Air (512GB) for $949.99
$149 OFF13-inch M5 MacBook Air (16GB/1TB) for $1,149.99

iPad Air


Amazon has brought back all-time low prices on a handful of M4 iPad Air tablets for Prime Day. This includes both 11-inch and 13-inch models of the brand new 2026 M4 iPad Air.

$79 OFF11-inch M4 iPad Air (128GB Wi-Fi) for $519.99
$89 OFF11-inch M4 iPad Air (256GB Wi-Fi) for $609.99
$99 OFF13-inch M4 iPad Air (128GB Wi-Fi) for $699.99
$109 OFF13-inch M4 iPad Air (256GB Wi-Fi) for $789.99

Specifically, the 128GB Wi-Fi 11-inch M4 iPad Air has dropped to $519.99, down from $599.00, beating the previous low price by about $40.

iPad


Amazon is taking up to $52 off Wi-Fi and cellular models of Apple's 11th generation iPad for Prime Day. Prices start at $299.00 for the 128GB Wi-Fi iPad, down from $349.00, a second-best price on this model.

$50 OFF128GB Wi-Fi iPad for $299.00
$50 OFF256GB Wi-Fi iPad for $399.00
$52 OFF512GB Wi-Fi iPad for $597.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "The Best Prime Day Deals on AirPods, Apple Watch, AirTag, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
With the second beta of iOS 27, Apple added support for replying to a specific message in an RCS conversation with an Android user.


You can now long press on a message to get to the option to reply, and it works the same way that it does with iMessage.


‌iOS 27‌ also displays tapback/reaction emoji to images and videos properly. In iOS 26, it would use a text descriptor, such as [x loved an image] instead of showing the emoji. In ‌iOS 27‌, the emoji shows up on the image or video as it does in an iMessage conversation.

Apple added support for ‌RCS‌ in iOS 18, and has been improving it since then. iOS 26.5 added encryption for ‌RCS‌ messages sent between iPhone and Android users, and now more of the ‌RCS‌ features are being implemented.

For ‌RCS‌ reply threading to work properly, both the sender and the recipient need to have a smartphone and carrier that supports ‌RCS‌.

‌iOS 27‌ is limited to developers currently, but it will be available to the public when Apple releases a public beta in July. The software will see an official launch in September.Related Roundups: iOS 27, iPadOS 27Tags: Android, RCS
This article, "iOS 27 Beta 2 Adds Inline Replies to iPhone-to-Android RCS Chats" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
In iOS 27 beta 2, Apple updated the Home app to add support for remotely updating an Apple TV.


The ‌Apple TV‌ is now listed in the Updates section of the Home app's Settings interface, and tapping on the ‌Apple TV‌ update button installs the latest software without needing to turn on the ‌Apple TV‌.

The HomePod and HomePod mini have long been able to be updated through the Home app, so the ‌iOS 27‌ change for the ‌Apple TV‌ puts it on par with the ‌HomePod‌. The ‌HomePod‌ and ‌HomePod mini‌ run a variant of tvOS, so it makes sense for the ‌Apple TV‌ to be updated in the same way.

Apple's decision to add the ‌Apple TV‌ to the Home app update interface suggests that the upcoming home hub device that's in the works will also be controlled and updated through the Home app.

Apple is expected to release a dedicated home hub later this year, and it will run a version of tvOS like the ‌HomePod‌. It will be a centralized spot for controlling smart home products, making video calls, getting information like the current weather, and interfacing with Siri. The device is expected to have a 7-inch square display with built-in speakers, and it could be something of a HomePod-iPad hybrid.Related Roundups: iOS 27, iPadOS 27Tag: Apple Command Center
This article, "A Small iOS 27 Change Hints at Apple's Long-Rumored Home Hub" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple has added a new "Insights" feature to the Wallet app in the second iOS 27 beta. Accessible by tapping the three dots in the upper right corner, Insights appears to let users add different financial accounts to monitor their spending.


A splash screen for the feature says users will be able to connect accounts to Wallet to see spending insights, recurring transactions, account balances, and more. The fine print says the following: "Your device is connected to your financial institution by an Apple wholly owned subsidiary, which fetches, categorizes, and standardizes your account information for display on your device. Your account information is not stored."

Tapping on the Continue button on the splash screen goes to the Add to Wallet interface with no new options available, so it does not appear to be functional at this time.

Apple has detailed transaction information for the Apple Card, but support for other cards and accounts has been limited. Apple did introduce a Connected Cards feature in iOS 17.1, but it saw limited adoption. Discover implemented support and users could see their total card balance, Pay with Rewards, and transaction history, but Discover removed the functionality in early June and almost no other U.S. issuers ever used it. Several UK banks still have deeper integration with the Wallet app's Connected Cards option.

It looks like Insights could be a successor to Connected Cards that will work without card issuers specifically adding in support.Related Roundups: iOS 27, iPadOS 27
This article, "Wallet App Gets New 'Insights' Feature in iOS 27 Beta 2" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided developers with the second beta of macOS Golden Gate, with the update coming two weeks after Apple seeded the first beta.


Developers can download ‌macOS Golden Gate‌ by going to System Settings > General > Software Update. Beta Updates will need to be enabled, and a free developer account is required.

‌macOS Golden Gate‌ includes multiple design improvements. Liquid Glass opacity has been improved to increase readability, there's a slider for controlling the level of transparency, and changes to shadowing make it easier to tell when a window is active. Apps now have uniform toolbars, edge-to-edge sidebars, and less rounded corners, plus there are fewer icons in menu bars.

Siri has been transformed into ‌Siri‌ AI, a chatbot-style assistant that combines general world knowledge, your personal data, and onscreen awareness to answer questions about anything and find information for you. ‌Siri‌ lives in Spotlight, and you can ask questions with the new Search or Ask interface.

There's also a ‌Siri‌ app where you can chat with ‌Siri‌ and view past conversations, and on newer Macs, you can set a custom voice for ‌Siri‌ with personalized pace and expressivity. Visual Intelligence is now on the Mac so ‌Siri‌ can answer questions about what's on your screen, and a Write with ‌Siri‌ feature lets ‌Siri‌ generate text or give feedback on your writing.

There are AI photo editing tools in the Photos app, AI tab organization in Safari, an option to use AI to automatically update weak passwords in the Passwords app, and a revamped Image Playground app that can generate photorealistic images.

More on all of the new features in ‌macOS Golden Gate‌ can be found in our macOS Golden Gate roundup. ‌macOS Golden Gate‌ is limited to developers right now, but Apple plans to release a public beta in July.Related Roundup: macOS Golden Gate
This article, "macOS Golden Gate Beta 2 Now available for Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the second betas of iOS 27 and iPadOS 27 to developers for testing purposes, with the update coming two weeks after Apple released the first betas following the WWDC 2026 keynote.


Registered developers can download the betas from the Settings app on the iPhone or iPad by going to the General section and selecting Software Update.

‌iOS 27‌ introduces Apple's smarter version of Siri, ‌Siri‌ AI. ‌Siri‌ AI is a chatbot similar to ChatGPT, incorporating general world knowledge, personal data from apps like Messages and Mail, and onscreen awareness to answer questions and find information for you.

There are new Apple Intelligence features in apps like Photos, Safari, Shortcuts, Wallet, and Passwords, plus Apple added a standalone ‌Siri‌ app that houses ‌Siri‌ conversations. Write with ‌Siri‌ is available systemwide for generating text or offering feedback on your writing, and Visual Intelligence has been relocated to the Camera app with a new ‌Siri‌ mode.

Apple improved the look of Liquid Glass and added a slider for customizing transparency. There are multiple performance improvements to speed up iOS, so everything feels faster, even on older iPhones. Apps launch quicker, AirDrop transfers are faster, the keyboard pops up more quickly, and devices are better at transitioning between Wi-Fi and Cellular to keep you connected.

For more on what's new in ‌iOS 27‌, we have a dedicated iOS 27 roundup.Related Roundups: iOS 27, iPadOS 27
This article, "Apple Seeds iOS 27 and iPadOS 27 Second Betas to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today seeded the second beta of tvOS 27 to developers for testing purposes, with the update coming two weeks after Apple released the first beta following the WWDC keynote.


The beta can be downloaded and installed through the Settings app on the Apple TV. A free developer account is required.

tvOS 27 has few new features compared to the other 27 software updates, but it does add a redesigned Podcasts app, options for larger text, and a more responsive Control Center.

AirPlaying to an ‌Apple TV‌ from another Apple device is faster, and apps and animations are smoother. You can also now see AppleCare coverage details in the Settings app.

More on the features in tvOS 27 can be found in our Apple TV roundup.Related Roundup: Apple TVBuyer's Guide: Apple TV (Don't Buy)Related Forum: Apple TV and Home Theater
This article, "Apple Seeds tvOS 27 Beta 2 to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple today provided developers with the second beta of an upcoming visionOS 27 update for testing purposes, with the beta coming two weeks after Apple released the first beta.


visionOS 27 can be installed by opening the Settings app, going to Software Updates, and opting into Beta Updates.

visionOS 27 introduces Siri AI, the smarter and more capable version of ‌Siri‌ that's similar in capability to chatbots like ChatGPT and Claude. On the Vision Pro, ‌Siri‌ can answer questions about anything the wearer is looking at, and there's a new ‌Siri‌ orb that can be placed anywhere in wearer's virtual space.

Panorama photos can be turned into spatial environments, and there's a new Icelandic Thórsmörk environment that features dramatic mountains, valleys, and glaciers, along with the northern lights. Web Environment support allows developers to create 360-degree environments in Safari for a more native Vision Pro browsing experience.

App windows are now curved to provide a more immersive workspace, and Control Center has been reorganized to make system controls easier to find. Apple added a smaller widget size, and notifications automatically expand when the wearer looks at them.

More on what's new in visionOS 27 is listed in our Vision Pro roundup.Related Roundup: Apple Vision ProBuyer's Guide: Vision Pro (Neutral)Related Forum: Apple Vision Pro
This article, "Apple Seeds Second visionOS 27 Beta to Developers" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
AI coding agents are making it easier than ever to produce software. Ensuring that software is secure before deployment is another matter — one that AWS thinks AI should help with too.
As enterprises adopt agentic development workflows, the volume of first-party code being created and modified is rising rapidly. Yet the process of validating vulnerabilities, determining whether they are exploitable, and fixing them often still depends on developers and security teams working through findings manually.
AWS is aiming to address that imbalance with Continuum, a new service designed to continuously discover, investigate, and remediate vulnerabilities in enterprise environments, whether the code is their own or from third parties.
Rather than simply generating alerts, the service is intended to help enterprises move findings through the entire remediation lifecycle, AWS VP of Security and Observability Chet Kapoor wrote in a blog post.
For first-party applications, Continuum can analyze code, validate whether vulnerabilities are exploitable, generate remediation recommendations, and propose fixes that can be reviewed through existing software development workflows, helping developers address security issues without requiring security teams to manually investigate every finding, Kapoor said.
Once users think Continuum has learned enough about their environment and understands their guardrails, they can put it in what AWS calls “enforce mode” to autonomously fix any code lapses, Kapoor said.
Continuum borrows some of its capabilities, penetration testing and code scanning features, from an existing service, Security Agent.
Other capabilities are all-new, including threat modeling, which is designed to automatically generate threat models from source code or design documents and output them in STRIDE format.
Keeping pace with AI-driven software development
Analysts see Continuum helping enterprise developer teams ship more secure code while keeping pace with AI coding tools.
“The harder problem is no longer just finding issues, it is knowing which ones are real, which ones matter in their environment, and which ones need to be fixed first,” said Akshat Tyagi, associate practice leader at HFS Research. “Traditional workflows built around dashboards and manual triage struggle with that volume. A dashboard can show the backlog, but it does not validate the finding, assess business impact, or help remediate it.”
Continuum’s value, according to Tyagi, “is not just more detection, but using AI to prioritize risk findings, suggest mitigations, and support faster action while keeping humans in control of high-risk decisions.”
Taking faster action is becoming increasingly important as attackers are gaining access to many of the same AI capabilities that enterprises are using to accelerate software development and security testing, according to Amit Chandak, chief analytics officer at IT consulting firm Kanerika. “The gap between a flaw being disclosed and a working exploit is shrinking rapidly from months to hours,” he said.
While Continuum may reduce repetitive work for developers and SREs, it could also create new responsibilities for CISOs around governance, oversight, testing, and maintaining guardrails for automated actions.
“Continuum changes the CISO’s role from managing findings to governing how findings are handled. The focus moves to setting rules: what can be automated, what needs human approval, and what level of risk is acceptable in production,” Tyagi said. “Staffing will shift too. There may be less manual triage, but more need for people who can review AI-generated fixes, set guardrails, and know when not to trust the system.”
Even so, Chandak does not expect the offering to lead to immediate headcount reductions, particularly given that Continuum is only available as a gated preview.
Continuum could change how CISOs measure work, Tyagi said: “Ticket count matters less. Better measures are how quickly real risks are validated and fixed, how many false positives are removed, and whether automation is reducing risk without causing new problems.”
Those same metrics could also become a yardstick for CISOs determining how much autonomy to give tools like Continuum, said Chandak. Most enterprises’ data and governance practices are not yet ready for fully autonomous remediation, said Chandak, adding that, “AWS’ graduated trust design, under which enterprises have the option of choosing the degree of autonomy, from human in the loop to fully automatic remediation, is an admission of that fact.”
Beyond first-party code
Continuum could also help CISOs with third-party code vulnerability analysis, where enterprises often have less visibility and control.
“Most third party vulnerability alerts are noise. A tool may flag a vulnerable library, but the real question is whether that vulnerable code is actually used in production. If Continuum can answer that, it helps teams focus on the few issues that matter,” Tyagi said. “This is especially useful for open-source and software supply chain risk, where enterprises depend on packages and hidden transitive dependencies they may not fully track. It also helps when no patch is available yet.”
However, he warned, Continuum might not offer a direct fix to third-party code: “You usually cannot patch third-party code yourself as you don’t own it, so remediation there means version pinning or compensating controls.”
This article first appeared on InfoWorld.

View the full article
An attacker broke into competitive-intelligence vendor Klue, stole OAuth tokens its customers use to connect to Salesforce and other platforms, and accessed data across multiple customer environments prompting the company to revoke customer OAuth tokens and disable affected integrations.
“An attacker gained access through a compromised legacy credential associated with an integration service,” Klue CEO Jason Smith said in a posting to the company’s blog. “The attacker used that access to obtain OAuth tokens used to connect Klue with certain third-party platforms, including Salesforce, and subsequently accessed data within a number of connected customer environments,” he wrote.
Klue detected the intrusion on June 12 and Smith posted to the blog on June 19.
The breach reached Salesforce accounts at cybersecurity vendors Huntress and Recorded Future, along with an undisclosed number of other Klue customers.
Salesforce disabled the Klue Battlecards integration and said organizations cannot reconnect through it until further notice, saying in a posting to its website, “Our security teams recently detected unusual activity involving the app that may have resulted in unauthorized access to a subset of customer data via the app’s connection to Salesforce. This issue is limited to Klue’s app connection and does not arise from a vulnerability within the Salesforce platform.”
Unauthorized code removed
Klue’s CEO listed the containment steps the company had taken, including revoking affected credentials and tokens, disabling impacted integrations, notifying law enforcement — and “removing unauthorized code.” He offered no further detail on the unauthorized code, how it arrived, or what it did. The company did not immediately respond to a request for further details of its removal of unauthorized code.
Security vendor and Klue customer Huntress published its own investigation filling in that gap. The attackers had pushed a code update to a Klue integration system designed to harvest customers’ OAuth tokens, Huntress wrote. Klue staff later found the ‘token-theft code’ and removed it, Huntress added in its investigation report.
The initial entry point was a credential Klue had created to prototype an integration it later dropped but never deactivated. “The threat actor seems to have leveraged a long-disused but still active credential to conduct the initial compromise — one that was originally created by Klue for them to prototype a third-party integration they later abandoned,” Huntress said. The attacker then pivoted through Klue’s infrastructure, collected customer tokens and used them to query those customers’ CRM systems before exfiltrating the data, the firm added.
Klue shut down integrations with Salesforce, HubSpot, SharePoint, Zoom, Gong, Chorus, Clari, Google Drive and Slack and issued a general alert on June 13, according to Huntress. That alert “did not indicate which customers were impacted,” the firm noted. It did not name any affected customers.
Data extracted over 24 hours
Another security firm, ReliaQuest, traced how customer CRM data was pulled from Salesforce. The attacker authenticated to victims’ Klue integration service accounts, generated OAuth tokens and ran automated Python scripts that queried the Salesforce REST API for about 24 hours, ReliaQuest said in its threat analysis.
The activity was consistent with bulk data retrieval rather than routine integration traffic, it noted — a distinction that would not have been visible without API-layer logging.
ReliaQuest advised organizations that had connected Klue to Salesforce to treat the incident as a prompt to revoke and rotate all OAuth tokens and refresh tokens tied to that integration, review Salesforce API logs for unusual query volumes, and restrict third-party integration accounts to known IP ranges.
“Any third-party app with OAuth access to a core platform like Salesforce is part of your attack surface and should be inventoried, monitored, and scoped to least privilege,” the firm said.
Salesforce and Gong data taken
Huntress confirmed it was among the affected customers. Business contacts, price quotes and sales communications from its Salesforce account were taken, the company said. Passwords, payment-card data, threat intelligence and product telemetry were not compromised, and the Huntress product and infrastructure were untouched.
Parts of the Salesforce account at another cybersecurity vendor, Recorded Future, were also accessed, the company said. “All available evidence suggests that Recorded Future was not specifically targeted and was instead an incidental victim by virtue of utilizing the compromised integration between Salesforce and Klue,” Recorded Future said. The exposure appeared limited to client contact names, email addresses and possibly some contract information, it added.
Icarus claims the attack
Huntress attributed the attack to a new extortion group calling itself Icarus, after session messenger IDs in extortion emails matched identifiers on the group’s dark-web leak site. Icarus listed Klue publicly on June 19 and said it had exfiltrated Salesforce data from a number of Klue’s partner companies. The group has signaled it may contact affected organizations directly, meaning Klue customers should expect unsolicited outreach and review their spam folders for related emails, Huntress said.
The activity matched the OAuth-abuse pattern behind the 2025 Salesloft Drift and Gainsight compromises, tied to ShinyHunters and UNC6395, but evidence was insufficient to link the Klue incident to either group, the firm said.
“The OAuth-abuse playbook is repeatable, effective, and now widely adopted,” it warned.
View the full article
Cybersecurity researchers have disclosed details of four vulnerabilities in Dify, an open-source agentic workflow platform with more than 146,000 GitHub stars, that could allow attackers to stealthily read artificial intelligence (AI) conversions from other customers' applications without requiring authentication. The vulnerabilities have been collectively codenamed DifyTap by Zafran Security.View the full article
Apple's next-generation AI dictation feature for the iPhone 17 Pro and iPhone Air is not turned on by default in the first developer beta of iOS 27.


Apple says the new AI-powered dictation system delivers "a major boost in accuracy," with more reliable on-the-fly capitalization and punctuation than the existing dictation system. The feature runs on Apple's new AFM 3 Core Advanced model, which is a 20-billion-parameter, natively multimodal system that uses a sparse architecture, activating just one to four billion parameters at a time depending on the request.

To fit a model that large onto a smartphone, the full model is stored in flash memory rather than DRAM, with a lightweight routing block selecting a fixed set of "experts" during initial processing and periodically reselecting them during generation, a technique Apple calls Instruction-Following Pruning.

In side-by-side human evaluations against Apple's previous production dictation system across seven quality dimensions, AFM 3 Core Advanced was preferred on overall quality by a margin of 44.7% to 17.6%, with that preference holding consistently across the other six dimensions, which include punctuation, casing, layout, meaning capture, disfluency handling, and style.

Because of the model's size, the upgraded dictation is limited to a handful of newer devices: the ‌iPhone 17 Pro‌ and ‌iPhone 17 Pro‌ Max, the ‌iPhone Air‌, the Vision Pro with M5 chip, iPads with an M4 chip or later with at least 12GB of RAM, and Macs with an M3 chip or later with at least 12GB of RAM. Notably, the standard iPhone 17 is excluded, as it ships with 8GB of RAM rather than the 12GB the larger model requires. The same AFM Core Advanced model also powers Apple's new customizable expressive Siri voices, another opt-in preview as of beta 1.

The new dictation model runs entirely on-device, so transcription quality stays the same whether or not the iPhone is connected to a network. It remains unclear whether the preview will stay off by default when ‌iOS 27‌ is released officially later this year, or whether Apple will switch it on automatically at some point during the beta cycle this summer.Related Roundups: iOS 27, iPadOS 27Tag: Apple Intelligence
This article, "Advanced AI Dictation Not Enabled by Default in iOS 27 Beta" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Woot this week kicked off a big Prime Day-adjacent event, with the headliner being a massive discount on the Nintendo Switch 2. You'll also find savings on charging accessories, Bluetooth speakers, and more.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

For the Nintendo Switch 2, you can get a brand new model of the console for $399.00 with the code CHEAPSWITCH2 at checkout. This takes $50 off the $449.00 version of the console for new Woot customers, and $30 off for everyone else.

Note: Use code CHEAPSWITCH2 at checkout.
$50 OFFNintendo Switch 2 for $399.00

Even at $419.00 for returning customers, this is a great and very rare discount on the Nintendo Switch 2, which is set to have a price hike to $499.00 later in the year. This version of the console does not come with a game, and it is in new condition on Woot with a 90 day Woot limited warranty.

Woot also has a large selection of Prime Day sales going on this week, including savings on Samsung The Frame TVs, Apple Watch bands, iPhone cases and chargers, Bluetooth speakers, and more.

Anker Soundcore Boom 2 Bluetooth Speaker - $69.99, down from $129.99
Samsung The Frame TVs - Save on new 2025 models
Apple Watch Sport Loops and Bands - Up to $69% off
OtterBox iPhone cases - Up to 92% off
JBL Gaming Headsets - Up to 43% off
Western Digital SSDs - Up to 46% off

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple DealsTag: Prime Day
This article, "Woot Launches Prime Day Event With Up to $50 Off Nintendo Switch 2" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Samsung Display has received Apple's approval to begin module production of OLED panels for Apple's first foldable iPhone, according to a report today from TheElec.


Citing industry sources, the report says Samsung Display has started operating part of its back-end production lines in Vietnam to fulfill an initial order of around three million panels scheduled for delivery this year. Module production approval requires a supplier to demonstrate final assembly quality and mass-production stability, and Apple's threshold is reportedly a yield rate of at least 70%. Samsung Display is said to have passed that bar after achieving final yields above 80%.

Samsung Display is believed to be the exclusive supplier of OLED panels for the foldable iPhone under a three-year agreement, meaning Apple will not source foldable OLED panels from any other display maker during that period. Back-end processing, which includes adding driver circuits, flexible printed circuit boards, and protective components before final inspection and shipment, is being handled at Samsung Display's Vietnam facility. That site has around 80 production lines in total, with roughly 50 currently active, leaving capacity to spare given the relatively modest three million unit order.

The panels are expected to use Color Filter on Encapsulation (CoE) technology, which removes the polarizer and forms a color filter directly on top of the encapsulation layer, along with Samsung Display's newest M16 OLED material set. The M16 stack is said to bring improvements to brightness, color performance, lifespan, and power efficiency over prior generations.

Apple's foldable iPhone is rumored to feature a 7.8-inch inner display and a 5.5-inch cover display, along with Touch ID instead of Face ID, an A20 chip, and Apple's C2 modem, with pricing expected to start around $2,000.Related Roundup: iPhone FoldTags: Foldable iPhone, OLED, Samsung, The Elec
This article, "Apple Approves Production of OLED Panels for Foldable iPhone" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A heap over-read in the Squid web proxy can leak another user's cleartext HTTP request, including any credentials or session tokens it carries, to anyone already allowed to send traffic through the same proxy. The bug traces to a 1997 FTP-parsing change and is still live in Squid's default configuration. Researchers at Calif.io disclosed it in June and named it Squidbleed (View the full article
Prime Day deals are already in full swing today, despite the event not kicking off until tomorrow, June 23. Below we're tracking all-time low prices across the Apple Watch lineup, including Apple Watch Series 11 for $120 off, Apple Watch SE 3 for $50 off, and Apple Watch Ultra 3 for $150 off.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Apple Watch Series 11

Amazon this week has all-time low prices on the Apple Watch Series 11, with $120 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$120 OFFApple Watch Series 11 (42mm GPS) for $279.00
$120 OFFApple Watch Series 11 (46mm GPS) for $309.00

You can get the 42mm GPS Apple Watch Series 11 for $279.00, down from $399.00, and the 46mm GPS model for $309.00, down from $429.00. On Amazon, you'll find three of the 42mm GPS models and three of the 46mm GPS models on sale at these all-time low prices.

Apple Watch SE 3

Amazon is also taking $50 off the Apple Watch SE 3, starting at $199.00 for the 40mm GPS model. These are matches of all-time low prices on the SE 3, and it's been over four months since we last tracked these prices on the wearable.

$50 OFF40mm GPS Apple Watch SE 3 for $199.00
$50 OFF44mm GPS Apple Watch SE 3 for $229.00

You can also get the 44mm GPS Apple Watch SE 3 on sale for $229.00, down from $279.00. Both the 40mm and 44mm GPS models are available in Midnight and Starlight Aluminum at these prices.

Apple Watch Ultra 3

Finally, Amazon is discounting a wide array of Apple Watch Ultra 3 models down to $649.00 for Prime Day, from $799.00. This is a new all-time low price on the 2025 smartwatch, beating the previous record low price by about $50, and it's available in both Natural and Black Titanium color options.

$150 OFFApple Watch Ultra 3 for $649.00

Head to our full Deals Roundup to get caught up with all of the latest deals and discounts that we've been tracking over the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Every Apple Watch Model Hits Its Lowest Price Ever for Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's first foldable iPhone remains on track for a September debut, despite rumors to the contrary, based on a new report by China Securities Journal (via DigiTimes).


According to the report, which cites a source at an Apple supplier, the company recently started delivering components in small batches for Apple's first foldable iPhone.

The supplier also reportedly received guidance indicating that the device is scheduled to be unveiled in September 2026, alongside the iPhone 18 Pro and iPhone 18 Pro Max. A second supply-chain source cited in the report said it had received no indication of a delay and continues to work toward a fall 2026 release timetable.

The report backs a claim made last week by a Chinese leaker that suggestions of a delay are wide of the mark.

There have been occasional reports that Apple's first foldable device is encountering engineering hurdles as development enters its final stages. In May, leaker Instant Digital claimed the foldable iPhone was still facing durability concerns related to its hinge mechanism. While Apple is said to have largely resolved issues surrounding display creasing, the leaker suggested the hinge has yet to meet the company's long-term reliability standards.

Apple is known for imposing rigorous durability requirements on entirely new product categories, but reports of unresolved hinge concerns this late in development would be unusual given the device's expected launch timeline.

Bloomberg's Mark Gurman reported in March that Apple's foldable iPhone may not launch alongside the iPhone 18 Pro and iPhone 18 Pro Max in September. Earlier, Barclays analyst Tim Long predicted the device would not begin shipping until December, potentially creating a gap of up to three months between the foldable iPhone and Apple's flagship iPhone 18 Pro models.

Apple has taken a staggered launch approach before. In 2017, the iPhone X was unveiled alongside the iPhone 8 and iPhone 8 Plus, but it didn't reach customers until November, while the other models launched in September as usual.

If Apple ultimately decides to delay shipments of its foldable iPhone beyond September, it would likely still unveil the device alongside the iPhone 18 Pro and iPhone 18 Pro Max at its annual iPhone event. In that scenario, Apple would announce the entire lineup together before releasing each model according to its production schedule.

The foldable iPhone is expected to feature a 7.8-inch inner display and a 5.5-inch cover display, the A20 chip and C2 modem, a Touch ID power button instead of Face ID, and two rear cameras, with pricing rumored at around $2,000. Apple's book-style foldable could launch as the "iPhone Ultra," as suggested by reports.

In an unusual step compared to previous fall announcements, as part of a new split-launch strategy, Apple is expected to hold over the release of the regular iPhone 18 until spring next year.Tags: DigiTimes, Foldable iPhone
This article, "Foldable iPhone 'Ultra' Still on Track for September Debut" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Prime Day doesn't kick off until tomorrow, but we're seeing a handful of steep discounts on a few Apple devices already today. This includes the AirTag 2 at the new low price of $24.00 for the 1-Pack and $89.00 for the 4-Pack.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

This is the first major discount we've ever seen on the AirTag 2 at Amazon since the device launched earlier in 2026. The new AirTag is equipped with a second-generation Ultra Wideband chip, enabling the Precision Finding feature to work up to 50% farther away from an item compared to the previous-generation model.

$5 OFFAirTag 2 (1-Pack) for $24.00
$10 OFFAirTag 2 (4-Pack) for $89.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "AirTag 2 Gets First Ever Discounts for Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
iOS 27 introduces a new recovery mode for iPhone and iPad that lets the device boot into an alternative, lightweight interface without loading the full operating system, similar to recovery mode on Apple silicon Macs.


To use the feature, users must turn the device off, then hold the side button to power it on. The Apple logo appears as it would during a normal boot, but holding the button for an extended duration brings up a progress bar, and the device then launches into the new recovery environment rather than continuing into iOS or iPadOS as normal. The process mirrors how recovery mode is triggered on Apple silicon Macs by holding the power button.

The new recovery screen offers five options: Recovery Assistant, Software Update, Diagnostics Mode, Erase All Content and Settings, and Recovery Mode. The interface also displays the current battery percentage in the corner of the screen and automatically connects to a known Wi-Fi network, while a power button in the toolbar lets users attempt a normal restart instead.



The addition means some last-resort repairs that previously required connecting an iPhone or ‌iPad‌ to a computer can now be carried out independently on the device itself. Apple's Recovery Assistant tool is designed to handle some of these automated fixes without further input.

The need to use the new recovery mode should remain rare. One scenario where it could come in handy is if a software update fails to install, such as when a device runs out of battery mid-update. Some iOS beta versions have in the past caused devices to soft-lock or enter boot loops, and in those cases, the Software Update option in the new recovery mode could allow a user to reinstall the last stable version of the OS without needing to put the device into DFU mode and restore it from a Mac or PC.

‌iOS 27‌ and iPadOS 27 are in developer beta testing now, with a public beta expected next month, and an official release in the fall. Related Roundups: iOS 27, iPadOS 27
This article, "iOS 27 Adds Mac-Like Recovery Mode for iPhone and iPad" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's AirPods Max 2 have hit $399.00 on Amazon, down from $549.00. This sale is only available in the Starlight color option and it's a massive discount on the brand new headphones, coming in $100 under the previous all-time low price.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

Free delivery has the AirPods Max 2 arriving around June 27, but Prime members should see same-day delivery options in many locations. This is one of the best early Prime Day deals we've tracked so far, and if more colors are added we'll update this article.

$150 OFFAirPods Max 2 for $399.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "AirPods Max 2 Hit $399 Record Low Price for Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple will unveil the Apple Watch Ultra 4 alongside an Apple Watch Series 12 later this year, according to Bloomberg's Mark Gurman.


Writing in his latest Power On newsletter, Gurman plotted out Apple's product roadmap for the rest of the year, including the Phone 18 Pro, Pro Max, and the company's first foldable iPhone. "That flurry of devices should also include an Apple Watch Series 12 and Ultra 4," said Gurman.

Apple hasn't released a new Apple Watch Ultra model every year. The Ultra launched in 2022, followed by an Ultra 2 in 2023. In 2024, the only update was a black color option, but the underlying hardware remained unchanged. The Ultra 3 arrived in 2025, so it sounds like Apple isn't skipping a year this time around.

The Apple Watch Ultra 4 could include a "full redesign," according to a May 2026 DigiTimes report, but it's not clear what that would include. The device is also rumored to be getting a "significant upgrade to sensing functions." But again, we don't know what that might refer to.

In terms of new watch features, Apple is developing noninvasive blood glucose monitoring technology, but it is still believed to be a few years away while Apple works on further miniaturization.

Leaked Apple code has suggested the company is experimenting with biometric authentication in the form of Touch ID for 2026's Apple Watch lineup, but it's not clear how this could be implemented. Touch ID could go under the display, or it could be integrated into the side button. The feature would reduce reliance on numerical passcodes for unlocking, but the Apple Watch already has a wrist authentication feature for making purchases.

Looking further ahead, Apple is considering using LG Display's high-mobility oxide (HMO) thin-film transistor technology for the next Apple Watch OLED display in 2027. Compared to the current LTPO display technology, HMO increases electron mobility for lower power consumption.

The Apple Watch Ultra 4 and Apple Watch Series 12 are expected to arrive in September alongside the new iPhone models. watchOS 27 will add new watch faces to the new devices, including a variant of the Modular Ultra face. Related Roundup: Apple Watch Ultra 3Tag: Mark GurmanBuyer's Guide: Apple Watch Ultra (Neutral)Related Forum: Apple Watch
This article, "Apple Watch Ultra 4 Expected Later This Year" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
There is growing speculation that Apple may hike the prices of its iPhone 17 lineup as soon as this month, following CEO Tim Cook's recent comments about "unavoidable" price increases.


Last week, Cook told The Wall Street Journal that Apple is no longer able to absorb the increased cost of memory and storage chips, both of which are in high demand from AI and neocloud companies as they continue to build more data centers.

The scale of the AI infrastructure buildout has prompted debate over whether demand will ultimately justify the hundreds of billions of dollars being invested, but for now it is helping to drive supply constraints across the semiconductor industry. Cook likened the memory shortages to a hundred-year flood. "I've never seen anything like it in any area in over 40 years," he said.

Multiple companies have already raised their prices, including Samsung, Microsoft, Sony, and Dell. Apple is now expected to follow suit. Bloomberg's Mark Gurman believes that the timing of Cook's comments likely indicates price hikes are "imminent." Gurman has also linked potential price hikes to Apple's Back to School sale, which is expected to be announced imminently. His thinking is that Apple may tie the two things together as a "buffer."

Apple holds a Back to School sale each June, providing teachers and students with free accessories or gift cards when purchasing a Mac or an iPad. The added bonus is in addition to Apple's educational discount. The Back to School sale typically takes place around WWDC, and in three of the last five years, it has started 8 to 10 days after the WWDC keynote. That could mean we see it announced as soon as this week.

Either way, Gurman believes the price hikes are "not a fall thing." In other words, they won't be introduced when new iPhone 18 Pro models launch. The price of Apple's current flagship lineup could go up before then, as also suggested over the weekend by Chinese supply chain leaker Ice Universe.

Apple's existing iPhone prices are as follows:

iPhone 17e: from $599
iPhone 17: from $799
iPhone Air: from $999
iPhone 17 Pro: from $1,099
iPhone 17 Pro Max: from $1,199

Meanwhile, The Wall Street Journal has published its own analysis estimating the iPhone 18 Pro could start as high as $1,399.

Prices on iPads and Macs could also go up in the near future.Related Roundup: iPhone 17Buyer's Guide: iPhone 17 (Neutral)Related Forum: iPhone
This article, "iPhone 17 Prices Could Go Up as Soon as This Month" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Canada's spy service got a judge's permission to reach into infected servers, home routers, and IoT gear sitting on Canadian soil and neutralize two foreign-run botnets. The Federal Court released a public version of the ruling on June 15. It is the first time the Canadian Security Intelligence Service has used its threat reduction warrant powers this way. The warrant let CSIS alter,View the full article
Attacks on AI systems and disinformation starred as key elements of a ransomware tabletop exercise CSO participated in during this month’s Infosecurity Europe conference.
The “Enter the War Room” exercise — organised and run by cybersecurity vendor Semperis — featured a scenario focused on a cyberattack against a fictional supermarket chain, BlueCart.
CSO took part as one of eight members of a red team of supposed national state–linked attackers (APT 64, AKA Checkout Chaos) that was as much interested in thrashing the reputation of the supermarkets it targeted and causing disruption as in making money.
Last year we took part in a comparable exercise, also organised by Semperis, but on the opposite team as a media advisor to a blue team defending the systems of a fictional water utility from attack.
Rules of engagement
Ransomware tabletop exercises place participants in a realistic but fictional cyberattack scenario where each team takes 10-minute turns to devise their attack and defence plans before reporting their findings to the other side.
Each turn involves an attack-response cycle with Semperis acting as game master. The whole exercise lasted around two hours.
Like many tabletop exercises, this particular simulation was designed to get participants to think outside the box, improve cross-team communications, and develop improved incident response capabilities by exposing blind spots.
Each team was made up of seven participants from public and private sector organisations, including former hackers, security consultants, and incident response execs. Unlike the 2025 edition of the event, the names and identities of those who participated was kept confidential this year.
Data leak on aisle two
As the target of this year’s “Enter the War Room” exercise, grocery retailer BlueCart has an AI-enhanced supply chain command centre, designed to provide visibility across inventory, logistics, and fulfilment. The system has a key role in keeping shelves stocked and deliveries moving.
Logistics, scheduling, warehouse operations, and store fulfilment have been centralised in a new technology and operations centre.
The red team began with reconnaissance to find a supplier or logistics partner that already has trusted connectivity into the AI command centre, then use that foothold to reach shared portals, APIs, or remote-access tooling.
A combination of stolen credentials from developers, weak MFA enforcement, and over-privileged service accounts were used to hack into planning and inventory systems and steal loyalty card data — three of several access vectors typically employed today. The attackers also attempted to break into BlueCart’s Active Directory environment using a combination of phishing and credential theft.
The attackers also sought to exploit the retailer’s poorly segmented building-management network to disrupt heating, cooling, and ventilation operations.
The blue team of defenders decided to rebuff ransomware demands, which the attackers responded to by leaking loyalty scheme data to cause reputational damage against BlueCart.
False alerts and misinformation
The attackers generated thousands of false alerts to confuse the work of security operations analysts and hinder response. To counteract this, the defenders established out-of-band communications channels.
Continuing their attempts to disrupt BlueCoat’s operations, the attackers disrupted payroll operations. Using job losses due to a move to AI-powered operations, attackers took to social media sites such as Reddit and 4chan in attempts to rage bait hacktivists into getting involved with attacks on BlueCoat.
The attackers also created a deepfake of BlueCart’s CEO — made to look as if filmed on his private yacht — saying the job cut will allow BlueCoat to make increased profits and expand its operations.
Fake delivery orders for inappropriate goods, such as sex toys, and perishable items such as ice cream were generated by the attackers.
The blue team said it had established a honeypot so the attackers were only ever in that environment and never had access to its real environment nor customer data.
Testing the relative merits of these claims and counter claims — which seemed at times like a rap battle rather than a game with structured rules such as chess — was beyond the scope of the exercise.
The tabletop exercise offered an immersive experience without featuring any analysis of technical data, such as exercise-specific log files.
Post-mortem
Speaking after the exercise, Guido Grillenmeier, principal technologist at Semperis, explained that Enter the War Room was not a technical tabletop exercise but a way for participants to “broaden their minds and have fun.”
The scenario was designed to hone cyber incident preparedness in a similar way to how war games are used to train military forces during peacetime.
Simon Hodgkinson, strategic advisor at Semperis, said the exercise illustrated how real preparedness and resilience depends more on people and process than on tools.
“The blue team were well structured, thinking about how to minimise the financial and reputational impact on the business and recognising that, should the red team detonate destructive capability, they would need to prioritise and stand up a minimal viable business,” Hodgkinson said.
“The red team were innovative, using techniques like deception to distract the blue team so they could achieve their objective.” Hodgkinson added. “Despite the motivation not being financial they did take the opportunity to make money through media manipulation and shorting stock.”
View the full article
Longtime security leader Doug Kersten has expanded his list of responsibilities.
As CISO of software maker Appfire, he now has accountability for business risks, such as how security tools and processes within customer products and services impact their costs and, thus, profitability.
It’s a clearcut example, he says, of where and why CISOs must consider not purely security risk, but also business risk.
“CISOs need to provide input and remediation on the impact of security cost because these often-hidden costs have a negative impact on profitability,” he says. “This is usually overlooked by finance teams when analyzing the true cost of goods sold, and if CISOs are not plugged into the evaluation of business risk, it can easily be dismissed.”
The expansion of Kersten’s remit into business risk isn’t unique. CISOs across industries are increasingly expected to identify and address business risks that in the past had been outside the bounds of their roles.
“While CISOs traditionally focused on protecting systems, networks, and data, today’s business environment requires security leaders to understand how cyber threats impact revenue, operations, customer trust, regulatory obligations, supply chains, and strategic objectives,” says Dale Hoak, CISO at software firm RegScale. “The distinction between business risk and security risk is becoming increasingly blurred.”
As such, CISOs today must be enterprise risk leaders, he says, capable of advising executives on how security decisions affect the organization’s ability to achieve its business objectives — not just how they impact the IT stack or technology performance.
Understanding business risk is a significant task, experts agree, but they stress that security chiefs are capable of mastering the skill. Here, Kersten, Hoak, and other security leaders offer strategies on how to do so.
1. Partner with the owners of business risk
By his own admission, Roland Palmer, CISO and vice president of tech company JumpCloud, has yet to master business risk. So he’s partnering with those in his organization who own it, so he has opportunities to learn and contribute.
“We form a great team to understand risk and the organization’s risk appetite,” he says.
Team members include leaders from legal, finance, and marketing, as well as the COO.
Kersten similarly leans on business leaders to sharpen his understanding of business risk. Last year Kersten, working with his exec colleagues, devised a program assigning business leaders to security risks.
“Security helps them understand the security risks, but they also bring to us the [associated] business risks and what can be done to mitigate them,” he explains, noting that this approach also surfaced risks that have since been addressed, thereby closing gaps that were previously unknown.
2. Align cybersecurity explicitly to business objectives
Kerstan believes security teams must understand business objectives, so they can understand what risks could derail which objectives. To ensure his security program has that knowledge, he incorporates corporate objectives and key results into his security strategy.
“I build out plans to address those business objectives and key results. I still have that parallel tier of security risk, which is handled by the security team; that doesn’t go away. But layered onto this is the business OKRs that I need to execute against,” he explains. “It changed how we look at risk and what we have to do.”
For example, he now considers how security department actions may impact employee satisfaction and how that relates to employ retention, a business risk identified by HR, “so we’re working to make sure what we do aligns to the needs of the HR department.”
Richard Watson, global cybersecurity leader with professional services firm EY, agrees with the need to “align cybersecurity explicitly to business objectives.”
“Map cyber controls to critical assets and business processes, and link these to potential financial impact,” he advises. “This enables CISOs to translate technical exposure into business terms and prioritize investment accordingly.”
3. Lean into networking and relationships
Another effective way to get a good grasp on business risks: talking with business colleagues. Regular conversations often yield insights into what truly has them worried, says Gary Hayslip, a cybersecurity executive and co-author of the CISO Desk Reference Guide.
“Another thing I have done to understand business risks, and I have recommended it to peers, is doing a walk-about or what some people call a listening tour,” he says. “I do this in every role I am in because I feel it’s important to understand their objectives, the technologies they use, the projects they have ongoing, the issues they may have with the security program, and, finally, what genuinely keeps them up at night.”
Others say they take a similar approach, stressing the value of networking and building relationships where colleagues feel comfortable raising concerns and collaborating on solutions.
“Business risk cannot be managed in isolation. CISOs should regularly engage with the CFO, COO, general counsel, chief risk officer, product leaders, and business unit executives,” Hoak says. “These conversations provide insight into emerging business concerns and help security become part of strategic planning rather than a downstream compliance exercise.”
4. Run tabletop exercises focused on business risk
This is a more structured opportunity, but an equally effective one, to gain more insights into business risks — so long as the exercises put the business front and center, Hayslip says.
“Most tabletop exercises conducted by the CISO and security teams remain technical and stop at containment. I have found it’s better to run scenarios that force the executives into the decisions they’d actually make during a crisis, such as whether to pay a ransom, when and what to disclose if there is a data breach, how to handle customers, when and who should invoke legal privilege, and is there an operational fallback available and if so who makes the decision to activate it,” Hayslip says.
“Running these types of scenarios helps stress-test the company’s response and teaches the CISO and security team how their peers make decisions under pressure,” he adds.
5. Study up on business risk
Sean Murphy, senior vice president and CISO at BECU, the fifth-largest credit union in the US, didn’t leave learning about business risk to serendipity. He sought out opportunities for formal learning, such as earning the Directorship Certification from the National Association of Corporate Directors. The certification verifies the holder’s expertise in governance, fiduciary duties, strategy, and risk oversight.
Murphy sought the certification to strengthen his qualifications for a board position and to better understand the perspectives of his company’s board, including how it views risk. “The certification helps me delve into what the board cares about and their world and helps me then turn that back to my team and what we’re doing,” he adds. “It gives me the business and executive view versus a purely technical and security view.”
Others offer similar learning strategies.
“The CISO needs to see the company the way the CEO, CFO, and board do,” Hayslip says. “To begin, I would recommend sitting down with the 10-K or annual report, the investor deck, and the earnings call transcripts. This will help the CISO understand how the company makes money and which products or business units drive revenue. It also helps the CISO understand what the leadership team is publicly telling the Street about key risks and where they believe revenue growth will come from in the next reporting cycle.”
This work, while perhaps previously not essential for traditional security leaders, is becoming an imperative today.
“This isn’t fun; in fact, it can be boring,” Murphy says. “But the CISO can’t prioritize protecting the business if they don’t know which parts of the business are considered critical. The annual report provides that view in the words of management.”
Veteran security leaders also cite the value of earning certifications from ISACA, a professional association for governance and risk professionals, as well as the Institute of Internal Auditors’ Certified Internal Auditor designation.
6. Integrate security into enterprise risk management
To truly master business risk, CISOs should not treat it as separate from security risk.
“Cyber is now an existential business risk, not just an IT risk,” says Scott Melchior, a member of ISACA’s Emerging Trends Working Group with 20 years of experience at a global consulting firm focusing on governance, risk, and compliance. “Digital infrastructure is business infrastructure. They’re too intertwined to separate.”
Hoak agrees, stressing the need for CISOs to integrate security into enterprise risk management.
“Cyber risk should be incorporated into broader enterprise risk management processes alongside financial, operational, legal, and strategic risks. This creates a common framework for evaluating risk and helps executive leadership view cybersecurity within the context of overall business objectives,” he says.
Hayslip has put this into practice. In his CISO roles, he has plugged the security risk register into the organization’s ERM platform. He says this allowed him to present cyber-related risks on the same platform that the board already reviews alongside financial, operational, and strategic risks.
“The goal is for cyber risks to appear on the enterprise heat map as every other material risk, so they compete for resources and attention on equal terms rather than being a sidebar,” Hayslip says. “Now there is some work involved for the CISO to do this correctly, but it’s critically important to quantify cyber risk in dollars and probability, not colors. Moving from qualitative heat maps to financial impact numbers, I have found, is one of the biggest improvements in getting the business to hear the CISO.”
View the full article
A new malware family is turning forgotten home routers into a distributed reconnaissance and proxy network, not the DDoS botnet these devices usually end up in. QiAnXin's XLab calls it AryStinger and counts at least 4,300 infected routers, a total it says is still rising. The distinction matters. AryStinger exists for the stage of an attack that comes before the break-in. InfectedView the full article
A new report from INTERPOL has revealed a "dramatic increase" in cybercrime in Asia and the South Pacific, fueled by rapid digitalization, internet penetration, new technologies, organized criminal networks, and a disparity in cybersecurity maturity. According to INTERPOL's 2025/2026 Asia and South Pacific Cyberthreat Assessment Report, phishing has emerged as the most widespread andView the full article
At Zenith Live 2026 held on 16-17 June in Vienna, Zscaler sharpened a reality that Southeast Asia CIOs and CISOs are already sensing, which are, AI agents are quickly becoming digital workers inside their organisations, while regulators tighten data residency rules and supply‑chain attacks move closer to core business operations.

Zscaler’s solution is to extend its Zero Trust Exchange and SASE platform beyond users and workloads to AI agents, unmanaged devices, multi‑cloud workloads, and B2B partners, effectively positioning zero trust as the control plane for secure AI adoption in highly connected, highly regulated markets like Southeast Asia.

In my opinion, three moves stand out for Southeast Asia organisations at the AI layer:
1. An AI Broker with an Agent Registry that governs how AI agents talk to data, applications, and other agents, inspecting prompts and responses and enforcing least‑privilege access in real time. In my view, this is critical in sectors facing strict data‑handling rules across multiple jurisdictions.
2. Endpoint AI Security that exposes risky local AI tools, browser extensions, and plugins proliferating on endpoints across distributed workforces and contractor ecosystems common in Southeast Asia.
3. An AI Access Graph and AI Protect that map AI assets, model usage, and data flows across SaaS, public cloud, and on‑prem, backed by red‑teaming, prompt hardening, and guardrails for more than 250 GenAI apps.

Equally important for Southeast Asia region is how Zscaler handles cross‑border connectivity and sovereignty. The company’s Zero Trust B2B Exchange replaces site‑to‑site VPNs and MPLS links with policy‑controlled application access, so partners, outsourcers, and regional subsidiaries never sit on the same network. This is even as data and workflows move between markets. In parallel, its cloud is engineered for strict locality of logs and operations, with regional data centres and no external “kill switches”, a design clearly influenced by European GDPR and localisation demands that now echo in Southeast Asian data regimes.

On the ground, customer stories from AkzoNobel and Siemens Healthineers show what this looks like when applied decisively – “dark” branches that cannot be discovered on the internet, zero‑trust based B2B connectivity, and an explicit strategy to guide AI adoption rather than banning it.

For Southeast Asia CISOs, here is the practical message:
1. Build a live inventory of AI usage and data flows across borders before regulators and auditors force the issue.
2. Hide your infrastructure and supply chain behind zero trust, so neither partners nor AI agents can turn a single misconfiguration into a regional incident.
3. Treat zero trust as your AI operating model, not a side project, because every new AI agent you deploy is now part of your workforce, your compliance posture, and your attack surface.
My Recommendations for 3 Immediate Priorities for Southeast Asian CISOs in the AI Era
1. Reframe the Threat Model Around Agents, Not Just Users  
a. Update threat models and control frameworks to explicitly include AI agents as identities: what they can access, what actions they can perform, and how they are monitored.
b. Classify agents by criticality and blast radius in the same way you do privilege human accounts and critical applications.

2. Cut Lateral Movement Before You Chase Every Vulnerability 
a. Assume you will never patch everything, focus first on eliminating discoverability and lateral movement across branches, factories, and multi‑cloud workloads.
b. Use zero trust segmentation so a compromised agent, endpoint, or partner connection can only see and touch what policy explicitly allows.

3. Operationalise AI Guardrails and Evidence for Regulators 
a. Implement AI‑aware controls: AI Broker, guardrails for GenAI apps, data lineage via access graphs, and endpoint visibility into AI tools.
b. Ensure you can produce evidence such as logs, policies, lineage, showing how AI access is governed across borders, partners, and regulated datasets.


View the full article
By Ram Venkataraman, CEO, KIBO Commerce
Technical debt is quietly eroding the value of B2B Commerce platforms — and most organizations don’t see it until it shows up on the balance sheet.
Commerce leaders in manufacturing, distribution, and wholesale are all facing the same conundrum. The ERP team committed to an established back-office platform. The storefront team championed a leading eCommerce solution. Operations inherited a standalone OMS that’s too embedded to replace. Each decision, made in isolation, seemed reasonable.
The result is three platforms, two system integrators, and a middleware layer stitched together by custom code nobody fully understands. A schema update in the ERP becomes a cross-platform sprint. New features take quarters, not weeks. The engineering team is maintaining instead of innovating.
That’s the commerce stack reality. And it’s not a technology problem — it’s a business problem.
What OMS Evaluations Get Wrong About Cost
The total cost of ownership (TCO) conversation in commerce is broken. Platforms get evaluated on license fees and implementation quotes — neither of which captures where the real money goes.
Enterprise OMS decisions typically come down to a familiar shortlist of vendors. Each is capable within its own domain, data model, update cycle, and vendor relationship. And each integration between them is a custom project — scoped, developed, tested, and maintained indefinitely.
The promise is best-of-breed. The reality is a distributed system where a single order touches three platforms before it fulfills.
Custom integrations between enterprise platforms consume a significant portion of IT budgets in ongoing maintenance alone. Then comes the cost of delayed feature releases while developers are tied up on integration work, or the revenue lost when inventory data lags a sync cycle and a customer orders something that can’t be fulfilled.
There’s an organizational cost too. When the OMS, ERP, and storefront don’t share a data model, neither do the teams that depend on them. Decisions slow down, exceptions pile up, and the customer experience shows the seams.
How Top Performers Escape the Maintenance Trap
According to McKinsey’s 2026 analysis of enterprise technology spending, top-performing organizations keep run-based infrastructure costs at least 20% lower than peers — not by spending less, but by spending differently. 
They reduce technical debt through standardized platforms, replacing legacy systems rather than layering new capabilities on top of them. The result is a virtuous cycle: lower maintenance overhead frees budget for innovation, which in turn reduces the complexity that drives maintenance costs in the first place.
Companies that persist with fragmented stacks face the opposite dynamic. Every new deployment adds to the operational burden without retiring what came before. In commerce, that has a direct business consequence: engineering teams maintain integrations instead of building, and platforms become harder to change precisely when the market demands speed.
Every integration kept is a ceiling on how fast you can move — and the maintenance burden only compounds.
The Hidden Tax on Fragmented Commerce Stacks
Most architecture decisions are made on initial implementation scope. The costs that determine long-term TCO almost never appear in vendor proposals.
Every point-to-point integration is a liability. Top-tier vendors are powerful within their domains — but they weren’t designed to work together. Each island costs more to connect and maintain than anyone estimated upfront.
Fragmentation compounds when it’s time to launch anything new. The question most architecture evaluations fail to ask isn’t “Can the platform do this?” It’s “How long does it take?” Enterprises on unified infrastructure go live in weeks. Fragmented stacks measure the same projects in quarters. That gap is a direct competitive cost.
Fragmented architectures don’t collapse gradually — they fail at peak moments. The middleware breaks. The sync lags. Inventory goes stale. Customers feel it immediately.
The Questions Most OMS Evaluations Never Ask
For engineering leaders and architects making a commerce platform decision, the RFP metrics that matter least are usually the ones most compared: feature checklists, pricing tiers, connector counts. Those are table stakes.
The questions that predict long-term TCO are different.
How many integration points does this architecture require, and who owns them? A platform with a unified data model across OMS and commerce has one source of truth. A fragmented stack has many. Every additional source of truth is an ongoing maintenance commitment even when it isn’t called that at the time.
What does a realistic deployment timeline look like for a net-new channel or fulfillment model? Ask for reference customers and actual timelines. The gap between vendor claims and customer reality is often where TCO hides.
How does the platform handle upstream ERP updates? If a quarterly ERP release requires a development sprint in the OMS or storefront to absorb it, that’s integration debt compounding. Pre-built ERP connectors aren’t a differentiator at this point — they’re a baseline requirement.
What is the engineering team doing two months after go-live? On a fragmented stack, the honest answer is usually monitoring integrations. On a unified platform with a healthy API layer, the answer should be building for the next capability. That difference compounds enormously over a three-to-five-year horizon.
The architecture that looks like a bargain at signing rarely is. TCO is determined by what the engineering team is doing two years in — not what the vendor promised at kickoff.
The companies reducing technical debt aren’t necessarily the ones that chose the most sophisticated platforms. They’re the ones whose architecture lets them move. A unified core eliminates the synchronization problem at the root, freeing engineering teams to build instead of maintaining, and giving the business the speed it needs to compete.
Enterprise Grade Doesn’t Mean Enterprise Slow
There’s an assumption baked into most of these decisions: complexity is the price of capability. It isn’t.
A unified core — commerce, OMS, storefront, and AI on a single data model — solves the synchronization problem at the root. Best-in-class components can still extend at the edges where specific differentiation is warranted, without the core fighting itself.
Modern, MACH-certified composable platforms can go live in weeks without cutting corners on capability, because pre-integrated components eliminate the work that fragmented stacks impose by design. The architecture question is direct: how much of the IT budget should go toward maintaining integrations versus building better customer-facing experiences?
The math changes when engineering teams stop maintaining plumbing and start building capabilities. Organizations that move to a unified core see implementation timelines compress significantly, with payback periods measured in months rather than years. Enterprise grade and enterprise slow are not the same thing.
The Architecture Decision Is a Business Decision
Commerce architecture isn’t a back-office technology decision. It has direct consequences for profitability, competitiveness, and the options available three years from now.
Fragmented stacks don’t feel expensive in year one. License fees are often lower. The implementation is scoped to a phase. The integrations aren’t overly complex. By year three, the picture looks different. Those integrations have been touched a dozen times. The engineering team is largely occupied with maintenance. A competitor who made a different architecture choice two years earlier is shipping capabilities in weeks that others are still scoping.
The companies winning in B2B commerce are the ones whose engineering teams are building for the future, not servicing the past. Faster fulfillment promises, accurate inventory across channels, self-service buying experiences that work — none of that happens on a stack that’s fighting itself.
What looks like an IT decision today becomes a market position decision three years from now.
Ram Venkataraman is the CEO of KIBO Commerce, a market leader in composable commerce solutions for retailers, manufacturers, distributors, and wholesalers that want to simplify the complexity in their businesses and deliver modern customer experiences. KIBO is the only modular, MACH-certified platform supporting experiences that span Order Management, Commerce, and Subscriptions, with cutting-edge AI and agentic technology designed to improve operations and productivity. Companies like Zwilling, Al-Futtaim, Ace Hardware, The Level Group, and Wolters Kluwer trust KIBO to bring simplicity and sophistication to commerce and order management operations. To learn more, visit: https://KIBOcommerce.com/
View the full article
Amazon today has the AirPods Pro 3 available for $169.00 in an early Prime Day sale, down from $249.00. This is an all-time low price on the AirPods Pro 3, beating the previous low by $10.

Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

This model of the AirPods Pro launched in September 2025 and has 2x better Active Noise Cancellation than the previous generation, better audio quality, a revised fit that's meant to improve comfort and stability, Live Translation for in-person conversations, and heart rate sensing for workouts.

$80 OFFAirPods Pro 3 for $169.00

Shoppers should note that this price has been heavily fluctuating on Amazon today, so if you don't see it when you click, there is a chance that it will return soon.

Head to our full Deals Roundup to get caught up with all of the latest deals and discounts that we've been tracking over the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "AirPods Pro 3 Return to Record Low $169 Price Ahead of Prime Day" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple's annual WWDC developers conference is in the rearview mirror, but there is still a lot to look forward to over the next year and beyond.


In his Power On newsletter today, Bloomberg's Mark Gurman listed around 20 products that he expects Apple to release across the remainder of 2026 and 2027.

Now that the more intelligent and personal version of Siri has finally arrived in beta, a full two years after Apple first previewed it at WWDC 2024, we should begin to see some new devices that were reportedly postponed until the new Siri was ready.

Beyond the usual annual updates to iPhones and Apple Watches in September, Gurman said Apple's all-new smart home hub could still arrive this year. He is also expecting a foldable iPhone Ultra and long-awaited updates to the Apple TV and HomePod mini. And a redesigned MacBook Ultra with an OLED display is expected by early next year.

Here is what to expect from Apple by the end of 2027, according to Gurman and other sources.

iPhones

iPhone 18 Pro: A20 Pro chip, a smaller Dynamic Island, a simplified Camera Control button, a Dark Cherry color option, variable aperture for at least one rear camera, Apple's C2 modem with support for 5G web browsing via satellite, and more.
iPhone 18 Pro Max: The same features rumored for the iPhone 18 Pro, but the Pro Max model may or may not be slightly thicker.
iPhone Ultra: A foldable iPhone Ultra with a 7.7-inch inner display and 5.3-inch outer display, two rear cameras, one front camera, a Touch ID power button instead of Face ID, and more. iOS 27 is expected to be tailored for the foldable iPhone, allowing for side-by-side apps and other iPad-like multitasking functionality.
iPhone Air 2: The addition of an Ultra Wide camera, an A20 chip, and longer battery life.
iPhone 20 Pro and iPhone 20 Pro Max: Apple's 20th-anniversary iPhone models are rumored to feature a "nearly edge-to-edge display" with "curved glass that wraps around the sides."
Apple Watches
Apple Watch Series 12: A faster S11 chip or newer, plus design changes such as Touch ID and/or more health sensors (disputed).
Apple Watch Ultra 4: A faster S11 chip or newer, plus design changes such as Touch ID and/or more health sensors (disputed). There may also be additional satellite features for the Apple Watch Ultra 3 and newer, such as Apple Maps via satellite and the ability to send and receive photos with Messages via satellite.iPads
iPad 12: A16 chip → A18 chip or A19 chip with Apple Intelligence support.
iPad mini: A17 Pro chip → A19 Pro or A20 Pro chip, an OLED display, a vibration-based speaker system, and a water-resistant design.
Macs

Mac Studio: M4 Max and M3 Ultra chips → M5 Max and M5 Ultra chips.
Mac mini: M4 and M4 Pro chips → M5 and M5 Pro chips.
iMac: M4 chip → M5 chip, plus new color options.
MacBook Ultra: A major MacBook Pro redesign in late 2026 or early 2027, with M6 Pro and M6 Max chips, an OLED display, a touch screen, a Dynamic Island, and a thinner design. On this laptop, which will reportedly be named MacBook Ultra, macOS 27 is expected to offer a touch-friendly interface.Home, AirPods, Smart Glasses

Apple TV: A17 Pro chip with support for the more personalized Siri, and Apple's N1 chip with Wi-Fi 7 support. A built-in FaceTime camera has been rumored for a future Apple TV, but it is unclear if that will arrive with the next model.
HomePod mini: S9 chip or newer with support for the more personalized Siri, Apple's N1 chip with Wi-Fi 7 support, improved sound quality, a second-generation Ultra Wideband chip, and potentially new color options like red.
HomePod: A new full-sized HomePod that supports the revamped Siri.
Home Hub: An all-new smart home hub featuring the more personalized version of Siri, a 6-inch to 7-inch square display, an A18 chip for Apple Intelligence, FaceTime, and more. Place it on a table or mount it on a wall.
AirPods Ultra: AirPods with cameras for Siri AI/Visual Intelligence.
Apple Glasses: Apple is rumored to be planning smart glasses with oval-shaped cameras, custom frame designs, and more.Tags: Bloomberg, Mark Gurman
This article, "Apple to Release These 20 New Products Across Rest of 2026 and 2027" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple last week unveiled five new apps, with four announced at WWDC 2026 alongside its upcoming fall software updates, one released in beta for developers, and one released independently by its subsidiary Claris.



Siri AI App

One of the biggest announcements of WWDC 2026 was Siri AI, a ground-up rebuild of Apple's voice assistant that for the first time comes with a dedicated standalone app.

Like other chatbots, Siri can search the web and access general world knowledge, evaluate documents, solve math problems, and take action in and across apps, such as getting detailed Maps directions with multiple stops, editing and sharing photos, or writing an email in the user's own writing style. The app lets users type or talk to it like a chat thread, and syncs conversation history across all devices through iCloud.

The ‌Siri‌ app is available in most of Apple's next-generation operating systems, arriving this fall as part of iOS 27, iPadOS 27, macOS Golden Gate, watchOS 27, and visionOS 27. The operating systems are currently available to developers in beta, though access to Siri AI itself involves a waitlist. ‌Siri‌ AI will not be available in the EU at launch, though Apple says it is working on a path forward.

Apple TV Remote App Returns

Apple used to offer an Apple TV Remote app in the App Store, but it was removed in 2020. With this year's major updates, Apple is restoring the app as a proper Home Screen icon. It comes pre-installed with ‌iOS 27‌ and ‌iPadOS 27‌. To add it to the ‌Home Screen‌ as an app, users can swipe down, search for "Remote," then tap and hold the app icon to drag it into place. It is also accessible via the App Library.

All-New Find My on Apple Watch

‌watchOS 27‌ is bringing a long-overdue consolidation to Find My on Apple Watch. Previously split across separate Find Devices, Find People, and Find Items apps, the new app consolidates everything into a single, map-centric interface.

The main screen provides quick access to actions like getting directions and finding nearby items, and Precision Finding is available for locating a paired iPhone, AirPods Pro 3, or AirTag 2. The redesign also introduces more flexible sharing options, giving users greater control over how they share their location and item tracking with others.

Pass Designer

Apple also introduced Pass Designer, a new Mac app for building and previewing Apple Wallet passes aimed at developers and businesses. The app supports templates provided by Apple or custom designs, letting developers bring in images such as logos, backgrounds, and strip images. As edits are made, Pass Designer updates a real-time preview using the same rendering as iOS and watchOS, so what is seen in Pass Designer is exactly what customers will see on their device. Pass Designer validates the pass as work progresses, alerting developers to issues such as missing required key values.

For boarding passes and event tickets, Pass Designer also supports semantic tags, which add structured data such as event dates, venue locations, and flight details that the system uses to enable features like ‌Siri‌ Suggestions, Calendar integration, and Maps directions. It can also automatically generate a backward-compatible pass structure from semantic data, ensuring passes work across devices where semantic tags may not be supported.

Pass Designer beta requires macOS 27 or later and is available to download now for registered Apple developers.

Claris FileMaker Go 2026

Unlike the four WWDC announcements, this app is already available. Claris FileMaker Go 2026 became available on June 10. FileMaker is a low-code database application platform that lets users build custom apps to organize, manage, and automate data without extensive programming knowledge.

The new version of the app adds support for iOS and iPadOS 26, and brings Google Gemini to FileMaker's roster of supported AI models, which already includes Anthropic, OpenAI, and Cohere. The 2026 release also focuses on developer productivity, infrastructure resilience, and an AI-ready architecture, and was shaped directly by feedback from the Claris developer community.

FileMaker is developed by Claris International, a subsidiary of Apple.
This article, "Apple Unveiled These Five New Apps Last Week" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
As previously announced, Apple is moving forward with permanently closing three of its retail stores in the U.S. today, including a unionized location.


The locations that are closing on the evening of Saturday, June 20:
Apple Trumbull in Trumbull, Connecticut
Apple North County in Escondido, California
Apple Towson Town Center in Towson, Maryland
In April, Apple said it made the "difficult decision" to close the stores due to "declining conditions" at the shopping malls in which they are located.

Notably, the staff at the Towson Town Center location became Apple's first retail employees in the U.S. to unionize in 2022. They belong to the International Association of Machinists and Aerospace Workers' Coalition of Organized Retail Employees (IAM CORE), and they signed a collective bargaining agreement with Apple in 2024.

Apple Towson Town Center
The union and the store's employees have been protesting the planned closure, and some politicians in Maryland have voiced their support.

The union is upset that Apple is allowing non-unionized employees at the Trumbull and North County stores to transfer to nearby locations, but not extending this offer to unionized employees at the Towson location. For its part, Apple said it is simply honoring the terms of the collective bargaining agreement that the employees agreed to.


According to Apple, the contract states that in the event of a store closure, Apple would transfer or rehire employees if the company opened a new store within 50 miles of the current location at Towson Town Center. In any other circumstance, the union negotiated for employees to receive severance, which is being provided.

Apple said it has no current plans to open a new store in the area, but if it were to do so within 18 months after the collective bargaining agreement was ratified, the affected employees would have the right of first refusal.

Nevertheless, IAM has accused Apple of potential union busting and said that the agreement "requires equal treatment."

"Apple workers in Towson voted to join the IAM, fought for and won a contract, and are now being punished for it," said IAM President Brian Bryant. "Apple signed a collective bargaining agreement that requires equal treatment. It is time for Apple to honor that agreement and do right by these workers before June 20."

Towson Town Center is genuinely in a state of decline and has lost many other major retailers in recent years, so it is very likely that Apple is exiting the shopping mall at least partly due to the worsening conditions. Nevertheless, the situation might lead employees at other stores to worry that joining a union does not always work out, and that could be advantageous to Apple given that the company has discouraged unionization.Tag: Apple Store
This article, "Three Apple Stores in U.S. Are Permanently Closing Today" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
While Apple held out as many other smartphone and computer manufacturers raised prices in the face of massive increases in memory and storage costs, CEO Tim Cook has signaled that Apple will soon have to follow suit as the "situation has become unsustainable."


In other news this week, rumors covered not just the iPhone 18 but also the 20th anniversary iPhone that's still over a year away, while Apple customers can some receive new perks with Chase credit cards and we went hands on with macOS Golden Gate to see what's new, so read on below for all the details on these stories and more!

Top Stories

Tim Cook Says Apple Price Increases Are 'Unavoidable' Due to Memory Costs

Hang onto your hats! Apple will be raising prices on at least some products to offset the high cost of memory and storage, CEO Tim Cook told The Wall Street Journal this week. Apple is no longer able to absorb the increased prices and will need to pass some of the cost on to consumers.


"Unfortunately, price increases are unavoidable," said Cook. "We're doing our best to mitigate the huge increases that are being passed to us, and we've been trying to shield our customers from the increases, but the situation has become unsustainable."

Cook did not say which products will get price increases or how much pricing will go up. The iPhone 18 Pro and ‌iPhone 18 Pro‌ Max coming in September could be more expensive than the iPhone 17 Pro and ‌iPhone 17 Pro‌ Max, while prices on iPads and Macs could also go up in the near future.

Apple's 20th Anniversary iPhones to Come in Two Sizes, Will Launch Alongside Gen 2 Foldable iPhone

Apple is "ramping up" work on the 20th anniversary iPhone that it plans to launch next year, reports Bloomberg. Multiple rumors have suggested the device will have an edge-to-edge display with curved glass at all sides for a nearly borderless visual effect.


There will be two anniversary models similar in size to the iPhone 18 Pro and ‌iPhone 18 Pro‌ Max that are launching this September. The ‌iPhone 18 Pro‌ and ‌iPhone 18 Pro‌ Max are expected to be the same size as current iPhone 17 Pro models, which suggests the anniversary iPhone could be available in 6.3- and 6.9-inch sizes.

iPhone 18 to Pack 12GB of RAM for Smarter Siri Features, No Price Bump

Cook's comments about raising prices in response to increased memory and storage costs come just after one analyst firm claimed that Apple does not intend to raise the price of its standard flagship model when the iPhone 18 debuts. The iPhone 18 will, however, see an upgrade to 12GB of memory to enable it to support the most powerful on-device AI models unveiled at WWDC last week.


Breaking from long-standing tradition, the iPhone 18 will apparently not be introduced in September alongside the Pro models, with Apple pushing back the standard model to a launch in the spring of 2027. That rumor has been circulating for quite some time, but the chairman of Apple supplier Largan Precision took the unusual step of essentially confirming the change without specifically naming Apple.

Chase Sapphire Preferred Card Introduces New Perk for Apple Customers

Chase this week announced new perks for its Sapphire Preferred credit card, and one of them is a complimentary one-year Apple TV streaming subscription.


To get the free year of Apple TV, which typically costs $12.99 per month in the U.S., you must activate the card by December 31, 2026. Apple One subscribers can receive a $7.50 discount per month instead.

The Apple One discount extends to Chase's premium Sapphire Reserve credit card as well. The Sapphire Reserve has offered free subscriptions to both Apple TV and Apple Music since last year, but now cardholders can receive a combined $15/month discount on an Apple One subscription instead.

macOS 27 Golden Gate Hands-On: Every Major New Feature

macOS 27 Golden Gate is in beta ahead of a fall release, and we thought we'd go over what's new for those who don't want to risk beta software on their Mac. macOS Golden Gate adds Siri AI, Liquid Glass updates, and multiple new Apple Intelligence features.


‌Check out our hands-on video for a summary of what's new in the release!

iOS 27 Adds Landscape Mode to More Apple Apps Ahead of 'iPhone Ultra'

iOS 27 enables landscape mode in more of Apple's built-in iPhone apps, including Apple Music, Podcasts, Fitness, Health, Reminders, Home, Shortcuts, Apple Watch, Find My, Weather, Voice Memos, Apple TV Remote, and others.


Many of the apps feature a left-aligned sidebar in landscape mode. In the Messages app, which already supported landscape orientation on iOS 26 and earlier, you can now collapse the sidebar to show only names and profile pictures.

Landscape mode was already available on iOS 26 or earlier in Apple Maps, Calendar, Files, Notes, Mail, and some other Apple apps too, but iOS 27 expands support to many more apps. This change could be laying the groundwork for the "iPhone Ultra," as landscape-friendly apps would be well suited for the rumored foldable device.

MacRumors Newsletter

Each week, we publish an email newsletter like this highlighting the top Apple stories, making it a great way to get a bite-sized recap of the week hitting all of the major topics we've covered and tying together related stories for a big-picture view.

So if you want to have top stories like the above recap delivered to your email inbox each week, subscribe to our newsletter!Tag: Top Stories
This article, "Top Stories: Apple Price Hikes Coming, 20th Anniversary iPhone Rumors, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
One of the world’s top ransomware groups has given its criminal affiliates access to advanced tools capable of successfully disabling many of today’s enterprise endpoint detection and response (EDR) products, new research by security company ESET has found.
The group in question is The Gentlemen, which, since its appearance last year using this moniker, has become one of the most successful ransomware-as-a-service (RaaS) platforms thanks to a business model that gives affiliates an unusually generous 90/10 revenue split.
In May, the group’s servers were breached by an unknown attacker, who posted materials subsequently analyzed by researchers to uncover deeper insights into the group’s operation.
One tactic that ESET thinks hasn’t had the attention it deserves is the growing importance of ‘EDR killers’ in the estimated 300 ransomware attacks carried out via The Gentlemen platform.
EDR killers, tools which attempt to bypass or disable PC and server endpoint security agents during a cyberattack, are not new, but have gradually increased in number and sophistication. However, the barrier to using them in a ransomware context is that an affiliate still needs to develop or source their own EDR killer tool, a major undertaking given the large number of EDR products in use by defenders.
The leak confirmed ESET’s suspicion that The Gentlemen had developed its own EDR killer framework, dubbed ‘GentleKiller’, which gives affiliates access to a wide range of sophisticated EDR killer routines without having to any of the work themselves. The Gentlemen also integrates well-known third party tools such as HexKiller, ThrottleBlood, and HavocKiller.
Bring your own vulnerable driver
According to ESET researcher Jakub Souček, the effect of this has been to democratize EDR killing capabilities, which have become essential to evading enterprise defenses.
“By providing such tools for affiliates, they lower the entry barrier for less skilled affiliates, who, on top of the encryptor, also receive everything they need to perform intrusions. This naturally expands the affiliate pool and enables consistent encryptor deployment,” Souček said via email.
Across a total of eight variants, a central element of the framework was the ability to quickly deploy new bring your own vulnerable driver (BYOVD) proofs-of-concept used to gain kernel-level privileges after loading a vulnerable driver into memory. The technology was bundled with evasions for 400 EDR processes from 48 different vendors.
The principle behind BYOVD is simple enough: once an attacker has gained admin privileges through an account takeover, they load a legitimate, but old and vulnerable vendor driver, inside which lies an exploitable vulnerability. This extends the power of admin control to kernel level, allowing them to target the EDR drivers in a direct way.
EDR tools’ vulnerability to a newer generation of evasion techniques has been known for some time; a 2024 study by security company Trellix highlighted this weakness, and earlier this year, another security vendor, Huntress, reported a recent case in which BYOVD had been used to load and target a vulnerable old driver to shut down EDR defenses.
“The biggest defense obstacle is the fact that EDR killers rely on vulnerable non-malicious drivers that are often still used legitimately,” noted Souček.
To defend against this, enterprises should enforce protections such as Hypervisor-Protected Code Integrity (HVCI) and Kernel-mode Code Integrity (KMCI), which make it more difficult for old or unsafe drivers to be loaded, he said.
According to Souček, “companies should also enforce strict allow and block driver policies, including via custom rules that fit their organization, continuously audit and remove unnecessary drivers, and ensure vulnerable drivers are updated or eliminated. Preventing the installation of such drivers renders the EDR killer benign.”
View the full article
On this week's episode of The MacRumors Show, we continue unpacking WWDC 2026 and take a closer look at iOS 27, macOS Golden Gate, and Apple's other new software updates coming this fall.

Subscribe to The MacRumors Show YouTube channel for more videos
iOS 27 supports the same iPhones as iOS 26, including the iPhone 11 and second-generation iPhone SE, giving the update the widest device compatibility of any iOS release to date.

macOS Golden Gate drops Intel Macs entirely, confirming the end of an era that Apple flagged a year earlier when it said macOS Tahoe would be the final release for pre-Apple silicon machines. Four models that ran Tahoe miss out: the 16-inch MacBook Pro (2019), the 13-inch ‌MacBook Pro‌ with four Thunderbolt 3 ports (2020), the 2020 iMac, and the 2019 Mac Pro. Golden Gate is also the last version with full Rosetta 2 support, meaning the translation layer that keeps Intel-built apps running on Apple silicon will disappear entirely after this release.

iPadOS 27 raises its hardware floor to the A14 Bionic or M1 chip, cutting the fifth-generation iPad mini, the eighth-generation iPad, the third-generation iPad Air, the first-generation 11-inch iPad Pro, and the third-generation 12.9-inch ‌iPad Pro‌.

watchOS 27 makes the steepest cuts in Apple Watch history, dropping the Series 6, Series 7, Series 8, original Ultra, and second-generation SE in a single wave and effectively erasing three years of device support at once. The only models that remain compatible are the Series 9, Series 10, Series 11, Ultra 2, Ultra 3, and SE 3.

tvOS 27 drops two Apple TV models, the Apple TV HD from 2015 and the first-generation ‌Apple TV‌ 4K from 2017, leaving only the second- and third-generation ‌Apple TV‌ 4K boxes supported.

In ‌iOS 27‌, notifications now slide in from the left edge of the screen rather than dropping down from the top, and reaching Notification Center requires swiping down from the top-left corner instead of the center, freeing up that gesture for Siri. Other changes include colorful sidebar icons, real-time widget updates when an app is already open, extra-large Home Screen widgets, and web audio that no longer interrupts other system audio.

The centerpiece of the update is Siri AI, which replaces Spotlight with a "Search or Ask" interface accessed by swiping down from the center of the display. ‌Siri‌ is designed to tone-match a user's own writing style when composing messages. Apple's pill-shaped ‌Siri‌ indicator is seemingly a hardware workaround for current Dynamic Island constraints, and a smaller ‌Dynamic Island‌ on the iPhone 18 Pro could allow the indicator to become a true circle. On the Apple Watch, ‌Siri‌ AI requires pairing with an iPhone that supports Apple Intelligence. In the European Union, ‌Siri‌ AI is available on macOS and visionOS at launch but not on the iPhone or ‌iPad‌.

‌Apple Intelligence‌ is also getting smarter Writing Tools and a composition assistant in Mail and Messages that adapts to how a user typically communicates with different contacts. Apple has overhauled Genmoji, adding a "Describe a change" interface for iterating on existing creations and the ability to start a new Genmoji from an existing emoji, a photo, or a person tagged in the user's photo library. Image Playground similarly adds support for multiple aspect ratios for wallpapers, Contact Posters, and social media images, alongside new photorealistic image generation.

Visual Intelligence, meanwhile, gets a new primary entry point called ‌Siri‌ Mode, though holding down Camera Control still works as an alternative. The feature is expanding to the ‌iPad‌ and Mac, and now supports importing multiple calendar events from a single photo of a flyer, as well as importing contacts directly from a photographed business card.

On the Mac, ‌macOS Golden Gate‌ extends toolbars and sidebars to the edges of the screen with a more consistent, tighter corner radius across windows. iPadOS 27 adds undo and redo for ‌Home Screen‌ edits, extra-large widgets in Today View, an optional persistent menu bar, and Visual Intelligence support for screenshots combined with Apple Pencil highlighting. Notes gains an Image Wand tool that generates photorealistic images from rough sketches, the ‌Siri‌ app gets a dedicated sidebar with full windowing support, and Shortcuts adds support for Magic Keyboard triggers.

watchOS 27 drops the Walkie-Talkie app entirely, with the feature missing from both the app list and Control Center in the first developer beta, while adding new Smart Stack suggestions, more accurate step tracking, and a consolidated Find My app. visionOS 27 lets users activate ‌Siri‌ simply by looking at its on-screen bubble rather than requiring a button press, and adds a redesigned Control Center along with new curved windows. tvOS 27 brings a redesigned Podcasts app, Hi-Res Lossless audio support in Apple Music, and on-device processing for HomeKit Secure Video.

The MacRumors Show has its own YouTube channel, so make sure you're subscribed to keep up with new episodes and clips.

Subscribe to The MacRumors Show YouTube channel!

You can also listen to ‌The MacRumors Show‌ on Apple Podcasts, Spotify, Overcast, or other podcast apps. You can also copy our RSS feed directly into your player.



If you haven't already listened to the previous episode of The MacRumors Show, catch up to hear our discussion about all of the major announcements Apple unveiled at WWDC 2026, including ‌Siri‌ AI, new ‌Apple Intelligence‌ features in apps, and system-wide performance and design improvements.

Subscribe to ‌The MacRumors Show‌ for new episodes every week, where we discuss some of the topical news breaking here on MacRumors, often joined by interesting guests such as Kayci Lacob, Kevin Nether, John Gruber, Mark Gurman, Jon Prosser, Luke Miani, Matthew Cassinelli, Brian Tong, Quinn Nelson, Jared Nelson, Eli Hodapp, Mike Bell, Sara Dietschy, iJustine, Jon Rettinger, Andru Edwards, Arnold Kim, Ben Sullins, Marcus Kane, Christopher Lawley, Frank McShan, David Lewis, Tyler Stalman, Sam Kohl, Federico Viticci, Thomas Frank, Jonathan Morrison, Ross Young, Ian Zelbo, and Rene Ritchie.

‌The MacRumors Show‌ is on X @MacRumorsShow, so be sure to give us a follow to keep up with the podcast. You can also email us at [email protected] or head over to The MacRumors Show forum thread. Remember to rate and review the podcast, and let us know what subjects and guests you would like to see in the future.Related Roundups: iOS 27, iPadOS 27, watchOS 26, watchOS 27Tag: The MacRumors ShowRelated Forum: Apple Watch
This article, "The MacRumors Show: Hands-On With iOS 27, Brutal watchOS 27 Cuts, and More" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Alogic this week unveiled a new lineup of touchscreen displays that bring touch and stylus functionality to Macs, including the FOKUS interactive touchscreen series, the Aspekt Touch 27" monitor, and new Folio portable touchscreen displays.

Aspekt Touch 27"
While Apple has yet to release a touchscreen Mac, Alogic has established itself as one of the few display makers offering touch-enabled monitors designed to work with macOS. The company's latest products continue that focus, aiming to give Mac users a more direct way to interact with content using touch gestures and stylus input.

The new FOKUS series consists of 43-inch, 55-inch, and 65-inch 4K touchscreen displays designed for collaborative environments such as conference rooms, classrooms, and creative workspaces. The displays support multitouch interaction and work with Alogic's Active Stylus, which offers 4,096 levels of pressure sensitivity for writing, drawing, and annotation.

FOKUS 55"
For Mac users, the key feature is touch support. Since macOS does not natively offer touchscreen functionality, Alogic provides software that enables touch gestures, navigation, annotation, and drawing on connected Macs. The company has offered similar capabilities in previous touchscreen displays, including its Clarity lineup.

Alogic is also introducing the Aspekt Touch 27" monitor, a scaled down version of the existing Aspekt Touch 32" delivering multitouch and stylus support. The Aspekt Touch 27" features a 4K panel with 600 nits of brightness, integrated docking functionality with multiple USB-C and USB-A ports plus Ethernet and audio. It can accept HDMI 2.0, DisplayPort 1.4, and USB-C connections and can deliver 90 watts of charging power over USB-C for connected laptops.

Aspekt Touch 27"
The Aspekt Touch 27" is available in Silver and Space Black color options, with three stand options: a traditional Raise Stand, a Fold Stand that brings the display down to a comfortable stylus drawing position, and an Omni Fold Stand that offers the same functionality as the Fold Stand but which includes a built in mount for a Mac mini at the base of the display.

The company also announced new Folio portable touchscreen monitors for users who need a secondary display while traveling. The Folio models feature a folding cover that doubles as a stand and connect through USB-C, making them a natural companion for MacBooks. The standard Folio model features a single 16-inch display at a resolution 2,560 x 1,440, while the Folio Duo includes two of these screens stacked on top of each other. The Folio Duo can also be rotated 90º to orient the two displays side-by-side in a portrait orientation.

Folio Duo
Portable touchscreen displays are widely available, but many function only as standard monitors when connected to a Mac. Alogic has differentiated itself by supporting touch input on macOS, allowing users to interact directly with apps, presentations, documents, and creative projects.

The products arrive as interest in touchscreen Macs continues to grow. Reports over the past several years have suggested Apple has explored touchscreen Mac hardware, but the company has yet to introduce a Mac with a touch-enabled display with the first rumored to be a "MacBook Ultra" coming in late 2026 or early 2027. In the meantime, third-party solutions like Alogic's monitors offer Mac users a way to add touch functionality to their existing setups.

The new FOKUS, Aspekt Touch 27", and Folio displays were showcased at InfoComm 2026 this week as part of Alogic's expanding monitor portfolio. The FOKUS displays will be launching by September, priced at $2,799 for the 43-inch model, $3,299 for the 55-inch model, and $3,999 for the 65-inch model. The Folio ($899) and Folio Duo ($1,299) should become available around the same September time frame, while the Aspekt Touch 27" (starting at $1,799) and the Active Stylus with wireless charging ($149) will be available starting next month.Tag: Alogic
This article, "Alogic Debuts New Touchscreen Monitors and Portable Displays With Mac Support" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. "With these actions we deprive cybercriminals of access to infected computer systems," Maikel Rollman of the Netherlands National High Tech Crime Unit said. "This preventsView the full article
Amazon is soon to be back with its annual summertime Prime Day event, lasting for four days from June 23-26, one of the longest Prime Day events yet. As it does every year, Prime Day offers shoppers a huge selection of deals across Amazon's storefront, and there are already many deals you can get on sale ahead of the event.

Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running.

For our coverage, we're focusing on early discounts for Apple and Apple-related products that can be purchased right now on Amazon. As of today, this includes deals on AirPods, Apple Watch, iPad, monitors, charging accessories, and more. We're also sharing deals being matched at retailers like Best Buy in some cases.

EARLY SAVINGSAmazon Prime Day 2026

As is typical for Prime Day deals, these markdowns are very time sensitive, so sales listed below may disappear fast, and new ones may appear even faster. With this in mind, we'll keep this article updated over the next few days, and keep an eye on the MacRumors front page as we'll be posting particularly great deals in separate articles next week.

Lastly, and perhaps most importantly, Amazon Prime Day requires you to have an Amazon Prime membership to take advantage of the discounts. Amazon Prime costs $14.99 per month or $139.00 per year, and it comes with a 30-day free trial for new subscribers.

Special for 2026, Amazon is also offering 50% off Prime memberships for Young Adults. Prime for Young Adults is a discounted Prime membership for anyone age 18-24 that offers all of the Prime benefits at $69.00 per year, half of the price of regular Prime.

Apple

AirPods


Amazon has the AirPods Max 2 on sale for $499.00 in all colors, down from $549.00. This is an all-time low price on the headphones. This is accompanied by a great discount on the AirPods 4 for Prime Day, available for $99.00, down from $129.00.

$30 OFFAirPods 4 for $99.00
$50 OFFAirPods Max 2 for $499.00iPad


Amazon is taking up to $52 off Wi-Fi and cellular models of Apple's 11th generation iPad for Prime Day. Prices start at $299.00 for the 128GB Wi-Fi iPad, down from $349.00, a second-best price on this model.

$50 OFF128GB Wi-Fi iPad for $299.00
$50 OFF256GB Wi-Fi iPad for $399.00
$52 OFF512GB Wi-Fi iPad for $597.00Apple Watch Ultra 3


Amazon has the Apple Watch Ultra 3 on sale for $99 off the Black Titanium model with the Black Ocean Band this week. It's been nearly two months since we last tracked notable discounts on the Apple Watch Ultra 3, and right now only two models are on sale at $99 off.

$99 OFFApple Watch Ultra 3 for $699.99

There are discounts on a wide array of different Ultra 3 models, but they're only hitting around $50 off as of writing.Apple Watch Series 11


In terms of watches, you'll also find all-time low prices on the Apple Watch Series 11 on Amazon ahead of Prime Day, with $100 discounts across numerous models of the smartwatch. This sale includes a handful of GPS aluminum models on sale at record low prices.

$100 OFFApple Watch Series 11 (42mm GPS) for $299.00
$100 OFFApple Watch Series 11 (46mm GPS) for $329.00

You can get the 42mm GPS Apple Watch Series 11 for $299.00, down from $399.00, and the 46mm GPS model for $329.00, down from $429.00. On Amazon, you'll find four of the 42mm GPS models and four of the 46mm GPS models on sale at these all-time low prices.MacBook Air


You'll find $149 off a few models of the 13-inch M5 MacBook Air on Amazon this week, starting at $949.99 for the 512GB model, down from $1,099.00.

$149 OFF13-inch M5 MacBook Air (512GB) for $949.99
$149 OFF13-inch M5 MacBook Air (16GB/1TB) for $1,149.99More Deals


Highlights of early Prime Day accessory sales include a handful of monitor deals, like the 32-inch Samsung OLED M90SF Smart Monitor for $1,199.99, down from $1,599.99, which is a match of the best-ever price on this model. Below you'll also find great deals on monitors from Dell and LG.

$400 OFF32-inch Samsung Smart Monitor M9 for $1,199.99

These new deals join ongoing highlights of early Prime Day deals, including Anker's Prime 3-in-1 Wireless Charging Station, available for $109.99 on Amazon this week, down from $149.99. This is one of Anker's newest accessories, and Amazon's sale today is a solid second-best price on the device.

$40 OFFAnker Prime 3-in-1 Wireless Charging Station for $109.99

We're also tracking big discounts from brands like Sony, Samsung, Sonos, and more in the lists below. Accessories on sale include USB-C wall chargers, MagSafe-compatible wireless chargers, portable batteries, headphones, and soundbars.

Monitors

32-inch Samsung Odyssey G5 Monitor - $189.99, down from $329.99
27-inch Samsung Odyssey G5 Monitor - $203.00, down from $249.99
27-inch Dell Plus 4K Monitor - $279.99, down from $299.99
27-inch LG Ultragear Gaming Monitor - $319.99, down from $499.99
27-inch Samsung Odyssey OLED G5 Gaming Monitor - $419.22, down from $499.99
32-inch Samsung Smart Monitor M9 - $1,199.99, down from $1,599.99
UGREEN

2-Bay Desktop NASync - $199.99, down from $219.99
2-Bay Desktop NAS - $389.99, down from $439.99
4-Bay Desktop NAS Pro - $719.99, down from $799.99
Wall Chargers

Anker Nano USB-C Wall Charger - $29.99, down from $39.99
UGREEN 100W GaN 4-Port Charger - $42.99, down from $54.99
Anker 140W 4-Port GaN USB-C Charger - $79.99, down from $99.99
Anker 3-Port Prime Charger - $115.99, down from $149.99
Wireless Chargers

Anker 3-in-1 MagSafe-Compatible UFO Charger - $69.99, down from $89.99
Anker 3-in-1 MagSafe-Compatible Foldable Charging Station - $79.99, down from $109.99
Anker 3-in-1 MagSafe-Compatible Charging Cube - $89.99, down from $129.99
Anker 3-in-1 Prime Wireless Charging Station - $109.99, down from $149.99
Anker Prime MagSafe-Compatible 3-in-1 Charging Station - $159.99, down from $229.99
Portable Chargers


Anker Prime Power Bank 20,100 mAh - $149.99, down from $179.99
Anker SOLIX C300 Power Station with Lantern - $179.99, down from $249.00
Anker Prime Power Bank 26,250 mAh - $279.99, down from $329.99
Anker SOLIX C1000 Gen 2 Portable Power Station - $499.99, down from $799.00
Jackery Explorer 1000 v2 Portable Power Station - $429.00, down from $799.00
Anker SOLIX C2000 Gen 2 Portable Power Station - $799.99, down from $1,499.00
Audio

Sonos Beam Gen 2 - $369.00, down from $499.00
Sony WH-1000XM6 Noise Canceling Wireless Headphones - $398.00, down from $459.00
Sonos Arc Ultra Soundbar - $899.00, down from $1,099.00

If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week.



Deals Newsletter

Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season!




Related Roundup: Apple Deals
This article, "Prime Day 2026: Best Early Apple Device and Accessory Deals Now Live" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Microsoft Office users may find that some of their applications are failing to open when called on by third-party applications. It’s an issue that has emerged after the latest round of Microsoft updates.
The problem affects Word, Excel, and other Office applications opened from third-party offerings including CCH Engagement, Workpaper Manager, Zotero, or dental office software such as Dentrix or Softdent.
The update issued on June 9 appears to have triggered problems with the OLE automation that these third-party applications use to interact with Office. Users have reported that files are failing to open, with no error message indicating what has gone wrong,
According to one Windows user forum, the issue is particularly frustrating because of this lack of error message. As one user put it, “‘Word won’t open from our workpaper system’ is functionally the same as ‘Word is broken.’ To an administrator, the difference determines whether the next hour is spent repairing Office, rolling back Windows, calling a line-of-business vendor, or opening a Microsoft support case.”
Microsoft has said that it is aware of the issue and is working towards a resolution.
Deleting mystery file
The company is also looking to fix a minor issue that has emerged from this latest round of updates: Users are finding that when items are deleted, the confirmation dialog box displays the internal Recycle Bin file name (for example, $Rxxxxx.ext) instead of the original file name. However, Microsoft stressed that in the Recycle Bin, the item still appears with its original name.
This article first appeared on Computerworld.
View the full article
Apple today detailed why five Apple Watch models will miss out on watchOS 27 and the new Siri AI features that come with it.


The Apple Watch Series 6, 7, 8, SE 2, and the original Apple Watch Ultra will not receive watchOS 27, and will only get basic security updates going forward. With the update, Apple is effectively dropping three years' worth of device support in a single software update, which is unprecedented for the product line.

Speaking to TechRadar, Cait Dooley, Apple Watch and Health product marketing manager, said performance requirements were behind the cutoff:



Dooley added that older watches paired with an iPhone running the latest software will keep working and will continue to receive security updates.

David Clark, senior director of watchOS software engineering, said one of the goals of ‌watchOS 27‌ was to "expand the intelligence story on Apple Watch and make it a true co-partner to Apple Intelligence." He described the watch as often "the most convenient way to interact with ‌Siri‌," since it's on the wrist all day and useful for quick questions when hands are full:



Clark used the example of asking ‌Siri‌ on Apple Watch for a recipe's ingredients while grocery shopping with both hands full, then later pulling up the same list on the iPhone in an easier-to-read format. He called that handoff a "superpower."

‌watchOS 27‌ is currently available in beta to developers, with a public beta expected next month ahead of official release in the fall.Related Roundups: watchOS 26, watchOS 27Related Forum: Apple Watch
This article, "Apple Explains Why watchOS 27 Drops Support for So Many Models" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
Apple this week confirmed that price increases are coming across its lineup due to rising memory chip costs, and now The Wall Street Journal has published its own analysis estimating the iPhone 18 Pro could start as high as $1,399.


Speaking with The Wall Street Journal, Apple CEO Tim Cook acknowledged that the company is not immune to soaring memory chip costs. Asked which devices would see price increases and when, Cook said, "We're still working through that," with more clarification expected to arrive with the next iPhone lineup this September.

The price hikes stem from a global shortage of DRAM and NAND flash storage, driven largely by AI data centers competing for the same components. Manufacturers including Samsung Electronics and Micron Technology have been shifting production toward enterprise-scale memory chips for AI servers, squeezing supply for consumer electronics like the iPhone.

Citing analysis from research firm TechInsights, The ‌Wall Street Journal‌ now reports that prices for DRAM and flash storage are projected to roughly quadruple by this fall compared to last year. TechInsights estimates that Apple paid around $39 for the 12GB of DRAM in the iPhone 17 Pro, a cost that could climb to $145 in the ‌iPhone 18 Pro‌. The 256GB flash storage tier, which cost Apple about $13 in the ‌iPhone 17 Pro‌, could rise to $51.

Overall, TechInsights estimates Apple's component and manufacturing costs for the ‌iPhone 17 Pro‌ excluding memory at roughly $530. Combined with DRAM and flash storage, that puts the total estimated bill of materials for the base ‌iPhone 17 Pro‌ at about $582, with the ‌iPhone 18 Pro‌'s costs projected to rise 25% to around $726.

TechInsights' research suggests the $1,099 ‌iPhone 17 Pro‌ carries a gross margin of around 47%. To preserve that margin on the ‌iPhone 18 Pro‌, Apple would need to charge $1,371, but The ‌Wall Street Journal‌ notes that Apple's preference for standardized pricing makes a $1,299 starting price more likely, working out to a 44% margin.

That estimate doesn't factor in a new camera system, which supply chain analyst Ming-Chi Kuo says could cost Apple about 50% more than the previous generation. Accounting for that added cost using the same approach, The ‌Wall Street Journal‌ estimates Apple could set the ‌iPhone 18 Pro‌'s starting price at $1,399 or higher.

A starting price in that range would represent a $200 to $300 jump over the $1,099 ‌iPhone 17 Pro‌. The ‌iPhone 18 Pro‌ Max would likely start $100 above whatever price Apple sets for the Pro, consistent with the current gap between the two models. The ‌iPhone 18 Pro‌ models are expected to launch alongside the foldable "iPhone Ultra," which has been rumored to carry a starting price of around $2,000.Related Roundup: iPhone 18 ProTag: The Wall Street Journal
This article, "Report: iPhone 18 Pro Could Start at $1,399 Amid Price Hikes" first appeared on MacRumors.com

Discuss this article in our forums

View the full article
A simple framework has always governed security operations that I call the SOC Triangle. It is a balance between quality, consistency and cost efficiency.
Every SOC operates within it. Push for higher-quality investigations, deeper analysis, richer context, fewer missed signals and you pay for it in time and expertise. Standardize workflows to ensure consistency across every alert, and you often lose the flexibility needed to handle real-world complexity and nuance. Optimize for cost efficiency, and the pressure shows up quickly in both quality and consistency.
For years, the SOC Triangle has shaped how security teams are built and how they perform. This is why organizations add headcount to improve outcomes, rely on rigid playbooks to reduce variability and improve scale, and still struggle to operate at their theoretical best and optimize security and quality of service outcomes.
The constraint is not a failure of strategy. It is structural. And until recently, it was largely unavoidable.
Why the SOC was built this way
Most security operations centers are designed as human-routing systems. Alerts are ingested, triaged, escalated and resolved by analysts at multiple levels. Every meaningful step, including collecting evidence, correlating signals and making decisions, depends on human capacity.
That dependency introduces variability. Two analysts can approach the same alert differently, influenced by experience, fatigue and time pressure. To improve consistency, organizations introduce playbooks and workflows. But those controls often reduce flexibility, especially in complex cases, and fail to provide coverage where decision making relies in part on unstructured context, and where workflows may not be fully deterministic and require real-time reasoning to determine the best course of action.
At the same time, scaling either quality or consistency typically requires more people, reducing cost efficiency.
This is the SOC Triangle in practice: a system where improving one dimension creates friction in another.
The same constraint is also why the managed detection and response market exists. When organizations could not solve the triangle in-house, they outsourced it. But the service model does not eliminate the trade-offs. It reconstitutes them at the provider layer, where the same human-routing architecture, the same playbooks and the same staffing economics drive the same limits. Customers pay for consistency and predictability, and they get it. What they often do not get is the investigation depth and environmental customization tailored to their business context and to optimizing against their security program maturity goals that they would want if resources were not the binding constraint.
Where the model starts to break
The challenge is not just the existence of trade-offs, but their growing intensity.
Modern SOCs must process higher volumes of alerts across more tools and environments. The work itself, gathering and correlating evidence across identity systems, endpoints, cloud platforms and threat intelligence, is both repetitive and cognitively demanding.
Under this pressure, the triangle tightens.
Quality degrades because analysts do not have time to fully investigate every signal and rigid automation playbooks often fail to capture the depth and nuance that security leaders expect which results in increased friction for end users. Consistency suffers because decisions are made under time constraints. Cost rises because the only way to compensate is to add more people or accept increased risk.
This hits hardest for organizations that have outsourced SOC operations. Service economics lock the trade-offs in place. Per-alert pricing constrains how much investigation each signal receives. Standardized playbooks limit how much the service can tailor to a specific environment. Tier structures exist because the math of humans investigating alerts demands they exist. Every one of those mechanisms is a rational response to the triangle. None of them changes its shape and its fundamental constraints.
For years, this has been accepted as the cost of doing business, whether that business is run in-house or outsourced.
How AI changes the constraint
AI is often framed as a tool for efficiency. The more meaningful shift is that it changes how certain SOC workflows are executed.
Much of SOC work follows a pattern: gather data, correlate signals, ask follow-up questions and form a conclusion. These workflows are complex but repeatable. They require consistency and scale as much as expertise.
When those workflows are no longer constrained by human bandwidth, the SOC Triangle begins to change shape.
Quality improves because investigations can incorporate more meaningful data, apply investigative reasoning in real time and take into account unstructured information and business-specific context without shortcuts. Consistency improves because the same logic is applied across every alert. Cost efficiency improves because scaling no longer depends on linear increases in headcount.
I am watching this play out in production environments today. Investigations that used to consume the majority of Tier 1 and 2 analysts’ shifts now resolve in minutes, with deeper context than the human path could produce within these time frames. The same rigor is applied to every alert, not only the anecdotal ones that earn attention. What used to be a choice between going deep on a few cases or going shallow on many is no longer a compromise security leaders need to make.
For the first time, these dimensions are not strictly in opposition.
From trade-offs to expansion
This does not eliminate the SOC Triangle. It expands it.
Not every workflow can be automated, and not every decision can be reduced to a repeatable process. Strategic judgment, incident leadership and risk appetite remain human responsibilities and business decisions.
But the boundary within which SOC teams operate is no longer tied to legacy constraints.
Instead of choosing between quality, consistency and cost, organizations can begin to improve all three for the types of work best suited to machine execution. That is a meaningful shift, whether it occurs within a company’s SOC or in the service relationship with a partner that operates it.
Where it matters most
The impact is most visible in the high-volume workflows where performance gaps have been largest: alert triage and enrichment, initial investigation and evidence gathering, correlation across systems and routine response recommendations. These are the areas where human-led processes introduce the most variability, where time pressure degrades quality and where scaling costs are most visible. They are also the areas where trade-offs have historically been unavoidable.
The human role evolves
AI does not remove the need for human expertise. It changes where that expertise is applied.
As machines take on repeatable work, human effort shifts toward higher-value activities: interpreting ambiguous signals, managing complex incidents, setting policy and making risk-based decisions. The operating model moves from human-executed workflows to human-governed systems.
That changes what organizations should expect from security operations, whether in-house or outsourced. The conversation moves from “how many alerts did you close last week” to “what patterns are you seeing in my environment, and what should I do about them.” The output is judgment, not throughput. That is a different product than most security teams have been buying, and it is a different service than most managed detection and response service providers have been selling.
The shift that matters
For years, SOC leaders have accepted the triangle as a fixed constraint. What is changing now is not just the tooling. It is the economics of how security work is performed.
The triangle still exists. But it no longer defines a rigid set of trade-offs. In parts of the SOC and the services that support it, those trade-offs are beginning to loosen.
In a field where constraints have long dictated outcomes, that shift matters.
This article is published as part of the Foundry Expert Contributor Network.
Want to join?
View the full article
Modern enterprise infrastructure has outgrown human capacity. Cloud-native ecosystems generate an overwhelming amount of telemetry data—millions of logs, metrics, and traces pass through your monitoring pipelines every single second. When an outage occurs, it rarely triggers a single, clear alert. Instead, it sparks a catastrophic alert storm, drowning your on-call engineers in noise while systems crumble.
Traditional monitoring frameworks operate on static, hard-coded thresholds. They tell you when an event crosses a specific limit, but they cannot tell you why a multi-tier microservice architecture failed dynamically. This gap leads directly to alert fatigue, soaring Mean Time to Resolution (MTTR), and severe financial liabilities.
To break this cycle, organizations are rapidly transitioning from reactive monitoring to proactive intelligence using Artificial Intelligence for IT Operations. Structured AIOps Training has evolved from an optional skill development path into an absolute requirement for tech professionals. Let’s unpack the precise operational framework, architecture, toolchains, and educational roadmaps necessary to master AI-driven operations.
What is AIOps?
AIOps, a term originally coined by Gartner, stands for Artificial Intelligence for IT Operations. At its core, it represents the strategic convergence of Big Data, Machine Learning (ML), and advanced analytics with daily IT operations workflows.
The Evolution of Operational Models
Manual Monitoring (Pre-2000s): System administrators manually inspected physical server resource consumption and written logs. Siloed APM & Infrastructure Monitoring (2000s–2010s): The rise of specialized software to track application performance, though data remained isolated within discrete platforms. Cloud-Scale Observability (Mid-2010s): Unified gathering of structural system outputs (Metrics, Logs, Traces) across ephemeral, highly distributed container platforms. Intelligent AI Operations (Present): Eliminating the human bottleneck by applying automated data pipelines and machine learning algorithms to real-time observability data streams. Traditional monitoring platforms rely heavily on human configuration to define what constitutes an error condition (e.g., CPU usage greater than 85%). AIOps flips this equation entirely. By ingestively processing raw telemetry, an AIOps platform automatically derives baseline behavior, isolates statistical anomalies, correlates independent events across system layers, and triggers targeted automated responses.
Data Inputs and Platform Framework
An effective enterprise operational environment maps telemetry inputs directly through an analytical pipeline to execute clean automation:
[ Raw Telemetry Data Inputs ] ├── Metrics (Time-series metrics from Prometheus) ├── Logs (Unstructured text streams from Fluentd / Elastic) ├── Traces (Distributed spans from OpenTelemetry) └── Topology (Orchestration context from Kubernetes) │ ▼ [ Unified Big Data Ingestion Layer ] │ ▼ [ Machine Learning Analytics Engine ] ├── Base Behavioral Profiling ├── Dynamic Anomaly Detection └── Topology-Aware Event Correlation │ ▼ [ Actionable Output & Automation Layer ] ├── Root Cause Analysis (RCA) Dashboards └── Auto-Remediation Playbooks (Ansible / Runbooks) Why AIOps Matters in Modern IT Operations
When software infrastructure migrates to dynamic, multi-cloud platforms, the underlying operational dependencies multiply exponentially. AIOps platforms resolve these complexities across several key functional layers:
1. Advanced Incident Intelligence & Noise Reduction
A minor configuration drift in an API gateway can cause thousands of downstream microservices to throw connection timeouts. In a standard setup, this results in an immediate cascade of redundant pages. AIOps systems utilize topology-aware event correlation to analyze the systemic layout and collapse those thousands of chaotic alerts into a single, comprehensive incident context. This cuts out the background noise and exposes the actual root cause instantly.
2. Predictive Analytics & Adaptive Capacity Planning
Rather than waiting for a storage volume or memory allocation pool to hit empty, machine learning models run continuous time-series forecasting. By examining historical trends alongside concurrent usage patterns, the platform can forecast resource exhaustion days in advance. This shifts capacity planning from speculative guesswork to precise mathematical calculation.
3. Accelerated MTTR via Automated Remediation
The true value of an AIOps Course lies in learning how to configure closed-loop automation systems. When an anomaly is discovered, the AIOps platform identifies the root cause and directly triggers targeted auto-remediation playbooks.
For instance, if a memory leak is verified on an isolated microservice container, the engine can autonomously run a rolling restart script or safely adjust the allocation boundaries. This preserves application availability and effectively drops the Mean Time to Resolution to zero—all without needing to page an engineer in the middle of the night.
Who Should Take an AIOps Training Program?
Transitioning to intelligent infrastructure management requires a modern operational skill set. This training program is specifically tailored for key roles across tech organizations:
DevOps Engineers: Learn to embed algorithmic testing, policy compliance, and automated feedback loops directly into continuous integration and delivery (CI/CD) pipelines. Site Reliability Engineers (SREs): Move past writing static alerting parameters. Harness data science to manage complex Service Level Objectives (SLOs) and build truly self-healing runtime systems. Platform & Cloud Engineers: Discover how to build and support centralized, highly scalable observability platforms that process telemetry across diverse multi-cloud environments. Monitoring Specialists & NOC Teams: Upgrade traditional infrastructure dashboard management skills to act as specialized incident triage and automation workflow architects. IT Managers & Directors: Gain the tactical insight needed to measure enterprise AIOps platform ROI, evaluate vendors objectively, and successfully guide teams through cultural shifts. What Will You Learn in an AIOps Course?
The specialized curriculum at AIOps School takes you from basic telemetry fundamentals all the way to complex enterprise architecture design.
Module 1: AIOps Fundamentals
Establish a strong foundation in AI-driven operations. Study the architectural shift from traditional monitoring metrics to big data analytics platforms, and learn how to map out a clear business case for AI adoption within enterprise systems.
Module 2: Observability Architecture
Master the structural mechanics of modern system data gathering. Learn to implement and organize unified observability frameworks capable of managing high-cardinality telemetry across highly distributed services.
Module 3: Metrics Collection & Analysis
Deep dive into structured time-series metrics. Understand aggregation methods, counter and gauge behaviors, and how to effectively leverage metrics to spot overarching performance shifts.
Module 4: Structured & Unstructured Log Ingestion
Learn to ingest, parse, and analyze massive volumes of unstructured log messages. Build highly efficient pipeline processing rules to normalize textual log data for down-stream machine learning consumption.
Module 5: Distributed Tracing & Span Analysis
Trace transactional paths as they move through complex microservice architectures. Master context propagation, analyze parent-child span connections, and isolate latency anomalies inside distributed call chains.
Module 6: Topology-Aware Event Correlation
Study how to use infrastructure topology mapping to group related system alerts. Learn to cut through operational noise by matching events directly against your infrastructure’s physical and logical dependency charts.
Module 7: Dynamic Anomaly Detection
Move past basic, static alert limits. Implement machine learning models that evaluate historic baselines and adaptively identify true performance deviations in real time.
Module 8: Machine Learning for Operations (MLOps Foundations)
Explore the foundational data science techniques behind modern operations tools. Learn how supervised, unsupervised, and reinforcement learning models are trained and deployed on active infrastructure data.
Module 9: Algorithmic Incident Intelligence
Master the mechanics of automated incident triage. Learn how AIOps platforms prioritize infrastructure issues, track down root causes, and present clear, actionable data to on-call response teams.
Module 10: Closed-Loop Auto-Remediation
Design and run self-healing operational playbooks. Build secure automation loops that execute targeted, program-driven fixes the moment an anomaly is confirmed.
Module 11: OpenTelemetry Standards
Implement vendor-neutral telemetry standards across your applications. Master the deployment and tuning of OpenTelemetry APIs, SDKs, and collection agents to build robust data pipelines.
Module 12: Enterprise AIOps Architecture & Strategy
Bring your skills together to architect highly reliable, large-scale enterprise AIOps hubs. Focus on core architectural design patterns, multi-region scalability, strict data compliance, and robust security practices.
Top AIOps Tools You Should Know
To build an efficient operations strategy, you need to understand how the industry’s primary toolchains stack up across capabilities, automation, and adoption styles.
Tool PlatformAI & ML CapabilitiesEvent Correlation StrengthsAutomation & RemediationNative IntegrationsEase of Corporate AdoptionSplunk Enterprise SecurityAdvanced log analytics powered by custom ML modules.Robust log-based signature matching.Direct execution via Splunk SOAR playbooks.Deep reach via extensive application marketplace.Steep learning curve; demands specialized expertise.DynatraceDavis® AI engine provides deterministic root-cause analysis.Exceptional topology-aware relationship mapping.Automated problem discovery and orchestration hooks.Native agents auto-inject across major cloud environments.Smooth, automated rollouts across platform layers.DatadogWatchdog AI uncovers hidden anomalies and trends.Straightforward tag-based alert grouping.Webhook integrations trigger external remediation tools.Broad out-of-the-box cloud platform coverage.Fast SaaS setup; intuitive dashboard construction.PrometheusBasic mathematical trend profiling via PromQL.Manual alert clustering via config files.Relies on Alertmanager to route alerts upstream.Deeply rooted in the Kubernetes ecosystem.Requires solid engineering design for large scale.Grafana EnterpriseVisual anomaly identification across diverse data backends.Grouping handled via Grafana Alerting engines.Triggers webhooks and coordinates with automation tooling.Connects seamlessly to nearly any database plugin.Highly accessible; the industry standard for visualization.Elastic Stack (ELK)Built-in unsupervised machine learning for log analysis.Log analysis using cluster grouping models.Watcher alerts trigger external API endpoints.Rich data ingest via Logstash and Beats agents.Moderate; requires intentional data layout management.MoogsoftAdvanced mathematical noise reduction and event grouping.Exceptional correlation independent of topology charts.Integrates smoothly with external ticket triage workflows.Extensive integrations with common monitoring tools.Straightforward integration with existing monitoring pipelines.BigPandaOpen Integration Engine driven by clear operational logic.Excellent alert grouping across diverse telemetry streams.Drives ticketing systems and incident response platforms.Aggregates alerts from major monitoring tools.Smooth integration with existing operational stacks.New RelicApplied Intelligence automates anomaly detection out of the box.Clean correlation using text pattern analysis.Webhooks integrate directly with configuration workflows.Comprehensive agents cover multiple programming languages.Standard SaaS setup; intuitive workspace organization. Benefits of Earning an AIOps Certification
Validating your practical skills through a structured certification program offers clear advantages for both your daily engineering work and your broader career trajectory:
Accelerated Career Mobility: An AIOps Certification signals to engineering leaders that you can move past traditional monitoring maintenance and actively architect modern, self-healing platforms. Command Higher Compensation: Tech professionals with proven AI-driven operations and infrastructure management skills regularly see substantial market premiums and salary increases over traditional operations positions. Bridge the Data Science Gap: True certification programs prove you understand how data science models are practically implemented inside daily operations pipelines—without requiring you to become a full-time data scientist. Future-Proof Your Technical Portfolio: As organizations retire legacy, threshold-based infrastructure dashboards, certified professionals are uniquely positioned to design and scale the next generation of intelligent operational platforms. Why Choose AIOps School for AIOps Training?
AIOps School is a highly specialized educational institution focused entirely on the intersection of machine learning analytics and modern infrastructure operations. The programs are carefully built to translate theoretical data science concepts into practical, day-one engineering skills.
Rather than just watching lecture slides, you spend your time in cloud-hosted sandboxes running production-grade telemetry toolchains. You will build actual log analysis engines, train real anomaly detection pipelines, and configure live auto-remediation playbooks against realistic system failures.
[ Traditional Training Platforms ] ──► Focus on watching static slides [ AIOps School Learning Method ] ──► 40% Conceptual + 40% Live Labs + 20% Capstone Project The school offers clear learning journeys that scale naturally from foundational concepts to advanced architecture tracks. Every course is taught by experienced industry practitioners who have spent years designing and running large-scale automated operations platforms for Fortune 500 enterprises.
Career Opportunities After Completing an AIOps Certification
Completing your certification opens up specialized engineering and architecture opportunities across the modern technology landscape:
AIOps Engineer
Design, deploy, and maintain the underlying infrastructure analytics engines. You will build and optimize telemetry collection pipelines, tune ML anomaly models, and ensure your operations platforms scale reliably.
Site Reliability Engineer (SRE)
Leverage advanced incident intelligence tools to safeguard application availability. Your focus shifts to driving down system MTTR, eliminating alert noise, and building robust, automated self-healing playbooks.
Observability Architect
Own the end-to-end data strategy across your organization’s entire multi-cloud ecosystem. You will define telemetry ingestion standards, design high-cardinality data storage, and ensure smooth data flow to upstream AI engines.
Automated Incident Response Specialist
Bridge the gap between incident discovery and structural remediation. You will build intelligent event correlation rules and write the code that orchestrates automated, program-driven fixes during system incidents.
Frequently Asked Questions (FAQ)
What exactly is AIOps Training?
It is a specialized educational program focused on applying machine learning, big data analytics, and automated workflows to modern IT operations. The training teaches you how to collect deep system telemetry, detect anomalies automatically, reduce alert noise, and build self-healing infrastructure.
Is AIOps difficult to learn for traditional IT professionals?
It is a structured learning path but entirely achievable. You do not need to be a data scientist. Having a baseline familiarity with IT operations, basic scripting, or DevOps practices makes the transition smooth.
Which AIOps tools are covered in depth during the training?
The curriculum emphasizes core, vendor-neutral principles alongside widely adopted industry platforms like Dynatrace, Datadog, Splunk, Prometheus, Grafana, and the Elastic Stack.
Is an AIOps Certification worth the investment?
Yes. As enterprise environments become more complex, organizations are actively prioritizing engineers who can run intelligent, automated operations. Certification provides clear verification of these in-demand skills.
How long does it take to complete a course at AIOps School?
Program timelines scale based on the specific depth of the track:
Foundation Level: 30–45 days (allocating 10–12 hours per week) Engineer Level: 45–60 days (allocating 12–15 hours per week) Professional Level: 60–90 days (allocating 15–20 hours per week) Architect Level: 90+ days (allocating 20+ hours per week) Can traditional DevOps Engineers easily transition into AIOps?
Absolutely. DevOps engineers already understand CI/CD pipelines and basic automation. AIOps training simply expands that skill set by adding algorithmic intelligence and data science analytics to their existing workflows.
Are there any strict prerequisites for the courses?
The Foundation and Engineer tracks require only a basic understanding of IT operations or DevOps concepts. The advanced Professional and Architect tracks are built for professionals with 2–3 years of active engineering experience.
How important are the hands-on labs in the curriculum?
The labs are essential to the program. The official certification exam splits its evaluation directly across conceptual knowledge (40%), hands-on lab scenarios (40%), and a comprehensive real-world capstone project (20%).
What specific industries are adopting AIOps platforms fastest?
Adoption is scaling rapidly across sectors managing complex, high-scale digital platforms. This includes Financial Services, Cloud & SaaS Providers, E-commerce, Telecom, and Healthcare IT ecosystems.
What does the future look like for the AIOps market?
The industry is moving toward fully autonomous, self-healing platforms. Mastering these data-driven operational patterns early ensures you remain highly competitive as automation transforms traditional infrastructure roles.
Conclusion
As modern software systems grow in scale and complexity, traditional, threshold-based monitoring frameworks can no longer keep pace. Relying on human configuration to manage massive streams of enterprise telemetry leads directly to operational blind spots, systemic alert fatigue, and extended system outages. True operational reliability requires a shift toward automated, algorithmic infrastructure intelligence. Enrolling in a comprehensive AIOps Course and earning an industry-recognized AIOps Certification gives you the precise technical foundation needed to deploy robust telemetry pipelines, run advanced anomaly detection models, and build dependable self-healing systems.
Take the next step in your professional development. Explore the specialized training programs at AIOps School and build the skills required to lead the future of AI-driven IT operations.
View the full article
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To that end, organizations will be unable to connect to Salesforce via the app until further notice, the American cloud-based software company noted in an alert published this week. "Salesforce tookView the full article

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.