Firehose – News, Alerts, Docs
- Wednesday May 06
- 01:00 pmAdobe Acrobat now lets users turn PDFs into shareable AI-powered workspaces
Adobe is rolling out new sharing capabilities for PDF Spaces in Acrobat today, letting users turn static materials into interactive, AI-powered summaries, audio overviews, branded presentations, and even a custom chatbot for recipients. Here are the details. more…12:56 pmEnergizer now offers child-safe batteries for your AirTags
Safety regulators have long expressed concern about the potential risks to children posed by the easily-opened battery compartment of AirTags. It’s not uncommon for children to swallow objects with a similar size and shape to candy – like the coin batteries used – and this can potentially cause life-threatening injuries … more…12:51 pm'iPhone Ultra' Could Be Industry's Most Repairable Foldable
The leaker "Instant Digital" today revisited their February design report on the foldable iPhone, claiming the device's internal design will make it the easiest-to-disassemble and easiest-to-repair foldable phone in the industry. In a new post on Weibo, Instant Digital said the device's "incredibly rigorous underlying engineering logic" has "truly paid off," and predicted that teardown videos will vindicate the earlier claims once the device ships. The leaker described the internal component stacking as "logical yet elegant," and said the design eliminates the complex ribbon cable routing that typically complicates disassembly in competing foldables, achieving instead what they called "a truly high level of modularity." The comments appear to be a callback to Instant Digital's February 2 report, which offered several design details about the foldable iPhone, including volume buttons relocated to the top edge of the device, Touch ID and Camera Control on the right side of the device, an iPhone Air-style camera plateau, a single punch-hole front-facing cameras, and just two color options. That report also touched on the device's internal design language, which the leaker now suggests is even more significant than readers initially appreciated. At that time, Instant Digital explained that the device's motherboard is apparently located on the right side of the device. As to not run cables across the screen to the left side for the volume buttons (where they are located on all other iPhone models), Apple is said to have decided to run them directly upwards, which maximizes internal space. The internal structure purportedly features an innovative stacked design, with the space being almost entirely dedicated to the display and battery. It is also said to feature the biggest battery ever used in an iPhone. Instant Digital has reported on the foldable iPhone for quite some time. The leaker previously claimed the device will be around $2,000 at launch, that it will be eSIM-only, that Apple's foldable displays were nearing production in March, and that the device will ship in three storage capacities. Most recently, the leaker said Camera Control is seen internally as a key feature of the foldable iPhone. The foldable iPhone, rumored to be called the "iPhone Ultra," is expected to launch alongside the iPhone 18 Pro and iPhone 18 Pro Max in the fall. The device is said to feature a 7.8-inch inner display and a 5.5-inch cover screen, the A20 chip and C2 modem, Touch ID, and two rear cameras.Related Roundup: iPhone FoldTags: Foldable iPhone, Instant Digital, iPhone UltraThis article, "" first appeared on MacRumors.comDiscuss this article in our forums12:44 pm[HELP] Confused about Apple Financial Reports vs Actual Sales huge difference between reports | Reddit on iOS Programming[HELP] Confused about Apple Financial Reports vs Actual Sales huge difference between reports
Hey everyone, I’m trying to understand a mismatch in my App Store Connect data and would really appreciate some guidance. On my Sales and Trends (April 1 – April 30) page, my total sales are showing around $1120. However, in the Financial Reports for April, the total earnings are only about $314. This is a […]12:44 pmSmaller iPhone 18 Dynamic Island rumor surfaces again
A new leaker who previously claimed to have photos of a smaller iPhone 18 Dynamic Island, is now showing CAD renders of the same thing and calling this proof.Purported CAD images of the iPhone 17 range with a smaller Dynamic Island than before - image credit: @earlyappleleaksIt's not as if it's impossible that the iPhone 18 range will feature a reduced Dynamic Island, as very many previous rumors have also claimed this, even if some have seemed to be wishful thinking. But now leaker @EarlyAppleLeaks on X claims that his or her own reports are now confirmed.The new CAD confirms the smaller dynamic island of the iPhone 18 pro. The same goes for other designs. pic.twitter.com/v5T2kjGILe— Early Apple (@earlyappleleaks) May 4, 2026 Rumor Score: 🤔 Possible Continue Reading on AppleInsider | Discuss on our Forums12:38 pmiPhone 18 Pro's LTPO+ Display Upgrade to Come From Samsung, LG
Apple is expected to finalize OLED panel approvals for the iPhone 18 Pro and Pro Max this month, with Samsung Display and LG Display likely to dominate panel supply, reports The Elec. This year, China's BOE has reportedly been closed out of the premium tier supply chain, despite having landed some panel orders for the iPhone 17 Pro models. The setback is said to be down to quality and yield issues with its lower-temperature polycrystalline oxide-plus (LTPO+) technology compared to its South Korean counterparts. Indeed, it's the key upgrade at the center of the supply shake-up. South Korean publication ETNews previously reported that the iPhone 18 Pro models will use LTPO+ display technology, which would likely be more power efficient than the current LTPO technology in the iPhone 17 series. Such an upgrade could also contribute to longer battery life, since LPTO+ enables finer control of OLED light emission, potentially allowing the display to optimize its operation based on environmental conditions. The ETNews report from January also mentioned that the iPhone 18 Pro models will use under-screen infrared technology from Samsung, which could enable some Face ID components to move under the display. That could allow Apple to shrink the Dynamic Island on the iPhone 18 Pro models -- but whether it will do is seemingly still up for debate. Apple is expected to unveil the iPhone 18 Pro models in September.Related Roundup: iPhone 18 ProTags: Samsung, The ElecThis article, "" first appeared on MacRumors.comDiscuss this article in our forums12:31 pmSketchy iPhone 18 Pro Dynamic Island rumors continue with claimed CAD images
Rumors of a smaller Dynamic Island are nothing new, but there’s been considerable speculation about this in respect of the iPhone 18 Pro. Adding fuel to the fire are claimed CAD images showing a smaller Dynamic Island, but we reiterate our earlier skepticism … more…12:00 pmApple Hedges Bets on Chips in Talks with Intel, Samsung
Apple is reportedly exploring U.S.-based chip production partnerships with Intel and Samsung as geopolitical tensions and supply chain concerns push tech companies to diversify manufacturing beyond Taiwan. The post appeared first on TechNewsWorld.11:56 amPornhub is now using Apple’s own age verification feature in the UK
I guess this is one “benefit” of the Apple ecosystem that won’t make it into a press release from the Cupertino company: Pornhub’s parent company has announced that it will be relying on Apple’s own age verification feature for its UK web visitors … more…11:26 amiPhone 18 Pro CAD Leak Reignites the Dynamic Island Debate
New alleged CAD renders of Apple's iPhone 18 Pro are doing the rounds on social media, offering the latest twist in the to-shrink-or-not-to-shrink Dynamic Island saga. An X user called @earlyappleleaks has posted the above image, claiming that "the new CAD confirms the smaller Dynamic Island of the iPhone 18 Pro." CAD renders are often leaked from factories and represent the technical schematics that phone manufacturers share with case makers and accessory companies months before a phone launches. Whether this particular one is kosher is unknown, since the leaker is relatively new to the scene and needs time to build a reputation. The last notable image they shared was of an alleged iPhone 18 Pro prototype with a smaller Dynamic Island, and what appears to be a Face ID sensor visible under the display. Under-display Face ID components would allow for a slimmed down Dynamic Island. Over the past year, there have been mixed rumors about whether the iPhone 18 Pro models will continue to feature a Dynamic Island or have a hole punch camera with under screen Face ID and no Dynamic Island, but the latest information suggests it's too early to say goodbye to the Dynamic Island. Along with Bloomberg's Mark Gurman, several prominent leakers on Weibo and other social media sites have said Apple will make the iPhone 18 Pro's Dynamic Island smaller, but won't eliminate it. We heard similar rumors about a smaller iPhone 17 Pro Dynamic Island last year, but it ended up being the same size. Most of the iPhone 18 Pro rumors about under-display Face ID and no Dynamic Island circulated earlier in 2025, so Apple either considered the feature for the 18 Pro lineup and pushed it back, or those rumors were off-base. There also may have been confusion over what's moving under the display and what isn't. More recently, Chinese leaker Digital Chat Station claimed the iPhone 18 Pro won't have a smaller Dynamic Island at all, with the slimmed down Dynamic Island delayed until the iPhone 19. We'll know for sure in a few months. Apple is expected to announce the iPhone 18 Pro models alongside its first foldable iPhone this fall, with the standard iPhone 18 arriving early next year as part of a new split-cycle launch strategy.Related Roundup: iPhone 18 ProTag: Dynamic IslandThis article, "" first appeared on MacRumors.comDiscuss this article in our forums11:19 amApple may have just made one of the most important new Siri announcements
Apple’s painfully slow launch of the new Siri has become such a long-running saga, it seems to have all the makings of a movie – though probably not one we will see launch on Apple TV. The announcement at the start of this year that it will be powered by Google’s Gemini models finally gave us reason for optimism, and the latest Apple AI news could be an equally important development … more…11:00 amWill Apple release anything new in May? Here’s what’s we expect
Macworld May is usually a slow month for Apple releases, and it should be no different this year. Apple’s OS 26es are still getting updates—the latest version, 26.5, will arrive this month—but they’re really minor at this point, as most of the work in Cupertino has long since shifted to the next major release. With the WWDC keynote set for June 8, big releases or major announcements would likely wait for that event. We don’t expect much to be announced in May, leaving most of Apple’s releases to be the minor 26.5 software updates and content for Apple TV and Apple Arcade. New hardware releases Apple started off 2026 with a flurry of releases, including the M5 MacBook Air and MacBook Pro, AirTag 2, AirPods Max 2, and the all-new MacBook Neo, but it’s been quiet for a few weeks. And it’s likely to be quiet for a few more. While we’re waiting for several new devices to launch in spring or summer, with WWDC so close, we’ll likely have to wait until June for anything new to arrive. Here’s what Apple has waiting in the wings: M5 Mac mini: With Apple discontinuing the 256GB version of the M4 Mac mini, it’s unclear where the M5 Mac mini stands. We were expecting the new model to launch this spring, but with severe supply constraints due to the memory crunch, we might need to wait until fall. M5 Mac Studio: The Mac Studio is in the same boat as the Mac mini, with memory issues forcing Apple to cut back on some models, including the higher-end versions with 256GB of RAM. Apple TV 4K: Apple’s streaming box hasn’t been updated since 2022, when it got an A15 Bionic chip, USB-C Siri Remote, and a price cut. It’s been rumored to get an update to a newer chip, but Apple may have requisitioned those chips for the MacBook Neo. iPad: Apple’s entry-level iPad is the only tablet that can’t run Apple Intelligence, and with the new Siri likely to finally arrive this year, Apple is almost certain to give it an update with an AI-ready chip. -Apps and software updates OS 26.5 updates: The iOS 26.5 and iPadOS 26.5 updates bring a few new features, including suggested places (and advertisements) in Maps, end-to-end encryption in RCS messages (in beta), and new Pride wallpapers for iPhone, iPad, and Apple Watch. On Apple Watch, you get a new Pride watch face, too. Of course, there are bug fixes and security updates on the way, too. While the 26.5 updates will be out by the second week of May, Apple doesn’t usually start the x.6 beta tests until after WWDC in June. And by then, all eyes will be on the first betas of iOS/macOS/watchOS 27, so this is essentially the last notable iOS 26 release, with no sign of the new Siri. Services Apple TV+ Here are the shows, series, and movies we expect to release on Apple TV+ in May. If you want to know what’s coming later, check our full guide to upcoming Apple TV+ content. Unconditional: A mother-daughter vacation turns in to a nightmare when 25-year-old Gali (Talia Lynne Ronn) is arrested for drug smuggling in Moscow. May 8 Maximum Pleasure Guaranteed: Newly divorced mom Paula falls down a dangerous rabbit hole of blackmail, murder, and youth soccer. May 20 Propeller One-Way Night Coach: Set in the golden age of aviation, a young airplane enthusiast and his mother set off on a one-way cross-country odyssey to Hollywood, which transforms a simple flight into the trip of a lifetime. May 29 Star City: A spin-off of the For All Mankind universe, Star City takes explores the story from behind the Iron Curtain, showing the lives of the cosmonauts, the engineers, and the intelligence officers embedded among them in the Soviet space program. May 29 Apple Arcade Apple releases most Apple Arcade games on the first Friday of each month. Check our Apple Arcade FAQ for a full list of Apple Arcade games and more details on the service. Occasionally, games are released with no forewarning, but you’ll usually see next month’s releases listed in the Coming Soon section. Good Pizza, Great Pizza+: A cozy pizza business simulator. May 7 Nick Jr. Replay!: Education game for preschoolers with Nick Jr. characters. May 7 Perchang World: Glossy physics puzzle game where you use gadgets to guide marbles to a finish line. May 7 Ultimate 8-Ball Pool+: Sophisticated 3D pool/billiards simulation. May 710:50 amwatchOS 26.5 is going to fix two bugs on your Apple Watch
Macworld Some pundits have wondered if Apple is running out of ideas for watchOS development, with major new features seemingly in short supply for the upcoming watchOS 27 demo at WWDC. But it will still be important to keep your Apple Watch’s software up to date, if only to keep on top of security patches and bug fixes. Take the watchOS 26.5 software update, for example. The point update, which is expected to roll out to the public next week, contains fixes for two bugs, according to the release notes (via MacRumors). Neither of them is disastrous, but given that OS updates are free, there’s no reason to suffer without the fix. Apple describes the bugs as follows: Fixes an issue where Messages on Apple Watch may use SMS instead of iMessage when paired with a dual SIM iPhone Fixes an issue where Workout app audio alerts could fail to play if the phone was not nearby Apple Watch If that isn’t enough incentive to install watchOS 26.5, Apple has also announced it will contain a new Pride Luminance watch face for Pride month. Apple rolled out the release candidate (RC) of watchOS 26.5, as well as the 26.5 RCs for the iPhone, iPad, Apple TV, and Vision Pro, on May 4. The RC is a late beta version that in principle is ready to launch, unless a problem is spotted, so the final version is likely to roll out next week. To update watchOS on your Apple Watch, open the Settings app and tap General > Software Update. If an update is available, tap Install and follow the onscreen instructions.10:39 amBuilt multiple iOS apps using Screen Time APIs — this stuff is powerful
Over the past few months, I’ve been deep into Apple’s Screen Time APIs (FamilyControls, ManagedSettings, DeviceActivity)… and honestly, it’s been a wild but rewarding experience. From blocking selected apps during focus sessions to handling edge cases like allowing music apps while restricting others — got to explore a lot of real-world use cases. Also worked […]10:30 am7 major new Siri features coming with the iOS 27 overhaul
Macworld For over a decade, Siri has been able to perform some basic tasks on iOS, like checking the weather, playing music, pulling data from Wikipedia, and so on. While it works for this sort of use case, the virtual assistant’s comprehension skills can be limited, pushing you to utter simple, carefully-constructed phrases. Although rival voice assistants suffered from similar constraints once upon a time, they’ve long since moved on. On Android, for example, Google Gemini has gained agentic capabilities, allowing users to control their devices using natural language. This exposes the widening gap between the two platforms and further highlights Siri’s frustrating flaws. Fortunately, that’s all about to change, as iOS 27 is said to give Siri a complete overhaul, from the ground up. Here are the major new capabilities iOS 27 is reported to bring. Chat memory On iOS 27, Siri will likely be powered by a large language model (LLM), allowing it to engage in more complex conversations using natural phrasing. Instead of thinking twice before picking your words, you should be able to speak organically and it’ll supposedly understand you just fine. The upgrade would also grow its world knowledge, limiting the need to piggyback on ChatGPT or redirect you to generic web results when inquiring about certain matters. The LLM boost should make Siri more conversational and unlock a longer context window. If so, the chatbot would remember previous queries and base its later responses accordingly. In fact, it could be equipped with a long-term memory that recalls details from past sessions—not just the ongoing one. This would make Siri more personal and helpful, similar to how ChatGPT and Gemini currently adapt to and evolve with their unique users. Foundry Multiple tasks at once If you’re a Siri power user, you’re likely aware of how linear the assistant can be. You must feed it individual commands using simple words; bundling multiple requests into a single prompt will confuse its little brain. Siri will end up executing only one of the mentioned actions, a completely unrelated task, or nothing at all. If the rumors turn out to be accurate, iOS 27’s Siri could finally resolve that, adding support for multitasking. In this case, you’d be able to ask it to set an alarm, shuffle a playlist, and turn on the lights in one go. A dedicated app Given that the new Siri is expected to operate more like a chatbot, maintain previous chats, and introduce more advanced tools, its current ephemeral interface will no longer be sufficient. For this reason, iOS 27 may introduce a dedicated Siri app that users can access from the Home Screen. It would house conversation history, potential personalization options, and other features—similar to how existent chatbot apps work. Right now, any accidental tap could dismiss and permanently wipe a Siri conversation due to the popup’s fragile nature. That won’t be satisfactory when the dialogues get longer and more complex. Foundry Resourceful resort The standalone Siri app may not be the only design change coming with iOS 27. Apple will allegedly bake it right into the Dynamic Island, taking advantage of the extra space. This update would particularly make sense on the iPhone 18 Pro, which will reportedly fit more content in the Dynamic Island due to the smaller cutout. With this tweak, users will be able to see more of the background on-screen elements, as the Siri popup’s position will shift to the top. Foundry Third-party AI extensions With iOS 18.2, Apple included an optional ChatGPT extension to Siri, allowing users to upload images or send more complex queries to ChatGPT if it was more than Siri could handle. iOS 27 will likely expand the list of supported Siri extensions to include Gemini for those who prefer Google’s technology. Claude, Perplexity, and others could potentially follow, too. By supporting more AI models, those unhappy with Siri’s raw abilities will be able to utilize their (free or paid) third-party chatbot accounts across the system. App awareness Beyond the rumored upgrades, iOS 27 will add the Siri features Apple previewed two years ago but failed to deliver. These include a major expansion of the App Intents framework so Siri can perform functions inside third-party apps. It’s unclear how Apple’s implementation will compare to that of Google Gemini on Android, but it’s a welcome addition that will make Siri more useful. Siri will also gain the ability to analyze what is on your screen at the moment for context. Personal context The other feature Apple previewed with iOS 18 is Siri’s ability to pull personal data from installed apps. If it comes to fruition, you’ll be able to ask Siri when a certain personal will happen, for example, and it will scan your texts, emails, and other relevant data sources to find the correct answer. In a way, Siri will know everything about your digital life at all times.09:56 amiPhone 17 Outselling Every Other Phone Worldwide So Far This Year
Apple's iPhone 17 was the best-selling smartphone globally in the first quarter of 2026, capturing 6 percent of worldwide unit sales, according to Counterpoint Research's latest Global Handset Model Sales Tracker. The iPhone 17 series dominated the top three spots, with the iPhone 17 Pro Max in second place and the iPhone 17 Pro in third. The previous-generation iPhone 16 also held on at sixth place, suggesting there's still strong demand for the model, following its blockbuster sales run throughout last year. Counterpoint senior analyst Harshit Rastogi credited the iPhone 17's success to upgrades that brought the base model closer to the Pro variants, including higher 256GB base storage, improved cameras, and a faster 120Hz display refresh rate. Not only did the iPhone 17 post double-digit year-over-year growth in China and the U.S., it also tripled its sales in South Korea for the quarter. Samsung's Galaxy A series filled the remaining five spots, led by the budget-friendly Galaxy A07 4G as the best-selling Android phone of the quarter. Xiaomi's Redmi A5 filled out the list in tenth place. Taken together, the top 10 devices accounted for 25% of global smartphone sales -- the highest first-quarter concentration ever recorded, according to Counterpoint. In the meantime, the standard iPhone 17 is set to enjoy a six-month-longer flagship run than usual, with the iPhone 18 expected to see a launch in spring 2027.Related Roundup: iPhone 17Tag: CounterpointBuyer's Guide: iPhone 17 (Neutral)Related Forum: iPhoneThis article, "" first appeared on MacRumors.comDiscuss this article in our forums09:30 amIf you bought an iPhone last year, you may have a $95 check coming
Macworld Remember those Siri ads starring Bella Ramsey that promoted the iPhone 16 by showing off all the cool new Siri features Apple announced at WWDC in 2024? The Siri features that never shipped? Remember those? Well, someone filed a class action lawsuit about those very ads, and Apple has agreed to a $250 million settlement rather than taking it to court. As always, a bunch of that sum will go toward legal and administrative fees, but if you bought an iPhone 15 Pro or iPhone 16, you could have as much as $95 coming your way. If you bought an iPhone 15 Pro or iPhone 15 Pro Max or any iPhone 16 between June 10, 2024, and March 29, 2025, anywhere in the United States, you’re eligible to collect at least $25 and as much as $95, depending on how many people claim their portion of the settlement. Eligible users will be notified will need to provide proof that they’re part of the eligible group. That could be a receipt, serial number, Apple Account information, phone number, or other information, depending on exactly how and where you purchased your iPhone. The settlement received preliminary approval today, and noticed should be sent within the next 45 days. In a statement sent to media outlets, Apple said: Since the launch of Apple Intelligence, we have introduced dozens of features across many languages that are integrated across Apple’s platforms, relevant to what users do every day, and built with privacy protections at every step. These include Visual Intelligence, Live Translation, Writing Tools, Genmoji, Clean Up and many more. Apple has reached a settlement to resolve claims related to the availability of two additional features. We resolved this matter to stay focused on doing what we do best, delivering the most innovative products and services to our users.09:30 amR2 enablement temporarily degraded on Dash (09:30–10:06 UTC)
May 6, 09:30 UTCResolved - Between 09:30 and 10:06 UTC, the R2 entitlements service experienced a brief outage that prevented customers from enabling R2 subscriptions from the Cloudflare Dashboard. Existing R2 workloads were unaffected. The issue has been resolved and enablement is fully operational.09:06 amApp rejected because my microphone permission button said “Enable Microphone” | Reddit on iOS ProgrammingApp rejected because my microphone permission button said “Enable Microphone”
small update from my first expo app store submission i posted here a couple days ago after submitting my expo/react native app to app store review. the app got rejected, but the reason was way smaller than i expected. on my microphone permission screen, the button said “enable microphone”. apple rejected it because that makes […]08:00 amDon’t drop $2k on a new MacBook Pro—this 5-star rated refurb is only $430 today
Macworld TL;DR: These MacBook Pros are only $430 until they sell out (MSRP $1,999). You don’t need a brand-new MacBook Pro—you just need one that works like new. But with current prices pushing close to $2,000, upgrading can feel out of reach. This refurbished MacBook Pro 2020 offers a smarter path, with strong specs, near-mint condition, and a track record of 5-star reviews. This 13-inch MacBook Pro comes with a 10th Gen Intel Core i5 quad-core processor that runs at 2.0GHz, so everyday work like browsing, video calls, and document editing feels smooth. It has 16GB of RAM and a 1TB SSD, which is plenty of space for apps, photos, and big project files, and it helps the system stay responsive when you have a lot open at once. The 13.3-inch Retina display runs at 2560×1600 resolution with True Tone, so text looks sharp, and colors are vivid while the screen adjusts to the lighting in your room. Intel Iris Plus graphics handle streaming, light creative work, and general use without drama. The backlit Magic Keyboard is comfortable for long typing sessions, and the Touch Bar and Touch ID give you quick shortcuts and fingerprint login. You get four Thunderbolt 3 ports that handle charging, external displays, and fast storage through USB-C. Wireless connections use 802.11ac Wi Fi and Bluetooth 5.0 for modern routers and accessories. This grade “A” refurbished unit should arrive in near-mint condition, with only minor signs of use. It weighs about 3.1 pounds, comes with a charger, and includes a limited third-party warranty. Get a MacBook Pro while they’re on sale for $430. We have fewer than 50 left in stock. Apple Macbook Pro (2020) 13″ i5 2GHz Touchbar 16GB RAM 1TB SSD Space Gray (Refurbished)See Deal StackSocial prices subject to change.07:53 amHAM (Hamburg) on 2026-05-07
THIS IS A SCHEDULED EVENT May 7, 00:00 - 06:00 UTCMay 6, 07:34 UTCScheduled - We will be performing scheduled maintenance in HAM (Hamburg) datacenter on 2026-05-07 between 00:00 and 06:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.07:41 amCan I use real movie posters in App Store screenshots?
Hi everyone ! My app got rejected for the following reason : "The metadata includes content that resembles movies without the necessary authorization.". Here is my screenshot : https://preview.redd.it/keypmj7yygzg1.jpg?width=462&format=pjpg&auto=webp&s=4dd4ea15181f1e2320cd002b994373fb62e7fba9 My app is not intended for streaming, it is designed to help user to discover movies. From what I understand, I may need to use fictional […]04:31 amMac Studio loses its craziest memory option
The Mac Studio now tops out at just 96GB of memory, while higher-end Mac mini variants with 32GB or more RAM have also disappeared from sale. (via Cult of Mac - Your source for the latest Apple news, rumors, analysis, reviews, how-tos and deals.)03:52 amMEL (Melbourne) on 2026-05-13
THIS IS A SCHEDULED EVENT May 13, 16:00 - 21:00 UTCMay 6, 03:48 UTCScheduled - We will be performing scheduled maintenance in MEL (Melbourne) datacenter on 2026-05-13 between 16:00 and 21:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.02:32 amIntel’s stock jumped 13% today over Apple chip manufacturing report
Intel’s stock hit a record high today in the aftermath of a Bloomberg report that claimed Apple is exploring Intel and Samsung Electronics as potential manufacturing partners for future device chips. Here are the details. more…01:18 amWorkers API Issue
May 6, 01:18 UTCMonitoring - A fix has been implemented and we are monitoring the results.May 6, 01:08 UTCInvestigating - Cloudflare is investigating Worker API failures. Customers might experience an error using the Worker API. Workers that are already running in production are not affected. More updates to follow shortly.12:30 amHow are all the App Store ranking platforms actually getting their data? | Reddit on iOS ProgrammingHow are all the App Store ranking platforms actually getting their data?
Do they pay for some integration from apple? Do they just scrape it themselves? Curious to see if there is a way we can all check without having to bother with these subscriptions. Please do not comment with advertisements for you own freemium solutions. submitted by /u/aerial-ibis [link] [comments]12:10 amI built a clean Movie and TV tracker for iOS (Trakt sync supported). Looking for feedback! | Reddit on iOS ProgrammingI built a clean Movie and TV tracker for iOS (Trakt sync supported). Looking for feedback!
Hey everyone, I recently released a new iOS app called CineSync. There are obviously a lot of tracker apps out there already, but I found that most of the big ones have become super bloated with ads, heavy social media feeds, and cluttered menus. I just wanted something fast and straight to the point, so […]Tuesday May 0511:53 pmChatGPT Is Smarter, More Accurate, and Less Obsessed With Emojis After Upgrade
ChatGPT's default model has been updated to GPT-5.5 Instant, a model that brings accuracy improvements with fewer hallucinations, especially in areas like medicine, law, and finance, according to OpenAI. GPT-5.5 Instant is more capable at tasks like analyzing images, answering STEM questions, and choosing when to use web search to provide a better answer. Responses can also be personalized because GPT-5.5 Instant can better draw context from past chats, files, and Gmail, but this is currently limited to paid subscribers. OpenAI says that responses are "tighter and more to-the-point without losing substance" and without eliminating ChatGPT's personality. It will provide the same information, but without unnecessary formatting, emojis, and follow-up questions. All ChatGPT models are being updated with memory sources, which will show users the past chats, files, and other context that ChatGPT used to generate a response. GPT-5.5 Instant is rolling out today to all ChatGPT users, and it is replacing GPT-5.3 Instant as the default model. While free users can access GPT-5.5 Instant, the new personalization features are limited to Plus and Pro users on the web. Personalization will expand to mobile soon, and it will roll out to Free, Go, Business, and Enterprise users in the coming weeks. It's not yet clear when Apple Intelligence's ChatGPT integration will switch to GPT-5.5 Instant.Tags: ChatGPT, OpenAIThis article, "" first appeared on MacRumors.comDiscuss this article in our forums11:53 pmCloudflare Stream Scheduled Maintenance
THIS IS A SCHEDULED EVENT May 7, 12:00 - 13:00 UTCMay 5, 23:35 UTCScheduled - Cloudflare will be performing scheduled maintenance on Stream's infrastructure. During this window, customers may encounter errors uploading or editing videos, starting new live streams, and provisioning new signing keys. Video playback will not be affected.11:45 pmSearch experience and subreddit experience is degraded
May 5, 16:45 PDTIdentified - We have identified the issue and a fix is being implemented.May 5, 16:44 PDTInvestigating - We are currently investigating an issue which has caused bad search and subreddit feed experience11:35 pmUPDATE: **Summary** Investigating elevated error rates with Gemini conversations. **Description** Mitigation work is currently underway by our engineering team. We do not have an ETA for mitigation at this point. We will provide more information by Tuesday, 2026-05-05 20:30 PDT. **Symptoms** Affected customers are experiencing “Something went wrong(13)” error message in their Gemini conversations. **Workaround** None at this time. | Google AppsUPDATE: **Summary** Investigating elevated error rates with Gemini conversations. **Description** Mitigation work is currently underway by our engineering team. We do not have an ETA for mitigation at this point. We will provide more information by Tuesday, 2026-05-05 20:30 PDT. **Symptoms** Affected customers are experiencing “Something went wrong(13)” error message in their Gemini conversations. **Workaround** None at this time.
Incident began at 2026-05-04 16:40 (times are in Coordinated Universal Time (UTC)).Summary Investigating elevated error rates with Gemini conversations. Description Mitigation work is currently underway by our engineering team. We do not have an ETA for mitigation at this point. We will provide more information by Tuesday, 2026-05-05 20:30 PDT. Symptoms Affected customers are experiencing "Something went wrong(13)" error message in their Gemini conversations. Workaround None at this time. Affected products: Gemini11:00 pmApple Agrees To Pay iPhone Owners $250 Million For Not Delivering AI Siri
Apple has agreed to a proposed $250 million settlement over claims that it misled iPhone buyers about the availability of Apple Intelligence and its upgraded Siri features. The settlement would cover U.S. buyers of the iPhone 16 lineup and iPhone 15 Pro models between June 10, 2024, and March 29, 2025. The Verge reports: The settlement will resolve a 2025 lawsuit, alleging Apple's advertisements created a "clear and reasonable consumer expectation" that Apple Intelligence features would be available with the launch of the iPhone 16. The lawsuit claimed Apple's products "offered a significantly limited or entirely absent version of Apple Intelligence, misleading consumers about its actual utility and performance." Apple brought certain AI-powered features to the iPhone 16 weeks after its release, and delayed the launch of its more personalized Siri, which is now expected to arrive later this year. Last April, the National Advertising Division recommended that Apple "discontinue or modify" its "available now" claim for Apple Intelligence. Apple also pulled an iPhone 16 ad showing actor Bella Ramsey using the AI-upgraded Siri. Read more of this story at Slashdot.10:49 pmSession initialization failed error when trying to connect apps
Status: InvestigatingWe are currently investigating an issue where users receive "Session initialization failed" errors when attempting to connect apps in Zapier.10:43 pmApple pressed by Maryland lawmakers over closure of first unionized U.S. store
A group of two U.S. Senators and seven Members of Congress sent a letter to Tim Cook and John Ternus pressing Apple for answers over the planned closure of its Towson retail store. Here are the details. more…10:09 pmApp Store Analytics was not updated for last 3 days. Is it not updated for everyone ? | Reddit on iOS ProgrammingApp Store Analytics was not updated for last 3 days. Is it not updated for everyone ?
submitted by /u/rifat_monzur [link] [comments]10:00 pmPrice cut: Upgrade to Windows 11 Pro for just $10
Why pay list price for Microsoft software? This Windows 11 sale allows you to upgrade your PC to Windows 11 Pro for just $9.97. (via Cult of Mac - Your source for the latest Apple news, rumors, analysis, reviews, how-tos and deals.)09:52 pmLawsuit over delayed Siri features reaches massive $250M settlement
While Apple's promised Siri overhaul is still nowhere to be found, shareholders who sued over the delay can now rest easy, thanks to a huge settlement.Apple has settled a class-action lawsuit over its delayed Siri features.At WWDC 2024, as part of its Apple Intelligence announcements, Apple previewed major enhancements for Siri. The virtual assistant was supposed to receive an AI-powered cognitive boost, allowing for advanced in-app actions, contextual awareness, and more.The company went so far as to feature Siri's new capabilities in its marketing materials, including video advertisements. Things went south in a matter of months, however. Continue Reading on AppleInsider | Discuss on our Forums09:45 pmErrors related to Klaviyo app integration
Status: MonitoringWe are continuing to monitor the service disruption related to Klaviyo: https://status.klaviyo.com/incidents/yyh7s59brj67 If you are experiencing issues with this app integration, you can reach out to our team at: https://zapier.com/app/get-help09:35 pm9to5Mac Daily: May 5, 2026 – iOS 26.5 RC, Apple chip partners
Listen to a recap of the top stories of the day from 9to5Mac. 9to5Mac Daily is available on iTunes and Apple’s Podcasts app, Stitcher, TuneIn, Google Play, or through our dedicated RSS feed for Overcast and other podcast players. Sponsored by Bitwarden: Make your life easier with Bitwarden, featuring a secure, open source password manager with end-to-end encryption and seamless autofill across all your devices. more…09:22 pmThreads starts rolling out DMs on the web, but there are a few catches
Last July, Threads finally gave in and uncoupled its DMs from Instagram. Now, the platform is turning to another long-standing gap: bringing DMs to the web. Here are the details. more…09:20 pmResolution Issues for .de Domains
May 5, 21:20 UTCIdentified - The issue has been identified and a fix is being implemented.May 5, 21:17 UTCInvestigating - We are observing issues with authoritative resolution for the .de TLD.09:20 pmApple taking over 30% from an approved small business developer
Total sales $1,040, so 85% of that would be $884, not $697. You can see in the images I've been approved for small developer program since November. Other months are much closer to 85%. https://preview.redd.it/rjfmewifydzg1.png?width=869&format=png&auto=webp&s=a06234ae5b70f3595b210e8ae4f0b365cc96b663 https://preview.redd.it/abv75yifydzg1.png?width=1728&format=png&auto=webp&s=2ceb505ea35678c00cc3f6ef5ffafe6c4148911b https://preview.redd.it/k7t82xifydzg1.png?width=1508&format=png&auto=webp&s=7007dfaa2fa5032b3d075c2ec48bf3a6191fb789 submitted by /u/Oxigenic [link] [comments]09:20 pmApple taking over 30% from an approved small business developer
Total sales $1,040, so 85% of that would be $884, not $697. You can see in the images I've been approved for small developer program since November. Other months are much closer to 85%. https://preview.redd.it/rjfmewifydzg1.png?width=869&format=png&auto=webp&s=a06234ae5b70f3595b210e8ae4f0b365cc96b663 https://preview.redd.it/abv75yifydzg1.png?width=1728&format=png&auto=webp&s=2ceb505ea35678c00cc3f6ef5ffafe6c4148911b https://preview.redd.it/k7t82xifydzg1.png?width=1508&format=png&auto=webp&s=7007dfaa2fa5032b3d075c2ec48bf3a6191fb789 submitted by /u/Oxigenic [link] [comments]09:20 pmApple taking over 30% from an approved small business developer
Total sales $1,040, so 85% of that would be $884, not $697. You can see in the images I've been approved for small developer program since November. Other months are much closer to 85%. https://preview.redd.it/rjfmewifydzg1.png?width=869&format=png&auto=webp&s=a06234ae5b70f3595b210e8ae4f0b365cc96b663 https://preview.redd.it/abv75yifydzg1.png?width=1728&format=png&auto=webp&s=2ceb505ea35678c00cc3f6ef5ffafe6c4148911b https://preview.redd.it/k7t82xifydzg1.png?width=1508&format=png&auto=webp&s=7007dfaa2fa5032b3d075c2ec48bf3a6191fb789 submitted by /u/Oxigenic [link] [comments]09:11 pmUK live petrol station tracker; testers wanted!
I’m developing an iOS app that tells you the live price of every petrol station in the UK. No crowdsourcing — real accurate data. It allows you to set favourites, and there’s a lock screen widget you can add which tells you the cheapest of your favourites. You can also filter by specific things, like […]09:11 pmUK live petrol station tracker; testers wanted!
I’m developing an iOS app that tells you the live price of every petrol station in the UK. No crowdsourcing — real accurate data. It allows you to set favourites, and there’s a lock screen widget you can add which tells you the cheapest of your favourites. You can also filter by specific things, like […]09:11 pmUK live petrol station tracker; testers wanted!
I’m developing an iOS app that tells you the live price of every petrol station in the UK. No crowdsourcing — real accurate data. It allows you to set favourites, and there’s a lock screen widget you can add which tells you the cheapest of your favourites. You can also filter by specific things, like […]09:01 pmApple to Pay $250 Million to Settle Class Action Over Delayed Siri Features
Apple will pay $250 million to settle a class action lawsuit accusing it of false advertising and unfair competition after the personalized Siri features it promoted when launching the iPhone 16 were delayed. A smarter, Apple Intelligence version of Siri was shown off at WWDC 2024, and then promoted in ads and videos when the iPhone 16 launched in September 2024. After Apple delayed the Siri Apple Intelligence features in March 2025, Apple pulled its ads, but they had been running for several months at that point. The lawsuit claimed Apple violated consumer law by misleading consumers about the actual utility and performance of Apple Intelligence, and causing them to purchase a device "with features that did not exist or were materially misrepresented." Apple was not found guilty of any wrongdoing, and the company sometimes settles lawsuits to minimize legal fees and time spent on litigation. A settlement agreement was reached back in December, but the terms of the settlement are now live. In a statement to MacRumors, Apple said that resolved the lawsuit so that it could focus on its products and services, and reiterated that it has introduced multiple Apple Intelligence features since 2024.Since the launch of Apple Intelligence, we have introduced dozens of features across many languages that are integrated across Apple's platforms, relevant to what users do every day, and built with privacy protections at every step. These include Visual Intelligence, Live Translation, Writing Tools, Genmoji, Clean Up and many more. Apple has reached a settlement to resolve claims related to the availability of two additional features. We resolved this matter to stay focused on doing what we do best, delivering the most innovative products and services to our users.Apple's $250 million payment will provide U.S. Settlement Class Members who submit Claim Forms with a per-device payment of $25 for each eligible device, though that could increase up to $95 per device if claim volume is low. Eligible devices include iPhone 16, iPhone 16e, iPhone 16 Plus, iPhone 16 Pro, iPhone 16 Pro Max, iPhone 15 Pro, or iPhone 15 Pro Max models purchased between June 10, 2024, and March 29, 2025. The settlement has received preliminary approval, and notices to those eligible to make a claim will start to receive email notices no more than 45 days from today.Tags: Apple Lawsuits, SiriThis article, "" first appeared on MacRumors.comDiscuss this article in our forums09:01 pmApple Manufacturing Academy highlights AI adoption across U.S. industry
Apple and Michigan State University recently held the inaugural Spring Forum for the Apple Manufacturing Academy, focused on how AI is being implemented across multiple manufacturing workflows. Here are the details. more…09:01 pmSoftware as the Product of Obsession Times Voice
You might think it counterintuitive that a movement obsessed with software would be spearheading a severe decline in the design quality of software, but in Patel’s definition, there’s no concept of software as art, as a practice, as a craft. Software brain is purely an obsession with software as a medium in and of itself. A means with no consideration for the end.08:58 pmIncoming webhooks — some requests not processed (encoding in Content-Type)
Status: MonitoringBetween April 26, 2026, 7:14 PM UTC and April 30, 2026, 4:36 AM UTC, a subset of incoming webhooks to Zapier were not processed during ingestion. Webhooks sent with a Content-Type header that specified a non-UTF-8 character set in the way below were rejected instead of being delivered to your Zaps: Content-Type: application/x-www-form-urlencoded; charset=iso-8859-1 Webhooks using typical UTF-8 Content-Type values were not affected by this issue. If your upstream system sent webhooks matching the pattern above during that time window, those individual events did not trigger your Zaps. Other triggers and webhook formats continued to work as usual. For any specific events that occurred while your app was sending webhooks in that format during the window above, you will need to resend the webhook from the upstream application (for example, by having that app fire the event again or resubmit the payload), so that Zapier receives a new request. Replaying a past run in Zapier does not replace a missing inbound webhook from your app. If you are unsure whether your integration uses that header, check your server or integration configuration for charset=iso-8859-1 (or other non-UTF-8 charset) on application/x-www-form-urlencoded requests to your Zap’s webhook URL.08:48 pmApple shares hit new all-time closing high
In Nasdaq trading today, shares of Apple Inc. rose to hit a new all-time closing high. Apple’s all-time intraday high was also set today… The post appeared first on MacDailyNews.08:47 pmUsers could get up to $95 per device as Apple reaches $250M settlement over Siri delays | 9 to 5 MacUsers could get up to $95 per device as Apple reaches $250M settlement over Siri delays
Last March, Apple was hit with a class action lawsuit after delaying the launch of the “more personalized Siri” that was first announced at WWDC 2024. Apple agreed to settle the case in December, and the full settlement terms are now available. Apple is set to pay $250 million to settle the lawsuit, equating to an estimated $25 per device. That number could reach up to $95 per device, depending on how many users submit claims. more…08:22 pmwatchOS 26 added hypertension alerts for Apple Watch, here’s how to use them
watchOS 26 introduced a new hypertension detection feature not only for Apple Watch Ultra 3 and Series 11, but for select older Apple Watch models too. Here’s how to set it up, and which models are compatible. more…08:20 pmApple culls more high-end Mac mini, Mac Studio configs
Apple has pulled even more higher-end configurations of its Mac Studio and Mac mini, removing some of the most expensive memory options as the entire industry deals with the RAM crisis.Apple Mac StudioThe ongoing memory supply problem has claimed another victim from Apple's roster. After the removal of the 512GB RAM option for the Mac Studio in March, Apple has slimmed down its product options a bit more, as component costs bite.This time, it's not just the Mac Studio that's being hit. The Mac mini is also affected by the memory downgrade. Continue Reading on AppleInsider | Discuss on our Forums08:07 pmTim Cook’s Apple wasted billions on ‘Apple 2030’ based on now-discredited climate targets | Mac Daily NewsTim Cook’s Apple wasted billions on ‘Apple 2030’ based on now-discredited climate targets
Apple CEO Tim Cook has long positioned “Apple 2030” as a flagship initiative — the company’s ambitious pledge to achieve carbon neutrality… The post appeared first on MacDailyNews.08:02 pmWhy are my products not showing up on paywall?
RevenueCat is saying my products need to be approved but Apple is saying that my products are not showing up on the pay wall?? This seems like a ridiculous catch 22… anyone dealt with this before or is the confusion on my end? submitted by /u/Which-Breadfruit-162 [link] [comments]07:59 pmChatGPT’s Goblin Obsession Evades OpenAI’s Fixes
OpenAI has traced ChatGPT’s bizarre goblin fixation to training gone awry, but the creatures keep escaping—as Adam Engst discovered when goblins popped up in a conversation about a conference presentation.Read original article07:53 pmCPT (Cape Town) on 2026-05-05
THIS IS A SCHEDULED EVENT May 5, 22:00 - 23:00 UTCMay 5, 19:23 UTCScheduled - We will be performing scheduled maintenance in CPT (Cape Town) datacenter on 2026-05-05 between 22:00 and 23:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.07:45 pmAPI Service for social media content
Can anyone recommend an API service they've used before for retrieving video and/or audio from any social media website? submitted by /u/Ok_Refrigerator_1908 [link] [comments]07:34 pmApple Cuts More Mac Studio and Mac Mini RAM Options as Memory Shortage Worsens
Apple has removed two desktop Macs from its online store as the global memory shortage continues. The Mac mini with 64GB of RAM is no longer available for purchase, nor is the M3 Ultra Mac Studio with 256GB RAM. The M3 Ultra Mac Studio is now available only in a 96GB RAM configuration, with higher-tier options eliminated. Both M3 Mac Studio and M4 Max Mac Studio models have delivery estimates of 9 to 10 weeks. As for the Mac mini, the M4 Pro model now maxes out at 48GB of RAM, with customers no longer able to choose the 64GB option. Last week, Apple removed the Mac mini with 256GB of SSD storage, leaving the 512GB model as the minimum option. That effectively raised the price of the Mac mini from $599 to $799. Apple stopped accepting orders for some Mac Studio and Mac mini machines with higher amounts of RAM in March and April. Apple CEO Tim Cook recently said that the Mac mini and the Mac Studio are going to be hard to get for months to come. "We think, looking forward, that the Mac mini and Mac Studio may take several months to reach supply demand balance," Cook said. According to Cook, Apple underestimated the demand for the Mac mini and the Mac Studio from customers looking for a machine to run AI and agentic tools locally. He said Apple also expects significantly higher memory costs in the months to come, so Apple is likely conserving supply by eliminating some configuration options. Global supply constraints caused by AI server demand have impacted the pricing of memory chips, leading to high prices and memory shortages.Related Roundups: Mac Studio, Mac miniBuyer's Guide: Mac Studio (Caution), Mac Mini (Caution)Related Forums: Mac Studio, Mac miniThis article, "" first appeared on MacRumors.comDiscuss this article in our forums07:31 pmHow Apple will win the AI war
Apple's AI strategy might be summed up with "Don't beat 'em, join 'em." Here's how iPhone and Mac users will benefit. (via Cult of Mac - Your source for the latest Apple news, rumors, analysis, reviews, how-tos and deals.)06:54 pmCanceled Apple TV show might have shot at revival as spinoff wins acclaim
Apple TV’s musical comedy Schmigadoon! earned a loyal following, but was canceled after two seasons. Now though, a Broadway spinoff has proven a hit and earned significant acclaim, as evidenced by today’s Tony nominations. And that could be good news for a prospective season 3 of Schmigadoon! on Apple TV. more…06:50 pmApple lashes out at ‘privacy-threatening’ Digital Markets Act
Macworld The Digital Markets Act, or DMA, is a piece of EU legislation created with the stated aim of fostering competition and user choice, principally by forcing larger companies to make their products and platforms more accommodating to and interoperable with those made by the smaller ones. Unsurprisingly, it proved unpopular with the tech giants, but despite significant pushback, it came into force in May 2023 and continues to operate to this day. Apple is particularly unhappy about the DMA, which makes it difficult to cultivate digital monopolies and “walled gardens,” such as the iOS app ecosystem. The legislation has consistently pushed Apple towards allowing “sideloading,” or the installation on the iPhone of apps from non-official sources, and thanks to the DMA, users in the EU can even delete the official App Store app. In March 2025, the EU cited the DMA in ordering Apple to open up iOS connectivity features, a decision Apple decried as “bad for our products and for our European users.” Then, in April of the same year, the company was fined roughly $570m after its contract terms concerning alternative app distribution were found to breach the DMA. All in all, the legislation has proved deeply inconvenient for Apple. European regulators, unsurprisingly, do not feel the same. And in the European Commission review of the DMA’s first two years, published at the end of April, it was praised in lavish terms: The DMA has already had a positive impact on the contestability and fairness of digital markets during the short period it has been in application. The DMA has significantly changed the conduct, technical design choices, and contractual arrangements of gatekeepers, which has begun to open up new opportunities for business users and competitors. The DMA has also strengthened end-user autonomy and agency in several key areas by empowering citizens to take back control over their data and make their own choices. All very complimentary. But Apple has now hit back. Speaking in an interview with German-language Handelsblatt, spotted by AppleInsider, Kyle Andeer, Apple’s chief compliance officer and VP of corporate law, accused the review of being “self-serving.” “We had hoped that the review would prompt some sober reflection for the EU,” he said (via Google Translate). But instead, what emerged was “a kind of self-serving defense… After all, they were evaluating their own work.” In the interview, Andeer insisted that the DMA has not yet caused any loss of revenue for Apple, with the key word being yet. But he repeatedly referred to the company’s frustration with the legislation and its fears that users are being put at risk. He pointed out, for example, that the DMA’s interoperability requirements could allow Meta or another social media company to access the Wi-Fi login details of an iOS user, and thereby build a highly tailored user profile without permission. “This is a vulnerability that threatens privacy,” Andeer said, adding that Apple had raised the issue with the EU, but that “they seem to be ignoring it.” Despite Apple’s displeasure, the EU currently appears highly unlikely to kill the DMA. The company has had better luck in its home country; however, only last week we reported on its success lobbying to death a similar bill in California in “little more than a month.”06:48 pmApple said to allow users to choose rival AI models across iOS 27, iPadOS 27, and macOS 27 features | Mac Daily NewsApple said to allow users to choose rival AI models across iOS 27, iPadOS 27, and macOS 27 features
Apple is taking a significant step toward making its AI platform more flexible and user-centric. Tthe company plans to let users select and… The post appeared first on MacDailyNews.06:34 pmApple’s most powerful Mac Studio loses its last remaining RAM upgrade option
Apple’s most powerful Mac Studio no longer includes RAM upgrade options. This comes after Apple has seemingly ran out of inventory for the two highest memory options supposed by the machine. more…06:30 pmTrump admin looks to ease memory chip crunch with supply chain bloc
The United States is partnering with allies in Asia, Europe, and the Middle East to tackle the global memory chip shortage through… The post appeared first on MacDailyNews.06:26 pmApple just released new AirPods Max 2 firmware
Last week Apple shipped new firmware for AirPods Pro 3, and now today AirPods Max 2 have gotten a fresh firmware update too. more…06:23 pmLAX (Los Angeles) on 2026-05-12
THIS IS A SCHEDULED EVENT May 12, 07:00 - 15:00 UTCMay 5, 18:15 UTCScheduled - We will be performing scheduled maintenance in LAX (Los Angeles) datacenter on 2026-05-12 between 07:00 and 15:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.06:16 pmApple Releases New Firmware for AirPods Max 2
Apple today released new firmware for the AirPods Max 2. The firmware is version 8E258, up from the prior 8E251 firmware that was released just ahead of when the AirPods Max 2 launched. It's not clear what's included in the firmware update, but Apple provides limited details in its AirPods firmware support document. Most updates focus on bug fixes and improvements. The AirPods Max 2 have an H2 chip, an upgrade over the H1. The H2 brings several new features like Live Translation, Adaptive Audio, Loud Sound Reduction, Voice Isolation, and more. To get the new firmware, make sure your AirPods are in range of your iPhone, iPad, or Mac and are connected via Bluetooth. From there, connect the Apple device to Wi-Fi, then connect the AirPods Max to power with a USB-C cable. Keep the AirPods Max in Bluetooth range of the Apple device, and wait at least 30 minutes for the firmware to update. From there, reconnect the AirPods to the Apple device, and check the firmware version to see if it's updated. Apple says if the firmware doesn't install, to restart the AirPods Max and try again.Related Roundup: AirPods Max 2Buyer's Guide: AirPods Max (Buy Now)Related Forum: AirPodsThis article, "" first appeared on MacRumors.comDiscuss this article in our forums06:09 pmMaryland lawmakers stand with Apple Towson employees after store closure announcement | AppleInsiderMaryland lawmakers stand with Apple Towson employees after store closure announcement
Maryland lawmakers have penned a delegation letter to Apple, asking the tech giant to ask if there were any other paths forward other than closing Apple Towson.Apple Towson employees. Credit: IAMAWApple's battle with its Towson location continues, with Maryland lawmakers stepping in to "express serious concern" over Apple's choice to close the store. On May 4, lawmakers penned a congressional delegation to Apple, which reads:"We urge Apple to reconsider whether there are viable paths forward that would preserve jobs and maintain a retail presence in the region," said the signing members in a letter to Apple. Continue Reading on AppleInsider | Discuss on our Forums06:07 pmiPhone users will get to select a preferred AI model in iOS 27
Apple is rumored to be giving users the option to run various AI features in iOS 27 with third-party models as an alternative to Apple Intelligence.iPhone users will get more AI options in iOS 27Apple has been trying to catch up to the rest of the AI market, but it may not have to worry about doing so for iOS 27. If a report is true, Apple will be making it easier to use third-party alternates throughout the operating system.According to sources of Bloomberg on Tuesday, users will be able to select from multiple third-party AI models, which can be used for various tasks in the operating system. It's a change arriving in iOS 27, iPadOS 27, and macOS 27. Rumor Score: 🤯 Likely Continue Reading on AppleInsider | Discuss on our Forums06:04 pmiOS 27 Will Let You Pick Claude or Gemini Instead of ChatGPT for Apple Intelligence
iOS 27, iPadOS 27, and macOS 27 will let users set third-party AI services as the default for Apple Intelligence features like Writing Tools and Image Playground, reports Bloomberg. Apple has signed a deal with Google and plans to use a Gemini-based model for Apple Intelligence and Siri features in iOS 27, but users will also be able to choose their favorite AI service as an alternative. Apple has already partnered with OpenAI to make ChatGPT available in lieu of Apple's built-in options for Siri, Writing Tools, and Image Playground on iOS 26, but in Apple's upcoming software updates, other third-party chatbots like Claude and Gemini will also be available. Instead of being limited to ChatGPT, users will select their preferred AI service. Users can choose any AI provider that adds support for Apple's new iOS 27, iPadOS 27, and macOS 27 "Extensions" feature. From Bloomberg: "Extensions allow you to access generative AI capabilities from installed apps on demand, through Apple Intelligence features such as Siri, Writing Tools, Image Playground and more," according to a message shown in test versions of the software. Apple also plans to let users choose voices from third-party AI services for Siri, which would make it clearer whether Siri or another AI product like Gemini is responding. Siri would use one voice, while responses from third-party AI options would use another voice. Apple has many other AI-related changes planned for iOS 27, with details available in our iOS 27 roundup.Related Roundup: iOS 27Tags: Apple Intelligence, ChatGPTThis article, "" first appeared on MacRumors.comDiscuss this article in our forums05:53 pmPHL (Philadelphia) on 2026-05-06
THIS IS A SCHEDULED EVENT May 6, 03:00 - 03:45 UTCMay 5, 17:43 UTCScheduled - We will be performing scheduled maintenance in PHL (Philadelphia) datacenter on 2026-05-06 between 03:00 and 03:45 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.05:49 pmiOS 27 will let you choose between Gemini, Claude, and more for AI features: report
iOS 27 will give users a new way to integrate with third-party AI platforms, according to a new report. This will let iPhone users choose from multiple third-party models from companies like Google and Anthropic, including the ability to set custom voices in Siri depending on which external model is responding. more…05:37 pmiPhone Air MagSafe Battery Hits $59.99 Low Price
Following a few steep discounts on the iPhone Air last month, we're now tracking a new all-time low price on the iPhone Air MagSafe Battery on Amazon. You can get the accessory for $59.99, down from $99.00, beating the previous low price by about $20. Note: MacRumors is an affiliate partner with Amazon. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. The iPhone Air MagSafe Battery is only compatible with the iPhone Air, and it can add up to 65 percent additional charge to the smartphone. The MagSafe Battery supports up to 12W of fast wireless charging, and it sports a thin and light design similar to the iPhone Air. $39 OFFiPhone Air MagSafe Battery for $59.99 Apple heavily discounted the iPhone Air in both the United Kingdom and United States in late March and early April, providing as much as 30 percent off the device. There have been multiple reports regarding low sales for the iPhone Air, with one stating there is "virtually no demand" for the smartphone. If you're on the hunt for more discounts, be sure to visit our Apple Deals roundup where we recap the best Apple-related bargains of the past week. Deals Newsletter Interested in hearing more about the best deals you can find in 2026? Sign up for our Deals Newsletter and we'll keep you updated so you don't miss the biggest deals of the season! Related Roundup: Apple DealsThis article, "" first appeared on MacRumors.comDiscuss this article in our forums05:27 pmApple TV 4K, released in 2022, is still the fastest streaming device on the market, bar none – Vice | Mac Daily NewsApple TV 4K, released in 2022, is still the fastest streaming device on the market, bar none – Vice
What you’re looking at is the third-generation Apple TV 4K. Apple launched it back in 2022, and it’s still going strong. Unlike the real… The post appeared first on MacDailyNews.05:27 pmGPT-5.5 Instant makes ChatGPT more accurate while nixing ‘gratuitous emojis’
ChatGPT should feel “smarter and more accurate” starting today, according to OpenAI. That’s because the company is replacing the default model with an update called GPT-5.5 Instant. OpenAI also says the model upgrade cuts back on the “gratuitous emojis” in responses. more…05:19 pmDelayed Network Analytics and Alerting
May 5, 17:19 UTCInvestigating - We are currently experiencing a delay in processing network analytics across our L4 DDoS protection products. There is no impact to DDoS mitigation functionality; however, customers may notice a lag in the population of Network Analytics dashboards. This delay also affects the delivery of real-time alerts for these products. We are working to resolve the issue and will provide further updates as they become available.05:18 pmUsing one UK Ltd for freelance work and iOS apps?
Hello, need some help. I’m setting up a UK Ltd company for my freelance work in the creative industry – not related to app development. I’m also building a few iOS apps. They may never make money, but I’d like to enrol in the Apple Developer Program as an organisation, so the App Store seller […]05:15 pmiOS 26.5 makes Reminders app better by improving one of my top features
iOS 26.5 is expected to launch next week, and a newly discovered improvement makes one of my most-used Reminders features even better. more…05:06 pmMaryland Lawmakers Press Apple Over Decision to Close Unionized Store
In a letter sent to Apple's CEO Tim Cook and hardware engineering chief John Ternus this week, nine members of U.S. Congress from Maryland expressed "serious concern" regarding Apple's decision to close its unionized retail store in Towson, Maryland on June 20, without plans to open a replacement store within the Baltimore region. Apple Towson Town Center "We recognize that decisions of this scale involve complex business considerations," the lawmakers said. "However, we urge Apple to reconsider whether there are viable paths forward that would preserve jobs and maintain a retail presence in the region. Maryland residents value employers who invest in their workforce and demonstrate a sustained commitment to the communities they serve. We stand ready to engage constructively with Apple to better understand this decision and to explore potential solutions." The letter was signed by nine of Maryland's lawmakers, including two senators and seven representatives, all from the Democratic Party. They said it was their understanding that Apple's store at the Towson Town Center has been in "a strong-performing location," but several local news reports have stated that the shopping mall is in decline and has lost major retailers like Tommy Bahama, Banana Republic, and Madewell. In the letter, the lawmakers said the store's closure will "significantly affect" residents and small businesses across the Baltimore region, including approximately 90 employees. As a result, they asked for Apple to provide a clearer understanding of the rationale behind this decision, including whether alternatives such as relocating the store or other operational adjustments were meaningfully considered. Last month, Apple announced that it will be permanently closing three retail stores in the U.S. in June, with the other two locations set to close beyond Apple Towson Town Center being Apple Trumbull in Trumbull, Connecticut and Apple North County in Escondido, California. Apple said it made this difficult decision following the "departure of several retailers" and declining conditions" at all three of the shopping malls. Notably, the staff at the Towson store became Apple's first retail employees in the U.S. to unionize in 2022. They belong to the International Association of Machinists and Aerospace Workers' Coalition of Organized Retail Employees (IAM CORE), and they signed a collective bargaining agreement with Apple in 2024. Apple said employees at the Trumbull and North County stores will "continue their roles" at the company's nearby stores in each area, so transfer eligibility is guaranteed. Meanwhile, Apple said employees at the Towson store will be eligible to apply for open roles at Apple in accordance with their collective bargaining agreement, and it is unclear if everyone who applies will successfully secure a new position at the company. Last month, the IAM union filed an unfair labor practice charge with the National Labor Relations Board (NLRB), citing discriminatory treatment against unionized workers at the Towson store. Unlike workers at two other closing stores, Apple has not offered its unionized Towson employees the opportunity to transfer to other stores. IAM said Apple not offering Towson employees the opportunity to transfer "raises serious concerns that this closure is a cynical attempt to bust the union." "We praise the Maryland congressional delegation for having these workers' backs and demanding answers from Apple," said IAM Union International President Brian Bryant. "These workers made history by exercising their right to organize for a voice on the job. Walking away from them now sends a dangerous message to working people everywhere." Apple has said it is simply respecting the terms of the bargaining agreement. According to Apple, the contract that the union agreed to states that in the event of a store closure, Apple would transfer or rehire employees if the company opened a new store within 50 miles of the current location at Towson Town Center. In any other circumstance, the union negotiated for employees to receive severance. Apple has no current plans to open a new store in the area, but if it were to do so within the next 18 months, the affected employees would have the right of first refusal. "We strongly disagree with the claims made, and we will continue to abide by the agreement that was negotiated and agreed with the union," an Apple spokesperson said. "We look forward to presenting all of the facts to the NLRB."Tag: Apple StoreThis article, "" first appeared on MacRumors.comDiscuss this article in our forums04:49 pmIssues with new Cloudflare Tunnel connections and Browser Isolation registrations
May 5, 16:49 UTCInvestigating - Cloudflare is investigating connectivity issues affecting Cloudflare Tunnel and Browser Isolation. This issue is currently limited to the establishment of new connections. Customers may experience errors or timeouts when attempting to register new tunnels via cloudflared or when initiating new Browser Isolation sessions. Existing tunnels and active sessions are not affected and continue to operate normally. Our engineering team is actively investigating the root cause, and we will provide additional updates as soon as more information is available.04:41 pmiPhone 18 Pro Rumored to Keep Aluminum Finish Amid Durability Complaints
The iPhone 18 Pro will reportedly carry over the same anodized aluminum finish introduced with the iPhone 17 Pro, despite concerns from some users about its durability. According to the Weibo leaker known as "Fixed Focus Digital," surface chipping on the iPhone 17 Pro has become a common complaint, and that users who have sought recourse from Apple have been told they cannot claim it, with the company classifying the issue as an inherent characteristic of the aluminum alloy material and normal wear and tear. Crucially, they added that the iPhone 18 Pro will "continue to utilize this same design approach" despite its weaknesses. The iPhone 17 Pro moved away from the titanium frames Apple used in its Pro lineup for the previous two years, adopting an anodized aluminum unibody design. Surface durability concerns surfaced almost immediately after launch. Reports suggested that Dark Blue and Cosmic Orange models appeared to scratch more easily than other finishes, with MacRumors forum users describing visible marks on in-store display units within days of availability. A scratch test by YouTuber JerryRigEverything added some nuance, finding that most of the anodized shell holds up well against everyday items like keys and coins, but pinpointing the camera plateau as a clear weak point where the raised, unchamfered edges chip and scratch easily. A separate issue emerged the following month, when a number of Cosmic Orange iPhone 17 Pro owners reported color shift, with the aluminum frame and camera plateau drifting toward a rose-gold or pink hue and in some cases prompting device replacements by Apple Support. Rumors point to four color options for the iPhone 18 Pro models: Dark Cherry, Light Blue, Dark Gray, and Silver. Dark Cherry is expected to serve as the signature new color, described as a deep, wine-like red that is considerably more muted than last year's Cosmic Orange. The iPhone 18 Pro is not expected to offer a black option for the second consecutive year, but the rumored gray option could come close. The iPhone 18 Pro and iPhone 18 Pro Max are expected to be announced in September 2026, alongside the first foldable iPhone.Related Roundup: iPhone 18 ProTag: Fixed Focus DigitalThis article, "" first appeared on MacRumors.comDiscuss this article in our forums04:40 pmApple may turn to longtime frenemies to make chips in the U.S.
Macworld A report released by Bloomberg on Tuesday states that Apple is in “exploratory talks” with Intel and Samsung to produce chips in the U.S. However, the talks have yet to result in an actual deal between the companies, and the possibility remains that Apple may decide to abandon the idea. Last December, analyst Ming-Chi Kuo reported that Intel could serve as a secondary chip supplier to Apple. Apple currently relies on TSMC for its chip manufacturing, but is interested in finding additional manufacturing options. However, Bloomberg states that Apple is concerned about using non-TSMC technology, which will affect the decision on whom to partner with. Intel has struggled in the past few years as it has been slow to adjust to the shift in chip demand from CPUs to GPUs, and its own CISC chip technology has proven to be outdated as RISC-based chips by competitors have proven to provide better performance and efficiency. Intel is exploring the possibility of being a chip foundry for other companies, such as Apple, to expand its revenue streams. Samsung is also interested in growing its foundry operations. The current supply chain problems have caused Apple to investigate options to alleviate the constraints. Finding another manufacturer is challenging, and Apple is concerned that Intel and Samsung “can’t reliably offer the type of production and scale” that TSMC provides, reports Bloomberg. Apple already sources several components, including displays and RAM, from Samsung. Bloomberg also states that an Apple/Intel deal could also provide political benefits, since the current presidential administration views Intel “as a national champion.” Apple is currently working with TSMC to establish a plant in Arizona, which could provide Apple with 100 million chips annually. During Apple’s Q2 2026 financial results announcement, CEO Tim Cook stated that “the primary constraint is the availability of the advanced nodes our SoCs are produced on, not memory,” which has resulted in short supply of devices, including the Mac mini. Cook stated that it could “take several months to reach supply/demand balance” and that the supply issues are not “going to end anytime soon.”04:33 pmHomePod of the future may only answer Siri queries if you look at it
HomePod owners may not necessarily have to even call out the word "Siri" in future, with Apple researching ways to use gaze detection for a device to know it's wanted.The patent's drawings show a HomePod with cameras, which might now become the expected Apple HomeHubIf you have multiple Apple devices, then you know that it's difficult to get Siri to respond on the one you want. When you are in a room that contains an iPhone, an iPad, and a HomePod mini, Apple has all sorts of systems to assess which device you want, but they routinely fail.Furthermore, not everyone feels comfortable with the "Siri" prompt, even if it is better than the original "Hey Siri" one. You can still say either version, and so can your TV set — it's common for something said on a show to be close enough to "Siri" that it prompts a query you didn't ask for. Continue Reading on AppleInsider | Discuss on our Forums04:26 pmThe best signal yet that iPhone 18 won't ship until 2026 has arrived
A supply chain rumor claiming that Apple has made many more orders for the iPhone 17 to keep stock levels high through November 2026 is more indication of a 2027 non-pro iPhone 18 launch.iPhone 17A May 4 Weibo post from Chinese leaker Fixed Focus Digital claims Apple is extending iPhone 17 production, increasing output and preparing inventory through November 2026 for China's Double 11 shopping period.Normally, the iPhone Pro and non-pro lineups are expected to debut in September, with full availability of all models in China by November 11. Apple typically plans Double 11 inventory as part of initial production, not by adding orders later in the cycle.Increasing orders this late for the base model is unusual for Apple and points to the standard iPhone 18 arriving later than the usual fall window. Rumor Score: 🤔 Possible Continue Reading on AppleInsider | Discuss on our Forums04:22 pmAMS (Amsterdam) on 2026-05-08
THIS IS A SCHEDULED EVENT May 8, 00:00 - 08:00 UTCMay 5, 15:57 UTCScheduled - We will be performing scheduled maintenance in AMS (Amsterdam) datacenter on 2026-05-08 between 00:00 and 08:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.04:16 pmVulnerability Summary for the Week of April 27, 2026
High Vulnerabilities PrimaryVendor -- Product Description Published CVSS Score Source Info Patch Info n/a-- OVMS3 3.3.005 Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames. 2026-05-01 10 CVE-2026-37541 https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 tendacn[.]com-- W308R Tenda W308R v2 V5.07.48 contains a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the goform/AdvSetDns endpoint with a crafted admin language cookie to change DNS servers and redirect user traffic to malicious sites. 2026-04-29 9.8 CVE-2018-25316 ExploitDB-44373VulnCheck Advisory: Tenda W308R v2 V5.07.48 Cookie Session Weakness DNS Change tendacn[.]com--W3002R Tenda W3002R/A302/W309R wireless routers version V5.07.64_en contain a cookie session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient session validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin language cookie to change primary and secondary DNS servers, redirecting user traffic to malicious DNS servers. 2026-04-29 9.8 CVE-2018-25317 ExploitDB-44380VulnCheck Advisory: Tenda W3002R/A302/W309R V5.07.64_en Cookie Session Weakness DNS Change tendacn[.]com--FH303/A300 Tenda FH303/A300 firmware V5.07.68_EN contains a session weakness vulnerability that allows unauthenticated attackers to modify DNS settings by exploiting insufficient cookie validation. Attackers can send GET requests to the /goform/AdvSetDns endpoint with a crafted admin cookie to change DNS servers and redirect user traffic to malicious sites. 2026-04-29 9.8 CVE-2018-25318 ExploitDB-44381VulnCheck Advisory: Tenda FH303/A300 V5.07.68_EN Cookie Session Weakness DNS Change Weaver Network Co., Ltd.--E-office Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC). 2026-04-30 9.8 CVE-2022-50993 https://service.e-office.cn/knowledge/detail/5https://cn-sec.com/archives/1453025.htmlhttps://bbs.chaitin.cn/topic/37https://www.vulncheck.com/advisories/weaver-e-office-10-0-20221201-unauthenticated-arbitrary-file-read-via-xmlrpcservlet synway[.]net-- SMG Gateway Management Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shell commands by submitting a POST request with crafted radius_address, radius_address2, shared_secret2, source_ip, timeout, or retry parameters along with save=1 and enable_radius=1 to achieve remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 (UTC). 2026-04-30 9.8 CVE-2025-71284 https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/synway/synwaysmg-radius-rce.yamlhttps://mrxn.net/jswz/synway-9-2radius-rce.htmlhttps://mp.weixin.qq.com/s/PyepoFSuQ63E3RnpQa9nsAhttps://www.synway.net/https://www.vulncheck.com/advisories/synway-smg-gateway-management-software-os-command-injection-via-radius-address Directorist Booking--Directorist Booking Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Directorist Booking allows SQL Injection.This issue affects Directorist Booking: from n/a before 3.0.2. 2026-04-27 9.3 CVE-2026-22336 https://patchstack.com/database/wordpress/plugin/directorist-booking/vulnerability/wordpress-directorist-booking-plugin-2-4-1-sql-injection-vulnerability?_s_id=cve Directorist--Directorist Social Login Incorrect Privilege Assignment vulnerability in Directorist Directorist Social Login allows Privilege Escalation.This issue affects Directorist Social Login: from n/a before 2.1.4. 2026-04-27 9.8 CVE-2026-22337 https://patchstack.com/database/wordpress/plugin/directorist-social-login/vulnerability/wordpress-directorist-social-login-plugin-2-1-1-privilege-escalation-vulnerability?_s_id=cve Milesight--MS-Cxx63-PD Specific firmware versions of Milesight AIOT cameras use SSL certificates with default private keys. 2026-04-27 9.8 CVE-2026-32644 https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.jsonhttps://www.milesight.com/support/download/firmware n/a--Automotive Grade Linux (AGL) AGL app-framework-main thru 17.1.12 contains a Zip Slip path traversal vulnerability (CWE-22) combined with a TOCTOU race condition (CWE-367) in the widget installation flow. The is_valid_filename function in wgtpkg-zip.c validates ZIP entry names but does not check for dot notation directory traversal sequences it only blocks absolute paths. The zread extraction function uses openat(workdirfd, filename, O_CREAT) which resolves dot notation values relative to the work directory, allowing files to be written anywhere on the filesystem. Critically, in function install_widget in file wgtpkg-install.c, extraction via zread occurs BEFORE signature verification via check_all_signatures. Even if signature verification fails, the error cleanup (remove_workdir) only deletes the temporary work directory files written outside via path traversal persist permanently. 2026-05-01 9.8 CVE-2026-37531 https://gerrit.automotivelinux.org/gerrit/src/app-framework-mainhttps://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643 n/a-- cannelloni v2.0.0 Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames. 2026-05-01 9.8 CVE-2026-37539 https://github.com/mguentner/cannellonihttps://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 Carlson Software--VASCO-B GNSS Receiver The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials. 2026-04-28 9.4 CVE-2026-3893 https://www.carlsonsw.com/support-and-training/https://www.cve.org/CVERecord?id=CVE-2026-3893https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-02.json Mersenne--Prime95 Prime95 29.4b8 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting structured exception handling (SEH) mechanisms. Attackers can inject malicious payload through the optional proxy hostname field in the PrimeNet connection settings to trigger the overflow and execute system commands. 2026-04-29 8.4 CVE-2018-25299 ExploitDB-44649Official Product HomepageProduct ReferenceVulnCheck Advisory: Prime95 29.4b8 Local Buffer Overflow via SEH xataboost--XATABoost CMS XATABoost CMS 1.0.0 contains a union-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the id parameter. Attackers can send GET requests to news.php with malicious id values to extract sensitive database information. 2026-04-29 8.2 CVE-2018-25300 ExploitDB-44622Official Product HomepageVulnCheck Advisory: XATABoost CMS 1.0.0 SQL Injection via news.php Easy MPEG--Easy MPEG to DVD Burner Easy MPEG to DVD Burner 1.7.11 contains a structured exception handling (SEH) local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious username string. Attackers can craft a payload containing junk data, SEH chain pointers, and shellcode that overwrites the SEH handler to redirect execution and run arbitrary commands like opening calc.exe. 2026-04-29 8.4 CVE-2018-25301 ExploitDB-44565Product ReferenceVulnCheck Advisory: Easy MPEG to DVD Burner 1.7.11 SEH Local Buffer Overflow Alloksoft--Allok Video to DVD Burner Allok Video to DVD Burner 2.6.1217 contains a stack-based buffer overflow vulnerability in the License Name field that allows local attackers to execute arbitrary code by triggering a structured exception handler (SEH) overwrite. Attackers can craft a malicious input string with 780 bytes of junk data followed by SEH chain pointers and shellcode, then paste it into the License Name field during registration to achieve code execution. 2026-04-29 8.4 CVE-2018-25303 ExploitDB-44518Official Product HomepageVulnCheck Advisory: Allok Video to DVD Burner 2.6.1217 Buffer Overflow SEH Filehippo--Free Download Manager Free Download Manager 2.0 Built 417 contains a local buffer overflow vulnerability in the URL import functionality that allows attackers to trigger a structured exception handler (SEH) chain exploitation. Attackers can craft a malicious URL file that, when imported through the File > Import > Import lists of downloads menu, causes a buffer overflow in the Location header response that overwrites the SEH chain and executes arbitrary code. 2026-04-29 8.4 CVE-2018-25304 ExploitDB-44499Product ReferenceVulnCheck Advisory: Free Download Manager 2.0 Built 417 Local Buffer Overflow SEH Sysgauge--SysGauge Pro SysGauge Pro 4.6.12 contains a local buffer overflow vulnerability in the Register function that allows local attackers to overwrite the structured exception handler by supplying a crafted unlock key. Attackers can inject shellcode through the Unlock Key field during registration to execute arbitrary code with application privileges. 2026-04-29 8.4 CVE-2018-25307 ExploitDB-44455VulnCheck Advisory: SysGauge Pro 4.6.12 Local Buffer Overflow SEH donmik--Buddypress Xprofile Custom Fields Type BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. Attackers can modify the field_hiddenfile and field_deleteimg parameters during profile editing to unlink files from the server. 2026-04-29 8.8 CVE-2018-25308 ExploitDB-44432Official Product HomepageVulnCheck Advisory: BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution Alloksoft--WMV to AVI MPEG DVD WMV Converter Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception handler (SEH) overwrite to bypass protections and execute code with application privileges. 2026-04-29 8.4 CVE-2018-25314 ExploitDB-44365Official Product HomepageProduct ReferenceVulnCheck Advisory: Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 Buffer Overflow Alloksoft--Video Joiner Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler (SEH) overwrite and shellcode to achieve code execution when the application processes the license registration input. 2026-04-29 8.4 CVE-2018-25315 ExploitDB-44364Official Product HomepageProduct ReferenceVulnCheck Advisory: Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name marketingfire--Widget Options Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets The Widget Options - Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval() on user-supplied Display Logic expressions with an insufficient blocklist/allowlist that can be bypassed using array_map with string concatenation, combined with a lack of authorization enforcement on the extended_widget_opts_block attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. The vulnerability was partially patched in version 4.2.0. 2026-05-02 8.8 CVE-2026-2052 https://www.wordfence.com/threat-intel/vulnerabilities/id/68023557-fc92-4cf6-96b4-405ff5a5fd5a?source=cvehttps://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/widgets/gutenberg/gutenberg-toolbar.php#L843https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/extras.php#L495https://plugins.trac.wordpress.org/browser/widget-options/trunk/includes/extras.php#L534https://plugins.trac.wordpress.org/changeset/3481338/https://plugins.trac.wordpress.org/changeset/3514411/ Milesight--MS-Cxx63-PD An out-of-bounds memory access vulnerability exists in specific firmware versions of Milesight AIOT cameras. 2026-04-27 8.8 CVE-2026-20766 https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.jsonhttps://www.milesight.com/support/download/firmware wclovers--WCFM Frontend Manager for WooCommerce The WCFM - Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via the 'wcfm_delete_wcfm_customer' due to missing validation on the 'customerid' user controlled key. This makes it possible for authenticated attackers, with Vendor-level access and above, to delete arbitrary users, including Administrators. 2026-05-02 8.1 CVE-2026-2554 https://www.wordfence.com/threat-intel/vulnerabilities/id/21e397a4-0b32-4b13-a46b-c465acea0796?source=cvehttps://plugins.trac.wordpress.org/browser/wc-frontend-manager/tags/6.7.24/core/class-wcfm-customer.php#L386https://plugins.trac.wordpress.org/changeset/3483695/ opencats--OpenCATS OpenCATS prior to commit 3002a29 contains a PHP code injection vulnerability in the installer AJAX endpoint that allows unauthenticated attackers to execute arbitrary code by injecting PHP statements into the databaseConnectivity action parameter. Attackers can break out of the define() string context in config.php using a single quote and statement separator to inject malicious PHP code that persists and executes on every subsequent page load when the installation wizard remains incomplete. 2026-04-28 8.1 CVE-2026-27760 https://chocapikk.com/posts/2026/opencats-installer-rce/https://github.com/opencats/OpenCATS/pull/706https://github.com/opencats/OpenCATS/commit/3002a29f4c3cada1aa2c4f3d4ae4e189906606b6https://github.com/opencats/OpenCATS/blob/46e4727/lib/CATSUtility.php#L142-L172https://github.com/opencats/OpenCATS/blob/46e4727/modules/install/ajax/ui.php#L130https://www.vulncheck.com/advisories/opencats-php-code-injection-via-installer-ajax-endpoint Milesight--MS-Cxx63-PD Specific firmware versions of Milesight AIOT camera firmware contain hard-coded credentials. 2026-04-27 8.8 CVE-2026-27785 https://www.cisa.gov/news-events/ics-advisories/icsa-26-113-03https://github.com/cisagov/CSAF/blob/develop/csaf_files/OT/white/2026/icsa-26-113-03.jsonhttps://www.milesight.com/support/download/firmware Cockpit--Cockpit CMS Cockpit CMS contains an authenticated remote code execution vulnerability in the /cockpit/collections/save_collection endpoint that allows authenticated attackers with collection management privileges to inject arbitrary PHP code into collection rules parameters. Attackers can inject malicious PHP code through rule parameters which is written directly to server-side PHP files and executed via include() to achieve arbitrary command execution on the underlying server. 2026-04-29 8.8 CVE-2026-34965 https://github.com/agentejo/cockpithttps://gist.github.com/thepiyushkumarshukla/64d2318518b17f529bc3ccb11fd5be90https://github.com/agentejo/cockpit/commits/494765e4f0fb9484f320aee0c6ee889b6fa789b9https://www.vulncheck.com/advisories/cockpit-cms-authenticated-remote-code-execution-via-collections n/a--(UDS) & OBD-II (On Board Diagnostics for Vehicles) miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives memcpy at offset 1+pid_length with payload_length bytes. MAX_UDS_REQUEST_PAYLOAD_LENGTH=7, so 1+2+7=10 exceeds buffer by 4 bytes. No bounds check on payload_length before memcpy. 2026-05-01 8.8 CVE-2026-37536 https://github.com/miaofng/uds-chttps://github.com/openxc/uds-chttps://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 n/a--Open-SAE-J1939 (Daniel Martensson) collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8_t index = data[0] - 1. When data[0] (sequence number from CAN frame) is 0, index underflows to 255. Subsequent write at tp_dt- >data[255*7 + i-1] reaches offset 1791, exceeding the MAX_TP_DT buffer (1785 bytes) by 6 bytes. 2026-05-01 8.1 CVE-2026-37537 https://github.com/DanielMartensson/Open-SAE-J1939https://github.com/collin80/Open-SAE-J1939https://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 openampproject[.]org--OpenAMP v2025.10.0 OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values can cause the product to wrap around to a small value. 2026-05-01 8.4 CVE-2026-37540 https://github.com/OpenAMP/open-amphttps://github.com/OpenAMP/open-amp/blob/main/lib/remoteproc/elf_loader.chttps://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 n/a--MixPHP Framework 2.x Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to OpisClosureunserialize(), then executes the result via call_user_func(). No authentication or signature verification exists on the TCP connection. An attacker with access to the localhost TCP port (server binds 127.0.0.1) can send a crafted serialized PHP closure to achieve arbitrary code execution. 2026-05-01 8.4 CVE-2026-37552 https://github.com/mix-php/mixhttps://github.com/mix-php/mix/blob/v2.2.17/src/sync-invoke/src/Server.phphttps://gist.github.com/sgInnora/fa46386840fe978a30d7e53c458f2975 benjaminprojas--WP Editor The WP Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.9.2. This is due to missing nonce verification in the 'add_plugins_page' and 'add_themes_page' functions. This makes it possible for unauthenticated attackers to overwrite arbitrary plugin and theme PHP files with attacker-controlled code via a forged request, granted they can trick a site administrator into performing an action such as clicking a link. 2026-05-01 8.8 CVE-2026-3772 https://www.wordfence.com/threat-intel/vulnerabilities/id/b1bc4a87-d5de-4d66-9cc5-802ef11f886c?source=cvehttps://plugins.trac.wordpress.org/browser/wp-editor/trunk/classes/WPEditorPlugins.php#L60https://plugins.trac.wordpress.org/browser/wp-editor/trunk/classes/WPEditorThemes.php#L103https://plugins.trac.wordpress.org/changeset/3480577/ chartbrew--chartbrew Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew allows authenticated users with access to one project to update or delete a SharePolicy record that belongs to a different project. The affected routes authorize the caller against the project in the URL path, but they never verify that policy_id belongs to that project. This permits cross-project modification of dashboard sharing rules, including visibility, password requirements, allowed parameters, and expiration settings. This issue has been patched in version 5.0.0. 2026-04-30 8.1 CVE-2026-40600 https://github.com/chartbrew/chartbrew/security/advisories/GHSA-pq8h-2h99-39xmhttps://github.com/chartbrew/chartbrew/releases/tag/v5.0.0 TRENDnet--TEW-821DAP A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function auto_update_firmware of the component Firmware Udpate. The manipulation of the argument str leads to buffer overflow. The attack may be initiated remotely. The vendor explains: "That firmware version will only work on our hardware version v1.xR. We have already EOL that product 8 years ago and are no longer selling". This vulnerability only affects products that are no longer supported by the maintainer. 2026-05-02 8.8 CVE-2026-7607 VDB-360564 | TRENDnet TEW-821DAP Firmware Udpate auto_update_firmware buffer overflowVDB-360564 | CTI Indicators (IOB, IOC, IOA)Submit #806214 | Trendnet TEW-821DAP v1.12B01 CWE-120 Buffer Copy without Checking Size of Inputhttps://github.com/IOTRes/IOT_Firmware_Update/blob/main/Trendnet/TEW-821DAP_BO.md carazo--Import and export users and customers The Import and export users and customers plugin for WordPress is vulnerable to Privilege Escalation in all versions up to and including 2.0.8 via the `save_extra_user_profile_fields()` function. This is due to an incomplete blocklist that correctly restricts capability meta keys for the primary site (e.g., `wp_capabilities`, `wp_user_level`) but fails to block the equivalent meta keys for any other subsite in a WordPress Multisite network (e.g., `wp_2_capabilities`, `wp_2_user_level`), allowing these keys to pass the `in_array()` check and be written directly to user meta via `update_user_meta()`. This makes it possible for authenticated attackers, with Subscriber-level access and above, to escalate their privileges to Administrator on any subsite within the Multisite network by submitting a crafted profile update to `/wp-admin/profile.php`. Exploitation requires that an administrator has previously imported a CSV file containing multisite-prefixed capability column headers and has enabled the 'Show fields in profile?' option, which causes those keys to be stored in the `acui_columns` option and exposed as editable fields on the user profile page. 2026-05-02 8.8 CVE-2026-7641 https://www.wordfence.com/threat-intel/vulnerabilities/id/368cff00-6a86-443e-aec4-4115a229a3c1?source=cvehttps://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/trunk/classes/columns.php#L221https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.8/classes/columns.php#L221https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/trunk/classes/columns.php#L198https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.8/classes/columns.php#L198https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/trunk/classes/helper.php#L150https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.8/classes/helper.php#L150https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/trunk/classes/multisite.php#L21https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.8/classes/multisite.php#L21https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.6/classes/columns.php#L221https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.6/classes/columns.php#L198https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.6/classes/helper.php#L150https://plugins.trac.wordpress.org/browser/import-users-from-csv-with-meta/tags/2.0.6/classes/multisite.php#L21https://plugins.trac.wordpress.org/changeset/3515646 Cozmoslabs--Profile Builder Pro The Profile Builder Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to and including 3.14.5. This is due to the use of PHP's maybe_unserialize() function on the attacker-controlled 'args' POST parameter within the wppb_request_users_pins_action_callback() AJAX handler, which lacked any nonce verification, type checking, or input validation before deserialization. Because the handler was registered with both wp_ajax_ and wp_ajax_nopriv_ hooks, it was reachable by completely unauthenticated users. This makes it possible for unauthenticated attackers to inject arbitrary PHP objects into application memory. 2026-05-02 8.1 CVE-2026-7647 https://www.wordfence.com/threat-intel/vulnerabilities/id/c7b897f5-f988-4515-83bc-456f041d7e2e?source=cvehttps://plugins.trac.wordpress.org/browser/profile-builder-pro/trunk/add-ons/user-listing/one-map-listing.php#L271https://plugins.trac.wordpress.org/browser/profile-builder-pro/tags/3.14.5/add-ons/user-listing/one-map-listing.php#L271https://plugins.trac.wordpress.org/browser/profile-builder-pro/trunk/add-ons/user-listing/one-map-listing.php#L13https://plugins.trac.wordpress.org/browser/profile-builder-pro/tags/3.14.5/add-ons/user-listing/one-map-listing.php#L13 Shenzhen Libituo Technology--LBT-T300-HW1 A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of the component Web Management Interface. Executing a manipulation of the argument vpn_pptp_server/vpn_l2tp_server can lead to buffer overflow. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way. 2026-05-03 8.8 CVE-2026-7674 VDB-360827 | Shenzhen Libituo Technology LBT-T300-HW1 Web Management start_single_service buffer overflowVDB-360827 | CTI Indicators (IOB, IOC, IOA)Submit #800705 | Libtor Technology lbt-t300-hw1 closure, xreq). The NULL propagation chain through afb-context.c:110 (context- >credentials = afb_cred_addref(NULL)) and afb-cred.c:163 (returns NULL when cred is NULL) confirms that credentials are zeroed before the target API executes. The attacker controls both api and verb parameters via JSON input, allowing execution of any registered API with a NULL credential context. APIs that rely on context- >credentials for authorization decisions may fail open when receiving NULL credentials, enabling privilege escalation. This vulnerability was introduced in commit abbb4599f0b921c6f434b6bd02bcfb277eecf745 on 2018-02-14. 2026-05-01 7.8 CVE-2026-37525 https://gerrit.automotivelinux.org/gerrit/src/app-framework-binderhttps://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643 n/a--Automotive Grade Linux (AGL) afb-daemon v19.90.0 AGL app-framework-binder (afb-daemon) through v19.90.0 allows any local process to execute privileged supervision commands (Exit, Do, Sclose, Config, Trace, Debug, Token, slist) without authentication via the abstract Unix socket @urn:AGL:afs:supervision:socket. The on_supervision_call function in src/afb-supervision.c dispatches all 8 commands without any credential verification. The abstract socket has no DAC protection, as acknowledged in the official CAUTION comment in src/afs-supervision.h. This allows a low-privileged local process to kill the daemon (DoS via Exit command), execute arbitrary API calls (via Do command), close arbitrary user sessions (via Sclose command), or leak the entire global configuration (via Config command). The vulnerability was introduced in commit b8c9d5de384efcfa53ebdb3f0053d7b3723777e1 on 2017-06-29. 2026-05-01 7.8 CVE-2026-37526 https://gerrit.automotivelinux.org/gerrit/src/app-framework-binderhttps://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643 n/a--Automotive Grade Linux (AGL) aglservice v17.1.12 AGL agl-service-can-low-level thru 17.1.12 contains a heap buffer over-read in the isotp-c library. In isotp_continue_receive (receive.c:87-89), the payload_length for a Single Frame is extracted from a 4-bit nibble in the CAN frame data, yielding values 0-15. However, a standard CAN frame is only 8 bytes, with payload starting at data[1] (7 bytes available). When payload_length exceeds the available data (e.g., nibble=15 but only 7 payload bytes exist), memcpy(message.payload, &data[1], payload_length) reads up to 8 bytes past the end of the data buffer. 2026-05-01 7.1 CVE-2026-37532 https://gerrit.automotivelinux.org/gerrit/apps/agl-service-can-low-levelhttps://gist.github.com/sgInnora/8526eedcfd826d05ef1fc45d8f405643 n/a--Automotive Grade Linux (AGL) isotp-c openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac (2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious CAN frame with an oversized length nibble can cause memory reads beyond the buffer, allowing attackers to cause a denial of service, or gain sensitive information. 2026-05-01 7.1 CVE-2026-37535 https://github.com/openxc/isotp-chttps://github.com/openxc/isotp-c/blob/master/src/isotp/receive.chttps://gist.github.com/sgInnora/f4ac66faeefe07a653ceeb3f58cdc381 n/a-- Vanetza V2X v26.02 An issue was discovered in Vanetza V2X v26.02 allowing remote unauthorized attackers to cause a denial of service. The vulnerability exists in the GeoNetworking packet processing pipeline where OpenSSL exceptions from ECC point validation (invalid compressed point, point not on curve) are not properly caught by the Router::indicate() call chain. The openssl_wrapper.cpp check() function (line 19) throws openssl::Exception when OpenSSL operations fail. The parser's catch block in parse_secured() should catch these, but the exception escapes through subsequent processing stages (indicate_common, indicate_extended). This causes std::terminate, crashing the V2X receiver. 2026-05-01 7.5 CVE-2026-37554 https://github.com/riebl/vanetzahttps://github.com/riebl/vanetza/blob/master/vanetza/security/openssl_wrapper.cpphttps://github.com/riebl/vanetza/blob/master/vanetza/geonet/router.cpphttps://gist.github.com/sgInnora/45128ae15d52df7238680a8f2da8359f chartbrew--chartbrew Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes public chart retrieval and export routes that only verify project-level public access and, for exports, a team-level export toggle. The routes do not verify whether the target chart is actually allowed on the public report or whether the governing SharePolicy permits public access. An unauthenticated attacker who knows a chart identifier in a public project can read or export chart data for charts that were intentionally hidden from the report. This issue has been patched in version 5.0.0. 2026-04-30 7.5 CVE-2026-40595 https://github.com/chartbrew/chartbrew/security/advisories/GHSA-mq7q-6xh6-5649https://github.com/chartbrew/chartbrew/releases/tag/v5.0.0 cyberhobo--Geo Mashup The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'sort' parameter in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. The `esc_sql()` function is applied but is ineffective in the `ORDER BY` context because the value is not enclosed in quotes. Additionally, while a `sanitize_sort_arg()` allowlist-based sanitizer was added in version 1.13.18, it is only applied in the AJAX code path (`sanitize_query_args()`) and not in the `render-map.php` or template tag code paths. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. 2026-05-02 7.5 CVE-2026-4060 https://www.wordfence.com/threat-intel/vulnerabilities/id/2fa5ae9a-532c-40f9-b70a-217f0f9cd473?source=cvehttps://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup-db.php#L1767https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup-db.php#L1785https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/render-map.php#L166https://plugins.trac.wordpress.org/changeset/3503627/ chartbrew--chartbrew Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the target chart belongs to a public report, that the project is public, or that sharing policy allows the operation. An unauthenticated attacker who knows a chart identifier can trigger a data refresh and retrieve the current data of private charts. This issue has been patched in version 5.0.0. 2026-04-30 7.5 CVE-2026-40601 https://github.com/chartbrew/chartbrew/security/advisories/GHSA-cpr6-mhgm-893whttps://github.com/chartbrew/chartbrew/releases/tag/v5.0.0 cyberhobo--Geo Mashup The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic quotes protection, followed by the unsanitized `map_post_type` value being concatenated into an `IN(...)` clause without `esc_sql()` or `$wpdb- >prepare()`. The 'any' branch of the same code correctly applies `array_map('esc_sql', ...)`, but the else branch does not. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. Exploitation requires the Geo Search feature to be enabled in plugin settings. 2026-05-02 7.5 CVE-2026-4061 https://www.wordfence.com/threat-intel/vulnerabilities/id/cc3cf6c5-643e-49ca-b09c-bd7cfec328ee?source=cvehttps://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup-db.php#L1748https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/php/Hooks/SearchResults.php#L39https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/php/Search.php#L152https://plugins.trac.wordpress.org/changeset/3503627/ cyberhobo--Geo Mashup The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'object_ids' and 'exclude_object_ids' parameters in all versions up to, and including, 1.13.18. This is due to insufficient escaping on the user supplied parameters and lack of sufficient preparation on the existing SQL query. The `esc_sql()` function is applied but is ineffective because the values are placed in an unquoted `IN(...)` / `NOT IN(...)` SQL context - `esc_sql()` only escapes quote characters and provides no protection against parenthesis or SQL keyword injection. Additionally, while a numeric-only sanitizer exists in `sanitize_query_args()`, it is only applied in the AJAX code path and not in the `render-map.php` or template tag code paths. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. 2026-05-02 7.5 CVE-2026-4062 https://www.wordfence.com/threat-intel/vulnerabilities/id/abc5ed0a-504f-4d8c-9662-a4c9f7c7acb8?source=cvehttps://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup-db.php#L1755https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/geo-mashup-db.php#L1759https://plugins.trac.wordpress.org/browser/geo-mashup/trunk/render-map.php#L166https://plugins.trac.wordpress.org/changeset/3503627/ n/a--libssh2 A security vulnerability has been detected in libssh2 up to 1.11.1. The impacted element is the function userauth_password of the file src/userauth.c. Such manipulation of the argument username_len/password_len leads to integer overflow. The attack may be launched remotely. The name of the patch is 256d04b60d80bf1190e96b0ad1e91b2174d744b1. A patch should be applied to remediate this issue. 2026-05-01 7.3 CVE-2026-7598 VDB-360555 | libssh2 userauth.c userauth_password integer overflowVDB-360555 | CTI Indicators (IOB, IOC, IOA)Submit #805564 | libssh2 Shell interface, gaining root-level access to the device. 2026-04-29 4.3 CVE-2018-25310 ExploitDB-44387Vulnerability AdvisoryVulnCheck Advisory: VideoFlow Digital Video Protection DVP 10 Authenticated Remote Code Execution gnu--wget2 wget2 accepts a server certificate with incorrect Key Usage (KU) or Extended Key Usage (EKU). If the attackers compromise a certificate (with the associated private key) issued for a different purpose, they may be able to reuse it for TLS server authentication. 2026-04-29 4.8 CVE-2026-1858 https://www.tenable.com/security/research/tra-2026-37 wazuh--wazuh Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 1.0.0 to before version 4.14.4, a heap-based out-of-bounds WRITE occurs in GetAlertData, resulting in writing a NULL byte exactly 1 byte before the start of the buffer allocated by strdup. Due to unsigned integer underflow and pointer arithmetic wrapping, the write lands at offset -1 from the buffer, corrupting heap metadata. A malicious actor can potentially leverage this issue through a compromised agent to cause denial of service or heap corruption by injecting a specially crafted alert into the alerts log file monitored by wazuh-logcollector. This issue has been patched in version 4.14.4. 2026-04-29 4.4 CVE-2026-26204 https://github.com/wazuh/wazuh/security/advisories/GHSA-j4c7-hwjw-8857https://github.com/wazuh/wazuh/releases/tag/v4.14.4 Oracle Corporation--Oracle Linux An unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-level dtrace attaches to -- or instruments -- that process (via dtrace -p , pid probes, or USDT), the ELF parser reads heap memory beyond the allocated section cache array without any bounds check. This results in an uninitialized/out-of-bounds heap read that can cause a NULL pointer dereference crash of the dtrace process (DoS), or -- depending on heap layout -- a read-then-use of a garbage pointer controlled by adjacent allocations, providing a foothold toward further exploitation in a privileged context. 2026-05-01 4.4 CVE-2026-35233 Oracle Advisory n/a-- V2Board v1.7.4 SQL Injection via ORDER BY clause in V2Board thru 1.7.4. In app/Http/Controllers/Admin/UserController.php, the sort parameter from user input is passed directly to User::orderBy($sort, $sortType) without validation. An authenticated admin can sort users by any database column including password, remember_token, and other sensitive fields, enabling information disclosure through ordering analysis. 2026-05-01 4.9 CVE-2026-37505 https://github.com/v2board/v2boardhttps://gist.github.com/sgInnora/1330e1a82caa79906eec55eeff2c99b9 nextlevelbuilder--ui-ux-pro-max-skill A vulnerability has been found in nextlevelbuilder ui-ux-pro-max-skill up to 2.5.0. Affected by this issue is the function data.get of the file .claude/skills/design-system/scripts/generate-slide.py of the component Slide Generator. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through a pull request but has not reacted yet. 2026-05-01 4.3 CVE-2026-7596 VDB-360549 | nextlevelbuilder ui-ux-pro-max-skill Slide Generator generate-slide.py data.get cross site scriptingVDB-360549 | CTI Indicators (IOB, IOC, TTP, IOA)Submit #805510 | nextlevelbuilder ui-ux-pro-max-skill 2.5.0 Slide Generator Multiple Stored XSShttps://github.com/nextlevelbuilder/ui-ux-pro-max-skill/issues/247https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/pull/274https://github.com/nextlevelbuilder/ui-ux-pro-max-skill/ n/a--Open5GS A vulnerability has been found in Open5GS up to 2.7.6. Affected is an unknown function of the file src/amf/gmm-handler.c of the component AMF. The manipulation of the argument reg_type leads to denial of service. The attack is possible to be carried out remotely. Upgrading to version 2.7.7 is able to address this issue. The identifier of the patch is ebc66942b6f8f1fab2d640e71cf4e9f1a423b426. It is advisable to upgrade the affected component. 2026-05-02 4.3 CVE-2026-7601 VDB-360558 | Open5GS AMF gmm-handler.c denial of serviceVDB-360558 | CTI Indicators (IOB, IOC, TTP, IOA)Submit #805675 | Open5GS v.2.7.6 Denial of Servicehttps://github.com/open5gs/open5gs/issues/4321https://github.com/open5gs/open5gs/commit/ebc66942b6f8f1fab2d640e71cf4e9f1a423b426https://github.com/open5gs/open5gs/releases/tag/v2.7.7https://github.com/open5gs/open5gs/ itsourcecode--Courier Management System A vulnerability was determined in itsourcecode Courier Management System 1.0. Affected is an unknown function of the file /edit_user.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. 2026-05-02 4.7 CVE-2026-7612 VDB-360569 | itsourcecode Courier Management System edit_user.php sql injectionVDB-360569 | CTI Indicators (IOB, IOC, TTP, IOA)Submit #806275 | itsourcecode Courier Management System V1.0 SQL Injectionhttps://github.com/ltranquility/submit/issues/12https://itsourcecode.com/ ChatGPTNextWeb--NextChat A flaw has been found in ChatGPTNextWeb NextChat up to 2.16.1. This impacts an unknown function of the file Next.js of the component API Endpoint. Executing a manipulation can lead to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. 2026-05-02 4.3 CVE-2026-7643 VDB-360755 | ChatGPTNextWeb NextChat API Endpoint Next.js cross-domain policyVDB-360755 | CTI Indicators (IOB, IOC, IOA)Submit #806833 | ChatGPTNextWeb NextChat 2.16.1 Permissive CORS Wildcard Policyhttps://github.com/ChatGPTNextWeb/NextChat/issues/6756https://github.com/ChatGPTNextWeb/NextChat/ n/a--crmeb_java A vulnerability was detected in crmeb_java up to 1.3.4. This vulnerability affects unknown code of the file crmeb/crmeb-service/src/main/java/com/zbkj/service/service/impl/UploadServiceImpl.java of the component Admin Upload. Performing a manipulation of the argument model results in unrestricted upload. Remote exploitation of the attack is possible. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2026-05-03 4.7 CVE-2026-7673 VDB-360826 | crmeb_java Admin Upload UploadServiceImpl.java unrestricted uploadVDB-360826 | CTI Indicators (IOB, IOC, TTP, IOA)Submit #800684 | crmeb crmeb_java 1.3.4 Unrestricted Uploadhttps://fx4tqqfvdw4.feishu.cn/docx/EgMOdHyq6oyxhux5vpJcr5cgnAf?from=from_copylink kerwincui--FastBee A vulnerability was found in kerwincui FastBee up to 1.2.1. The affected element is the function ToolController.download of the file springboot/fastbee-open-api/src/main/java/com/fastbee/data/controller/ToolController.java of the component Tool Download Endpoint. The manipulation of the argument fileName results in path traversal. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. 2026-05-03 4.3 CVE-2026-7676 VDB-360829 | kerwincui FastBee Tool Download Endpoint ToolController.java ToolController.download path traversalVDB-360829 | CTI Indicators (IOB, IOC, TTP, IOA)Submit #800723 | kerwincui FastBee ≤ 1.2.1 Path Traversalhttps://fx4tqqfvdw4.feishu.cn/docx/Yv1gdAzFpoHCUUxDdKSculR4nKf?from=from_copylink jsbroks--COCO Annotator A weakness has been identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file backend/webserver/api/datasets.py of the component Data Endpoint. Executing a manipulation of the argument folder can lead to path traversal. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. 2026-05-03 4.3 CVE-2026-7680 VDB-360833 | jsbroks COCO Annotator Data Endpoint datasets.py path traversalVDB-360833 | CTI Indicators (IOB, IOC, TTP, IOA)Submit #801150 | jsbroks COCO Annotator 0.11.1 Absolute Path Traversalhttps://github.com/natanmorette-thoropass/thoropass-vuln-research-program/tree/main/2026/Path%20Traversal%20via%20Dataset%20Folder%20Parameter AMTT--Hotel Broadband Operation System A vulnerability was determined in AMTT Hotel Broadband Operation System 1.0. Affected is an unknown function of the file /manager/card/cardhand_submit.php. This manipulation of the argument ID causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. 2026-05-03 4.7 CVE-2026-7697 VDB-360866 | AMTT Hotel Broadband Operation System cardhand_submit.php sql injectionVDB-360866 | CTI Indicators (IOB, IOC, TTP, IOA)Submit #803272 | Anmei Century (Beijing) Technology Co., Ltd. Hotel Broadband Operation System v1.0 SQL Injectionhttps://github.com/testnet0/testnet/issues/74 Telegram--Desktop A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. 2026-05-03 4.3 CVE-2026-7701 VDB-360870 | Telegram Desktop Bot API url_auth_box.cpp RequestButton null pointer dereferenceVDB-360870 | CTI Indicators (IOB, IOC, IOA)Submit #804341 | Telegram Telegram Desktop04:05 pmHow to connect Apple Watch to a Planet Fitness treadmill
You can easily connect Apple Watch to a gym treadmill, elliptical, rowing machine and other gym equipment for more accurate health data. (via Cult of Mac - Your source for the latest Apple news, rumors, analysis, reviews, how-tos and deals.)03:45 pmAmazon just redesigned its Photos app for iPhone, here’s what’s new
Prime members have access to unlimited photo back, and Amazon just redesigned its Photos app for iPhone users. more…03:39 pmRazer Viper V4 Pro review: Ultra-fast gaming mouse with 50,000 DPI, but is it worth $159? | MacworldRazer Viper V4 Pro review: Ultra-fast gaming mouse with 50,000 DPI, but is it worth $159?
Macworld At a glanceExpert's Rating Pros Fast, precise control for action games Comfortable, lightweight design Wired and wireless modes Programmable buttons Cons Expensive Charging cable uses USB-A Synapse app is complicated Right-handed only Our Verdict If you’re not a gamer then there are plenty of less expensive mice available. However, gamers will appreciate the speed and precision of the Viper V4 Pro, while its additional customisation and connectivity features may appeal to power users in other fields. Price When Reviewed This value will show the geolocated pricing text for product undefined Best Pricing Today Best Prices Today: Razer Viper V4 Pro Retailer Price Check Price comparison from over 24,000 stores worldwide Product Price Price comparison from Backmarket Best for: Serious gamers (and some power users) who want ultra-fast response times, high precision, and deep customisation. Not for: Casual users or office workers who just need a simple, affordable mouse for everyday tasks. Trade-offs: You’re paying a premium for cutting-edge speed, precision, and features that most users simply won’t fully benefit from. Slowly but surely, Razer is bringing more of its high-end gaming gear to the Mac. The Pro Click V2 was a rare exception, designed for productivity rather than gaming, but the Viper V4 Pro marks a clear return to form. This lightweight, high-performance mouse is aimed squarely at serious gamers who demand speed and accuracy – and that focus comes at a cost, with a price of $159.99/£159.99, higher than comparable options from Apple or Logitech. Still, Razer’s Synapse app (currently in beta on Mac) adds versatility by allowing you to reprogram buttons for a wide range of software. Built for fast-paced gaming, the Viper V4 Pro prioritises speed and precision above all else. That makes it overkill for casual users who just need a basic mouse for everyday tasks, but its flexible connectivity, strong battery life, and extensive customisation options may also appeal to power users and creative professionals. The Viper V4 Pro can be used in wired mode with a USB cable, or using Razer’s HyperSpeed wireless dongle. Razer Inc. Main drawbacks The Viper V4 Pro’s biggest issue is its high price, which puts it well above mainstream alternatives from brands like Logitech or Apple. Practical annoyances add up too: the included charging cable uses USB-A, meaning many modern Mac users will need an adaptor, and there’s no Bluetooth option—only Razer’s proprietary dongle. The Synapse app, while powerful, is overly complex and still in beta on Mac, limiting ease of use and compatibility. Finally, the design is strictly right-handed, which excludes a chunk of potential users. Performance and design: how fast and precise is it? Latency: 0.204ms response time Sensor: 50,000 DPI optical sensor Polling rate: Up to 8,000Hz Weight: ~49–50g ultra-light design Durability: Up to 100 million clicks Scroll wheel: Optical sensor (claimed 3.3× more reliable) Battery life: ~45–180 hours depending on settings At first glance, the Viper V4 Pro looks fairly unassuming. Available in black or white – but only for right-handed users – it looks like most conventional mice, with left and right buttons, a clickable scroll wheel, and two thumb buttons on the side. Razer refers to it having a ‘symmetrical design’, but that ignores the thumb buttons on the left-hand side of the mouse, which are obviously only suitable for right-handed use. The lightweight plastic casing feels a little flimsy at first, but the Viper is designed to be as light as possible so that you can quickly move it around with just a gentle flick of your fingers (although, oddly, Razer says that the black version weighs 49g, while the white version is 50g). It’s sturdier than it seems though, and Razer states that the buttons are designed to last for ‘up to a 100 million click lifecycle’, while the scrolling wheel uses an optical sensor that it claims is 3.3 times more reliable than conventional mechanical wheels. And, of course, it’s precise too, with Razer claiming that the Viper V4 Pro provides a latency (response time) of just 0.204 milliseconds, while the 50,000 dpi optical sensor in the base of the mouse provides a degree of precision and accuracy that should satisfy even the most trigger-happy gamers. And, for those of us with slower reflexes, there’s a button underneath the mouse that allows you to cycle through a series of different speed settings so that you can find one that feels comfortable. You can also fine-tune these settings in more detail by using the Mac version of Synapse – and when we plugged the Viper in to our Mac Mini we were pleased to see that Synapse offered us a three-month free subscription to Apple Arcade, which is available until June 11th. The Viper V4 Pro is available in black or white – but both versions are right-handed only. Razer Inc. How does it connect (and what’s missing)? Most high-end mice can be connected to a Mac or PC in wired mode using a USB cable, as well as providing both a Bluetooth wireless connection and a separate USB adaptor – generally referred to as a ‘dongle’ – that provides a more reliable wireless connection using a 2.4GHz radio signal. The Viper V4 Pro does things a little differently, though. It has a USB-C port for charging, and the USB charging cable included in the box also allows you to use the mouse with a wired connection. Annoyingly, though, the cable uses USB-A to connect to a Mac or PC, so you’ll need a USB-C adaptor for Macs that only have USB-C. Thankfully, though, the USB port is on the front of the mouse, so you can easily continue to use it while the mouse is charging (unlike Apple’s Magic Mouse). Battery life is good too, lasting for around 45 hours when using the highest sensitivity settings, or up to 180 hours with lower settings. There’s no Bluetooth option though, as Razer prefers to use its own specialised HyperSpeed dongle to provide a high-speed wireless connection. Instead of a conventional dongle that plugs straight into a USB port, the HyperSpeed is a small hemispherical device that sits on your desk. It has its own USB-C port, and then uses the Viper’s charging cable for its power supply (although, as already mentioned, this cable has a USB-A interface for connecting to your Mac, so you’ll need a USB-C adaptor for most recent Macs). The HyperSpeed dongle has three status lights on the front, with the first two indicating the strength of the wireless connection, and the battery level of the mouse. The third light indicates the ‘polling rate’, which is the number of times per second that the mouse reports its movement and button presses to the dongle. This can be as high as 8,000Hz for maximum speed and precision but, again, you can adjust the polling rate and select different settings in the Synapse app. Razer’s Synapse app provides a wide range of customisation features – but it’s not easy to use. Razer Inc. How Well Does It Work With Macs? As mentioned, the Mac version of Razer’s Synapse app is still in its beta ‘preview’ stage. It works well though, with no obvious bugs evident during our testing, and its main limitation is simply that it currently only works with a handful of Razer’s latest products, such as the Viper V4 Pro and Pro Click mice. It also requires macOS 15 with Apple Silicon to run properly. Synapse allows you to customise the button controls on the Viper to perform a variety of different commands. Admittedly, Synapse is rather complicated, and isn’t as easy to use as the Options+ app that Logitech provides for its MX range of mice. However, it does provide a wide range of commands that you can assign to the various mouse buttons, and we were pleased to find that the Mac version of Synapse also includes a number of Mac-specific shortcuts and commands, such as using a button on the mouse for Copy/Paste, launching Spotlight, or even Force Quit. Should You Buy The Razer Viper V4 Pro? If you’re serious about gaming then the Viper V4 Pro is hard to beat, especially for Mac users who don’t have a lot of choice in the gaming arena. It’s too expensive for routine office work or casual use at home, but its good battery life and programmable buttons may appeal to some non-gamers as well.03:35 pmApple says watchOS 26.5 fixes two key Apple Watch bugs
Alongside iOS 26.5, Apple also released the watchOS 26.5 RC yesterday. The update includes a new Pride Luminance watch face with a ton of customization options, as Zac covered earlier today. There are also two key bug fixes that Apple Watch users will appreciate. more…03:29 pmDeals: M4 iPad Air $110 off, M4 MacBook Air $400 off orig. price, M5 MacBook Pro, Apple cables, more | 9 to 5 MacDeals: M4 iPad Air $110 off, M4 MacBook Air $400 off orig. price, M5 MacBook Pro, Apple cables, more
Alongside the ongoing AirPods Pro 3 deal and the new Amazon all-time low on AirPods Max 2, today’s 9to5Toys Lunch Break is headlined by Apple’s new mid-range 256GB 13-inch M4 iPad Air hitting a new all-time low at nearly $110 off. We also have clearance pricing live on M4 MacBook Air 16GB/512GB at nearly $400 off list price and the return of all-time low pricing on the 24GB M5 MacBook Pro at $300 off the original launch price joined by some accessory deals – Apple USB-C Charge Cables from $6.50 and Apple’s AirTag Loop down at just $6. Head below for a closer look. more…03:24 pmSlower build start time in Workers Builds
May 5, 15:24 UTCInvestigating - Some Workers Builds users may experience increased build dequeue times03:24 pmPSA: Instagram Encrypted Messaging Ends on Friday, May 8
Instagram will remove end-to-end encryption for direct messages between users from May 8, 2026. When the date comes around, Meta will potentially be able to see the contents of all messages between users on the social media platform. Encrypting messages has been an optional feature in Instagram since 2023, but in March of this year the social media platform quietly updated a help page to say the feature would no longer be available for direct messages between users from May 8. With end-to-end encryption enabled, the contents of messages are protected from the moment they leave the sender's device to the moment they reach the receiver's device. In other words, nobody, including Meta, can see what is sent. When May 8 rolls around, that extra layer of security will be removed. On its help page, Instagram says users that are affected by the change will see instructions in the app on how they can download any media or messages that they may want to keep. However, the company hasn't explained why encrypted chats must be downloaded before the cutoff date or what will happen to them afterwards. In March, a spokesperson for Meta told The Guardian that the decision to abandon encryption was due to low uptake. "Very few people were opting in to end-to-end encrypted messaging in DMs, so we're removing this option from Instagram in the coming months," the spokesperson said. "Anyone who wants to keep messaging with end-to-end encryption can easily do that on WhatsApp." Meta has come under sustained pressure over the years from law enforcement and child safety groups to remove encryption, but there's likely more to it than that. With Meta able to see messages between users, it could potentially run advertising algorithms or train chatbots on their contents. It's an odd twist for a company who in 2019 aggressively promoted tightening encryption standards on its social media and messaging apps. As things stand, end-to-end encryption for group Facebook Messenger chats remains opt-in, while it continues to be the default setting for all WhatsApp conversations and calls.Tags: Encryption, Instagram, SecurityThis article, "" first appeared on MacRumors.comDiscuss this article in our forums03:24 pmHomebridge 2.0 lets more smart devices work with Apple Home
Now that open-source Homebridge 2.0 adds Matter support, longtime fans and new users can expand devices they use with Apple's ecosystem. (via Cult of Mac - Your source for the latest Apple news, rumors, analysis, reviews, how-tos and deals.)03:23 pmYUL (Montréal) on 2026-05-07
THIS IS A SCHEDULED EVENT May 7, 08:00 - 12:00 UTCMay 5, 14:59 UTCScheduled - We will be performing scheduled maintenance in YUL (Montréal) datacenter on 2026-05-07 between 08:00 and 12:00 UTC.Traffic might be re-routed from this location, hence there is a possibility of a slight increase in latency during this maintenance window for end-users in the affected region. For PNI / CNI customers connecting with us in this location, please make sure you are expecting this traffic to fail over elsewhere during this maintenance window as network interfaces in this datacentre may become temporarily unavailable.You can now subscribe to these notifications via Cloudflare dashboard and receive these updates directly via email, PagerDuty and webhooks (based on your plan): https://developers.cloudflare.com/notifications/notification-available/#cloudflare-status.03:21 pmIs anyone else having issues with their app icon appearance in iOS 26? I turned off effects in icon composer. | Reddit on iOS ProgrammingIs anyone else having issues with their app icon appearance in iOS 26? I turned off effects in icon composer.
Is anyone else running into issues with their app icon appearance in iOS 26? I'm using icon composer and turned off all the effects, but the app icon is still a very dull saturation when loaded into the app. Has anyone else dealt with this? I can't show an example as coworkers would easily spot […]Firehose II – Jobs, Deals, Apps
No feed items found.