In the time it takes you to read this sentence, the Large Hadron Collider (LHC) will have smashed billions of particles together. In all likelihood, it will have found exactly what it found yesterday: more evidence to support the Standard Model of particle physics.
For the engineers who built this 27-kilometer-long ring, this consistency is a triumph. But for theoretical physicists, it has been rather frustrating. As Matthew Hutson reports in “AI Hunts for the Next Big Thing in Physics,” the field is currently gripped by a quiet crisis. In an email discussing his reporting, Hutson explains that the Standard Model, which describes the known elementary particles and forces, is not a complete picture. “So theorists have proposed new ideas, and experimentalists have built giant facilities to test them, but despite the gobs of data, there have been no big breakthroughs,” Hutson says. “There are key components of reality we’re completely missing.”
That’s why researchers are turning artificial intelligence loose on particle physics. They aren’t simply asking AI to comb through accelerator data to confirm existing theories, Hutson explains. They’re asking AI to point the way toward theories that they’ve never imagined. “Instead of looking to support theories that humans have generated,” he says, “unsupervised AI can highlight anything out of the ordinary, expanding our reach into unknown unknowns.” By asking AI to flag anomalies in the data, researchers hope to find their way to “new physics” that extends the Standard Model.
On the surface, this article might sound like another “AI for X” story. As IEEESpectrum’s AI editor, I get a steady stream of pitches for such stories: AI for drug discovery, AI for farming, AI for wildlife tracking. Often what that really means is faster data processing or automation around the edges. Useful, sure, but incremental.
Advertisement
What struck me in Hutson’s reporting is that this effort feels different. Instead of analyzing experimental data after the fact, the AI essentially becomes part of the instrument, scanning for subtle patterns and deciding in real time what’s interesting. At the LHC, detectors record 40 million collisions per second. There’s simply no way to preserve all that data, so engineers have always had to build filters to decide which events get saved for analysis and which are discarded; nearly everything is thrown away.
Now those split-second decisions are increasingly handed to machine learning systems running on field-programmable gate arrays (FPGAs) connected to the detectors. The code must run on the chip’s limited logic and memory, and compressing a neural network into that hardware isn’t easy. Hutson describes one theorist pleading with an engineer, “Which of my algorithms fits on your bloody FPGA?”
This moment is part of a much older pattern. As Hutson writes in the article, new instruments have opened doors to the unexpected throughout the history of science. Galileo’s telescoperevealed moons circling Jupiter. Early microscopes exposed entire worlds of “animalcules” swimming around. These better tools didn’t just answer existing questions; they made it possible to ask new ones.
If there’s a crisis in particle physics, in other words, it may not just be about missing particles. It’s about how to look beyond the limits of the human imagination. Hutson’s story suggests that AI might not solve the mysteries of the universe outright, but it could change how we search for answers.
Although Honda is known for legendary sports cars like the Honda Civic Type-R and the Honda NSX, it didn’t get its start with four-wheeled vehicles. Founder Soichiro Honda began the business with a motorized bicycle in 1947, meaning it has been making motorcycles for nearly 80 years now. While the company started in Japan, it has since expanded worldwide, building bikes in various countries around the world, including Vietnam, Pakistan, Indonesia, and China, and more.
Even as Honda is churning out motorcycles from these factories, it has been busy developing new models to launch in 2026. It has announced several available models across multiple categories, including adventure bikes, scooters, and dirt bikes for the model year. So, if you’re looking to get a new motorcycle, you can definitely find a Honda bike that fits your taste or needs.
Advertisement
Given that, we decided to pick out some of the coolest Honda motorcycles we expect to hit the showrooms this year. We included the MSRP of each of these models, giving you a rough idea of how much you’ll have to spend to get these two-wheelers into your garage.
Advertisement
XR150L
The XR150L is one of the cheapest motorcycles you can buy in 2026, but that doesn’t mean that you’re not getting much out of it. This dual-sport motorcycle straddles the best of both worlds — a capable bike that can handle off-road trails and a comfortable motorcycle that’s good for stop-and-go riding along city streets. Honda designed it to be simple and rugged, aiming to make it an affordable and reliable option for beginners, commuters, and lighter or smaller dual-sport fans.
This motorcycle is powered by a 149cc air-cooled single-cylinder engine mated to a five-speed manual transmission. This is then supported by a steel frame, ensuring it can withstand the rigors of off-road driving, while its conventional fork suspension and single rear shock help maintain comfort on both dirt and pavement. You also get a large 19-inch wheel up front and a 17-inch wheel in the back, helping you maintain control over rough terrain and poorly maintained infrastructure while still offering stability as you cruise through city streets and mountain roads.
More importantly, you don’t have to spend an arm and a leg just to get this bike. The XR150L starts at $3,399 (plus a $300 destination charge), making it one of the most affordable ways you can get mobility through town and country.
Advertisement
Dax 125
The Super Cub is one of the most reliable Honda motorcycles you can buy, but it looks pretty vanilla and is designed to cater to everyone. If you want the same reliability but desire something more distinctive, then you should look at the Dax 125. This model has been derived from the popular Super Cub through the CT series, but it comes with modern features that make riding easier. Aside from that, it’s designed with old-school charm in mind, making it stand out from the crowd.
Even though it only features a small 124cc engine with a four-speed semi-automatic transmission, it is still capable of cruising up to 55 mph, even with two passengers on board (depending on their weight, of course). You also don’t have to worry about shifting, as its centrifugal clutch design means that you don’t need a clutch lever to engage or shift gears — just choose the gear you want with the left foot lever and it will operate automatically and smoothly as you get going.
Advertisement
The Dax 125 costs at least $4,199, and you’ll have to shell out an extra $300 for the destination charge. But if you’re after its iconic looks and design, this premium is worth paying for.
Advertisement
Monkey
You might be thrown off by the name Monkey, but it’s one of Honda’s most recognizable minibikes thanks to its retro appearance. The model just received a facelift for 2026 — while it still kept the original styling its fans know and love, the company added several modern features, like all-LED headlights and taillights, plus a full-LCD circular display for its speedometer and odometer.
This little retro bike isn’t the fastest one on the market with its tiny 124cc single-cylinder engine paired with a five-speed manual transmission. But that is no issue because this isn’t designed for speed. It’s a commuter bike that is happiest puttering around town, enjoying life. Though it’s not meant to go very fast, it still comes with front-wheel ABS for safety, and even with 12-inch wheels, it’s still a pretty nimble bike. The Monkey has a tiny 1.5-gallon gas tank, but with an EPA rating of 162.6 MPG, one full tank could potentially last you several days inside the city.
One downside to the Monkey is that it’s a bit pricey for its small stature, coming in at $4,399 with a $300 destination charge. But if you want a motorcycle that looks good, is easy to ride, and fits easily in the back of your pickup truck, then this retro bike is definitely worth every penny.
Advertisement
CB500 Hornet/CBR500R
After focusing on smaller motorcycles, we’re now looking at the big boys of Honda’s motorcycle lineup, starting with the CB500 Hornet. This is Honda’s entry-level streetfighter, which originally hit the market in 2013. This bike comes with a 471cc two-cylinder engine mated to a six-speed manual transmission. Its engine performance is slowed by dual-disc brakes up front and a single-disc brake at the rear, both equipped with ABS for safety and maneuverability.
If you find the CB500 Hornet the perfect fit for your riding style, but desire more performance, consider the CBR500R instead. This sports bike has practically the same specifications, but it’s tuned for a sportier ride and a more aggressive riding position at the expense of a little bit of comfort. The differences between these two models are similar to what makes the CB650 and CBR650 different. The CB model is a naked street bike for day-to-day use, while the CBR is designed for more spirited riding
Advertisement
As one might expect, the sportier bike costs a bit more. The CB500 Hornet starts at $5,899 while the CBR500R costs $6,399, meaning you have to pay as $500 premium for the latter. Since these motorcycles are also larger than the previous models we’ve mentioned, they have a $600 destination charge.
Advertisement
NX500
While naked bikes are great for day-to-day commutes and sports bikes deliver speed and exhilaration, if you prefer taking the long way round on both dirt and pavement, Honda is continuing the NX500 for the 2026 model year. This adventure bike was first released in 2013 as the CB500X, but Honda renamed it in 2024 to set it apart from the CB500 family and give it its own distinct personality.
What makes this different from the CB500 Hornet is that Honda built this to be comfortable, not just as an urban cruiser, but also as a long-distance warrior. While it retains the same 471cc engine, six-speed manual transmission, and ABS brakes from the CB500 Hornet, the NX500 is taller, has a longer wheelbase, and a slightly greater fuel capacity, edging out the 4.5 gallons of the Hornet with a 4.7-gallon capacity. It also has a larger rake for better stability, especially at high speeds.
The NX500 starts at $6,899, with a destination charge of $600 — this makes it $1,000 more expensive than the CB500 Hornet and $500 pricier than the sporty CBR500R. But if you plan on going on long rides that will take you off the beaten trail, your body may thank you for spending that extra amount on this adventure bike.
Advertisement
SCL500
Some people love the retro looks of the Dax 125 and the Monkey, but find them too small. If you’re one of them, you should look in the SCL500. Just like the NX500, it has the same engine, transmission, and brakes as the CB500 Hornet and the CBR500R, but Honda built it with a scrambler-style body and frame. This gave it a natural, upright riding position that delivers an easy, comfortable ride for up to two people.
Despite its old-school aesthetics, this bike comes with several modern features for your convenience and safety. It comes standard with ABS brakes and LED lights, plus an LCD screen that displays crucial information, such as gear position and fuel consumption. More importantly, engine components are placed at an optimal position near the SCL500’s center of gravity, helping give the motorcycle a docile ride and making it perfect for both new riders and seasoned motorcyclists.
Advertisement
You can get the SCL500 starting at $6,999, but you’ll have to pay an extra $600 for the destination charge. This makes it the most expensive option among Honda’s 500-series bikes, but it’s also one of the most iconic.
Advertisement
CB650R/CBR650R E-Clutch
Experienced riders who find the Honda CB500 Hornet a bit too small may consider looking at the CB650R or CBR650R. These two models share the same powertrain — a 649cc four-cylinder engine with a six-speed manual transmission that utilizes Honda’s E-Clutch technology, which automates the clutch engagement on these motorcycles. But for the sport riders who enjoy more control over their shifts, these bikes still come with a manual clutch lever, allowing you to override the computer.
Since these bikes come with more powerful engines, Honda also equipped them with dual 310 mm discs with four-piston calipers at the front and a single 240 mm disc at the rear for added braking power. They also come standard with ABS, helping you maintain control during sudden stops and emergency braking. Both of these motorcycles are also equipped with LED headlights and a five-inch full-color TFT screen with a customizable display to suit your preferences.
Pricing for the naked street fighter CB650R starts at $8,699, while the fairing-equipped CBR650R is $500 more expensive at $9,199, with both models getting a $600 destination charge. These are more expensive than the entry-level Honda 500-series motorcycles, but you’re getting a larger four-cylinder engine that delivers more power in a middleweight sportbike.
Advertisement
NC750X DCT
This is the second adventure bike on our list of cool Honda motorcycles, delivering the best of both worlds for daily use and long-distance riding. The NC750X DCT comes with a more powerful 745cc parallel-twin engine and a six-speed dual-clutch transmission. This results in quick, seamless gear shifting that gives you a smooth ride, reducing the stress and fatigue caused by gear-change shock. It also uses throttle-by-wire control and offers four shifting schedules, allowing you to customize how easy or spirited the bike will respond to your throttle inputs.
The NC750X DCT also offers several electronic controls, allowing you to change the bike’s feel to your preference. There are five Riding Modes that adjust power levels, engine braking, and torque control — Sport, Rain, and Standard, plus two more customizable user modes. You can also manage rear-wheel traction with Honda Selectable Torque Control, or HSTC, through three different levels, or switch it off if you want full manual control.
Advertisement
You will have to shell out at least $9,499 to purchase this mid-range adventure bike. And when you add the $600 destination charge on the NC750X DCT, that means you’re paying over $10,000 for this motorcycle. This might seem like a pretty penny, but the performance and technology that this model offers do come at a cost.
Advertisement
Montesa Cota 4RT 260R/301RR
If dual-sport bikes aren’t enough to satisfy your desire for an off-road adventure, Honda is offering the Montesa Cota 4RT 260R and 301RR. These are hardcore trials bikes that are built with off-road performance in mind, so don’t expect creature comforts on these models. Honda consulted with FIM World Champion Toni Bou during the development of these models, helping them set the benchmark in their category.
The 2026 Montesa Cota 4RT comes in two flavors — the 260R with its 259cc engine and the 301RR with its larger 298cc engine. The former is designed for those who want a highly capable bike while still maintaining accessibility and affordability, while the latter is for competition-level performance. But whichever model you choose, you’re getting maximum mobility with its 26.7-inch seat height, as well as several protective barriers around the front-brake caliper, an aluminum skid plate with rubber protection under the engine, and a carbon fiber clutch guard. This allows it to absorb the punishment of the toughest trials while helping you stay agile with its low seat area.
Given that these are competition-focused bikes, they’re also priced accordingly. The 260R starts at $9,849, while the more powerful 301RR begins at $12,949. Each bike also demands a $600 delivery fee.
Advertisement
CB1000 Hornet SP
Literbikes are among the fastest street motorcycles available, with a majority of the most powerful Japanese sports motorcycles equipped with engines displacing around 1000 cc. However, unlike many supercars, you do not have to spend an arm and a leg for supercar performance. This is where the CB1000 Hornet SP comes in.
This naked street bike comes with a 1000cc liquid-cooled inline-four engine mated to a six-speed manual. All that power is managed by two 17-inch wheels, with the front equipped with dual 310mm disc brakes with four-piston Brembo calipers, while the back sports a single 240mm disc. Aside from that, they’re both equipped with ABS to ensure maneuverability and safety, especially in emergency stops.
Advertisement
You’ll also be spoiled for tech with the CB1000 Hornet SP, featuring a 5-inch full-color instrument display and Honda RoadSync. The latter lets you connect your phone to your motorcycle via Honda’s tech management app, letting you use your iOS or Android device for navigation and the option to make calls and listen to music via a Bluetooth helmet headset.
When you compare the CB1000 Hornet SP to some motorcycles on our list, you’ll find that it is quite pricey at $10,999 plus a $775 destination charge. You’ll be hard-pressed to find a sports car that offers the same kind of performance and adrenaline for the same price, making this 1000cc street bike your gateway to “budget” adrenaline.
Advertisement
NT1100 DCT
The NT1100 DCT is the first sport touring bike on our list. Now, these types of bikes are modeled after sport bikes for the speed they deliver, but offer much more in terms of comfort. This makes them ideal for high-speed long-distance riding that would be uncomfortable or impractical on a pure sportbike. Despite being built for the open road, Honda still managed to keep them agile for driving in tight city streets and remain comfortable and practical for your day-to-day needs.
Honda added several features to this motorcycle to make riding convenient. For example, its fairings envelope the rider, offering them protection from the wind and weather while cruising along the highway, and it also has a five-stage adjustable windscreen that you can change on the fly. It comes with two separate seats (unlike some smaller motorcycles that only come with a single, longer one), ensuring that both the rider and the passenger remain comfortable even on long rides.
If you want to get your hands on this bike, be prepared to spend at least $11,999, plus a $775 destination charge. This might seem like a lot, but you’re essentially getting two bikes in one with the NT1100 DCT.
Advertisement
Africa Twin
Honda claims the Africa Twin is the original adventure touring motorcycle and that this model is its offering for those who want to go anywhere on a two-wheeler. This bike is available in four trims, all of which are powered by a 1084cc liquid-cooled engine with either a six-speed manual or a six-speed DCT.
Advertisement
The base Africa Twin is ideal for riders who prefer a powerful dual-sport bike that they can take off-road, while the Africa Twin Adventure Sports ES is ideal for those who want a more comfortable ride and anticipate spending more time on the highways without sacrificing the motorcycle’s off-road capabilities. It includes less suspension travel than the base model. The ES also comes with Electronically Equipped Ride Adjustment (EERA), which allows the bike’s suspension to dynamically adjust to surface conditions.
The Africa Twin has a base price of $15,199, but you’ll have to shell out more if you want the higher trims. The most expensive variant with a DCT and the EERA will set you back $18,599, plus you’ll have to pay a $775 destination charge.
Advertisement
CBR1000RR-R Fireblade SP
If you want a motorbike that you can push to its limits on the race track but still bring you home at the end of the day, look no further than the CBR1000RR-R Fireblade SP. This is Honda’s flagship supersport model, and was built using Honda Racing’s experience developing MotoGP bikes.
While this has a similar 999.9cc inline-four engine as the other bikes we listed above, it uses special components that reduce friction and weight while increasing durability. It also features a throttle-by-wire system that delivers power in a linear manner, ensuring precise throttle inputs, as well as a plethora of electronic controls to help you manage the motorcycle.
As one would expect, this halo motorcycle comes at a price — the CBR1000RR-R Fireblade SP has a starting price of $28,999, with an additional $775 destination charge. Even though this is more than twice the price of most of the motorbikes in our list, you’re getting supercar performance in Honda’s premier street-legal sport bike.
A Ukrainian man has pleaded guilty to operating OnlyFake, an AI-powered website that generated and sold more than 10,000 photos of fake identification documents to customers worldwide.
27-year-old Yurii Nazarenko (also known as “John Wick,” “Tor Ford,” and “Uriel Septimberus”) admitted that his OnlyFake subscription-based platform used artificial intelligence to generate realistic-looking counterfeit passports, driver’s licenses, and Social Security cards.
“We rely on government issued IDs to combat terrorism, hijackings, fraud, money laundering, and a host of other crimes,” said U.S. Attorney Jay Clayton on Thursday. “OnlyFake’s manufacture of fraudulent IDs and other documents puts us all at risk and must be stopped.”
According to the indictment, Nazarenko’s OnlyFake platform allowed customers to generate fake digital versions of U.S. driver’s licenses for all 50 states and U.S. passports and passport cards, as well as digital versions of identification documents for roughly 56 other countries.
Advertisement
Customers could also customize the fake digital documents with personal details, opt for randomized information, and choose whether the finished product appeared as a scan or a tabletop photograph.
OnlyFake website (Department of Justice)
New York federal prosecutors said that the primary use of these fake digital documents was to circumvent Know Your Customer (KYC) verification requirements at banks and cryptocurrency exchanges, which are safeguards designed to prevent money laundering mandated under the Patriot Act.
Undercover FBI agents made multiple purchases from the OnlyFake website between May and June 2024, obtaining fake New York state IDs, U.S. passports, and a Social Security card.
OnlyFake only accepted cryptocurrency payments, and also offered bulk packages of up to 1,000 fake documents at a discount. Nazarenko further attempted to cover his tracks by routing cryptocurrency payments through multiple wallets and deleting emails after 404 Media reported on the site in February 2024.
“Yurii Nazarenko developed a website to produce more than 10,000 fake identification documents, earning hundreds of thousands of dollars from these illicit sales,” added FBI Assistant Director in Charge James C. Barnacle, Jr. “This platform offered its clients a myriad of criminal opportunities, including bypassing traditional regulations to launder money.”
Advertisement
Nazarenko was extradited from Romania in September 2025 and has agreed to forfeit $1.2 million. He is now facing a maximum sentence of 15 years in prison and is scheduled for sentencing on June 26, 2026.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
The Marshals is a new Yellowstone spin-off airing on CBS (but don’t drop Paramount Plus — it’ll stream there too).
Luke Grimes reprises his role as Kayce Dutton in the Yellowstone sequel series. The former Navy SEAL joins an elite unit of US Marshals to bring range justice to Montana, according to a synopsis from CBS. In addition to Grimes, the show includes Yellowstone actors Gil Birmingham as Thomas Rainwater, Mo Brings Plenty as Mo and Brecken Merrill as Tate. Spencer Hudnut is the showrunner of Marshals — formerly known as Y: Marshals — and Taylor Sheridan is an executive producer.
Advertisement
When to watch the Marshals premiere on Paramount Plus
In addition to airing on CBS on Sunday, March 1, the premiere of Marshals will stream on Paramount Plus — and the subscription tier you have matters. You can watch the first episode live with Paramount Plus Premium, which includes your local CBS station. If you subscribe to Paramount Plus Essential, you can watch the premiere on demand the following Monday, but not live on Sunday.
Here’s a clear breakdown of how to watch the first four episodes of Marshals.
Episode 1, Piya Wiconi: Premieres on CBS/Paramount Plus Premium on March 1 at 8 p.m. ET/8 p.m. PT/7 p.m. CT. Streams on Paramount Plus Essential on March 2.
Episode 2, Zone of Death: Premieres on CBS/Paramount Plus Premium on March 8 at 8 p.m. ET/8 p.m. PT/7 p.m. CT. Streams on Paramount Plus Essential on March 9.
Episode 3, Road to Nowhere: Premieres on CBS/Paramount Plus Premium on March 15 at 8 p.m. ET/8 p.m. PT/7 p.m. CT. Streams on Paramount Plus Essential on March 16.
Episode 4, The Gathering Storm: Premieres on CBS/Paramount Plus Premium on March 22 at 8 p.m. ET/8 p.m. PT/7 p.m. CT. Streams on Paramount Plus Essential on March 23.
You can also watch CBS and the first episode of Marshals without cable with a live TV streaming service such as YouTube TV, Hulu Plus Live TV or the DirecTV MyNews skinny bundle. In addition to being a lower-cost option, Paramount Plus allows you to watch the other two Yellowstone spin-offs — the prequels 1883 and 1923.
After a price increase in early 2026, the ad-supported Essential version runs $9 per month or $90 per year, and the ad-free Premium version runs $14 per month or $140 per year. Paying more for Premium gives you downloads, the ability to watch more Showtime programming than Essential and — as mentioned — access to your live, local CBS station.
As a smart home reviewer, I love the connected home. My house is full of connected devices, from thermostats to ovens to lighting and robots (lawnmowers and vacuum cleaners). They all make my life easier and better, but even I’m a little shaken by the latest hack.
As reported by The Verge, Sammy Azdoufal accidentally hacked almost 7000 DJI Romo vacuum cleaners, gaining full remote control of them. Azdoufal used the AI-powered Claude Code to reverse engineer DJI’s protocols, so that he could remote control is robot with a PS5 controller.
But his remote control app ended up talking to the entire install base of DJI Romo vacuum cleaners. At this point, every robot could be remotely controlled and camera feeds could be viewed, bypassing the PIN lock that’s in place.
The flaw was due to the token used. Azdoufal extracted the token used to access his device, but this also gave him access to every other device. The security issue was reported to DJI, and has now been closed, but this incident should be seen as a warning shot across the bows.
Advertisement
Problems are likely to get worse
There have been hacks in the past. According to Kaspersky, several Ecovacs robot vacuum cleaners were hacked into, with video feeds activated, racial slurs emitted from the integrated speakers, and a pet chased around.
Advertisement
That attack was entirely malicious; the scary thing about the DJI situation is that Azdoufal was just trying to remote control his own vacuum cleaner. And, in this case, Claude Code helped with the token access that opened up DJI’s systems.
AI in the hands of people deliberately trying to break into systems makes for very scary reading. Vibe coding makes it easy to generate complex code with a few prompts and to modify and experiment with different approaches quickly. The potential for AI being used to create lots of malicious code seems almost limitless.
Advertisement
With the kinds of devices that we have now, limiting exposure is almost impossible. Smart devices work through cloud connections because it makes them easier to set up and easier to control.
In the case of robot vacuum cleaners, the cameras aren’t just a nice accessory to see what’s going on; they’re an essential part of how the system works, used for additional navigation aid, and to spot and avoid obstacles. You can’t just cover up these cameras for privacy, as you’ll hamstring the product.
Nor can you disconnect them from the internet and cloud services without losing advanced control, map editing and remote control.
It’s not just about privacy
Although the DJI Romo hack has a privacy element to it, via remote camera viewing, there are other dangers. One hacked device can be used as a springboard to get into other devices.
Advertisement
Advertisement
In the case of robots, there are other threats. A remote controlled robot could be used to bash into a table and smash a vase. Potentially, a hacked robot could be made to throw itself down stairs.
And what about other smart devices? I can turn my oven on remotely, which is useful for setting it before I get home, so I can cook immediately. A hacked system would mean that someone else could do the same, and rack up a huge energy bill. Likewise, a smart heater could be turned on to maximum, costing a fortune in electricity.
It all sounds far-fetched until the day it isn’t.
Advertisement
Should local modes be an option?
The other issue that we’ve seen from smart devices that rely on a cloud connection is that they can be bricked when a company goes bust or, as with Belkin WeMo devices, a product line is discontinued
Perhaps it’s time for many smart devices to come with a mandatory local mode, where they’d only respond to commands from a device on the same network via an established, secure connection.
Advertisement
That way, a device could be managed from home, regardless of the status of the cloud connection. That would be good in the event of a cloud outage, but also good in the event a company went bust.
Advertisement
Things like firmware updates could be checked for via the app and applied manually when required.
Sure, remote features wouldn’t work, so this wouldn’t be good for security cameras, but for many smart devices, the security-conscious person may well take the downsides for more peace of mind.
When security teams talk about attack surface, the conversation usually starts in familiar places. Servers, identity systems, VPN access, cloud workloads, maybe browsers. Those are visible. They show up in diagrams and asset inventories.
What gets less attention are the everyday tools people use to actually get work done.
PDF readers. Compression utilities. Remote access clients. Word processors. Spreadsheet tools. Email clients. Browsers. Screen sharing software. Update managers. The background software that quietly powers normal business activity.
Most organizations do not spend much time debating whether to deploy these. They are simply part of operating in a digital economy. Contracts arrive as PDFs. Finance works in spreadsheets. HR reviews resumes. IT supports users remotely. Executives live in email and browsers. These tools become part of the environment almost by default.
Advertisement
At Action1, where visibility into third-party software exposure across endpoints is a daily focus, these background tools consistently emerge as a defining part of the real-world attack surface.
That commonness is what makes them attractive targets from a threat actor’s perspective.
The value of being ordinary
From the outside, modern enterprises look different. Networks vary. Architectures change. Security stacks evolve. But, inside most environments, the same classes of applications appear again and again, and more often than not, the same software titles dominate the majority of installations.
It is difficult to function in modern business without an email client, document processing software, a browser, and tools for packaging, previewing, and sharing files. Using similar products is less about preference and more about compatibility.
Advertisement
Business depends on exchanging information in formats everyone else can use. Without those standards, we go back to the days of file-format wars, “I cannot open that, we use something else,” and lost time just trying to make data usable. That friction is why the industry standardized, and why the same major names still dominate.
Attackers pay attention to that.
Rather than predicting every custom application an organization might run, they look for overlap. If a vulnerability appears in a widely used PDF engine, spreadsheet parser, email preview component, or remote access utility, the chances it connects with something real are high. The exploit is aimed less at unique architecture and more at familiarity.
Most successful exploitation does not rely on exotic techniques. It relies on muscle memory. Users open PDFs, Word files, spreadsheets, and links all day long. Attackers are betting those actions feel routine enough that nobody hesitates.
Advertisement
That familiarity shapes how campaigns are built, and it should influence how defense strategies are planned.
Good thing Action1 does it for you, now on Linux too—alongside Windows, macOS, and third-party apps.
One platform. Zero infrastructure. Real-time visibility. Finally, patching that just works.
Many attacks historically looked like guesswork. An attacker might send a crafted email for Outlook, hoping the recipient uses Outlook. Or attach a weaponized spreadsheet, hoping Excel is present. Or send a malicious PDF, hoping the reader is vulnerable.
Advertisement
There is uncertainty in that approach. The exploit launches before the attacker truly knows what exists on the other end. This increases chances the attack will be detected before being effective, and it risks valuable exploit code to failure, where it may be detected, profiled, then henceforth scanned and detected.
What changes with common utilities is the probability curve.
Email clients, browsers, word processors, spreadsheets, PDF readers, and archive tools appear in most business environments because the work itself requires them. An attacker does not need perfect information to expect something compatible nearby.
Instead of treating exploitation as a one-off guess, attackers think in likelihood. They invest effort where overlap is largest. The more widespread the tool, the more attractive it becomes as an entry point.
Advertisement
That is why vulnerabilities in these utilities move quickly through exploit ecosystems. Once something works in a familiar toolchain, it scales. If one user relies on Outlook, Word, and Adobe, there is a good chance coworkers and business relations do as well for interoperability reasons.
Figure 1: Automated detection and remediation of critical vulnerabilities in third-party applications.
The standard business footprint in practice
These tools also travel together.
If an email clearly originated from Outlook, it already hints at part of the environment. Email workflows connect to document workflows. If Outlook is present, Word and Excel are often nearby.
Each utility reinforces the presence of others.
For attackers, that enables paths rather than isolated exploits. An issue in an email client connects to attachment handling, preview engines, document renderers, shared libraries, and integrations that tend to coexist on the same system.
Advertisement
Instead of targeting a single application, the attack surface starts to resemble the business footprint itself, the collection of tools people rely on every day.
When vulnerabilities appear in that footprint, they attract more attention because they fit naturally into how people already work.
Quiet signals and small leaks
Another part of the story is information people do not realize they share.
Documents often contain metadata. PDFs reference the engine that produced them. Spreadsheets carry formatting behavior tied to specific suites. Email headers expose client details. Browser traffic advertises user agents. File structures reveal habits and versions.
Advertisement
A single attachment, email, or shared document can quietly describe parts of the software stack behind it.
In isolation it does not look sensitive. Often it is not even visible. Over time it builds a picture of what tools are common, what standards they follow, and how files are processed.
What created it, what version, how recently, so when old software details show in current workflows, the software processing it is old. And old software often means years of exploit potential bottled up in one package. That is often what turns speculation into precision.
Those breadcrumbs help attackers shape payloads that align with what exists on the other side, increasing effectiveness while reducing noisy experimentation.
Advertisement
Why third-party software drifts
Most enterprises put real effort into operating system patching. Update pipelines are understood. Browsers update often. Mobile devices follow management policies. Systems start with baselines and are monitored.
Third-party utilities live differently.
Vendors ship different installers. Some auto-update. Some rely on users. Some get disabled by packaging systems. Some stay frozen because workflows depend on a version.
Over time, multiple builds of the same tool spread across endpoints. Some become stale. Some live for years with known vulnerabilities simply because they fell off the radar.
Advertisement
In Action1’s analysis of enterprise environments, it is common to find multiple versions of the same third-party application coexisting, some lagging years behind current security fixes. This fragmentation quietly accumulates exploit potential without triggering obvious alerts.
From a security view, that drift matters because attackers do not need new exploits. They benefit from whatever version still exists somewhere in the footprint. A five-year-old PDF reader quietly carries five years of cumulative exploit potential.
What feels like small technical debt widens the opportunity window for major exploitation.
Trust and everyday behavior
There is also a human side to these tools.
Advertisement
Email, documents, browsers, and archives feel like infrastructure. People trust them like desks and keyboards. Opening a PDF does not feel like running code. Previewing an email does not feel like execution. Extracting a file feels routine.
By the time behavior looks unusual, the initial interaction already happened in a place people rarely question. These actions occur thousands of times a day, which makes tracing a compromise back to a document, email, or user extremely difficult.
Figure 2: Secure, scalable patch management across Windows, macOS, and third-party apps, with compliance reporting and 200 forever-free endpoints.
Looking at the footprint, not just the platform
For leadership teams, the value here is perspective, not fear.
Security strategies often start with the platform layer, operating systems, networks, identity, cloud infrastructure. Those matter, but they do not tell the full story of how work actually happens.
Work happens in email clients, spreadsheets, PDFs, browsers, archive tools, and remote sessions. That is where files open, previews render, links get clicked, and data moves between people.
Advertisement
That makes them predictable.
That is why third-party patching often carries more risk weight than expected. The operating system may be tightly managed, while the tools on top quietly define real exposure.
Looking at the footprint is less about assuming weakness and more about understanding where everyday work intersects with real security concerns.
A quieter way to think about patching
Third-party patching often feels operational rather than strategic. Yet these utilities sit at the intersection of people, files, and execution.
Advertisement
They are ordinary, and that is exactly why they matter.
Not because every organization looks the same, but because they look similar enough that attackers design around that similarity.
When teams examine environments, the focus is usually infrastructure. There is also value in asking what the standard business suite looks like across endpoints, how it evolves, and how consistently it stays current.
Which tools are actually needed? Which are simply part of a default deploy? Which stay installed even when unused? Which stop getting updated because nobody notices them?
Advertisement
This is why, in practice, teams working with platforms like Action1 consistently see third-party patching deliver a greater reduction in real-world risk than many more visible security controls. Exploitation rarely hinges on a single overlooked vulnerability. It is enabled by years of accumulated drift across third-party applications that quietly fall out of date while remaining embedded in everyday workflows.
Those conditions exist long before an exploit is written or deployed. They shape the practical attack surface by defining which software actually executes, which files get opened, and which actions feel routine enough to avoid scrutiny.
Third-party software is not adjacent to the platform — it is part of how the platform operates, and it is often where exposure concentrates when everything else appears well-managed.
Action1is a founder-led company, brought to you by the original minds behind Netwrix. At the time of this writing, it is one of the fastest-growing private software companies in the US because organizations are recognizing that OS and third-party patching can no longer be treated as a secondary task.
Advertisement
Addressing modern risk requires continuous visibility into third-party software and the ability to remediate vulnerable applications across endpoints quickly and consistently. When teams evaluate modern patch management solutions, Action1 increasingly represents the option designed around that reality.
One of the problems with being a graffiti artist is that you have to carry around a different spray can for each color you intend to use. [Sandesh Manik] decided to solve this problem by building a rig that can produce a wider range of colors by mixing the paint from several cans at once. Check it out in the video below.
The project is called Spectrum. It uses four off-the-shelf spray paint cans—colored red, blue, yellow, and white—and mixes them to create a wider range of colors. All four cans are hooked up to a single output nozzle via a nest of tubing and a four-to-one tube manifold. Key to controlling the flow of paint is a custom device which [Sandesh] calls the “rotary pinch valve,” with one fitted to the feed line coming from each spray can. These valves use a motor-driven lever to pinch a plastic tube shut, allowing them to control the paint flow. This design keeps the mechanism and paint completely separate, which was important to stop paint from fouling the valves in short order. It also prevents backflow, which keeps the paint going towards the outlet and prevents ugly messes. By quickly actuating the valve, the paint flow from each can is modulated to mix various colors as desired.
The mixing valves are under the command of an Arduino Nano. The microcontroller reads a series of knobs to select the amount of each component color to mix, and displays relevant information on a screen. Then, when a pushbutton is pressed, the valves are actuated to spit out the right amount of each paint from the atomizer nozzle. [Sandesh] went so far as to include an advanced “gradient” mode, where a force-sensitive button allows the device to transition smoothly from one color to another depending on how hard the button is pushed.
Advertisement
It’s a neat concept which we’d love to see explored further, perhaps with a more traditional selection of CMYK paints rather than the more unusual red, yellow, blue, and white. We’ve also seen some fun spray paint projects before, like this neat wall-mount plotter. Video after the break.
The Bugatti W16 Mistral ‘La Perle Rare’, the last of a vanishing breed, marks the end of an era defined by raw mechanical power and an obsessive quest of perfection. There are only 99 of these Mistrals in total, and each starts at over €5 million. ‘La Perle Rare’, on the other hand, is a handmade unique that will cost a little more than $8-9 million.
It all began at the 2023 Pebble Beach Concours d’Elegance, when a client commissioned Bugatti to produce something absolutely special. Over time, the client and Jascha Straub, the guy in charge of Bugatti’s bespoke business, came up with proposals ranging from a silver tint to numerous shades of white before settling on something that seemed to capture the essence of light. The project began in August 2023, and we can safely assume that the designers in Berlin and engineers in Molsheim worked long hours on it.
HIGH SPEED THRILLS – Kids construct an authentic race car with the LEGO Technic Bugatti Chiron Pur Sport Hypercar (42222) building toy for boys and…
REALISTIC FEATURES & FUNCTIONS – Young builders can steer using the knob on top, explore the W16 engine, and open the doors and hood to discover…
VIBRANT BUGATTI DESIGN – This hypercar model features the eye-catching orange bodywork and black design inspired by the real Bugatti Chiron Pur…
The exterior of ‘La Perle Rare’ is a true show-stopper, with a two-tone color scheme that separates the vehicle into two distinct areas. The top area is a warm color tinged with gold and iridescence, as well as a sprinkle of metallic particles that sparkle beautifully. The second part is a sophisticated, warm white color. Getting the separating lines between the colors just right required a lot of precision. Even the wheels received special treatment, resulting in stunning diamond-cut rims painted in the interior color of the vehicle, which is an understatement given that the wheels are coated in a custom paint combination that matches the exact colors of gold and white. The end result is a car that shines like a rare gem while maintaining the original Mistral design.
Rembrandt Bugatti’s famed Dancing Elephant sculpture is featured in a few of the car’s more subtle details, like the gear selector, body panels behind the front wheels, and even the headrests. To add a personal touch, the name ‘La Perle Rare’ is stitched in the center tunnel, stamped on the engine cover, and painted on the active rear wing. These little details return the automobile to Bugatti’s artistic roots.
Inside ‘La Perle Rare,’ the cabin takes on an entirely new level of brightness, a luminous continuation of the outer motif that is difficult to describe. Every visible piece of carbon fibre has been coated white to give it a jewel-like appearance. Door panels feature alternating white and warm gold lines that look lovely on their sculpted, concave surfaces. The ambient lighting has just the right amount of warmth to it, highlighting the interplay between light and material. The steering wheel, center console clocks, and door handles are all machined and polished aluminum, with each meant to catch reflections in a particularly stunning way.
The power comes from the same quad-turbocharged 8.0-litre W16 engine found in all Mistrals. It’s not exactly small in any way, with 1,579 horsepower and 1,600 Nm of torque, it can go from 0 to 62 in 2.4 seconds, 0 to 124 in 5.6 seconds, and 0 to 186 in 12.1 seconds, and all of that power is sent to all four wheels via a seven-speed dual clutch transmission. Top speed? The record for the fastest open-top production car is already in the records, 282 mph and all, thanks to this car, but, for obvious reasons, you won’t be able to get it up to that sort of speed on the road, closer to 236 mph if you want to play it safe. [Source]
For a late-1990s engineer with good soldering skills, many a free pint of beer could be earned by installing modchips on the game consoles of the day. Modchips were usually a small microcontroller connected with a few wires to selected pins on the chips or pads on the board that masked or overrode the copy protection and region locking. This scene was brought back for us by a recent [Modern vintage gamer] video looking at the history of console hardware mods, and it’s worth a watch (see the video, below).
The story starts in 1996 with the original PlayStation, largely the source of those free pints for a nascent Hackaday scribe back in the day. Along the way, as he expands the story, we find other memories, for example, the LPC bus-based hijacks of the first XBox console, and the huge modding scenes on both that machine and Sony’s PS2. The conclusion is that this community left its mark on today’s consoles even though the easy hardware hacks may be a thing of the past on the latest hardware, and as past Hackaday articles can attest, jailbreaking older consoles still has a way to go.
In the early days, our recollection is that the PlayStation modchips were driven by the region locking rather than piracy, for the simple reason that Sony used 80-minute ISOs which wouldn’t fit on the then-available consumer 74-minute CD-R. We also remember them being used by people who couldn’t afford a blue debuugging PlayStation,. or the rare black developer model.
Consumers can expect a long wait for the next version of the iPad Pro, but the 2027 refresh will get vapor chamber cooling, not a major revamp in design.
iPad Pro
While Apple is set to make a number of product announcements within days, the iPad Pro won’t be among them. Instead, you’re going to be waiting until early 2027 for the next iteration. Writing in Bloomberg’s “Power On” newsletter on Sunday, Mark Gurman answers a query about the next iPad Pro and when it will launch. In his response, he tempers expectations of an imminent update, providing a more realistic outlook for the tablet line. Rumor Score: 🤔 Possible Continue Reading on AppleInsider | Discuss on our Forums
Samsung and the State of Texas have reached a settlement agreement over the alleged unlawful collection of content-viewing information through its smart TVs
As part of the agreement, the TV manufacturer will revise its privacy disclosures to clearly explain its data collection and processing practices to consumers.
Last December, Texas Attorney General Ken Paxton filed a lawsuit against several TV manufacturers, including Samsung, alleging that they use Automated Content Recognition (ACR) technology to collect and process viewing data without first obtaining their express, informed consent.
In January, Texas obtained a short-lived temporary restraining order (TRO) against Samsung to stop the unlawful collection of consumer data in the state, confirming a violation of the Texas Deceptive Trade Practices Act (DTPA).
Advertisement
Although the order was vacated on the following day, the lawsuit remained active.
The allegations against Samsung were that it uses ACR technology to capture screenshots of consumers’ TVs to determine what they’re watching. The South Korean tech giant would use this information for targeted advertising.
In support of the TRO, the Court found that there was “good cause to believe” that Samsung automatically enrolled customers in this system using “dark patterns” that included “over 200 clicks spread across four or more menus for a consumer to read the privacy statements and disclosures.”
In a statement to BleepingComputer, Samsung stated that, while it does not agree that its Viewing Information Services (VIS) system violated any regulations, it has agreed to “make enhancements to further strengthen our privacy disclosures.”
Advertisement
“While we maintain our original television privacy policy and notices followed existing Texas state regulations, as a trusted brand, Samsung is proud to be at the forefront of protecting consumer privacy and security,” stated a spokesperson of Samsung Electronics America.
“The settlement affirms what Samsung has said since this lawsuit was filed – Samsung TVs do not spy on consumers. In fact, Samsung allows you to control your privacy – and change your privacy settings at any time.”
“As part of the agreement, Samsung must halt any collection or processing of ACR viewing data without obtaining Texas consumers’ express consent,” announced Texas AG Ken Paxton.
“Additionally, it compels Samsung to promptly update its smart TVs and implement disclosures and consent screens that are clear and conspicuous to ensure that Texans can make an informed decision regarding whether their data is collected and how it’s used.”
Advertisement
Paxton commended Samsung for agreeing to implement consumer safeguards, while he underlined that others haven’t moved with a similar fervor as of yet.
Smart TV manufacturers, including Sony, LG, Hisense, and TCL Technologies, have not made any changes in response to the lawsuits yet.
Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.
Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.
