Apple’s new AirPods Max 2 have dropped to the lowest price ever, making now a great time to pick up the over-ear headphones as a gift for Mom this Mother’s Day.

AirPods Max 2 are now $40 off at Amazon and Walmart, as both retailers compete for your business this week.

With Mother’s Day on May 10, there’s still time to pick up a pair for Mom and have them delivered by Sunday (check the ETA for your individual shipping address, though, to confirm).

Apple AirPods Max 2 features

AirPods Max 2, which were announced in March 2026, are equipped with Apple’s H2 chip. The chip offers enhanced sound quality and better Active Noise Cancellation (ANC) compared to the first-generation AirPods Max.

About AirPods Max 2

• Powered by Apple’s H2 chip
• Up to 1.5x more Active Noise Cancellation than first-gen AirPods Max
• Transparency mode
• Adaptive EQ
• Lossless Audio and ultra-low latency audio via a wired USB-C connection (requires a supported service)

In our hands-on 1-month AirPods Max 2 review, the latest model received a solid four-star rating out of five.

If you’re open to buying the first-gen AirPods Max, closeout deals are in effect on remaining inventory, with Amazon running a $100 discount on the purple colorway, bringing the price down to $449.

You can also compare prices across retailers in our AirPods Max Price Guide and peruse the week’s best AirPods deals in our dedicated roundup.

• Autonomous tanker drone completed two-hour maiden flight validating core flight systems
• MQ-25A will replace fighter jets in aerial refueling role aboard carriers
• Further testing planned before transition to carrier qualification operations in Maryland

The US Navy’s MQ-25A Stingray autonomous tanker drone, the service’s first operational unmanned aerial refueler, has completed its maiden flight.

The two-hour test took place over southern Illinois, where the aircraft carried out a series of maneuvers to validate its basic flight controls and onboard operations.

Just two months ago, researchers at the Data Intelligence Lab at the University of Hong Kong introduced CLI-Anything, a new state-of-the-art tool that analyzes any repo’s source code and generates a structured command line interface (CLI) that AI coding agents can operate with a single command.

Claude Code, Codex, OpenClaw, Cursor, and GitHub Copilot CLI are all supported, and since its launch in March, CLI‑Anything has climbed to more than 30,000 GitHub stars.

But the same mechanism that makes software agent-native opens the door to agent-level poisoning. The attack community is already discussing the implications on X and security forums, translating CLI-Anything’s architecture into offensive playbooks.

The security problem is not what CLI-Anything does. It is what CLI-Anything represents.

CLI-Anything generates SKILL.md files, the same instruction-layer artifacts that Snyk’s ToxicSkills research found laced with 76 confirmed malicious payloads across ClawHub and skills.sh in February 2026. A poisoned skill definition does not trigger a CVE and never appears in a software bill of materials (SBOM). No mainstream security scanner has a detection category for malicious instructions embedded in agent skill definitions, because the category simply did not exist eighteen months ago.

Cisco confirmed the gap in April. “Traditional application security tools were not designed for this,” Cisco’s engineering team wrote in a blog post announcing its AI Agent Security Scanner for IDEs. “SAST [static application security testing] scanners analyze source code syntax. SCA [software composition analysis] tools check dependency versions. Neither understands the semantic layer where MCP [Model Context Protocol] tool descriptions, agent prompts, and skill definitions operate.”

Merritt Baer, CSO of Enkrypt AI and former Deputy CISO at Amazon Web Services (AWS), told VentureBeat in an exclusive interview: “SAST and SCA were built for code and dependencies. They don’t inspect instructions.”

This is not a single-vendor vulnerability. It is a structural gap in how the entire security industry monitors software supply chains. This is the pre-exploitation window. CLI-Anything is live, the attack community is discussing it, and security directors who act now get ahead of the first incident report.

The integration layer no stack can see

Traditional supply-chain security operates on two layers. The code layer is where SAST works, scanning source files for insecure patterns, injection flaws, and hardcoded secrets. The dependency layer is where SCA works, checking package versions against known vulnerabilities, generating SBOMs, and flagging outdated libraries.

Agent bridge tools like CLI-Anything, MCP connectors, Cursor rules files, and Claude Code skills operate on a third layer between the other two. Call it the agent integration layer: configuration files, skill definitions, and natural-language instruction sets tell an AI agent what software can do and how to operate it. None of it looks like code. All of it executes like code.

Carter Rees, VP of AI at Reputation, told VentureBeat in an exclusive interview: “Modern LLMs [large language models] rely on third-party plugins, introducing supply chain vulnerabilities where compromised tools can inject malicious data into the conversation flow, bypassing internal safety training.”

Researchers at Griffith University, Nanyang Technological University, the University of New South Wales, and the University of Tokyo documented the attack chain in an April paper, “Supply-Chain Poisoning Attacks Against LLM Coding Agent Skill Ecosystems.” The team introduced Document-Driven Implicit Payload Execution (DDIPE), a technique that embeds malicious logic inside code examples within skill documentation.

Across four agent frameworks and five large language models, DDIPE achieved bypass rates between 11.6% and 33.5%. Static analysis caught most samples, but 2.5% evaded all four detection layers. Responsible disclosure led to four confirmed vulnerabilities and two vendor fixes.

The kill chain security leaders need to audit

Here’s the anatomy of the kill chain: An attacker submits a SKILL.md file to an open-source project containing setup instructions, code examples, and configuration templates. It looks like standard documentation. A code reviewer would wave it through because none of it is executable. But the code examples contain embedded instructions that an agent will parse as operational directives.

A developer uses an agent bridge tool to connect their coding agent to the repository. The agent ingests the skill definition and trusts it, because no verification layer exists to distinguish benign from malicious intent at the instruction level.

The agent executes the embedded instruction using its own legitimate credentials. Endpoint detection and response (EDR) sees an approved API call from an authorized process and passes it. Data exfiltration, configuration changes, and credential harvesting are all moving through channels that the monitoring stack considers normal traffic.

Rees identified the structural flaw that makes this chain lethal. “A significant vulnerability in enterprise AI is broken access control, where the flat authorization plane of an LLM fails to respect user permissions,” he told VentureBeat. A compromised skill definition riding that flat authorization plane does not need to escalate privileges. It already has them. Every link in that chain is invisible to the current security stack.

Pillar Security demonstrated a variant of this chain against Cursor in January 2026 (CVE-2026-22708). Implicitly trusted shell built-in commands could be poisoned through indirect prompt injection, converting benign developer commands into arbitrary code execution vectors. Users saw only the final command. The poisoning happened through other commands the IDE never surfaced for approval.

The evidence is already in production

In a documented attack chain from April 2026, a crafted GitHub issue title triggered an AI triage bot wired into Cline. The bot exfiltrated a GITHUB_TOKEN, which the attacker used to publish a compromised npm dependency that installed a second agent on roughly 4,000 developer machines for eight hours. There was just one issue title. Attackers had eight hours of access. No human approved the action.

Snyk’s ToxicSkills audit scanned 3,984 agent skills from ClawHub, the public marketplace for the OpenClaw agent framework, and skills.sh in February 2026. The results: 13.4% of all skills contained at least one critical security issue. Daily skill submissions jumped from less than 50 in mid-January to more than 500 by early February. The barrier to publishing was a SKILL.md markdown file and a GitHub account one week old. No code signing. No security review. No sandbox.

OpenClaw is not an outlier. It is the pattern. “The bar to entry is extremely low,” Baer said. “Adding a skill can be as simple as uploading a Word doc or lightweight config file. That’s a radically different risk profile than compiled code.” She pointed to projects like ClawPatrol that have started cataloging and scanning for malicious skills, evidence the ecosystem is moving faster than enterprise defenses.

The ClawHavoc campaign, first reported by Koi Security in late January 2026, initially identified 341 malicious skills on ClawHub. A follow-up analysis by Antiy CERT expanded the count to 1,184 compromised packages across the platform. The campaign delivered Atomic Stealer (AMOS) through skill definitions with professional documentation. Skills named solana-wallet-tracker and polymarket-trader matched what developers actively searched for.

The MCP protocol layer carries similar exposure. OX Security reported in April that researchers poisoned nine out of 11 MCP marketplaces using proof-of-concept servers. Trend Micro initially found 492 MCP servers exposed to the internet with zero authentication; by April, that number had grown to 1,467. As The Register reported, the root issue lies in Anthropic’s MCP software development kit (SDK) transport mechanism. Any developer using the official SDK inherits the vulnerability class.

VentureBeat Prescriptive Matrix: Three-layer agent supply-chain audit

VentureBeat developed a Prescriptive Matrix by mapping the three attack layers documented in the research and incident reports above against the detection capabilities of current SAST, SCA, and agent-layer tools. Each row identifies what security teams should verify and where no scanner has coverage today.

Baer’s diagnosis of Layer 3 applies across the entire matrix: “Current scanners look for known bad artifacts, not adversarial instructions embedded in otherwise valid skills.” Cisco’s open-source Skill Scanner and Snyk’s mcp-scan represent the first tools purpose-built for this layer.

Security director action plan

Here’s how security leaders can get ahead of the problem.

Inventory every agent bridge tool in the environment. This includes CLI-Anything, MCP connectors, Cursor rules files, Claude Code skills, GitHub Copilot extensions. If the development team is using agent bridge tools that have not been inventoried, the risk cannot be assessed.

Audit agent skill sources the same way package registries get audited. Baer’s framing is precise: “A skill is effectively untrusted executable intent, even if it’s just text.” Shut off ungoverned ingestion paths until controls are in place. Stand up a review and allowlisting process for skills. The OWASP Agentic Skills Top 10 (AST01: Malicious Skills) provides the procurement framework to align controls against.

Deploy agent-layer scanning. Evaluate Cisco’s open-source Skill Scanner and Snyk’s mcp-scan for behavioral analysis of agent instruction files. If dedicated tooling is unavailable, require a second engineer to read every SKILL.md before installation.

Restrict agent execution privileges and instrument runtime. AI coding agents should not run with the same credential scope as the developer who invoked them. Rees confirmed the structural flaw: The flat authorization plane means a compromised skill does not need to escalate privileges. Baer’s prescription: “Instrument runtime observability. What data is the agent accessing, what actions is it taking, and are those aligned with expected behavior?”

Assign ownership for the gap between layers. The most dangerous attacks succeed because they fall between detection categories. Assign a team to own the agent integration layer. Review every SKILL.md, MCP config, and rules file before it enters the environment.

The gap that already has a name

Baer underscored the dangers of this new attack vector. “This feels very similar to early container security, but we’re still in the ‘we’ll get to it’ phase across most orgs,” she said. She added that, at AWS, it took a few high-profile wake-up calls before container security became table stakes. The difference this time is speed. “There’s no build pipeline, no compilation barrier. Just content,” she said.

CLI-Anything is not the threat. It is the proof case that the agent integration layer exists, that it is growing fast, and that the attacker community has already found it. The 33,000 developers who starred the repository are telling security teams where software development is heading. Eighteen months ago, the detection category for agent-integration-layer poisoning did not exist. Cisco and Snyk shipped the first tools for it in April. The window between those two facts is closing. Security directors who have not begun inventory are already behind.

Cybersecurity consultants have never been more in demand. Information security analyst roles are projected to grow nearly 30 percent between now and 2034, according to the U.S. Bureau of Labor Statistics. More than 15 million cybercrime incidents occurred worldwide in 2024, Statista reported.

Data breaches are costly and pose direct safety risks. Statista reported that more than US $10 trillion is spent annually repairing the damage caused by cybercrime, most commonly phishing, spoofing, extortion, and data breaches. In one example in the United States, breathalyzer devices installed in vehicles became disabled, leaving hundreds of drivers stranded, as detailed in an IEEE Spectrum article.

To help you acquire the skills you need to distinguish yourself from other cybersecurity job candidates, the IEEE Computer Society offers a “What Makes a Great Cybersecurity Consultant” guide. The 23-page PDF includes hard and soft skills you need, a list of certifications to pursue, and key IEEE cybersecurity conferences for staying updated on developments in the field.

The guide includes advice from two cybersecurity experts. John D. Johnson, an IEEE senior member, is the founder and CEO of Aligned Security in Bettendorf, Iowa. Ricardo J. Rodriguez is an associate professor of computer science and systems engineering at the Universidad de Zaragoza, in Spain, who researches digital forensics and other cybersecurity topics.

“Technology, remote work, and a shortage of skilled workers make this the ideal time to consider becoming a cybersecurity consultant,” Johnson says in the guide. “Consulting can give you the flexibility, variety, and control over where you want your career to go.”

Hard and soft skills

At a minimum, cybersecurity professionals should have a general understanding of IT including operating systems, communication protocols, network architecture, and programming languages such as C++, Java, and Python. They also should be well-versed in security auditing, firewall management, penetration testing, and encryption technologies.

The principles of ethical hacking and coding would be handy as well.

“To be able to defend a system well, you first have to know how to attack it,” Rodriguez says.

The guide explains that there are now more technologies available to help cybersecurity consultants monitor threats and protect systems. They include security orchestration, automation, and response (SOAR) platforms, which automate workflows to collect security data, streamline incident response, and automate repetitive tasks.

Rodriguez points to advances in domain name system security extensions (DNSSEC), which uses digital signatures based on public-key cryptography to strengthen the authentication of the domain name system. By validating data authenticity, DNSSEC safeguards against attacks such as DNS spoofing and guarantees that users connect to the correct IP address.

Technologies such as artificial intelligence, blockchain, and quantum computing will increasingly be used to help thwart cyberattacks, the guide suggests. AI is expected to enhance the quality of data analysis, Rodriguez says.

Although hard skills are important, soft skills are just as crucial, according to the guide. Critical thinking, project management, flexibility, teamwork, and organizational and presentation skills are essential.

It’s not enough to be good at analyzing security vulnerabilities; you also need to clearly describe the situation and explain possible solutions.

“Soft skills are important to achieve good team cohesion,” Rodriguez says, “because consultants often lead diverse teams from within their client’s organization.”

“It’s essential,” Johnson adds, “that you demonstrate to clients you’re a team player and a capable communicator, and that you meet your commitments.”

Security certifications

Possessing security-specific credentials is a valuable way to demonstrate your expertise to potential clients, according to the guide. Because hundreds of certifications are available, Johnson says, pinpointing the most relevant ones can be challenging. Some people focus on theoretical knowledge, while others want to cover practical applications of technology.

“Survey the industry and compare it to your skills,” Johnson recommends. “Decide what you want to do, and identify where you have gaps in your skills and experience.”

Here are four of the nine certifications listed in the guide that are frequently cited as being important. All the providers are cybersecurity organizations.

Additional industry-specific certifications might be required for organizations in finance, government, health care, or manufacturing.

Sound general knowledge—backed by experience, training, and certification—is an essential foundation for being a specialist, Johnson says.

Conferences and networking opportunities

Events sponsored by the IEEE Computer Society can help you learn about the latest research and advancements in cybersecurity:

Conferences can give you insight into the field and let you do some networking, but it’s important to network elsewhere as well, experts say. Consider joining the IEEE Technical Community on Security and Privacy, which connects experts and professionals advancing research in areas such as encryption, operating system security, and data privacy.

Learning and meeting people keeps your knowledge sharp and can lead to mentorship opportunities with established cybersecurity consultants, Johnson says.

Other IEEE resources

The IEEE Computer Society’s cybersecurity resources page offers a wealth of information including fundamentals, possible career paths, and standards development. To keep you updated on trends, the society publishes IEEE Transactions on Privacy and the IEEE Security and Privacy magazine.

In addition to the guide, the IEEE Learning Network offers nearly 30 courses on cybersecurity. And you can find research papers in the IEEE Xplore Digital Library.

Microsoft is weighing whether to delay or scale back one of its most ambitious clean energy goals as its rapid buildout of AI data centers puts pressure on its ability to meet those targets. Microsoft has yet to make any public announcements, but according to Bloomberg the company is having internal discussions over its hourly clean energy matching goal.

The tech company has said that by 2030 it intends to match 100% of its hourly energy use with clean power on the same grid. But Microsoft’s rush to build AI data centers has apparently sparked debate within the company about whether the pledge has become an impediment to its ambitions.

Microsoft declined to comment on the internal debate over the hourly matching goal. Instead, a spokesperson told TechCrunch the company continues “to look for opportunities to maintain our annual matching goal.”

Hourly targets like the kind Microsoft has set for itself are more rigorous than annual targets. Because the grid is a balanced system — the supply and demand of electrons needs to be matched on a near-instantaneous basis — hourly matching helps develop clean energy sources that more closely align with a company’s usage patterns.

Annual targets are more lenient. They are effectively accounting tricks that could, for example, let a company buy more solar power than it might use at midday. Other customers on the grid use that energy, but the company that paid for the solar panels gets to claim the renewable power they make. It’s a tidy arrangement that has sped the deployment of wind, solar, and batteries. But on its own, annual targets won’t eliminate fossil fuels entirely. Hourly targets help foster renewable development that more closely mimics how a true net-zero world would be powered.

Big tech companies like Microsoft, Meta, Google, and Apple have generally led on emissions reductions, setting aggressive net-zero targets. Many have eliminated their carbon emissions on an annual basis. Microsoft, for instance, said it met that goal last year.

But as data centers grow in size and number, those same companies are turning to natural gas. Microsoft is included in that list; last month, the company said it was working with Chevron and Engine No. 1 to build a massive natural gas power plant in West Texas that could eventually generate up to 5 gigawatts. 

Despite the West Texas project, Microsoft is widely viewed as a leader among tech companies pursuing net zero emissions. By 2030, Microsoft intends to remove more carbon from the atmosphere than its operations produce.

Part of the company’s renewable push has been driven by an internal carbon tax. The Microsoft spokesperson did not reply to questions about the company’s carbon tax. If it remains in place, some of the internal debate surrounding hourly matching might revolve around a cost-benefit analysis of the shift.

If Microsoft were to abandon its hourly-matching target, the company would also lose some leverage in efforts to sell the public on its data centers. 

As data centers have proliferated, the general public has begun to push back against them, citing concerns over pollution, power prices, and water use. When Microsoft brings its own clean power to a project, it can plausibly say it has addressed two of those concerns. Without it, new data centers might be harder to sell to the public.

Since 2014, Womanizer has been satisfying people with vulvas all over the world. Thanks to its revolutionary Pleasure Air Technology that mimics the feeling of oral sex, not only has Womanizer discovered a way to stimulate the 10,000+ nerve endings in the clitoris in a way that hadn’t been done by a sex toy before—yes, they were the first—but the brand can even boast a 100% orgasm rate among users.

As a company that puts sexual pleasure front and center, Womanizer has continued to add to their very impressive lineup of orgasm-inducing toys. They’ve even branched out by creating products like the Womanizer Duo and Womanizer Duo 2, both of which stimulate the clitoris and G-spot simultaneously. (Blended orgasm, anyone?) As recently as March 2025, Womanizer launched their latest toy, Womanizer Enhance, the first toy of its kind because it allows the user to choose between the Pleasure Air Technology or traditional vibrations. I was fortunate enough to review the Enhance for WIRED, giving it a 7/10 because of its ability to stand by its word and deliver me one heck of an orgasm.

But because the Enhance is just one of dozens of Womanizer products that have hit the market in the last 11 years, I’m the first to admit that it can be difficult to choose which one is best for you. That’s where Womanizer coupons come into play—because no one should have to decide on just one of their fantastic sex toys.

Save 12% on Everything With Our Exclusive Womanizer Coupon

If you’ve been wanting to try Womanizer, but you were holding out for a sale or deal, then I’m happy to announce that we have a great one for you. At checkout, use the Womanizer promo code and you’ll score 12% off everything sitewide, including sale products.

What Makes the Womanizer Premium 2 so Popular?

Overwhelmed and not sure where you should begin your Womanizer journey? Womanizer Premium 2 is the perfect start to a life-long love affair with Womanizer. It’s easy to use, has 12 intensity levels, and you can even set it to Womanizer Autopilot so you can focus 100% on being in the moment. It’s also waterproof should you want to experiment with its sensations in the shower or bathtub.

15% Off Womanizer W500

This small (but powerful) vibrator is pretty enough to display. The W500 is one of the best clitorial suction vibrators on the market, with Womanizer’s signature Pleasure Air Technology, 4 hours of play time, and 12 levels of intensity. Plus, this chic design features Swarovski crystal, so you can pamper yourself like the true royalty you are. As with Womanizer’s products, you can get free shipping, a five-year warranty, 100-day guarantee, and discreet mail packaging for extra peace of mind. Be sure to grab the W500 now, for 15% off—no Womanizer coupon code necessary.

Get 15% off Sitewide With a Womanizer Coupon Code

Looking to level up on the Womanizer deals? If you sign up on the website, you’ll get a Womanizer coupon code emailed directly to you. Valid for seven days, this unique code will get you 15% off everything on the site and can even be combined with other Womanizer discounts.

This gives you a great opportunity to purchase the Womanizer Premium 2, so your original Premium has a buddy. If you travel a lot for work or for pleasure and need something smaller, but just as powerful, then put that promo code toward the Womanizer Liberty 2 or Womanizer Starlet Snow. Both are ideal for the person who’s always on the go, but also prioritizes sexual pleasure.

Shop Womanizer Sales and Get up to 50% off Sex Toys

Womanizer isn’t just great at keeping people with vulva knee-deep in orgasms, but doing so with your budget in mind. Because sexual pleasure should be affordable and accessible for everyone, the Womanizer sale offers up to 50% off certain products at all times. It’s a great selection of Womanizer sale items that showcase just how diverse the brand is. On the sale page, you won’t just find Pleasure Air Technology sex toys, but vibrators and penis strokers too. It’s a great way to get yourself a little something and feel good knowing that it was a total bargain.

How to Get a Free Toy With Purchase

Let’s be honest: the best things in life are free. Because Womanizer knows that and realizes we all deserve a freebie from time-to-time, they want to make your day. With every Womanizer order over $199, you get a free Womanizer toy at checkout. Choose between the Womanizer OG, the Womanizer Classic 2, or We-Vibe Bond. All of which make a fabulous gift for yourself from Womanizer or a gift for someone you love.

Save 15% With a Womanizer Student Discount

If you’re still in school, Womanizer offers 15% off all products with its student discount. You just need to register your phone number to verify your student status. If you’re no longer a student, but are a graduate, teacher, healthcare worker, first responder, low-income, military personnel, a parent, or a charity worker, you too can enjoy 15% off everything. Womanizer has teamed up with Student Beans and Beans iD to offer exclusive discounts for a range of different groups. Sexual pleasure is a human right and Womanizer wants all of us to exercise that right with the help of discounts and coupon codes.

Target has set itself apart from big box retailers like Walmart by having trendy clothes, homegoods branded by reality TV stars and, of course, in-store Starbucks. With malls and traditional department stores in decline, Target has even become the go-to destination for stay-at-home parents who need to get out of the house (and maybe get a Frappuccino). In recent years, the store has cemented themselves as a notch above similar retailers with exclusive products with a more high-end feel, while still being inexpensive and regularly holding sales for even more savings. Carrying everything from outdoor gear to clothes to tech and grocery items, save on your shopping spree with gift card bonuses, Target Circle coupons, as well as weekly deals up to 50% off—including this Target promo code to get $50 off.

Don’t Miss Mother’s Day Target Gifts

Your mom probably loves Target. And Target loves your mom, with a whole curated selection of Mother’s Day gifts so that you can take the guesswork out of gift giving this Mother’s Day. Be sure to check out the top 100 gifts for Mother’s Day, according to Target. So whether your mom is more into skincare or LEGOs, there is a great (and affordable) gift waiting for you to grab for Mom.

New Target Circle Members Can Score a $50 Off Target Coupon

One of the best kept secrets to saving sitewide at Target? Get $50 off orders of $50 or more when you’re approved for a Target Circle Credit or Debit Card. As a bonus, you can also get a $50 credit when you open a Target Circle Reloadable account and spend $50 at Target. The good news is that with this deal, no code is required. Simply sign up for a Target Circle Credit or Debit card, and when approved, you’ll get $50 savings on a purchase of $50 or more.

Another benefit of being a Target Circle member? Exclusive coupons and rotating weekly Circle Deals. There are countless discounts spanning across all departments, but this week’s highlights include a $15 Target gift card when you spend $100 on household essentials, 25% off Disney toys, 40% off Dyson vacuums, 25% off beauty and wellness products, and 40% off women’s dresses, exclusively for Circle members.

Get 50% Off Target Circle 360, a Free Gift Every Month + 5% Off Everything

This membership program rewards you for doing the shopping you already are. Target Circle members get 5% discounts in-store and online, free two-day shipping, no-rush returns, and a ton more perks. But the paid Target Circle 360 membership ($11 per month or $99 per year, which amounts to just a little more than $8 per month) unlocks better discounts, which gets you early access to online sales and free next day delivery. Plus, if you’re not sure if the plan is right for you, customers can also start a 14 Day Free trial to see its full benefits.

More perks for Circle 360 members include an extra 30 days to return items, monthly freebies, and same-day delivery on Target, plus other stores like CVS, PetSmart, Petco, Lowe’s, Office Depot, and 7 Eleven. Plus, Circle cardholders get an extra 5% off, free shipping, and 50% off Circle 360 membership fees. Cardholders even get $50 off annual Circle memberships (making it $49 per year instead of $99).

Students Can Save 50% on Target Circle 360

The Target student discount gets you a Circle 360 membership for $5 per month, rather than the regular pricing of $11 ($48 in savings per year on fees). To be eligible for student discounts, you’ll need to upload a student ID, class schedule, or tuition receipt for proof.

Other customers can save too, including 50% off for those on Governmental Assistance. Members who qualify can get free, fast shipping, unlimited same-day delivery and more at just $5 per month—$6 off the regular price.

There are even more ways to save. Customers who are enrolled in Target 360 get tons of perks, like one free gift every month, early sale access, free same day delivery, and free 2-day delivery.

Get 15% Off With a Target Registry

Celebrating life’s big milestones has never been easier (or cheaper) with Target Circle. As you get close to your baby or wedding registry event date, you’ll receive a 15% off storewide Target Circle offer that you can actually redeem twice. Just make sure your registries are active for at least two weeks before.

You’ll get your 15% off coupon for the baby registry eight weeks before your expected due date and you’ll get the wedding registry offer during the week of your event date. And just like that, you’ll be getting 15% off your next in-store or online purchase. Although the offer is limited to one per Target Circle member, you can redeem it up to two times within 12 months. But the offer expires in 6 months, so make sure you check the expiration date on the offer. There are a few ways to redeem: you can Wallet in the Target app, enter your phone number on the keypad or self-checkout screen, or scan your offers barcode on target.com/circle/offers.

Discover More Discounts in the Weekly Target Ad

One of the best ways to save at Target is to channel your mom’s couponing and keep an eye out for the Weekly Ad. These offers focus specifically on certain departments, like electronics or groceries. For the Weekly Ad, you can use the search bar to find discounts on specific products or brands, or you can use the “Browse By Category” button to sift through departments, just like you’d do if you were shopping in-store! Coupons featured in the Weekly Ad are based on in-store deals that are closest to you (unless it mentions all stores). To find these, you’ll need to select the location nearest to you or look it up with your zip code.

There are also top deals in various categories, and online clearance items for major coin off major products. These can be found under “Deals” on the menu. These deals also include themed sale events, which usually entails freebies, gift cards, and up to an extra 50% off featured products.

Get Free Shipping at Target

If you want to snag these discounts without leaving the comfort of your couch, Target offers free shipping on orders above $35—convenience for less money. Along with these Target promo codes, Target offers a price match guarantee to show their commitment to making sure you are getting the best deal. Plus, no Target coupon code is needed to save $50 when you’re approved for a Circle card. You can also get exclusive discounts in the Target App, including digital coupons.