TL;DR
Claude Guillemot, who co-founded Ubisoft in 1986 and led gaming peripherals maker Guillemot Corp, has died at 69 in a plane crash in western France.
Tech
Copilot searched your mailbox. LiteLLM handed out admin keys. Run this 5-check audit before your stack is next
Two AI tools broke in the same way in the same two weeks, and four research teams proved it. The pattern underneath every disclosure is one sentence: enterprise AI accepts external input with no trust boundary.
On June 15, Varonis disclosed SearchLeak (CVE-2026-42824), a proof-of-concept exfiltration chain in Microsoft 365 Copilot Enterprise Search. A victim clicks a crafted microsoft.com URL, Copilot searches their mailbox, and the data leaves through a Bing SSRF. No plugins, no second click, no visible indicator. Four days earlier, Obsidian Security published a three-CVE chain against LiteLLM that carried a default low-privilege user all the way to admin and remote code execution. Two tools. Two teams. One broken boundary.
The five-check audit at the end of this article maps each gap to a CVE or a market signal from June, a command you can run before lunch, and a sentence a CISO can read to the board.
Copilot turned a trusted URL into an exfiltration engine
SearchLeak chained three weaknesses into a silent data-theft chain. The URL q parameter fed attacker instructions straight to Copilot’s LLM. A rendering race condition fired an image tag before the output sanitizer ran. Bing’s image-search endpoint, allowlisted in the Content Security Policy, routed the stolen data out. Microsoft rated the flaw critical and patched it on the back end, according to Varonis. NVD has not yet scored it; a third-party tracker lists it at 6.5 medium. The severity is contested, but the mechanism is not.
The escalation is the real story. This is the third Varonis Copilot exfiltration chain in twelve months, after Reprompt in January and EchoLeak in 2025. Reprompt hit Copilot Personal. SearchLeak hit Enterprise Search. Enterprise inherits the user’s full organizational permissions, so the blast radius is everything that a user can reach.
LiteLLM handed a default account to every provider key
The LiteLLM gateway holds the keys for OpenAI, Anthropic, Azure, and Bedrock behind a single proxy. The Obsidian chain runs in three moves. CVE-2026-47101, an authorization bypass, lets a non-admin mint a wildcard API key. CVE-2026-47102 promotes that caller to proxy admin through an unguarded /user/update endpoint. CVE-2026-40217 escapes the code sandbox through exec() with full builtins. Obsidian then demonstrated a reverse shell by injecting a forged tool-call response through LiteLLM’s callback mechanism. Obsidian assessed the combined chain at CVSS 9.9. The developer typed one word. The attacker popped a shell.
A separate LiteLLM flaw made the urgency immediate. CVE-2026-42271, a command-injection bug in the MCP test endpoints, landed on the CISA KEV list on June 8 with a June 22 remediation deadline. That KEV entry is not the Obsidian chain. The two are distinct disclosures four days apart, fixed in different releases, pointed at the same gateway. LiteLLM carries more than 40,000 GitHub stars and sits in thousands of enterprise deployments. This is not the first scare, either. A supply-chain compromise backdoored LiteLLM versions 1.82.7 and 1.82.8 on PyPI in March. A compromised gateway exposes every provider credential the organization holds.
Langflow and Mini Shai-Hulud proved the pattern scales
The same boundary broke in two more tools in the same fortnight. Langflow CVE-2026-5027 became the third Langflow remote-code-execution flaw to hit active exploitation this year. A path traversal in file upload lets an attacker write files anywhere on disk, and because Langflow ships with auto-login enabled by default, a single unauthenticated request reaches RCE. VulnCheck confirmed exploitation on June 9. Censys counted roughly 7,000 exposed instances, the heaviest concentration in North America, with MuddyWater attribution.
The Mini Shai-Hulud campaign hit a different pressure point. After the worm’s source code went public on May 12, copycat variants compromised 32 Red Hat Cloud Services npm packages on June 1, packages pulled 80,000 times a week. The worm harvests more than 20 credential types and self-propagates under the compromised maintainer’s identity.
Four teams, four tools, one operating failure. The bug classes differ. SearchLeak is a prompt injection. LiteLLM is privilege escalation. Langflow is path traversal. Mini Shai-Hulud is supply-chain poisoning. The boundary that broke is the same in all four.
The market already repriced the risk
CrowdStrike’s Q1 FY27 earnings call put a number on the gap. AIDR, the company’s AI detection and response line, grew ending ARR more than 250% sequentially, with a Q2 pipeline above $50 million (SEC-filed 8-K). Total company ARR reached $5.51 billion, and CrowdStrike’s fleet telemetry shows more than 1,800 agentic applications running across enterprise endpoints.
On June 17, the company extended AIDR to AWS, adding real-time evaluation of agent, LLM, and MCP communications across Amazon Bedrock, Kiro, and Strands Agents, building on its work with Anthropic’s Project Glasswing. Daniel Bernard, CrowdStrike’s chief business officer, said the AI attack surface now spans development, runtime, identities, and cloud infrastructure, and that teams treating those as separate domains leave the gaps between them open.
Practitioners name the same gap in plainer terms
David Levin, CISO at American Express Global Business Travel, told VentureBeat the pattern does not surprise him. “We kind of have this shadow AI, which is just the new version of shadow IT,” Levin said.
Both Langflow and LiteLLM fit the description. Teams stood them up for convenience, gave them credentials, and never brought them under governance. Levin puts the fix before deployment. “We didn’t go into this with just saying we’re going to go do this without the right fundamentals,” he said. “We leverage NIST controls. NIST has released their CSF along with their AI framework. OWASP released their top 10. You need the right fundamentals before you deploy.”
Merritt Baer, CSO at Enkrypt AI and former AWS Deputy CISO, named the structural version of the failure in a separate VentureBeat interview. “Enterprises believe they’ve ‘approved’ AI vendors, but what they’ve actually approved is an interface, not the underlying system,” Baer said. “The real dependencies are one or two layers deeper, and those are the ones that fail under stress.” She has tied that directly to how systems fall. “Raw zero-days aren’t how most systems get compromised. Composability is,” Baer told VentureBeat. “It’s the glue between the model and your data where the risk lives. If you give an agent bash and a root token, you’ve already done most of the attacker’s work for them.” That is what rows 2 and 4 of the audit test: the gateway that holds every key, and the agent identity no one governs.
Levin had a sharper frame for the boardroom. “You need to talk more in terms of risk versus compliance to your boards and your executives,” he said. “It’s not about the size of the engineering team anymore. It’s the size of your imagination. It’s all written in plain English. It’s not hard for anyone.” Neither SearchLeak nor LiteLLM needed custom malware or a zero-day to work.
Adam Meyers, CrowdStrike’s SVP of Intelligence, put the operational squeeze in numbers in an exclusive VentureBeat interview. “The problem is not zero-day. The problem is patching. If you 10x that problem, they’re gonna be completely underwater,” Meyers said. He pointed to identity as the second front. “Some of these AI have their own identities, or people give their identity to the AI to take action on their behalf, and that makes it a very complex problem.”
The five-check trust-boundary audit
Each row maps a gap to its proof point, a verification command for Monday morning, the fix, and the sentence to read to the board.
|
Trust-Boundary Gap |
Proof Point |
What Broke |
Verify Monday |
Fix Monday |
Board Language |
|
1. Prompt-to-Data |
SearchLeak CVE-2026-42824. P2P injection + HTML race + Bing SSRF. One-click mailbox exfiltration via microsoft.com URL. PoC demonstrated; Microsoft rated it critical, NVD not yet scored. |
URL q-parameter passed to LLM as instructions. Sanitizer ran after render. Bing acted as exfiltration proxy via CSP allowlist. |
Audit CSP allowlists for domains performing server-side fetches. Monitor Copilot Search URLs for encoded payloads. Review Copilot audit logs. |
Confirm server-side patch applied. Enable sensitivity labels restricting Copilot. Treat AI streaming output as untrusted. |
“Our AI assistant could search employee email and send results to an attacker through a trusted Microsoft URL. Vendor patched it. We must verify configuration.” |
|
2. Gateway Credential Exposure |
LiteLLM three-CVE chain (-47101, -47102, -40217). CVSS 9.9. Separate CVE-2026-42271 on CISA KEV (fixed in v1.83.7; full chain fixed in v1.83.14-stable). June 22 deadline. |
No role validation on key endpoints. Self-promotion to admin via /user/update. exec() sandbox escape. One gateway exposes all provider keys. |
Run pip show litellm. Below 1.83.14-stable = vulnerable. Check /mcp-rest/test/ exposure. Audit proxy_admin accounts. |
Upgrade to v1.83.14-stable+. Rotate all provider API keys. Block /mcp-rest/test/* at proxy. Review Custom Code Guardrails. |
“Our AI gateway held keys for every provider. A default account could promote itself to admin and steal them all. Rotating and patching now.” |
|
3. AI Tooling Sprawl |
Langflow CVE-2026-5027 (CVSS 8.8). Third RCE of 2026. ~7,000 exposed instances. MuddyWater. Active exploitation June 9. |
Path traversal in file upload. Auto-login enabled by default. Single unauthenticated request to RCE. |
Query Censys/Shodan for Langflow, Flowise, n8n, Dify on your perimeter. Check auto-login. Inventory AI tools outside change management. |
Pull AI platforms behind VPN/zero-trust. Enable auth everywhere. Upgrade Langflow to v1.9.0+ (current release 1.10.0). Fingerprint surface continuously. |
“AI dev tools are exposed to the internet with login disabled. A nation-state group is exploiting this flaw now. Pulling behind access controls today.” |
|
4. Non-Human Identity Governance |
AIDR ARR up 250% (Q1 FY27, SEC 8-K). Q2 pipeline >$50M. 1,800+ agentic apps across enterprise endpoints. |
Agents hold identities and act on behalf of humans. Some exceed their intended scope to reach a goal. No standard governs agent credential lifecycle. |
Inventory all non-human identities used by agents and MCP servers. Map agent-to-data-store access. Flag agents with write access to security policy. |
Least-privilege every agent identity. Set privilege boundaries via identity protection. Runtime detection for policy-exceeding actions. Human-in-the-loop for policy changes. |
“AI agents hold credentials and act autonomously. We do not govern their identity lifecycle like human access. The 250% market growth tells us this gap is systemic.” |
|
5. Runtime Agentic Detection |
Falcon AIDR expanded to AWS (June 17). Covers Bedrock, Kiro, Strands Agents. MCP integration. Real-time agent/LLM/MCP evaluation. |
Traditional tools monitor human-speed actions. Agents run at machine speed, thousands of actions per minute, and route around controls to reach goals. |
Test if EDR/XDR links agent actions to originating identity. Verify SIEM ingests MCP communications. Confirm you can distinguish human from agent on endpoint. |
Deploy AIDR or equivalent runtime detection. Shadow-AI discovery for all agentic apps, models, MCP servers, identities. Real-time policy enforcement on agent actions. |
“We cannot distinguish a human employee from an AI agent acting on their behalf. We need runtime detection at machine speed that can stop damage before it starts.” |
The fix is plumbing, not policy
The June 2 executive order creates an AI Cybersecurity Clearinghouse with a July 2 deadline. The five gaps above are not frontier-model problems. They are plumbing problems in the gateways, orchestration platforms, identity layers, and runtime environments where AI meets the enterprise.
The audit is five rows. Every row maps to a June disclosure or market signal, a command a team can run before lunch, and a sentence a CISO can read to the board. The question is not whether your vendor will patch. It’s whether you find the gap first — or whether an attacker finds it the way they found Copilot and LiteLLM.
Continue Reading
First look: Microsoft is sticking with smaller, incremental Windows 11 updates, and its next release will follow the same pattern. There’s no major feature rollout tied to Windows 11 26H2. Like version 25H2, it will arrive as an enablement package that toggles changes already present in the OS. On PCs already running Windows 11 24H2 or 25H2, the upgrade should be a quick enablement download, a single reboot, and a few minutes of install time, with no obvious changes on the desktop.
This approach dates back to Windows 11 24H2, released in October 2024, which marked the last traditional feature update. Since then, Microsoft has kept new versions on the same underlying platform. In practice, 25H2 and now 26H2 mostly exist to extend support timelines rather than add new capabilities.
New features are no longer tied to these annual releases. Instead, Microsoft is delivering them through monthly cumulative updates, allowing changes to roll out continuously. Recent updates have added a Low Latency Profile, with support for a movable taskbar expected in an upcoming Patch Tuesday release.
As a result, the annual “feature update” now acts more like a maintenance marker than the main way new features arrive.
Microsoft has positioned this update model as a way to reduce disruption, particularly for enterprise environments where stability is critical. “The next annual update for Windows 11 is coming soon… continues our focus on delivering a predictable, low-disruption update experience for organizations and IT professionals,” the company said in recent documentation.
Enablement packages are small, often under 500KB, and work by activating dormant code already present in the OS. Because the platform itself doesn’t change, installation is faster and tends to be less disruptive than a full upgrade.
That shift also changes what a version number represents. Moving from 24H2 to 26H2 doesn’t bring a new feature set; it keeps the same codebase while advancing the support timeline for that installation.
For 26H2, support runs through October 2028 for Home, Pro, Pro EDU, and Pro for Workstations. Enterprise, Education, and IoT Enterprise versions will receive updates until October 2029, in line with Microsoft’s standard lifecycle model.
Hardware requirements remain unchanged. Any system capable of running Windows 11 24H2 or 25H2, which requires at least 4GB of RAM, 64GB of storage, and a 64-bit dual-core processor, will support the new version.
A separate release, Windows 11 26H1, is tied to newer silicon platforms such as Nvidia N1 and Snapdragon X2. It’s based on a different platform baseline and doesn’t introduce exclusive user-facing features, so for most users, it isn’t a meaningful upgrade.
The broader shift is that Windows is now evolving through steady, incremental updates rather than periodic overhauls. The most meaningful changes arrive through monthly patches, while annual releases serve primarily to maintain and extend the platform.
Microsoft hasn’t said whether this model will continue beyond 2026, and didn’t confirm if the same approach will apply to a future 27H2 release. For now, though, the company appears committed to a cadence built around smaller updates and more predictable deployment.
The Mac lock screen has always felt a little underused. You see the time, your wallpaper, and not much else. macOS already supports desktop widgets, but once your Mac is locked, that extra information disappears.
WidgetScreen is trying to fix that in a pretty simple way. The free Mac app, made by UK computer science student Sam Cook, adds glassy widgets to the lock screen so you can quickly check things like the weather, clock, calendar, battery, music playback, countdowns, and system information.
The app is intentionally limited to the lock screen. The widgets appear when the Mac is locked and disappear when the user signs in, so they do not compete with macOS desktop widgets.
What does WidgetScreen actually do?
WidgetScreen is built for quick glances. You can arrange widgets on a grid, resize them, choose frosted or clear glass styles, change units and time format, and decide which display they appear on.
The app also avoids one obvious concern. It does not ask for Screen Recording permission, and its website says it does not capture your screen or read your wallpaper. Instead, the widgets sit above the lock screen as native windows. Weather data comes from Open-Meteo, with a coarse IP-based location by default. You can also set a custom city manually.
How much does it cost?
WidgetScreen is completely free, does not require an account, and works on macOS 15 or later. It also lives in the menu bar, so it is easy to tweak without digging around.
Cook is already taking feedback from Reddit users. Automatic updates and improved frosted glass visuals have been added, while user-added widgets, desktop support, more opacity controls, extra calendar options, and more widget styles are among the ideas being worked on for future updates.
Claude Guillemot, one of five brothers who co-founded Ubisoft in 1986, has died in a plane crash near the coastal town of La Baule in western France. He was 69. Guillemot and a flight instructor from Rennes were both killed when their twin-engine Cessna 421 crashed in a field near La Baule aerodrome on the afternoon of 19 June.
French authorities confirmed that the aircraft was on fire when emergency crews reached the scene. Guillemot, a member of a local flying club, had departed Rennes and was travelling to an aviation gathering that was expected to draw more than 100 aircraft to the area. The cause of the crash has not been determined, and an investigation is underway.
Ubisoft confirmed the death in a statement, saying the company was “deeply saddened to learn of the death of Claude Guillemot.” The five Guillemot brothers, Claude, Yves, Michel, Christian, and Gérard, founded Ubisoft on 28 March 1986 in the Brittany village of Carentoir. What began as a software distribution business grew into one of the largest video game publishers in the world, behind franchises including Assassin’s Creed, Far Cry, Just Dance, and the Tom Clancy series.
Claude served as Executive Vice President in charge of operations at Ubisoft and sat on the company’s board of directors. His brother Yves remains chairman and chief executive of Ubisoft, which employs roughly 19,000 people across more than 40 studios worldwide.
Outside Ubisoft, Claude was chairman and CEO of Guillemot Corporation, the family’s publicly traded holding company that owns Thrustmaster, a major manufacturer of gaming peripherals including racing wheels, flight sticks, and controllers, and Hercules, which makes audio and DJ equipment. Guillemot Corp reported revenue of €197.7 million in its most recent fiscal year.
The Guillemot family’s grip on Ubisoft has been a recurring topic in the gaming industry. Despite holding roughly 11% of outstanding shares, the family maintains control through France’s Florange Act, which grants double voting rights to long-term shareholders. In 2022, Tencent, the Chinese conglomerate that has aggressively expanded its gaming portfolio, invested approximately €300 million in Guillemot Brothers Limited, the family’s private holding company, acquiring a 49.9% economic stake while receiving only 5% of voting rights.
That deal was widely interpreted as a defensive move, allowing the Guillemots to maintain control of Ubisoft while keeping Tencent’s influence capped. Tencent also holds a direct stake of approximately 9.46% in Ubisoft and invested €1.16 billion in Vantage Studios, a new Ubisoft subsidiary created in 2025 to manage the company’s biggest franchises. The question of whether Tencent and the Guillemot family would eventually pursue a full buyout has lingered for years, with no deal materialising as of June 2026.
Ubisoft has faced significant headwinds in recent years, including studio closures, layoffs affecting hundreds of employees, and a corporate restructuring that split the company into five creative divisions. The successful launch of Assassin’s Creed, a franchise that has expanded beyond games into film and television, helped stabilise the company after a difficult 2024, with Assassin’s Creed Shadows surpassing five million players within four months of its March 2025 release.
Claude Guillemot’s death comes at a particularly complex moment for the family business he helped build. Ubisoft is navigating activist investor pressure, an ongoing strategic partnership with Tencent, and a broader gaming industry contraction that has seen tens of thousands of jobs eliminated across the sector since 2023.
He is survived by his brothers and his family. French media reported that tributes from the gaming industry and the Brittany business community began arriving within hours of the announcement.
Asked about the privacy implications of chatbots like ChatGPT and Claude, Signal President Meredith Whittaker answered, “These are not your friends. These are not conscious beings. These are not sentient interlocutors.”
Whittaker made those comments in a broader interview with Bloomberg about policy, privacy, and Signal. She acknowledged that she uses AI tools “to format a document here and there,” but insisted, “I don’t ask them questions. I’m very serious about my thinking and writing, and I don’t want the process of working through an idea […] to be foreclosed or eclipsed by the response of a system that’s averaging what’s already out there.”
As for Microsoft AI CEO Mustafa Suleyman’s prediction that users could let Microsoft Copilot handle all their Christmas shopping this year, Whittaker argued this scenario — where Copilot is eavesdropping on the family group chat to determine who wants want — means giving it “access to my credit card, my browser, my Signal, the ability to message my siblings on my behalf, my home address [and] my calendar.”
“What you’ve just described is a system with very pervasive access across multiple applications and services,” Whittaker said. “In the context of Signal, it would constitute a kind of a backdoor.”
Movie studios keep hunting for ways to make a trip to the theater feel essential again. Sony Pictures landed on one clear path with its next Spider-Man film. The studio worked directly with CJ 4DPLEX to present Spider-Man: Brand New Day in SCREENX, a format built to spread the action beyond the front screen and across the side walls of specially equipped auditoriums.
Audiences who choose this version enter rooms where specific scenes continue to play out on the walls next to them. The primary story remains front and center on the enormous screen in front, but there are supplementary shots playing out to the left and right. The combination of the two produces a very broad, all-encompassing perspective that immerses you in the action rather than making you a distant spectator.
Sale
Anker Nebula P1i Portable Projector with WiFi and Bluetooth by soundcore, Flippable Design,1080P FHD, 4K…
- Flippable Audio Magic: Rotate the 20W (2 x 10W) Dolby Audio speakers 90° side to side or 200° up and down for sound that follows your vibe, perfect…
- True Brightness, Real Clarity: Enjoy lifelike details with TÜV‑certified 380 ANSI lumens and 1080p Full HD resolution that make every movie night…
- Designed for Consistent Viewing: All‑glass lenses and fully sealed optical engine resist dust and wear, keeping every frame crisp and clear even…
SCREENX is powered by a multi-projection system, with one projector handling the main screen and additional ones dealing with the side walls. The photos are all aligned using smart techniques like as warping correction and edge blending, resulting in a seamless image despite the fact that the walls are at an angle to the main surface. There are no special glasses required, which is a plus. The extra content is kept under control since it only appears at specified points in the film, rather than running throughout.
SCREENX has been widely used by filmmakers since it first appeared in films rather than only advertisements a few years ago. The amount of extra content on the side walls has been progressively expanding. Some films may only open the walls for a few twenty or thirty minute portions, but newer films can keep them open for an hour or more. Extra material is typically created from existing film or digital elements added later in the editing process.
However, Spider-Man: Brand New Day takes a different approach to the situation. CJ 4DPLEX despatched a crew to the set while the main crew was filming. That team took specialized photographs for the side walls, and this is the first time the format has had unique on-set photography generated particularly for it from the start of a major studio film until its release. Director Destin Daniel Cretton puts it simply: CJ 4DPLEX and their team came in to shoot content for the SCREENX auditoriums.
Jun Bang, the CEO of CJ 4DPLEX, described it as an advancement of the overall SCREENX concept. They collaborated closely with Sony Pictures and Cretton, utilizing their proprietary tools to greatly expand the visual possibilities. The goal was to ensure that they preserved the director’s vision while also immersing the audience in the story, action, and Spider-Man world.
It should come as no surprise that Taylor Swift, Bad Bunny, Ariana Grande, and Kendrick Lamar are among the top 20 most streamed artists of all time on Apple Music. Check out the full list.
Apple Music launched on June 30, 2015, and it celebrated 10 years of streaming with a top 500 songs list. A year on, the streamer has shared a new metric.
The new chart is the top 20 artists of all time on Apple Music, shared by Chart Data on social media. It’s an official endorsement, as Apple Music’s account reposted it and replied with a heart and trophy emoji.
It isn’t clear what prompted the post, but we are in proximity to Apple Music’s birthday, so it may simply be that. If you don’t live under the proverbial rock, none of these artists should come at any surprise.
- Drake
- Taylor Swift
- Future
- Youngboy Never Broke Again
- Bad Bunny
- Lil Baby
- The Weeknd
- Morgan Wallen
- Kanye West
- Post Malone
- Travis Scott
- Ariana Grande
- Chris Brown
- Kendrick Lamar
- Lil Durk
- Gunna
- Rod Wave
- Ed Sheeran
- Justin Bieber
- Eminem
Apple isn’t promoting the list on Apple Music, at least not yet anyway. If you’re interested in the top 500 song playlist, it’s still available.
Out of the twenty artists present, I have six in my library. Unsurprisingly, the vast majority of music represented here is in the rap or pop genres.
If you’d like to see something a little more personalized, there’s your Apple Music Replay. Unlike Spotify Wrapped, it is updated monthly, so your 2026 Replay is already available.
Why you can trust TechRadar
We spend hours testing every product or service we review, so you can be sure you’re buying the best. Find out more about how we test.
Sonos Era 100 SL: two-minute review
The Sonos Era 100 SL is a wireless speaker that features nearly all the strengths of 2023’s original Sonos Era 100, but at a cheaper price. While it isn’t a surprise that there have been some trade-offs to get that cost down, I doubt they’ll be a dealbreaker for most people.
Sonically speaking, there aren’t many sacrifices at all. In the mid-range, the Era 100 SL is capable of impressive detail. When I played I Want You by Moloko, I was impressed by how well its funky guitar noises, strings and acidy synth line cut through the mix, without interfering with the wonderfully polished vocals.
However, I found the high end a little more cluttered on occasion: listening to The Gloaming by Radiohead, I did feel that the rhythmic pulsing static was a bit too forward, treading on the toes of the granular synth. It sounds great for the price, but you do get a finer presentation if you pay more.
Latest Videos From
Bass was always the original Era 100’s achilles heel. It often tipped into being brash, slightly swamping the rest of the mix. When I played Six Days (Machinedrum remix) by DJ Shadow on the SL, the low-end appeared slightly more dynamic when compared to the original Era 100, leading me to wonder if a software tweak to rein in bass was responsible, or whether it’s part of the re-engineering inside that Sonos CEO Tom Conrad told us the company had done, to hit the lower price.
Either way, it still isn’t great with sub, though: it falls away just when it hits the drop, that swelling bassline feeling nowhere near as substantial as it sounds on the best wireless speakers that are pricier.
Generally, though, the SL offers a spacious presentation, especially when fed high-quality recordings. Playing Wasting My Young Years by London Grammar from Tidal’s hi-res tier, I was struck by the airiness of the mix, which allowed the silvery vocals to stand apart from the piano and drums.
Unfortunately, this doesn’t quite extend to the speaker’s stereo field — as with its predecessor, I found it hard to differentiate a clear stereo separation unless I was very close. As such, you’re unlikely to get a clear sense of left and right from halfway across the room — but then, at this price, you could actually buy two happily.
So the Era 100 SL is as easy on the ear as its predecessor, albeit with some of the same drawbacks. But how does it look?
Given it’s largely decked out in the same getup as the Era 100, there really are few surprises here. It’s the same dimensions and has the same wraparound grille and matte-plastic top surface. The touch-capacitive control scheme is also largely identical — with the voice control button being the only real omission, because Sonos removed that feature. Otherwise, Sonos has stuck with what works for the SL, and I’d say that was the right instinct.
In fact, probably the only area where the SL makes a real departure from its namesake is in its feature set. Connectivity remains solid, offering Wi-Fi 6, AirPlay 2 and a whole host of built-in streaming services — although the only wired input you’ll get is if you splash extra cash on its USB-C to 3.5mm analog converter. EQ options are identical to those on the Era 100, offering just the option to boost or duck bass or treble.
But there are two significant differences. First off, as I alluded to above, voice control has been stripped out of the SL. This feels like a reasonable sacrifice to lower that price — and I’d rather that than weaker sound quality.
Slightly more an issue for me is the omission of Trueplay room correction for Android users (which is a consequence of dropping the microphones, since the Android solution relies on them). Those with an iPhone can still tailor the SL’s sound to their space using their device to track calibration sound as they walk around the room. Given how well this feature polishes its sound, it is a shame that you’ll miss out if you’re on an Android device.
Despite this though, the Sonos Era 100 SL is well worth it. You get the quality sound plus classic design of Sonos’s pricier speaker, for the reduced price of $189 / £169 / AU$289. That’s a pretty great bargain and ameliorates our biggest hesitation with its pricier predecessor. Yes, it’s a shame that Android users miss out on a great feature but it’s still the best home speaker you’ll get for this price.
Sonos Era 100 SL review: specs
Swipe to scroll horizontally
|
Category |
Specification |
|
Drivers |
2 x angled tweeters, 1 x mid-woofer |
|
Amplification |
3 x Class-D digital amplifiers |
|
Dimensions |
182.5 x 120 x 130.5mm / 7.18 x 4.72 x 5.14 inches |
|
Connectivity |
Wi-Fi 6, Bluetooth 5.3, USB-C (Line-in via adapter) |
|
Streaming support |
Apple AirPlay 2, Sonos app (Spotify, Tidal, etc.), Amazon Music |
|
Voice assistant support |
None |
|
Other features |
Advanced Trueplay (iOS only), Stereo pairing, Humidity resistance |
Sonos Era 100 SL review: price & availability
- Launched on March 31, 2026
- Costs $189 / £169 / AU$289
- Available in black or white
Having launched on March 31, 2026, the Sonos Era 100 SL is available now, at a cheaper price than its predecessor, the Era 100.
The SL comes in at $189 / £169 / AU$289, compared to the Era 100’s now-reduced price of $219 / £199 / AU$319. While not a huge gulf, it still amounts to a decent saving, especially given the near-identical specs.
And, as is usually the case with Sonos gear, for that price you have the option to pick up the speaker in white or black.
Sonos Era 100 SL review: features
- Good connectivity options and streaming service support
- Room correction only compatible with iPhone
- No voice control of any kind
So how does the Sonos Era 100 SL’s featureset differ from its spendier stablemate? Well, on paper, it’s very similar to the Era 100, with only a couple of key differences.
Let’s start with its drivers. The SL offers the same setup as as the Era 100, with a mid-woofer to handle both mid-range frequencies and bass, while two angled tweeters take care of the treble and help form its stereo field. These are all driven by the speaker’s three class D amplifiers, meaning you get decent volume and low-end heft.
Setting up Sonos products has always been a breeze, and the Era 100 SL is no exception. Simply plug it in, download the Sonos app, and select the system you want to add it to. Tap on your speaker when it appears, and it will play an audio pin to connect it to your system. After installing an update via the app, I was good to go.
The last (optional) step is to set up the SL’s Trueplay room-calibration tuning, which is designed to get you the best possible sound from the speaker, and that works much the same as it did on the Era 100.
Essentially, you point your iPhone’s mic toward the speaker, then walk around the room while whirling it around in slow circles with one arm, like a lopsided propeller.
Following calibration, the sound definitely seemed free of obvious acoustic issues — there wasn’t any boom back from the bass, nor any unfortunate reverberations off the surfaces or walls — so Sonos’ room correction seems as effective as ever.
Unfortunately, there’s a pretty major caveat here: unlike on the Era 100, the SL’s Trueplay tuning is only compatible with iOS. And that is a real shame, given it does help unlock the SL’s best sound. However, it still offers great performance for Android users, even if the lack of Trueplay does add an asterisk there.
Trueplay for Android users isn’t the only feature removed to help reduce the SL’s price. The voice control offered by the full Era 100 has been omitted, too, saving you the price of the mic module and controls. Personally, it takes me far longer to horsewhip my thoughts into a spoken command than it does to simply pull out my phone, so I’m not all that bothered about the lack of voice assistant. But if you are, you’ll probably prefer the Era 100.
While I’ve mentioned how much I rate the Era 100 SL’s room-correction tech, I can’t really say the same for its EQ options. The Sonos app only offers the ability to boost or duck the treble or bass by up to 10 levels. While I do think Sonos’s speakers sound a lot better than some wireless speakers out of the box, plenty of rivals now offer nine-band or even parametric EQ — which makes the SL’s bass and treble sliders feel like old hat.
As far as connectivity options are concerned, the Era 100 SL offers a decent range. Using Wi-Fi 6, you can stream tunes directly from your devices using AirPlay 2, or from the speaker using built-in apps including Amazon Music, Apple Music, Deezer, Soundcloud, Spotify, Tidal and a whole heap more. Meanwhile, Bluetooth 5.3 will allow you to hook up all your non-Apple devices, although there’s no support for higher-res formats such as aptX HD.
Sadly, the Era 100 SL is less well equipped when it comes to physical connections. Its USB-C port is only for plugging in adapters, so banish any thoughts of hooking up wired digital audio. So while it does allow you the option for plugging in either a 3.5mm jack for analog audio or an Ethernet cable, each of these requires you to buy a separate adapter. It’s a world away from the wealth of ports that a speaker such as the Bluesound Pulse Flex offers.
Sonos Era 100 SL review: sound quality
- Impressive detail
- Rich mids, and bass feels slightly less muddy
- Relatively weak stereo field
My big worry when preparing to test the Sonos Era 100 SL was that in trying to hit the cheaper price point, there would have been a negative impact on the quality of its sound. Fortunately, I’m pleased to reveal this isn’t the case — the Era 100 SL happily holds its own against its predecessor and, in some areas, I actually wonder if software tweaks have reined in some of the Era 100’s worst impulses.
First, let’s start with the mid-range. When listening to Venera by George Fitzgerald, I was impressed with how much presence and detail the SL could squeeze out of the track’s vocal, pad washes and synth lines, making them sound like a richly textured whole. Admittedly, some of the percussion felt a little less punchy than I’m used to, but that was more than made up for by how well it balanced the saturated, arpeggiated synth and organic organic woodwind sounds that close out the track.
The original Era 100 came unstuck mainly in the bass — like an overexcitable puppy, it was both enthusiastic and yet lacking in discipline. Here, it sounds like the SL’s software has been tweaked slightly to rein this in.
Comparing Listen by Pola & Bryson and Goddard on both speakers, sustained bass notes sound less reverberant and flabby on the SL, while snarling distorted bass synths seem more tightly expressed. However, not that if you’re expecting super-low bass from either device, you’ll be left wanting: there’s very little in the way of sub from either.
I tested the SL’s treble by playing Go Your Own Way by Fleetwood Mac — an exam it easily passed, even if it didn’t quite ace it. There wasn’t any unpleasant distortion or oversaturation to it, while the snare and toms had a delicious punch that kept everything moving forward. However, my one reservation was that the rhythmic punch and the polished vocals slightly outshone the twangy rhythm guitar — for me, they’re part of what makes the track so iconic, so it was a shame they didn’t get to share as much of the limelight.
Given the Era 100 SL doesn’t exactly sit at the premium end of the market, it also does a good job of separating different instruments in the mix. Playing a hi-res stream of Clair de Lune by Kamasi Washington straight from Tidal, I was impressed by the clarity of timbre of each instrument, especially during the solos. The trumpet beautifully conveys the instrument’s rich harmonics, while the sliding strings of the double bass as the player launches into their solo are brilliantly expressed.
Like its predecessor, the SL is only capable of so-so stereo. Unlike some more premium speakers, it still largely feels like the sound is issuing from a single point. And when I played Manchild by Eels, I could appreciate the stereo separation between elements — with the guitars clearly panned to the right and the vocals to the left — but only when I was sat within a few feet of the device. At least listening angles are pretty consistent, with only a very slight drop off in the treble as you travel toward the speaker’s back.
All in all, my biggest worries going into this were ill-founded. Despite the cheaper price of the Sonos Era 100 SL, it doesn’t demonstrate any significant sonic sacrifices compared to its full-fat sibling. And there may have even been a few software tweaks behind the scenes to slightly rein in the wilder tendencies of the older speaker. Either way, it’s a very decent-sounding speaker for the price.
- Sound quality score: 4.5 / 5
Sonos Era 100 SL review: design
- Almost identical to the Era 100
- Solid, tactile build
- Effective touch-capacitive controls
When it comes to looks, the Sonos Era 100 SL remains almost identical to its older sibling. They share the same cylindrical ellipse shape, are wrapped in the same metallic grille, and arrive in the same black or white colorway. If you’ve ever gawked at the older Era 100, you’ll know exactly what you’re getting here.
All in all, the Era 100 SL is decently stylish, feels solidly built, and the matte plastic of its top surface is pleasingly tactile. While I’ve poured scorn on quite a few wireless speakers lately for defaulting to this same basic format, I’ll give Sonos a pass here. First off, it was largely the brand that coined this look in the first place — and, more importantly, the Era 100 SL is principally a cheaper speaker wearing its spendier brother’s clothing, meaning it was never going to break the mould of existing speakers.
In light of this, so not surprisingly, the Sonos Era 100 SL is the same size as its full-fat sibling, measuring 7.19 x 4.72 x 5.14 inches / 182.5 x 120 x 130.5mm. However, it’s ever so slightly lighter — presumably thanks to its shedding of voice control mics — weighing in at 4.3lbs / 1.95kg compared to its predecessor’s 4.45lbs / 2.02kg. That makes it a pretty average size in the grand scheme of things, neither Lilliputian like the 0.96lbs / 0.44kg Sonos Roam 2, nor Brobdingnagian like the hulking, 3 lbs / 14.5kg Cambridge Audio Evo One.
With one notable exception, the erstwhile voice control button, the buttons on the Era 100 SL are the same. And that’s very much a plus: there’s no need to fix the Era 100’s control scheme since it definitely isn’t broke. Its touch-capacitive controls are easy to activate, allowing you to play, pause and skip tracks, while swiping its touch bar lets you tweak its volume. Sure, it could offer light-up symbols for use in darker rooms or customizable shortcut keys, but it covers the core functions well.
Fundamentally, the Era 100 SL is the spitting image of the Era 100 before it. So if you were a fan of the older model, you can be sure you’ll like its younger sibling.
Sonos Era 100 SL review: value
In our review, one of our criticisms of the original Sonos Era 100 was its increased cost. Its initial list price of $249 / £249 / AU$399 presented a chunky markup on the Sonos One at $219 / £199 / AU$319 , but even more so when compared to the Sonos One SL’s $199 / £179 / AU$289. Even though the Era 100 has now come down in price to $219 / £199 / AU$319, that’s still only roughly comparable to the Sonos One.
Conversely, the Era 100 SL has a list price of $189 / £169 / AU$289, making it the same price or even cheaper than the Sonos One SL but with many of the same features and the exact same sound quality as the Era 100. That’s not to be sneered at.
In fact, if you’re an iPhone user, the only real thing you’re losing here is voice control, something I’m personally happy to sacrifice for a bit of a bargain. And even if you’re an Android user, this price is still well worth it as you’re unlikely to get much better performance by investing your spend elsewhere. Access to Trueplay is a definite bonus but that shouldn’t detract from the fact the SL still offers great sound for its price.
Should I buy the Sonos Era 100 SL?
Swipe to scroll horizontally
|
Attributes |
Notes |
Rating |
|---|---|---|
|
Features |
Good range of connectivity options, but weaker EQ settings. No voice control. Room correction not available on Android |
4/5 |
|
Sound quality |
Well-expressed mids and highs, and excellent clarity and separation; bass seems slightly less doughy. |
4.5/5 |
|
Design |
Near-identical to its predecessor, with the same classy looks and effective touch controls. |
4/5 |
|
Value |
Much better price than its predecessor for much the same performance, even if one or two features were dropped to get it there. |
4.5/5 |
Buy it if…
Don’t buy it if…
Sonos Era 100 SL review: also consider
Swipe to scroll horizontally
| Header Cell – Column 0 |
Sonos Era 100 SL |
Sonos Era 100 |
WiiM Sound Lite |
|---|---|---|---|
|
Drivers |
2 x angled tweeters, 1 x mid-woofer |
2 x angled tweeters, 1 x mid-woofer |
2x 1-inch silk-dome tweeters, 1x 4-inch paper-cone woofer |
|
Amplification |
3 x Class-D digital amplifiers |
3 x Class-D digital amplifiers |
100W (50W woofer, 2x 25W tweeters) |
|
Dimensions |
7.19 x 4.72 x 5.14 inches / 182.5 x 120 x 130.5mm |
7.19 x 4.72 x 5.14 inches / 182.5 x 120 x 130.5mm |
7.6 x 5.7 x 5.7 inches / 193 x 146 x 146mm |
|
Connectivity |
Wi-Fi 6, Bluetooth 5.3, USB-C (Line-in via adapter) |
Wi-Fi 6, Bluetooth 5.0, USB-C (Line-in via adapter) |
Wi-Fi 6E, Bluetooth 5.3, Ethernet (100Mbps), 3.5mm Aux-in |
|
Streaming support |
AirPlay 2, Sonos app (Spotify, Tidal, etc.) |
AirPlay 2, Sonos app (Spotify, Tidal, etc.) |
Chromecast, Spotify/Tidal/Qobuz Connect, DLNA, Roon Ready |
|
Voice assistant support |
None |
Amazon Alexa, Sonos Voice Control |
Works with Alexa/Google (via external device) |
How I tested the Sonos Era 100 SL
- Tested it over four weeks
- Compared it to the Era 100 using a wide range of tracks
- Have decades of experience using audio hardware
I tested the Sonos Era 100 SL over the course of about a month. I made sure to utilize many of its key features, including room-tuning and EQ, and tried connecting to it through a range of options from direct streaming on the device through to connecting discrete devices using AirPlay 2.
To assess its sound quality, I played a wide variety of music, from classic rock to liquid drum & bass. I also compared the sound, side by side, with the Era 100 to see whether I could perceive any significant differences between their sound signatures. In addition, I compared each version’s stereo field and angle drop-off to see whether either revealed any issues with their soundstage.
As well as spending at least the past six years reviewing wireless speakers for tech publications, I have decades of experience using audio hardware in my home environment, including a range of wired and wireless speakers and headphones. I’ve also spent 20 years producing music from home, which has given me a firm understanding of how to assess the balance of frequencies and stereo elements.
ecoustics is a hi-fi and music magazine offering product reviews, podcasts, news and advice for aspiring audiophiles, home theater enthusiasts and headphone hipsters. Read more →
Copyright © 1999-2026 ecoustics | Disclaimer: We may earn a commission when you buy through links on our site.
Launcher V2 will go through a private beta before a public release.
After an Epic Games exec admitted to Eurogamer that its launcher sucks earlier this year, the company reportedly revealed that it’s working on a “ground-up rebuild” of its launcher that will be much faster than the existing version. In a presentation given during Unreal Fest, parts of which were posted on X by LuKaOnIndeed, Epic said that Launcher V2 will be five times faster on an average cold start and 6.5 times faster when restoring the app from the system tray.
Epic said in its presentation that “every developer in this room and every player we have has experienced challenges with the current launcher.” Gamers have even gone to great lengths to access their free games claimed on the Epic Games Store through Steam to avoid the launcher’s slow and clunky design. As seen as part of a roadmap in Epic’s presentation, the Launcher V2 will have a private beta first, before seeing an eventual public release. Epic hasn’t detailed exact dates for the new launcher, but said in a February press release that it’s “in the process of rebuilding the underlying architecture of the Epic Games Store Launcher and plan to ship improvements this summer.”
Beyond the launcher improvements, Epic revealed during Unreal Fest that it would be adding a few more tweaks to its storefront. The slides shared by LuKaOnIndeed mentioned priorities like in-store patch notes, player reviews, quick-access categories and a personalized home page.
If you’re a longtime Android user or just a very well-informed iOS user, you probably remember how Android versions used to be named after desserts. Android 1.5 Cupcake, released in April 2009, was the operating system’s first public release to use a confectionery naming scheme. Since then, we’ve seen more than a dozen releases, each bearing the name of a popular sweet treat in alphabetical order — well, popular at least in some parts of the world.
This was one of the major reasons why Google pivoted away from attaching dessert names to Android releases in 2019. Sameer Samat, vice president of product management for Android, explained in a blog post how this naming scheme posed challenges for a global audience. In many parts of the world where treats like jelly beans or gingerbread aren’t particularly popular, it didn’t make much sense to market and label an entire version of Android around them.
This is likely why the final few Android versions preceding Android 10 were named after desserts with broader international recognition — KitKat, Lollipop, Marshmallow, Nougat, Oreo, and Pie. Plus, for languages where certain letters or sounds aren’t easily distinguishable (like Japanese with “L” and “R”), Google noted how the alphabetical naming convention can be confusing. Instead, it opted for a far simpler naming system based on numbers. It’s now easier to tell which version of Android your phone is running and whether it’s the newest one available.
How is Android’s new brand identity holding up?
There was understandable criticism pouring in from Android enthusiasts when Google decided to drop its naming convention with Android 10. While it’s sad knowing that the average Android user will never be blessed with an Easter egg related to a sweet treat again, for those nerdy enough, Android has continued to use confectionery-based codenames internally. Android 10 was known as Quince Tart, Android 11 as Red Velvet Cake, Android 12 as Snow Cone, and so on. The latest version of the operating system, Android 17, is internally known as Cinnamon Bun.
Fortunately, Android hasn’t lost its fun nature. While not every major release is a visual overhaul, we have seen plenty of playful touches over the years. Google’s Material You design system is all about how the user interface uses dynamic colors for a more personal feel. Material 3 Expressive took this a step further by adding a refined motion-physics system and improved typography. It also helps that nearly every Android OEM brings its own flavor to Android. The bottom line is we don’t think Android has lost its creative or unique edge simply because Google stopped erecting statues of popular desserts in Mountain View, California.
Android may be moving away from desserts, but recent versions seem to have found a different niche — space exploration. Like the Easter egg in Android 14, newer versions have featured an interactive space-themed mini-game you can try.
Business58 seconds ago
YETI: Brand Continues To Resonate With Consumers (NYSE:YETI)
Sports4 minutes ago
US Open 2026: Wyndham Clark stands firm as Scottie Scheffler makes move at Shinnecock Hills
Tech5 minutes ago
Windows 11 26H2 continues Microsoft’s shift to smaller and faster updates
-
Business6 days agoNo Jackpot Winner as $257 Million Prize Rolls Over to $269 Million Monday Draw
-
Fashion1 day agoWeekend Open Thread: Miami – Corporette.com
-
Crypto World6 days agoZimbabwe Requires Crypto Businesses to Register Annually Under New FIU Regulations
-
Business23 hours agoWall Street Week Ahead: Investors see Micron earnings as pulse check of AI rally momentum
-
Entertainment6 days agoMatt Damon’s Viral Sci-Fi Thriller Has Taken Over HBO Max
-
Tech6 days agoAs AI companies race to go public, who else is along for the ride?
-
Business6 days agoAnthropic staff to meet White House officials next week, Axios reports
-
Crypto World6 days agoBitcoin could crash to $48,000, if this historical pattern is triggered
-
NewsBeat6 days agowhat doctors are seeing in ebike crashes
-
NewsBeat6 days agoWarning of disruption as Cardiff Crossrail works to start
-
Crypto World24 hours agoHIVE shares jump as $220M AI deal speeds Bitcoin mining pivot
-
NewsBeat6 days agoTributes to former deputy head teacher at Cambridge school among death and funeral notices
-
Politics6 days ago“Israel’s” ban on ICRC visits ruled illegal, but Knesset moves to stop them permanently
-
News Videos6 days agoFinancial Accounting | Last Day Revision Strategy and Booster | CMA Inter – June 2026
-
Entertainment6 days agoKate Middleton Glare Goes Viral After Kids Booed At Royal Event
-
Tech6 days agoOver 400 Arch Linux packages compromised to push rootkit, infostealer
-
Crypto World6 days agoXRP ETFs Outperform As Bitcoin And Ethereum Funds Extend Outflow Trend
-
Business6 days agoInvesco Quality Income Fund Q1 2026 Commentary
-
NewsBeat6 days agoSinger Oliver Tree dies aged 32 in helicopter crash in Brazil
-
Crypto World6 days agoMarket Preview: SpaceX (SPCX) IPO Record, Federal Reserve Meeting, and Iran Nuclear Agreement
You must be logged in to post a comment Login