Apple has officially released the Studio Display XDR, and those who expect the best from their work now have a seriously enticing new alternative right on their desk. A 27-inch screen with 5K resolution (5120 by 2880 pixels) is a powerhouse of detail, providing stunning clarity in every part of the image.

The Mini-LED backlighting separates the image into 2,304 individual ‘zones’ that can be fine-tuned to perfection, resulting in smooth blacks and eye-popping highlights with no glow visible, even near the edges. If you’re a fan of HDR content, you’ll be pleased to know that peak brightness can reach 2,000 nits, while conventional dynamic range remains a decent 1,000 nits, ideal for seeing what’s going on in those bright conference rooms.

Sale

BenQ PD2730S 27″ 5K 218 PPI Mac Monitor, 90W Thunderbolt 4, 98% P3, Uniformity, 2000:1 Contrast, Nano…

• RETINA-LIKE 5K RESOLUTION: Experience 5120×2880 clarity with 218 PPI, delivering ultra-sharp details and smooth gradients. View details with more…
• ACCURATE & RELIABLE COLOR MANAGEMENT: 98% P3 and 2000:1 contrast ensure precise color accuracy with deep blacks and vibrant tones, perfect for VFX and…
• MAC-COMPATIBLE THUNDERBOLT4: Seamlessly delivers up to 90W power, 40Gbps transfers, and supports two 5K or one 8K display when used with Thunderbolt…

Color and contrast are also on par with the best displays currently available, with a contrast ratio of 1,000,000:1, so expect to see shadows that reveal hidden details and bright regions that remain as vibrant as the moment they were recorded. Furthermore, the P3 wide gamut is fully covered, with additional Adobe RGB compatibility for all you print and design folk, and a generous 80% or so of the Rec. 2020 region to boot, which is a huge assist if you’re working on difficult HDR projects. Try as you might, you’ll find no shortage of clever little reference modes, including one for HDR photography in P3-D65, as well as some DICOM presets that will come in handy for medical imaging, but you’ll need to go get those specific calibration tools cleared first, as they are still pending.

Motion is silky smooth owing to a 120Hz refresh rate and Adaptive time, which alternates between 47Hz and 120Hz to stay perfectly in time with whatever you’re watching. Scrolling through your photo libraries or previewing video edits should feel as smooth as silk on compatible hardware. However, Apple Silicon chips of the older M1, M2, or M3 variety are stuck at a mere 60Hz, and Intel Macs won’t run it at all, so you’ll need one of those shiny new M4 or later systems to get the full effect.

The connectivity suite is based around a pair of Thunderbolt 5 ports, two of which provide high-speed data and allow you to daisy-chain an extra monitor or two. You’ll also get up to 140w of electricity to charge a 16-inch MacBook Pro with a single cable, as well as two USB-C ports for connecting peripherals as needed. The display’s stand allows for tilt and height adjustment, as well as a beautiful smooth counterweight that makes the whole thing feel like it’s floating in midair; however, you may forgo the stand and use a VESA mount if you prefer.

Speaking of kit, the Studio Display XDR’s six-speaker audio setup at is seriously impressive, with Spatial Audio carefully adjusted to offer crisp sound with some great bass. It also includes a 12MP Center Stage camera to follow you around during calls or to show off your setup to friends and family, as well as an equally compact three-mic array that will easily pick up your voice.

Finally, the Studio Display XDR costs $3,299 for the standard glass version, which is a little less than the previous Pro Display XDR and includes a slew of modern features such as a higher refresh rate and improved dimming, as well as a snazzy new camera and speakers.

A maximum severity vulnerability in the FreeScout helpdesk platform allows hackers to achieve remote code execution without any user interaction or authentication.

The flaw is tracked as CVE-2026-28289 and bypasses a fix for another remote code execution (RCE) security issue (CVE-2026-27636) that could be exploited by authenticated users with upload permissions.

Researchers at OX Security, a company that secures applications from code to runtime, say that an attacker can exploit the new vulnerability by “sending a single crafted email to any address configured in FreeScout.”

According to them, the fix attempted to block dangerous file uploads by modifying filenames with restricted extensions or those starting with a dot.

The OX Research team discovered that a zero-width space (Unicode U+200B) could be placed before the filename to bypass the recently introduced validation mechanism, since the character is not treated as visible content.

Subsequent processing removes that character, allowing the file to be saved as a dotfile, and hence, still triggering CVE-2026-27636 exploitation by completely bypassing the latest security checks.

Making matters worse, CVE-2026-28289 can be triggered by a malicious email attachment delivered to a mailbox configured in FreeScout, the researchers say.

The program stores the attachment in “/storage/attachment/…,” enabling the attacker to access the uploaded payload through the web interface and execute commands on the server without authentication or user interaction, making it a zero-click vulnerability.

“A patch bypass vulnerability in FreeScout 1.8.206 allows any authenticated user with file upload permissions to achieve Remote Code Execution (RCE) on the server by uploading a malicious .htaccess file using a zero-width space character prefix to bypass the security check,” the vendor says in a security bulletin.

FreeScout is an open-source help desk and shared mailbox platform used by organizations to manage customer support emails and tickets. It’s a self-hosted alternative to Zendesk or Help Scout.

The project’s GitHub repository has 4,100 stars and over 620 forks, and OX Research reports that its Shodan scans returned 1,100 publicly exposed instances, indicating it’s a widely used solution.

CVE‑2026‑28289 affects all FreeScout versions up to and including 1.8.206 and was patched in version 1.8.207, released four days ago.

The FreeScout team warned that successful exploitation of CVE‑2026‑28289 may result in full server compromise, data breaches, lateral movement into internal networks, and service disruption. Hence, immediate patching is advised.

OX Research has also recommended disabling ‘AllowOverrideAll’ in the Apache configuration on the FreeScout server, even when on version 1.8.207.

No active exploitation of CVE‑2026‑28289 has been observed in the wild as of writing this, but given the nature of this flaw, the danger of malicious activity starting soon is very high.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Advertisement

Download The Report

The vivo X300 Pro already redefined smartphone photography last year. But it looks like the Chinese smartphone maker isn’t done yet. vivo has confirmed that the vivo X300 Ultra will launch globally after its unveiling at MWC 2026 in Barcelona, Spain. The showcase offered the first look at what could become one of vivo’s most powerful flagship phones of 2026. The smartphone is said to be at the top of the X300 series, with a major emphasis on camera quality and hardware.

Exact details about price and availability are still under wraps, but the global confirmation points to broader availability this time. The device will become part of the X300 series, alongside the X300 and X300 Pro. However, vivo has not yet confirmed whether it will launch in India.

A Strong Focus on Camera Performance

At MWC, vivo presented the X300 Ultra as more than just a regular smartphone. The device was placed inside a SmallRig video cage and connected to a large Zeiss telephoto extender, showing that the company is targeting serious photography users.

According to reports, the Gen 2 extender can achieve up to 17x optical zoom equivalent. With this level of zoom, the X300 Ultra aims to handle long-range photography in a way that feels closer to dedicated camera systems.

Professional-Style Photography Setup

vivo ensured the teleconverter was firmly mounted rather than simply clipped onto the device. The circular mount system built into the SmallRig cage provided a stable and professional attachment mechanism. It also enhanced control and reduced shake during handheld recording. Demo setup included:

• A large detachable 400mm telephoto extender.
• A SmallRig cage for better grip and protection.
• A compact LED panel light mounted on the top cold shoe.
• A stabilised grip or gimbal-style handle for smoother shots.

What to Expect Next

After vivo officially announced that it will release the smartphone globally, it is likely to reveal the smartphone’s specifications and pricing. Moreover, it is now clear that the vivo X300 Ultra smartphone is a camera-centric flagship smartphone meant for photography enthusiasts.

Bitwarden announced support for logging into Windows 11 devices using passkeys stored in the manager’s vault, enabling phishing-resistant authentication.

The new feature is available for all plans, including the free tier, and allows logging into Windows by selecting the security key option and scanning a QR code with a mobile device to confirm access to the passkey stored in the Bitwarden encrypted vault.

Bitwarden is an open-source password and secrets manager that can store account passwords, passkeys, API keys, credit card details, identity data, and private notes.

To use the new feature, there are three required conditions:

1. Have Entra ID–joined devices
2. FIDO2 security key sign-in is enabled
3. Have a registered Entra ID passkey stored in their Bitwarden vault

“Windows now supports industry-standard passkeys secured in the Bitwarden vault, enabling passwordless authentication during sign-in,” Bitwarden says in a press release.

“Users can choose to log in with a passkey stored in the Bitwarden vault, allowing Windows to authenticate using cryptographic credentials rather than passwords, without transmitting shared secrets.”

Bitwarden acts as the passkey provider in the Windows authentication flow, storing the credential in the user’s synced vault rather than binding it to a single device. This also allows recovery using other devices in case of losing the phone.

More importantly, by removing password entry from the login process and using cryptographic challenges signed with private keys stored in the vault, the risk of credential exposure to phishing drops dramatically.

Bitwarden states that Microsoft will roll out passkey login on Windows this month, and it depends on the Microsoft Entra ID configuration.

In November 2025, Microsoft announced the introduction of a passkey provider API on Windows 11, allowing third-party apps like Bitwarden and 1Password to store and manage passkeys for websites and apps on the OS.

The latest announcement extends this further, to a more fundamental authentication layer, that of the OS itself.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

• A new study has found that AI models are fine threatening nuclear attacks in 95% of simulated war games
• The models treat nuclear threats as just another strategic tool
• The behavior may reflect the popularity of nuclear strategy in the war game training data

AI generals are big fans of nuclear weapons.

That’s the conclusion of a new study of how AI models handle high-stakes geopolitical crises. GPT-5.2, Claude Sonnet 4, and Gemini 3 Flash turned to nuclear threats in about 95% of the simulated crises.

Researchers at King’s College London wanted to see how AI tools dealt with strategy in war-gaming scenarios. Each AI was assigned the role of a state leader responsible for protecting national interests while navigating a tense international confrontation.

A UK maker has transformed a collection of discarded disposable vapes into a functional car. Chris Doel, the man behind a number of projects that recycle vape batteries, has recently installed his 500-cell lithium pack in a small electric vehicle and driven it on public roads.

He describes the end result as the world’s only vape-powered automobile. The base vehicle is a Reva G-Wiz, a compact four-seater from the early 2000s that is generally dubbed one of the most unimpressive electric automobiles ever built. It weighs a hefty 400kg without batteries and runs on a very primitive 48volt system, as it originally required heavy lead acid batteries to power its tiny 17 horsepower motor, which could only reach barely more than 50 mph on a good day.

Sale

Anker Laptop Power Bank, 25,000mAh Portable Charger with Triple 100W USB-C Ports, Built-in Retractable…

• Triple 100W USB-C Ports for Multi-Device Charging: Ideal for laptop users, this 25,000mAh power bank features three 100W USB-C ports for simultaneous…
• 25,000mAh for Long-Haul Power: Tackle week-long trips or extended camping with 25,000mAh capacity and ultra-fast recharging, reaching 30% in just…
• Dual Built-In Cables for Travel: Features two USB-C cables, one extendable up to 2.3 ft with 20,000 retractions, and another at 0.98 ft cable that…

Doel already had the battery pack figured out; he’d taken 500 discarded vapes, ensured that each and every cell was still functional, and assembled them all in 14 little modules connected in series to achieve roughly 50 volts. On paper, that yields approximately 2.5 kilowatt hours, but in fact it is closer to 2.1. The same battery had previously powered his workshop’s tools and lights.

Mounting the lot was a little difficult because he had to fabricate an aluminum box to keep everything in place, add some extra insulation, and regulate the vibrations with thermal pads, foam padding, and silicone dampening. A clever battery management system keeps track of the voltages and currents for each individual cell, and individual fuses keep things from turning pear-shaped. There’s also a temperature probe that sounds a small bell when things get too heated. There is Kapton tape and other safety measures in place to ensure that it does not catch fire. The complete unit bolts nicely into the back seat area, replacing the old lead acids.

Electronics were simple enough, as the G-Wiz just utilizes a contactor to switch electricity to an inverter, which operates the motor with three phase AC. Doel simply added a circuit breaker, reprogrammed the inverter to limit the output slightly, and swapped in a DC-DC converter for the 12volt components such as headlights / wipers, and since charging must be done slowly, he simply used a USB-C adapter plugged into a small 138W laptop charger.

So, what happened on the road? Well, it moved. Initial tests indicated it could travel both forwards and backwards, and a proper drive revealed it was pulling approximately 160 amps at 15 mph, reducing to 90-100 amps at 30-35 mph on flat ground. Hills pushed 130-150 amps, but regenerative braking returned roughly 10 amps, keeping the pack nice and cool, peaking at 29°C. On a casual run that included some shopping and fast food, the range was 17-18 miles. Voltage sag from unequal cells eventually caused a cutoff, but no big crisis happened.

Doel purposefully capped the power so it wouldn’t be able to draw too much, as the car can actually handle a lot more current than it was drawing, but by limiting draw to about 120 amps, he was able to avoid blowing any fuses and giving the old recycled cells some breathing room.
[Source]

[Diffraction Limited] has been working on a largely 3D-printed micropositioner for some time now, and previously reached a resolution of about 50 nanometers. There was still room for improvement, though, and his latest iteration improves the linkage arms by embossing tiny ball joints into them.

The micro-manipulator, which we’ve covered before, uses three sets of parallel rod linkages to move a platform. Each end of each rod rotates on a ball joint. In the previous iteration, the parallel rods were made out of hollow brass tubing with internal chamfers on the ends. The small area of contact between the ball and socket created unnecessary friction, and being hollow made the rods less stiff. [Diffraction Limited] wanted to create spherical ball joints, which could retain more lubricant and distribute force more evenly.

The first step was to cut six lengths of solid two-millimeter brass rod and sand them to equal lengths, then chamfer them with a 3D-printed jig and a utility knife blade. Next, they made two centering sleeves to hold small ball bearings at the ends of the rod being worked on, while an anti-buckling sleeve surrounded the rest of the rod. The whole assembly went between the jaws of a pair of digital calipers, which were zeroed. When one of the jaws was tapped with a hammer, the ball bearings pressed into the ends of the brass rod, creating divots. Since the calipers measured the amount of indentation created, they was able to emboss all six rods equally. The mechanism is designed not to transfer force into the calipers, but he still recommends using a dedicated pair.

In testing, the new ball joints had about a tenth the friction of the old joints. They also switched out the original 3D-printed ball mount for one made out of a circuit board, which was more rigid and precisely manufactured. In the final part of the video, he created an admittedly unnecessary, but useful and fun machine to automatically emboss ball joints with a linear rail, stepper motor, and position sensor.

On such a small scale, a physical ball joint is clearly simpler, but on larger scales it’s also possible to make flexures that mimic a ball joint’s behavior.