Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license.
As the company explains in a recent support document, affected users may no longer see Copilot buttons on the side navigation and above the ribbon.
Those affected may also experience one or more of the following issues:
Microsoft says the Outlook Team has addressed this issue with a service change on June 29, 2026, and advised those who are still unable to see the Copilot buttons in Classic Outlook to restart their email client to get the change immediately.
Affected customers are also recommended to update to the latest build by selecting File > Office Account > Update Options > Update Now.
Those who can’t upgrade their client to fix the bug can also work around the issue by reverting to the previous Current Channel build (16.0.20026.20168) or using the new Outlook or Outlook Web Access (OWA).
Microsoft is now also investigating a known issue that causes unexpected Outlook crashes on systems running Kaspersky Antivirus software, linked to the Kaspersky Mail Checker (mcou.dll).
Affected Outlook for Microsoft 365 users are advised to check the Application log for “Event 1000” events with the OUTLOOK.EXE faulting app name and MCOU.DLL faulting module name to confirm that this issue triggers the crashes.
“If you are experiencing this crash, please contact Kaspersky support,” the Outlook Team said.
In recent months, Microsoft also resolved known issues that prevented some Classic Outlook users from sending emails via Outlook.com and rendered the client unusable for users who enabled the Microsoft Teams Meeting Add-in.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
The latest week-long speedrunning marathon starts on July 5.
Speedrunners are once again descending on Minneapolis to tear through games in aid of a fantastic cause as this year’s edition of Summer Games Done Quick (SGDQ) is about to commence. The week-long, round-the-clock event starts on Sunday. You can watch all of the action live on Twitch. If you miss a particular run, you’ll be able to catch up on the VODs on YouTube.
After a preshow at 12:30PM ET, the action will start at 1PM with a 102% run of one of my favorite games of all time, Donkey Kong Country 2: Diddy’s Kong-Quest. Recent games making their GDQ debut include Don’t Stop, Girlypop!, Super Meat Boy 3D, Pragmata, Resident Evil: Requiem, Unbeatable, Mouse: PI for Hire and Saros.
I’m interested to check out a pinball showcase with Total Nuclear Annihilation as well as the Gordon & Daxter run. This is a modded version of Jak & Daxter in which you play as Gordon Freeman with Half-Life weapons and movement. I always love it when there’s a Super Mario Maker 2 race on the schedule, so I’m looking forward to that too.
As always, SGDQ is raising money for Doctors Without Borders. Last year’s edition raised over $2.4 million for the cause.
Malaysia is set to take action if VPN are used to facilitate criminal activities or help residents bypass the new social media age limit.
According to local reports, Deputy Home Minister Datuk Seri Dr Shamsul Anuar Nasarah said the government is working closely with the Malaysian Communications and Multimedia Commission (MCMC) to counter VPNs and borrowed identities that are being used to slip past newly enforced social media age limits.
For the many people who reach for the best VPN services to protect their browsing, encrypt their traffic, or simply keep their data out of advertisers’ hands, the reassuring takeaway is that the tool itself is not the target. What the authorities want to reach is the small share of activity where a VPN is used as a shield for something illegal.
The comments came during a question-and-answer session on cybercrime and age verification. Shamsul Anuar explained that police would draw on public complaints and their own investigations to identify cases where VPNs or identity-masking tools are being abused, and that such misuse could be treated as an added element of an offence.
He was clear that the crackdown is aimed at conduct, not software. The minister framed the effort as part of Malaysia’s wider push to protect children online, pointing to a sharp rise in offences.
This sits on top of Malaysia’s under-16 social media ban, which took effect on 1 June 2026 under the Online Safety Act 2025. Large platforms including Facebook, Instagram, TikTok, and YouTube must now verify users’ ages and block under-16s from registering, with non-compliance carrying penalties reported at up to RM10 million.
VPNs enter the picture because they are an obvious way to make it look as though a user is somewhere the rules do not apply. Age verification laws elsewhere, such as Australia and the UK, have repeatedly triggered spikes in VPN sign-ups, with many often being adults looking to protect the sensitive documents these systems ask them to hand over.
For most people, this is not a reason to stop using a VPN, and it is not a ban in disguise.
Digital rights groups, however, have been sharply critical of the age-verification model underpinning the ban.
ARTICLE 19, alongside local partners, has argued the measure was rushed, is disproportionate, and risks normalising surveillance while exposing people’s identity documents and biometric data to misuse.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
Unsurprisingly to many of us, app stores for smart televisions are also trash. Perhaps even more full of trash than other app stores due to the smaller ecosystem and fewer reviewers.
Spur analyzed the LG smart TV app store, and found that almost half of the apps available contain proxy software, turning your TV into a node in their proxy network. Are these apps malware? Many of the analyzed apps provided a thin veneer of user consent: they offer you the tradeoff of seeing an ad every 15 seconds, or allowing their “occasional web indexing” to run permanently in the background. Watch the fishtank app for five minutes, join their proxy network for life.
Spur notes that the proxy SDK in use appears to block connections to private network ranges (internal IP ranges like 192.168.x.x and 10.x.x.x), but that the SDK restricting access to those ranges is the only protection against accessing whatever network the TV is connected to.
Amazon and Roku ban proxy apps on their devices. Samsung and LG do not.
Microsoft has added another year of security updates to Windows 10. Despite trying to kill the platform, so many users remain on Windows 10 that Microsoft likely has no choice.
The extended support program was previously due to end in October 2026 but has now been pushed to October 2027. The security updates will be available for free in the UI, but users in other regions must activate OneDrive and sync system settings, or pay 1000 Microsoft credits (about $30).
The death of Windows 10 is near, but for those unwilling or unable to let go, it shuffles along.
Bleeping Computer has an article about increased phishing attempts from hacker groups in Russia targeting Signal users.
The phishing messages target politicians, government officials, military, and other high-profile intelligence targets, and claim that Signal is introducing mandatory two-factor authentication, before prompting the target to enable remote Signal backups. A second follow-up phishing attempt then prompts the user to copy the backup authentication tokens from Signal and provide them to the attacker.
Signal remote backups are a relatively recent addition to the messenger, making a backup on the Signal servers of a users messages and images, encrypted with a key known only to the user. While convenient, and likely fundamentally secure given the track record of the Signal team, this phishing campaign highlights a major weakness: once private content is accessible somewhere else, an attacker simply needs to obtain the keys to access it, which is significantly simpler than obtaining the message content directly from the victims phone.
Sasha Romijn presented an excellent talk at OrangeCon on embedding attack payloads in unusual places.
Sasha found poor input handling of content from DNS servers, TLS certificates, server headers, DHCP host names, LoRa Mesh node names, WiFi network names, and more. In many cases, it seems to be as simple as embedding JavaScript or CSS inside a string; many sites and utilities don’t sanitize against escaped HTML, and the standards allow it.
They then go on to demonstrate more serious impacts, such as compromising the management accounts of two Europe-based hosting providers by injecting content into TLS certificates, and gaining root on some OpenWRT devices via a WiFi SSID which loads a hostile JavaScript into the LUCI web management interface, which then uses the web management system to install a backdoor root shell.
Sasha continues the tour-de-exploits by demonstrating multiple cross-site scripting injections into the Ripe NCC database which then allow browser manipulation of users on the RIPE website. This has enormous implications, because Ripe NCC is the Internet allocation organization for Europe and the Middle East: the company who assigns and manages IP address blocks.
Be sure to check out the full presentation, and let this be a lesson to always treat all data as hostile, even from what would seem to be your own services!
One of the first steps in getting access to an embedded device is to look for a serial port, or serial port test points. Often this can give an idea what sort of code is running on the system, and in some cases, give direct access via the boot loader or a Linux login console.
Boot Intel is a web-based tool to automate scraping boot messages from embedded devices, looking for exposed logins and vulnerable services. Boot Intel can take pasted boot logs, or directly connect to the device via WebSerial.
While Boot Intel is a paid service, there is a free version for hackers to explore devices.
watchTowr Labs is back with another excellent write-up on CitrixBleed, continuing the trend of memory leaks in Citrix Netscaler devices.
This collection of vulnerabilities allow leaking internal memory from the Citrix servers, which can expose logs, customer data, encryption keys, or anything else found in server memory. Netscaler devices offer SSL offloading, application acceleration, VPN and remote access, and load balancing; all installations where leaking memory is likely very bad.
The watchTower write-up maintains their trend of providing entertaining reads about highly technical topics. Do yourself a favor and be sure to give it a look!
LastPass marketing partner Klue was compromised this week, impacting the customer data of multiple companies. Customer data such as email, phone numbers, addresses, and support tickets were exposed, however the LastPass vaults themselves were not impacted. While LastPass has revoked access to the impacted partner, the stolen data could assist phishing attacks against customers.
The open source self-hosted video sharing platform PeerTube has released an emergency update which addresses multiple vulnerabilities. While the release notes quote “medium to high severity” vulnerabilities, there are no specific details. If you run a PeerTube server, upgrade now!
Both Apple AirDrop and Google Quick Share have new vulnerabilities reported this week, with fixes coming soon. Both protocols are designed to allow file sharing to nearby devices, and accordingly, the issues found on them can be triggered on nearby devices. Researchers were able to find six vulnerabilities in macOS, iOS, Windows, and Android implementations of the sharing protocols. All of the discovered vulnerabilities led to crashes, but not full exploit and code execution. Sustained denial of service attacks were possible however, with nearby attackers able to keep the services unreachable and unusable for the duration.
When we think of 1960s synthesizers it’s usual to imagine instruments with vast arrays of controls and patch cables for configuring their many filters, oscillators, and other parameters. They created the templates for much of what we know today as electronic music.
In all the rush to look at full-blown synths though, it’s easy to forget their more mundane cousin, the electric organ. These instruments graced many a ’60s suburban home or church hall, and [Emma Repairs] has an interesting one. It’s a Philips Philicordia, and it’s sent us here at Hackaday down one of those rabbit holes when we should really be writing.
The instrument is a relatively straightforward single voice electric organ on the outside, but under the hood it’s a different matter. In an age when the transistor was revolutionizing electronic music, the folks in Eindhoven designed this one using tubes. There are a set of conventional enough tubes performing the role of amplifiers and oscillators, but the real party piece of this unit is the array of neon tube dividers. A neon bulb can be used as a switching element, and in those days when affordable digital logic chips were several years away, it made sense to use them in digital circuits.
The inside of the Philicordia is a feast of vintage Philips parts that will be instantly familiar to anyone who’s worked on Western European electronics of this era. The exterior design of the instrument screams understated early-1960s cool, and after she’s introduced it you can hear her playing it in the video below. Further down that rabbit hole we found that one of these instruments provided the distinctive organ sound on Chris Montez’s 1962 hit Let’s Dance, so they weren’t all uncool.
The robot butler has been five years away for about twenty years. Weave Robotics thinks the trick is to aim lower. Its new home robot, Isaac 1, does not walk, has no fingers, and mostly just wants to do your laundry. It also costs a fraction of its humanoid rivals.
The Y Combinator-backed startup unveiled Isaac 1 on Wednesday. The launch post has passed 13 million views. At $7,999 up front, or $449 a month, it undercuts the field by a wide margin.
Isaac 1 is deliberately un-humanoid. It rolls on a wheeled base rather than legs, and rises from a crouch to 5ft 9in when there is work to do. It grips with two orange claws, not fingers. The soft body comes in muted colours with names like Sage and Terracotta, and it runs for about eight hours per charge, according to TechRadar.
The job list is narrow on purpose. It finds and picks up dirty clothes, folds and puts away the clean ones, makes the bed, fluffs the pillows, and tidies away shoes and toys. Notably, it does not load or run the washing machine. It works through a phone app, mostly on its own. Weave admits a human operator can take over remotely for tricky tasks.
The price is the headline. 1X’s Neo costs around $20,000. Tesla’s Optimus has no price at all yet. Bipedal rivals such as Figure and Unitree run from $12,000 to well over $20,000, because legs need pricey actuators and sensors. Weave’s wheels-and-claws approach sidesteps most of that cost.
The bet fits a wider argument in robotics: that purpose-built machines will beat general-purpose humanoids into the home. It is the same logic drawing billions into physical AI on both sides of the Atlantic.
The reaction online split neatly, as Business Insider noted. “Closer and closer to never doing chores again,” wrote Chris Paxton, an AI lead at Agility Robotics. The investor Jason Calacanis said it was “about to get very strange.” Others were blunter. Fintech executive Simon Taylor called it a “Roomba with arms.” One commenter simply called it “slow” and “clunky.”
There are several. Deliveries start in September, but only in California. The rest of the US waits until 2027, and Europe is not on the map at all yet. The autonomy is partial, propped up by teleoperation. There is a quieter concern too. Weave’s site says it uses personal information to improve its services, but the company would not say whether footage from inside people’s homes trains the robot. That is the unease that shadows every home robot with a camera and a data pipeline.
None of this makes Isaac 1 the machine that finally cracks the home. The promised army of domestic robots keeps slipping into next year. But by doing less, for less, Weave may have built something people will actually buy. Sometimes the winning robot is not the one that looks most like us.
A new phishing-as-a-service (PhaaS) platform dubbed “ARToken” appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365.
Cisco Talos researchers discovered the platform while investigating phishing infrastructure used in an incident response engagement and identified a React-based management panel called “ARToken Panel” that exposed more than 80 API endpoints.
Reverse engineering the client-side JavaScript code revealed previously undocumented capabilities that extend well beyond what you would normally find in a phishing platform.
The platform allows attackers to steal Microsoft 365 authentication tokens, establish persistent access using Primary Refresh Tokens (PRTs), and access Outlook mailboxes, SharePoint sites, and OneDrive files. It also includes tools to deploy phishing infrastructure through Cloudflare Workers and automate many aspects of business email compromise (BEC) operations.
According to Talos’ report, multiple technical similarities strongly suggest ARToken is tied to the EvilTokens phishing platform discovered earlier this year.
The researchers found the ARToken phishing kit uses the same API calls for Microsoft’s device code authentication flow, including an identical `POST /api/device/start` request previously associated with EvilTokens attacks.
Talos also identified the same primary refresh token API endpoints documented in Sekoia’s EvilTokens research, including the endpoints for setting up, refreshing, renewing, and reacquiring Primary Refresh Tokens, even after they expire.
The platform also uses a similar Cloudflare Workers deployment model and operates as a multi-tenant phishing service, in which affiliates manage their own campaigns through dedicated workspaces.
EvilTokens focuses heavily on exploiting Microsoft’s OAuth 2.0 Device Authorization Grant authentication workflow to breach accounts, a technique known as device code phishing.
Victims are tricked into entering a legitimate Microsoft-issued device code on Microsoft’s official device login page, causing Microsoft to issue authentication tokens directly to the attacker instead of the victim. Because the victim authenticates through Microsoft’s legitimate infrastructure, the attacks can successfully bypass multi-factor authentication protections.

Sekoia first documented the EvilTokens platform in March, describing it as a commercial phishing service sold to cybercriminals for a $1,500 setup fee and a $500 monthly subscription.
In a follow-up report, Sekoia found an AI-driven workflow that ingests harvested mailboxes to score financial exposure, then uses AI and LLMs to draft BEC campaigns and translate stolen emails for operators working in other languages.
Microsoft later warned about the platform as device code phishing attacks surged dramatically, and numerous threat actors adopted the technique due to its high success rate against Microsoft 365 users.
What sets EvilTokens apart from other device code phishing kits is its use of AI to automate fraud.
Talos’ report provides a detailed overview of the functionality available to EvilTokens affiliates following a successful account compromise.
Once a victim completes the device code authentication process, ARToken allows operators to refresh stolen tokens and elevate access to persistent primary refresh tokens (PRT).
The researchers also found tools for conducting business email compromise attacks, including full Outlook mailbox access, the ability to send emails as compromised users, the ability to create inbox rules that automatically forward or hide messages, the ability to monitor multiple mailboxes for keywords simultaneously, and the ability to download email attachments.
Attackers can also browse, upload, download, and manage files stored in victims’ SharePoint sites and OneDrive accounts, enabling data theft and the delivery of malware for additional attacks.
ARToken also revealed several features not identified in previous EvilTokens research.
Threat actors can monitor multiple hijacked mailboxes simultaneously for specific keywords, load tokens stolen from other sources, and share access to compromised accounts.
They can also quietly set up inbox rules that hide or delete messages to cover their tracks, and use phishing pages that automatically update their content based on the victim’s location.

Talos also analyzed phishing emails associated with the platform, finding that attackers impersonated legitimate vendors in invoice-themed lures targeting accounts payable employees.
Rather than linking to an obviously attacker-controlled site, the emails display what appears to be a legitimate SharePoint address while actually directing victims to a look-alike tenant hosted within the attacker’s Microsoft 365 workspace.
In April, Push Security reported that device code phishing attacks had surged 37-fold over the past year, with at least 11 phishing kits now offering this technique to cybercriminals.
For organizations looking to defend against modern Microsoft 365 phishing attacks, business email compromise (BEC), and account takeovers, BleepingComputer is hosting a webinar with Abnormal titled “Stop chasing alerts: Automating email security with behavioral AI.“
The webinar will explore how attackers use techniques such as device code phishing to bypass MFA and compromise accounts, why these attacks evade traditional email security controls, and how behavioral AI can help security teams automate the detection, investigation, and remediation of phishing and compromised account activity.
Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.
The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.
I can’t tell the exact tipping point from realistic excitement over a new technology, to hype, to aww-come-on — but I’m pretty sure when a sandwich shop with Danny DeVito as its public face talks about AI in its IPO documents, we must be getting close.
So it is with Jersey Mike’s.
Because of investor thirst for all things AI these days, I understand why tech companies feel the need to sprinkle AI dust all over their pitches. This is as true for non-AI startups raising venture capital as it is for Bending Spoons’ public debut, a company in the business of buying aging, “not-AI” tech companies to rehabilitate.
Just for kicks, I took a look at Jersey Mike’s IPO documents to see how far this compulsion may go. Surely a sandwich shop would have no need to mention AI in its S-1. But lo and behold!
The term artificial intelligence and its acronym “AI” were mentioned 22 times. In this case, the company can’t claim to be selling AI software. It sells submarine sandwiches. AI products are what investors are really hungering for (terrible pun intended).
Still, it found a way to mention AI in its investor-risk warnings. That may be even more funny. It doesn’t explain what it’s using AI for that could be dangerous to investors, beyond a hand-wave of a phrase, “We are beginning to use AI Technologies in our business.”
In all fairness, as a company that operates franchisees, it does rely on software (mentioned 52 times) and data (112 mentions), as all businesses do. Its AI risk warning was boilerplate copy, perhaps even necessary, as such disasters have already happened to other food businesses, like the half-baked AI inventory tool that Starbucks rolled out, which couldn’t count and was recently scrapped.
Still, I’m going to go out on a limb here and predict that the risk of an AI disaster for a company that produces real-life sandwiches, not AI slop, is about the same as, say, a franchise shop getting hit by lightning. That actually happened, by the way, to a shop in Texas in 2021. Yet weather was only mentioned five times in the S-1. And lightning? Not once.
When you purchase through links in our articles, we may earn a small commission. This doesn’t affect our editorial independence.
If you bought a OnePlus because of OxygenOS, for the relatively clean, fast, and actually-useful Android experience, your phone may be the last one to get it.
According to a report from the Indian outlet Smartprix, OxygenOS and Realme UI are both reportedly being phased out. If accurate, everything would move to ColorOS, the skin atop Android on Oppo smartphones, globally, across all three brands.

Oppo, its official subsidiary OnePlus, and Realme are all brands that operate under the same Chinese conglomerate: BBK Electronics. Until recently, they’ve operated as independent brands with different software skins. That arrangement seems to be coming to an end.
Maintaining three Android skins requires a substantial investment, and Oppo might want to cut down on it. The consolidation started quietly in 2021, when OnePlus co-founder Pete Lau announced a software merger between OnePlus and Oppo.
OnePlus retired HydrogenOS in China years ago, in favor of ColorOS. Only the brand’s global devices ship with OxygenOS. Realme UI was built on ColorOS under the hood anyway.
“OxygenOS and Realme UI are being discontinued on future devices in favor of ColorOS globally,” the outlet mentions. However, it doesn’t mention any existing OnePlus devices and whether they’ll be transitioned to ColorOS as well.

Earlier this year, the brand reportedly exited the US and European markets, with carrier partnerships in North America already unwinding. The brand’s retail presence has also shrunk significantly, with only the OnePlus 15 and the OnePlus 15R being sold through the official website.
Oppo, which has been absorbing OnePlus operationally, has reportedly already begun canceling OnePlus’s 2026 global product lineup. Sharing software and hardware platforms made the two brands structurally inseparable.
What’s happening now could be among the final steps. OxygenOS was genuinely beloved among enthusiasts, especially among the brand’s customers. The discontinuation of OxygenOS would mark the retirement of one of the founding pillars on which OnePlus was built, if and when the brand officially announces it.
Sony has confirmed that physical game discs for all new PlayStation releases will be discontinued starting in January 2028. New titles will be sold through the PlayStation Store and at retailers in digital formats only. Existing games, and titles already scheduled to arrive on disc before that deadline, are not affected.
Everyone currently having a panic attack should probably go outside, unless you live somewhere brutally hot, like New Jersey or Texas. In that case, stay indoors, pour something cold, and enjoy touching your game discs while you still can. Mom will keep your Pizza Hut leftovers in the fridge.
That is a genuine blow to physical game ownership. It is also not Sony announcing the end of Blu-ray movies, 4K UHD Blu-ray, or every disc drive currently attached to a PlayStation 5. Those are separate issues, and mashing them together is how the internet ends up shouting “Blu-ray is dead” every six months.
Related Reading: Sony’s 2025 decision to stop making blank recordable Blu-ray media
The policy is blunt: after January 2028, new games released for PlayStation consoles will not be manufactured on physical discs. Sony says those games will remain available through the PlayStation Store and at retailers, but only in digital formats. The company has not explained what a retailer based digital purchase will look like, whether that means download code cards, a printed receipt with a redemption code, or something else entirely.
On the plus side, you will no longer have to drag that filthy concert chair out of the garage and line up outside GameStop at 4 a.m. in the rain like a putz.

Sony also has not said whether physical reprints of older games will continue after 2028, whether current PS5 disc drives will remain part of future console hardware, or what this means for preservation efforts built around physical releases. Those details matter, but they are not in this announcement.
For now, the immediate takeaway is simple: anyone who enjoys buying a game, lending it to a friend, trading it in, reselling it, or pulling it off a shelf years later will lose that option for new PlayStation releases from 2028 onward. Physical discs were never a perfect preservation solution; plenty of games require patches, online services, or downloaded content. But a disc still gives consumers a degree of independence from a storefront, account, and licensing arrangement. That distinction is about to become far more important.
The January 2028 policy applies to all new PlayStation console releases, so U.S., Canadian, and UK consumers face the same end point: no more new PlayStation game discs.
For North American buyers, the loss of physical media means the used-game market becomes less relevant for new titles. There will be no disc to trade at GameStop, no copy to lend to a friend, and no chance of finding a discounted used version years later. Digital sales can be convenient, but convenience has a habit of becoming compulsory once the alternative disappears.
The UK has an additional reason to be cautious about the difference between buying content and retaining access to it. Sony’s UK PlayStation Store has warned that StudioCanal films previously purchased through the service will be removed from customer libraries beginning September 1, 2026, because of licensing agreements. That notice concerns video, not PlayStation games, and it does not mean Sony plans to remove purchased games. It is, however, a fairly sharp reminder that a digital transaction is not the same thing as possessing a disc on a shelf.
Sony is also closing legacy PlayStation Stores on PS3 and PS Vita. Mexico, Honduras, and Nicaragua lose PS3 store access beginning in August 2026; additional Latin American and Middle Eastern markets follow later in the year; all remaining regions lose PS3 and PS Vita store purchases in July 2027. Sony says previously purchased content will remain downloadable for the “foreseeable future,” but no new purchases will be possible after the shutdowns.
That is a separate decision from the 2028 disc cutoff, but the timing is impossible to ignore. In regions where broadband is expensive, inconsistent, capped, or simply slow, a mandatory digital future means that download speeds, storage capacity, and account access become part of the cost of buying a game. The plastic box may be going away, but the 150GB download is not suddenly getting smaller out of respect for your data plan.
Sony says the change reflects consumer preferences shifting away from physical discs. Its financial results show that digital downloads accounted for the overwhelming majority of full-game software unit sales across PS4 and PS5 in fiscal 2025, reaching 85% in the fourth quarter.
That does not make physical discs irrelevant to the remaining buyers, particularly collectors, parents, rural players, bargain hunters, and anyone who dislikes the idea of every purchase being tied to one account ecosystem. But it does explain Sony’s calculation. Manufacturing, shipping, stocking, and handling discs costs money. Digital delivery gives Sony and publishers more control over distribution, pricing, and the relationship with the customer. Nobody should pretend this is a charity drive for the environment.
Sony’s July 2026 PlayStation announcement is not a sequel to its 2025 decision to stop making blank recordable Blu-ray media.
Last year, Sony ended production of recordable Blu-ray Discs, MiniDisc recording media, MD Data discs, and MiniDV cassettes. That decision primarily concerned blank media used for recording and archiving, especially in Japan, where Blu-ray recorders remained part of the consumer market. It did not end the production of pre-recorded Blu-ray or 4K UHD movie discs sold by studios and boutique labels.
The distinction is important. Blank BD-R media is not how commercial movie discs are made. Retail Blu-ray and 4K UHD titles are pressed through industrial replication processes, so Sony’s exit from recordable media did not pull the plug on Criterion, Arrow, Kino Lorber, Sony Pictures, or the wider physical-video business.
Sony also continues to market PS5 hardware with disc playback. Its current PS5 Disc Edition plays PS5 and PS4 game discs, while the optional drive for the PS5 Digital Edition supports 4K Ultra HD Blu-ray, Blu-ray, and DVD playback. Nothing in the new PlayStation game-disc policy changes that today.
Blu-ray and 4K UHD fans should therefore exhale, but perhaps not fall asleep at the wheel. The long-term physical-video market remains fragile, and retailers have already reduced shelf space dramatically. Still, Sony has not announced the end of movie discs. The company has announced the end of new PlayStation game discs in 2028. Those are related cultural trends, but they are not the same corporate decision.
Sony’s 2028 move is one of the most consequential physical-media decisions in gaming since consoles first began offering digital storefronts. The company is not invalidating existing PlayStation discs, and it is not ending Blu-ray movies or 4K UHD Blu-ray. But it is removing the physical option from every new PlayStation release after January 2028.
For players who want a shelf, a used copy, a trade-in, or the ability to hand a game to someone else without asking a server for permission, this is not theoretical. The all-digital future Sony is describing now has a date on the calendar.
You were warned.
For more information: https://blog.playstation.com
Shokz has long been the leader in bone conduction headphones, despite a minor misstep with the first-generation OpenSwim, which lacked Bluetooth streaming. The OpenSwim Pro rectifies this, making it an excellent choice for far more than just swimming.
Whether you stream via Bluetooth or use the built-in 32-GB music player, the OpenSwim Pro delivers impressive open-ear audio. It offers surprising bass and warmth, along with the clarity needed for audiobooks and phone calls.
With standard and swimming EQ modes, you can easily tailor the sound for land or water. The IP68 waterproof rating ensures strong protection against sweat and water, while the silicone and titanium neckband offers both comfort and a secure fit.
The headphones feature easy-to-reach physical controls and a battery that lasts up to nine hours when streaming via Bluetooth, or six hours when using the built-in music player. While the OpenSwim Pro may not be Shokz’s flagship model, it strikes the best balance of sound, design, and performance, placing it in a coveted position at the top of my list.
| Specs | |
|---|---|
| Headphone design | Neckband |
| Weight | 27.3 g/0.96 oz |
| Bluetooth version | 5.4 |
| Microphones | 2 |
| Battery life | 6-9 hours |
| Music player storage | 32 GB |
| File formats | MP3, M4A, WAV, APE, FLAC |
| Waterproof rating | IP68 |
| Charging type | Proprietary cable |
Weekend Open Thread: Staud – Corporette.com
Claude Code turned every engineer into three. Now companies need more product thinkers
Strategy authorizes up to $1.25B in Bitcoin sales under new capital plan
The House | “Reframing the debate from a binary discussion of winners and losers”: Yuan Yang reviews ‘We Are Not Machines’
MAJOR BITCOIN & MARKET UPDATE!!!! (MUST WATCH ASAP!!!)
Anonymous researcher drops 0-day ‘exploitarium’ repo
Coinbase, Circle Deepen Crypto Stock Losses Despite Resilient S&P 500
Australia treasurer says alleged access of prime minister’s bank data ’incredibly concerning’
Kraken's xStocks Opens Bending Spoons IPO Registration to EEA Retail
FIH Pro League: India defeat Pakistan 7-1, register biggest win of campaign | Other Sports News
Bluekit phishing kit adopts browser-in-the-middle for login theft
Russian hackers now target Signal backup recovery keys
The AI boom won’t burst all at once. It will pop in ‘rolling bubbles’: Macquarie
Broncos roster: OL Ben Powers (No. 74) entering final year of contract
Silicon Valley paid to kill AI regulation, now it wants the rules back
Presenter Caroline Flack’s brother Paul Flack dies aged 55
Binance stock trading tops $1B in first month after launch
New exhibition reflects five decades of movement between island of Ireland and GB
OpenAI mulls delaying IPO over valuation concerns
Alibaba-affiliate Ant Group enters the humanoid robot market with 12 deals
You must be logged in to post a comment Login