Renders and 3D-printed models of the iPhone Fold are enough for some case manufacturers to try and get ahead of the competition, but don’t treat their listings as leaks.

It is tempting to see a case listed for iPhone Fold filled with pictures and design elements and take it at face value. However, chances are these case and accessory makers know less about the upcoming product than you do.

A Czech-based Apple-focused website called Letem Svetem Applem shared what it believes are exclusive photos of the iPhone Fold obtained from accessory seller iFunSmart. The problem is, these photos aren’t exclusive or even new.

While some case distributor likely took some time to attach its cases to the renders, these are images we’ve seen going around for some time. One of the images originates from a January report while another comes from an Instagram account.

That isn’t to say that the publication didn’t get these images from a single source or case manufacturer website. They’re just clearly not real examples of the iPhone Fold outside of reused images from the rumor mill.

A simple search turned up actual listings for iPhone Fold cases, though they’re inconsistent. Like the image I used at the top of this article, it has a camera in the top left of the inner display while the “leaked” photos do not.

There’s nothing that can be learned from this “leak” beyond what a clear case might look like on existing renders. And whatever you do, don’t bother ordering one of these cases, as they likely won’t fit.

For example, the Armor-X website has a very clear return policy. Products can be returned, but only if the box is unopened and returned within 30 days.

Poorly sourced “leaks” like these will only increase as we approach the fall.

It won’t be long before Apple announces the iPhone Fold, if it can get through production issues in time. Expect to hear about the iPhone Fold, if it’s ready, during the September iPhone keynote that will feature iPhone 18 Pro.

Apple’s security releases page has been updated with additional information regarding the security issues resolved in iOS 18, iOS 26, and other OS versions.

The company added new details about the vulnerabilities patched in iOS 26, iPadOS 26, visionOS 26, and watchOS 26. Also updated was the security information concerning iOS 18.7, iPadOS 18.7, macOS 14.8, and macOS 14.8.2.

On Tuesday, Apple added a Siri vulnerability to the list of issues resolved with iOS 26. The now-patched security issue allowed access to Private Tabs without proper authentication, and it was fixed by improving state management.

The security page detailing iOS 18.7 and iPadOS 18.7 security fixes now says that Apple patched a call history issue that let apps fingerprint the user. Improved redactions of sensitive information were used to address this vulnerability.

Multiple macOS 14.8 fixes were added by Apple as well, including those that resolved two CoreServices and FaceTime issues, a Phone vulnerability, and a StorageKit security issue.

One now-resolved CoreServices issue let apps modify protected parts of macOS. It was resolved with additional restrictions. Another CoreServices logic vulnerability that allowed apps to access sensitive user data was addressed through improved validation.

Apple also patched a FaceTime issue that made incoming calls appear on a locked Mac with notifications disabled. Through improved data redaction, the company also fixed a Phone issue that gave apps access to sensitive user data.

The most serious issue patched with macOS 14.8 was a StorageKit vulnerability that let apps gain root privileges. Apple fixed it through improved checks. macOS 14.8.2 security details were updated with an entry detailing a vulnerability in SQLite, an issue resolved by a third party.

Overall, the updates to Apple’s security releases page won’t be of much use to the average user running newer OS versions. The company added information regarding older iOS and macOS releases, and not the latest iOS 26.5, iOS 18.7.9, or macOS 14.8.7.

This sponsored article is brought to you by Master Bond.

Outgassing is the release of volatile substances from a cured adhesive over time. These released materials, which may include residual solvents, unreacted monomers, or other chemical species, can deposit on nearby surfaces, causing contamination that interferes with sensitive components.

What Is Outgassing and How Is It Measured?

The industry standard for measuring outgassing is ASTM E595, developed by NASA. This test exposes a cured sample to 125 °C at high vacuum (10⁻⁵ to 10⁻⁶ torr) for 24 hours, measuring Total Mass Loss (TML) and Collected Volatile Condensable Materials (CVCM). To meet NASA low outgassing requirements, materials must exhibit less than 1 percent TML and less than 0.1 percent CVCM.

Optical assemblies need contamination-free bonding and prevention of fogging the optics to maintain clarity. High-vacuum scientific equipment, semiconductor manufacturing tools, and aerospace electronics also demand low outgassing materials.

Key Applications

Low outgassing adhesives are essential wherever contamination could compromise performance and this is particularly relevant for space and satellite systems. Optical assemblies, including cameras, telescopes, and laser systems, need contamination-free bonding and prevention of fogging the optics to maintain clarity.

High-vacuum scientific equipment, semiconductor manufacturing tools, and aerospace electronics also demand low outgassing materials. Even terrestrial optical devices benefit from reduced outgassing to ensure long-term reliability.

EP30-2 is a versatile system can be used in a variety of applications in aerospace, electronic, optical and specialty OEM industries, especially when optical clarity and low outgassing are important criteria.Master Bond

Ensuring Low Outgassing Performance Through Proper Handling

Achieving specified outgassing performance requires attention to storage, mixing, and curing. For two-part systems, use the correct mix ratio and mix thoroughly to ensure complete reaction. Follow recommended cure schedules — adding heat, even at modest temperatures of 150-200 °F, significantly improves cross-linking and reduces outgassing. For UV-curable adhesives, ensure complete cure by using the correct lamp wavelength (typically 365 nm), adequate intensity, and proper exposure time with no shadowed areas.

Troubleshooting Outgassing Issues

If contamination appears on optical surfaces or outgassing test results are higher than expected, an incomplete cure might be one of the root causes. The first step is to verify that the adhesive has fully hardened to its specified Shore hardness. The next step is to consider adding or extending heat cure to improve cross-linking.

Master Bond Product Recommendations

Master Bond offers a range of adhesives meeting NASA low outgassing requirements. EP30-2 and EP21TCHT-1 are some examples of two-part epoxy systems that have been successfully deployed in demanding vacuum applications, including ultra-high vacuum environments.

For applications requiring UV cure, Master Bond provides specialty UV formulations such as UV16 meeting ASTM E595, as well as dual-cure systems (UV plus heat) such as UV22DC80-10F for assemblies where shadows prevent complete UV exposure. These dual-cure products initiate with UV light and complete curing with heat as low as 180 °F (80 °C).

American Airlines passengers could begin to connect to in-flight Wi-Fi through SpaceX’s Starlink satellite network next year. The airline announced Tuesday that it signed a deal with Elon Musk’s aerospace company to install Starlink internet across its Airbus fleet in 2027, which includes more than 500 narrowbody aircraft.

Commercial flights drive heavy internet usage, as passengers work on cloud-based documents or stream movies and TV shows, activities that require substantial data and reliable Wi-Fi connectivity.

Starlink is among the fastest in-flight internet options, with reported speeds nearly twice those of the next-closest competitor and comparable to or faster than some terrestrial broadband services. More than 10,000 satellites in low Earth orbit drive the system’s performance. By operating much closer to Earth than traditional satellites, they reduce latency — the time it takes for data to travel.

CNET senior writer Jeff Carlson tested Starlink’s in-flight internet on United Airlines and was impressed by the internet experience. “Honestly, I’d think I was at home on my high-speed fiber internet if not for the cabin noise and the occasional tight banking turn,” he wrote.

Which airlines have Starlink service

American is one of the world’s largest carriers by passenger volume, making it a significant contract win for SpaceX, which previously announced Starlink partnerships with United Airlines, Southwest Airlines and Alaska Airlines. Once American outfits the planes with Starlink technology, SpaceX’s service will be operating on more than 2,300 commercial aircraft. 

Despite partnering with many of the largest international airlines, SpaceX doesn’t have a Starlink deal with airline giant Delta Air Lines, which is instead partnering with Amazon for its in-flight Wi-Fi service, which is expected to go into service later this year. Delta CEO Ed Bastian told Bloomberg that Amazon Leo is cheaper than SpaceX’s Starlink and includes a suite of streaming content. 

The American-Starlink partnership comes just days after SpaceX’s filing for an initial public offering. SpaceX’s scope of operations recently expanded after a merger with another one of Musk’s companies, xAI. Analysts value the company at nearly $2 trillion and expect it could raise as much as $75 billion when it goes public, setting an IPO record and making Musk the world’s first trillionaire.

Representatives for SpaceX and American Airlines did not immediately respond to requests for comment.

Logitech has added three new devices to its Signature series, meant for people who spend long hours at a desk and move between work, personal tasks, and multiple devices throughout the day. It is designed to reduce repeated friction from switching devices, lower input noise, and make long desk sessions more comfortable.

The lineup includes the Signature Comfort Plus M850 L mouse with palm cushion support, the MK880 Signature Comfort Plus keyboard and mouse combo, and the M840 L mouse, which has the same mouse features as the M850 L but without the palm cushion.

These peripherals will be available globally from June 2026 on Logitech’s website and through authorized resellers. The M850 L is priced at $49.99, the M840 L at $39.99, and the MK880 combo at $99.99. Logitech will also sell business versions, with the M850 L for business priced at $59.99 and the MK880 combo for business at $109.99.

What does the new mouse offer?

The M850 L adds a palm cushion along with a sculpted right-hand shape and rubber side grips, giving the hand more support during long use. It also offers silent clicking and scrolling, which should be useful in shared offices or home setups where constant input noise can get distracting.

Logitech has also included its SmartWheel, which lets users move between precise scrolling and faster scrolling. The mouse supports customizable buttons and Actions Ring access through Logi Options+. It can switch between connectivity for up to three devices and offers up to two years of battery life.

The M840 L includes all the above-mentioned features, except the palm cushion.

The keyboard is built for long typing sessions

The MK880 combo adds a full-size keyboard designed around comfort. It has deep cushioned keys, a dual-foam palm rest, curved typing angles, and adjustable typing positions at 0 degrees, 4 degrees, and 8 degrees.

It also supports multi-device connectivity up to three devices and is compatible with Windows, macOS, and ChromeOS. A customizable AI Launch Key can be set up through Logi Options+ to open tools such as Copilot, Gemini, or ChatGPT. Then there is also Logi Tune, which lets users assign functions for Zoom Workplace and Microsoft Teams. The keyboard is spill-resistant and offers up to three years of battery life.

The business versions add a Logi Bolt USB-C secure wireless receiver and support for Logitech Sync, which lets IT teams monitor device and firmware status. These peripherals will be available in graphite, off-white, and black, though availability could vary depending on the region.

Hackers exploited a critical zero-day vulnerability in a server running the KnowledgeDeliver learning management system (LMS) to deploy the Godzilla web shell.

The flaw is a deserialization issue tracked as CVE-2026-5426 and can be exploited without authentication. It stems from the use of a shared hardcoded machine key in the web portal configuration across all KnowledgeDeliver customer deployments.

ViewState deserialization

Threat actors obtained the machine key and used it in ViewState deserialization attacks to sign malicious ViewState payloads and achieve remote code execution at the operating system level.

Mandiant in late 2025 responded to an attack on a KnowledgeDeliver server and says that initially, the vulnerability was exploited as a zero-day to inject a malicious script into the web platform.

Exploitation was possible due to the use of “identical pre-shared ASP.NET machine keys across multiple customer deployments,” the researchers said.

“KnowledgeDeliver installations deployed before Feb. 24, 2026 relied on a standardized web.config file provided by the vendor. This configuration file contained hardcoded machineKey values used by the ASP.NET framework to encrypt and sign data, including ViewState payloads,” Mandiant explains.

According to the researchers, the malicious code on the platform “convinced users to download a fake installer,” which led to the machine getting infected with a Cobalt Strike beacon, essentially planting a backdoor.

“The payload was encrypted using a key that used the name of the compromised organization, which indicated that the threat actor prepared this payload specifically for the targeted organization,” Mandiant says in a report today.

Godzilla web shell delivery

Mandiant says the threat actor deployed the .NET-based in-memory web shell, Godzilla (a.k.a. BlueBeam), which has also been used in similar attacks observed by Microsoft in late 2024.

In August 2024, researchers at cybersecurity company ASEC had also reported that Godzilla was being deployed in ASP.NET environments in ViewState deserialization attacks targeting companies in the financial sector.

Mandiant notes that the threat actor compromising KnowledgeDeliver instances executed commands to escalate their control over the web server’s file system.

This allowed them to modify an application JavaScript file with code that prompted users to install a “security authentication plugin” and to load a malicious script from a domain under the attacker’s control.

Over the past year, hackers have used improperly secured machine keys in ViewState deserialization attacks targeting web platforms for various products.

In March last year, threat actors abused a hardcoded machine key to craft a malicious payload that allowed access to Gladinet CentreStack’s secure file-sharing servers.

In July 2025, hackers compromised 85 Microsoft SharePoint servers after stealing the machine key to create signed malicious ViewState payloads.

State-sponsored actors also used ViewState deserialization attacks to deploy a reconnaissance tool named WeepSteel on Sitecore servers that exposed the ASP.NET machine key.

Automated pentesting tools deliver real value, but they were built to answer one question: can an attacker move through the network? They were not built to test whether your controls block threats, your detection rules fire, or your cloud configs hold.

This guide covers the 6 surfaces you actually need to validate.

Download Now