I know we’re all excited for the upcoming iPhone Fold, but be wary of fake leaks — like the supposed unboxing video that’s been making the rounds online.

Upcoming phones will always be the subject of rumors and leaks, and no device is more hyped than the foldable that Apple has purportedly been working on for years. Lots of that early info points toward a release later this year during the usual September iPhone release window, which makes the lead-up fertile territory for falsified leaks like the aforementioned video. 

Unfortunately, with the advance of generative AI tools that fabricate videos based on text prompts and other inputs, it’s easier than ever to fake your way to internet fame. Nowadays, videos churned out by gen AI tools have the correct number of fingers on hands, better lighting and far fewer indicators that they’re inauthentic. 

But there are still some tells that you’re not seeing the real deal — both in the video and when it’s released.

First, let’s dissect the video. A person in a gray long-sleeved shirt or sweatshirt rotates a box labeled “iPhone Fold” and pulls it open. On the first watch, a lot of signature Apple elements are present. The product is tucked inside snug packaging and presented screen-side-out to the opener, and there’s both a charging cord and supplementary materials tucked underneath. It all looks authentic enough — at least believably not generated by AI. 

But AI or not, there are a few details that are strong evidence that this isn’t an actual Apple device. When opening the package, there’s a peel-off protector for the inner screen, not the outer. The multicolored insert claims the device is IP68 dust- and water-resistant, which is rare for foldables. Only the Google Pixel 10 Pro Fold and Honor Magic V6, among a handful of others, have water-resistant ratings.

The device itself is suspect, and if not AI-generated, it’s likely 3D-printed. The cream-colored back makes an odd sound when scratched (unlike what glass or ceramic sounds like), and the device’s halves don’t fold neatly against each other — another thing that the design-obsessed Apple likely wouldn’t allow. What’s more, when it’s fully unfolded, the back of the supposed foldable has a big gap between both halves over the hinge, which other phone makers have solved in their flexible-screen devices.

There’s skepticism around its design, too. Yes, Apple’s patents point toward a wider style of foldables similar to the first Google Pixel Fold, but the supposed iPhone Fold in the video is so squat in its dimensions that its internal screen would make for bizarre dimensions that aren’t tall enough to fit the aspect ratio of, say, an iPad. 

iPhone Fold may or may not be the final name of the device, as rumors have disagreed for years on its product designation, with the most recent suggesting it could be deemed the iPhone Ultra. 

Since we don’t see it turn on, there’s no indication of how its software is laid out — which form of iOS or even iPadOS it might use. That makes this short, squat design even more suspect.

And then there are the factors outside of the video. Apple leaks happen, but we’ve only had a few pre-release leaks like CAD files, official renders or cases that agree on a design — and yet, this is supposedly the iPhone Fold’s final form, which looks somewhat but not completely like a recent CAD render. 

To the video’s credit, taking this many words to suspect and disprove its authenticity is a credit to its plausibility. There’s a lot of commitment to Apple staples, from product packaging to theorizing the final design of the foldable itself. If nothing else, it’s a functional guess at what the supposed iPhone Fold might look like, and how it might look coming out of the box. 

We’ll know in September at the earliest if Apple chooses to release its foldable in that window — and I’m sure we’ll see plenty of other leaks and rumors on the device before then.

After achieving an 8.5 out of 10 repairability score, the Pixel 10a is one of the most serviceable mid-range smartphones currently on the market.

Following a teardown of the handset, PBKreviews awarded the Pixel 10a maximum marks in three of five repairability categories: finding replacement parts, replacing the screen, and replacing the battery.

This strong repairability result is a big win for the Pixel 10a, especially when considering its £/$499 RRP, as many rivals in the same price range score significantly lower. With this in mind, consumers could be more likely to opt for a Pixel 10a and seek out repair options, rather than buying replacements.

A rubberised mesh gasket protects the speaker from water ingress, a design detail that contributes to the phone’s IP68 water resistance credentials while keeping the internal layout accessible enough to avoid significantly complicating disassembly during repair procedures.

Advertisement

The teardown process also requires a hair dryer or heat gun to loosen the adhesive securing the back plate which although is a common approach among mid-range smartphones, this does add a step that less experienced users may find challenging without the right tools.

Advertisement

However, the Pixel 10a does lose ground in one area, with the USB port soldered directly onto the mainboard proving the trickiest fix in the entire teardown. This is an issue because soldered ports typically require mainboard-level replacement rather than a straightforward component swap, a limitation that offsets some of the accessibility gains elsewhere in the internal layout.

The internal organisation and time required for repairs sit in a middle ground, with the overall layout considered enough to avoid major disassembly headaches but not streamlined enough to match the simplicity of the battery and screen replacement processes.

The Pixel 10a officially launched in March, with an RRP of £/$499 for the 128GB model and £/$599 for the 256GB variant, both with 8GB of RAM.

Advertisement

Dyson just announced its first-ever handheld fan, the HushJet Mini Cool. As the name suggests, it uses the company’s proprietary HushJet air projection system. This tech first showed up on an air purifier that .

Dyson promises the fan can deliver focused airflow of up to 25m/s, which works out to 55mph. The brushless motor spins up to 65,000 RPM. This thing looks like a legitimate cooling system, despite its size. It also weighs just 7.5 ounces.

It offers five speeds and a boost mode, which should be useful during that next heat wave. It charges via USB-C and ships with a charging stand. The fan can also stand on its own, making it a decent choice for a desk. The rechargeable battery can get up to six hours of use per charge.

The HushJet Mini Cool costs $100, which is cheap for a Dyson product but expensive for a handheld fan. It’s available in a trio of colorways. The gray model is available tomorrow. The red version goes on sale this May and the blue one will be available for purchase in June.

from the law-is-the-law,-losers dept

The courts keep pounding the nails home. What this government is engaged in is illegal, on multiple levels. If you subtract the pro-MAGA Fifth Circuit and 6/9ths of the Supreme Court, you have a judicial quorum that says rights are still rights, despite this administration’s claims otherwise.

DHS has issued memos claiming (without facts or law in evidence) that officers can arrest people and enter homes without signed judicial warrants. This has always been false. And it’s not edging any closer to the truth no matter what this administration might say in Truth Social posts and/or court filings.

The administration is losing repeatedly in its bigoted war on non-whites. But it never accepts obvious defeat. It always heads back to court, full of steam and bullshit. And, in most cases, its losses are even more obvious the second time around.

A federal judge in California found on Wednesday that U.S. Customs and Border Protection officials had violated a previous order regarding warrantless arrests, and ordered agents operating in her judicial district to fully document their reasons for making any future stops.

The judge, Jennifer L. Thurston of the Federal District Court for the Eastern District of California, had previously found that immigration operations in Kern County, Calif., appeared to have been based on racial profiling, with agents making arrests when people they stopped could not produce proof of citizenship on the spot. Last year, she restricted the agency from continuing to carry out random immigration sweeps in the region, citing a “pattern and practice of agents performing detentive stops without reasonable suspicion.”

Advertisement

On Wednesday, Judge Thurston found that border agents appeared to have violated that order when they carried out an immigration sweep last year in a Home Depot parking lot in Sacramento.

The opinion [PDF] doesn’t cut corners or grant Trump’s DOJ more respect than it has earned. (It’s running in the red at the moment.) Multiple people who were arrested following a “targeted” operation, that saws mostly involved federal officers waiting in a Home Depot parking lot in hopes of rounding up day laborers, sued the government. The government has already lost once. This order clearly explains why the government is losing twice. Pretending conjecture is the same thing as established facts does nothing more than inform the court that you suck at your job.

The surveillance two days earlier somewhat contributes to understanding the statistical relationship, revealing that on one prior occasion, two out of a group of 20 individuals gathered in that location were noncitizens (roughly 10%). Yet, that statistic, which leaves the remaining 90% of the group unclassified, does little to dispel the concern that seeking work as a day laborer may be “[a] characteristic common to both legal and illegal immigrants.” See Manzo-Jurado, 457 F.3d at 937. Nor does it demonstrate that the Home Depot parking lot is used “predominantly” by noncitizens seeking day labor work.33 See id. at 936. Rather, the present record reveals little more than that the Home Depot parking lot is “a location . . . frequented by illegal immigrants, but also by many legal residents, [which] is not significantly probative to an assessment of reasonable suspicion.”

Yep. Fuck your “Kavanaugh stops.” Probable cause has never been “wow, they look kinda Mexican.” Hanging around places where you have a [checks government’s claims in support of its actions] 10% chance of catching illegal immigrants isn’t “probable.” It’s an inadvertent admission that you might be wrong 90% of the time.

The upshot of the ruling is this: The government needs to provide individualized reasonable suspicion, if not actual probable cause, to arrest migrants in California. The court does grant some concessions this DOJ definitely hasn’t earned, but at least it adds some guardrails:

The Court declines to preclude Defendants from using “boilerplate” when documenting stops and/or arrests pursuant to the PI Order and this clarification. However, Defendants are cautioned that copy and paste language may give rise to an inference that an individualized assessment was not made.

In short, if the government wants to claim its anti-migrant arrests are supported by reasonable suspicion and/or probable cause, it needs to show its work. And if the only work it can show has been cribbed from other cases, it should expect its overtures to be rejected by the court.

While this may not seem like much, it is at least worth the paper it’s printed on. The Trump administration seems incapable of flooding the zone at this point. It ran out of energy (and personnel) barely over a year into its unexpected resurrection. The DOJ no longer has enough lawyers to do everything the administration demands of it, much less press the dubious “but I’m a king tho” assertions Trump seems to feel it should be doing day in and day out.

Running a fast-break offense and a bet-you-miss defense only works until it doesn’t. The courts are delivering a counter-flood and the DOJ doesn’t have enough loyalists left to overpower the full-court press. The administration is headed towards an institutional collapse because whatever can be considered the “center” of this whirlpool of bigoted fuckwits will never hold. We’ll take every win we can get until we can finally celebrate the demise of a president who seems to think he’s the King George incarnation that makes his voter base so erect it will vote against its own interests.

Filed Under: 4th amendment, border patrol, cbp, dhs, doj, ice, mass deportation, trump administration

from the this-is-why-we-can’t-have-nice-things dept

There’s a meaningful push afoot to implement statewide “right to repair” laws that try to make it cheaper, easier, and environmentally friendlier for you to repair the technology you own. Unfortunately, while all fifty states have at least flirted with the idea, only Massachusetts, New York, Texas, Minnesota, Colorado, California, Oregon, and Washington have actually passed laws.

Passage can be a challenge due to the relentless lobbying of numerous industries that very much enjoy a monopoly over repair (especially tech and auto). New York State’s law, for example, was watered down by NY Governor Kathy Hochul after passage because tech companies didn’t like it.

The same thing is afoot in Colorado, where tech companies are trying to neuter that state’s right to repair laws. Colorado’s assortment of laws, which first appeared in 2022, have implemented protections covering wheelchairs, agricultural farming equipment, and consumer electronics, making it easier for consumers in all those sectors to afford repairs and gain easier access to parts, manuals, and tools.

But tech companies like Cisco and IBM have pushed Colorado lawmakers to sign off on  SB26-090, the Exempt Critical Infrastructure from Right to Repair law, which would neuter much of the protections under the pretense of making the public safer. As you might imagine, the companies’ are trying to use a definition of “critical infrastructure” that’s so large and vague as to render all the protections meaningless:

“I can point out at least five problems with the bill as drafted,” Gay Gordon-Byrne, the executive director at the Repair Association, said during the hearing. “The definition of critical infrastructure is completely inadequate. The definition that has been proposed in this bill is not even a definition.”

While tech company lobbyists have convinced the Colorado Labor and Technology committee to advance the bill, it still needs approval by the Colorado Senate and House, which may prove more difficult now that outlets like Ars Technica and Wired have shed a little light on the effort.

It’s worth pointing out that while eight states have now passed right to repair laws, none have actually enforced them despite numerous, ongoing infractions across countless industries. That’s something that’s going to need to change if state rhetoric on the subject is to be taken seriously.

Filed Under: colorado, consumers, hardware, lobbying, parts, prices, right to repair, tech, tools

A massive campaign impacting nearly 100 online stores using the Magento e-commerce platform hides credit card-stealing code in a pixel-sized Scalable Vector Graphics (SVG) image.

When clicking the checkout button, the victim is shown a convincing overlay that can validate card details and billing data.

The campaign was discovered by eCommerce security company Sansec, whose researchers believe that the attacker likely gained access by exploiting the PolyShell vulnerability disclosed in mid-March.

PolyShell impacts all Magento Open Source and Adobe Commerce stable version 2 installations, allowing unauthenticated code execution and account takeover.

Sansec warned that more than half of all vulnerable stores were targeted in PolyShell attacks, which in some cases deployed payment card skimmers using WebRTC for stealthy data exfiltration.

In the latest campaign, the researchers found that the malware is injected as a 1×1-pixel SVG element with an ‘onload’ handler into the target website’s HTML.

“The onload handler contains the entire skimmer payload, base64-encoded inside an atob() call and executed via setTimeout,” Sansec explains.

“This technique avoids creating external script references that security scanners typically flag. The entire malware lives inline, encoded as a single string attribute.”

When unsuspecting buyers click checkout on compromised stores, a malicious script intercepts the click and displays a fake “Secure Checkout” overlay that includes card details fields and a billing form.

Payment data submitted on this page is validated in real time using the Luhn verification and exfiltrated to the attacker in an XOR-encrypted, base64-obfuscated JSON format.

Sansec identified six exfiltration domains, all hosted at IncogNet LLC (AS40663) in the Netherlands, and each getting data from 10 to 15 confirmed victims.

To protect against this campaign, Sansec recommends the following:

• Look for hidden SVG tags with an onload attribute using atob() and remove them from your site files
• Check if the _mgx_cv key exists in browser localStorage, as this indicates payment data may have been stolen
• Monitor and block requests to /fb_metrics.php or any unfamiliar analytics-like domains
• Block all traffic to the IP address 23.137.249.67 and associated domains

As of writing, Adobe has still not released a security update to address the PolyShell flaw in production versions of Magento. The vendor has only made a fix available in the pre-release version 2.4.9-alpha3+.

Also, Adobe has not responded to our repeated requests for a comment on the topic.

Website owners/admins are advised to apply all available mitigations and, if possible, upgrade Magento to the latest beta release.

Automated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the other.

This whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic questions for any tool evaluation.

Get Your Copy Now

• Garmin has added fertility tracking to many of its best wearables
• The feature comes via a partnership with Natural Cycles
• It’s coming to the Fenix 8, Forerunner 570, Venu 4, and more

The best Garmin smartwatches are more than just fitness trackers these days — they can help you get a clearer picture of your overall health, with many metrics that extend well beyond exercise. That’s just been expanded further with the introduction of fertility tracking, which is bound for Garmin users thanks to a collaboration with Natural Cycles.

If you haven’t heard of Natural Cycles, it is currently the only birth control app cleared by the FDA. That means it’s well placed to enable cycle tracking on Garmin wearables and make understanding your fertility a little easier.

Our pets can’t speak up and tell us how they’re feeling, or why and where they are hiding. Tractive, an Austria- and Seattle-based tech company that creates GPS tracking devices for pets, announced on Wednesday two new smart collars that, according to the press release, “will redefine pet care for millions of families.”

Is your pet stressed, breathing unusually or scratching too much? Much like the basic health-tracking features you can find on a smartwatch, the collars — the Cat 6 Mini ($79) and Dog 6 XL ($89) — are designed to track this behavior and communicate the issues to help maintain your dog or cat’s quality of life.

“Pets can’t tell us when something is wrong, but their bodies can,” Michael Hurnaus, CEO and founder of Tractive, said in a statement. “With cutting-edge sensors on every tracker, learnings from millions of pets and AI-powered insights, we’re turning one of the world’s largest pet data platforms into clear, simple information so pet parents can act sooner and care even better.”

When it comes to tracking collars, dogs have usually been the target pet audience for such devices. Tractive’s new Cat 6 Mini collar aims to provide the same service for your feline friend. You can use it to monitor your cat’s respiratory rate and resting heart rate and identify any health concerns early. It’s expected to ship on May 31.

The Dog 6 XL collar, an upgrade from the company’s previous dog wearable, is designed for dogs weighing over 55 pounds. It’s more durable for outdoor use and offers up to four weeks of battery life between charges. It comes equipped with a scratch-monitoring system that flags unusual scratching behavior caused by allergies, skin irritants and other stressors. 

You can also use the app to access your pet’s travels and mark safe zones regarding walks, entries and exits. An AI-powered health hub displays your pet’s overall health stats and also acts as a GPS tracker in case your dog or cat goes missing. 

How would a veterinarian interact with the data collected on the device? 

A Tractive representative told CNET, “In our experience, veterinarians are most interested in baseline resting heart and respiratory rate, so it’s less about monitoring these vitals in real time during recovery from anesthesia/acute care and more about understanding if the baseline is changing day to day to identify the onset of new conditions or manage existing ones.” 

Even though the collars use a SIM card and require a strong cellular connection to work properly, they can capture activity, sleep and health data while offline. However, without connectivity, the devices “ultimately will not provide any utility,” the representative confirmed.

You’ll need to download the accompanying app and select a separate subscription plan at an added cost. The one-year plan costs $120, the two-year plan costs $168, and the five-year plan costs $300. 

A $500,000 “Survivor”-style corporate retreat for 120 Plex employees in Honduras “turned into a week-long disaster involving illness, wild animals, armed guards, and employees stranded on a remote island,” reports the Daily Beast. The CEO was bedridden by E. coli, staff were collapsing in brutal heat during Navy SEAL-led drills, there were fire ant attacks, uncooked food, and failing utilities. At one point, a porcupine even crashed through the ceiling of a guest’s room. Here’s an excerpt from the report: Tech media company Plex flew its 120 employees to a Honduran resort in 2017 for what was billed as a Survivor-style getaway. They called it “Plexcon.” The first harbinger of trouble was an email that arrived before the group departed, informing them that the hotel manager and chef had both quit within days of each other. Things went sharply downhill from there.

CEO Keith Valory, 54, had flown out a day early, intending to channel his inner Jeff Probst and welcome his staff off the buses like a game show host. Instead, he spent the arrival morning flat on his back. “I got E. coli, which is maybe the worst thing you could get, possibly, ever,” Valory told the Wall Street Journal this week. “Just as people were arriving on the buses, I was like, ‘Uh oh.’ I lost 8 or 10 pounds. They had a doctor come to me, which apparently is pretty standard. They nailed an IV bag to the bedpost.”

With the CEO incapacitated, chief product officer and co-founder Scott Olechowski, 52, stepped in to run proceedings — beginning with a forced eating challenge in which one employee had to consume a dead tarantula. […] Sean Hoff, 42, founder of Moniker Partners, the independent retreat agency that planned the trip, was running himself ragged attempting damage control — the showers, water, and electricity kept cutting out. […] Meanwhile, senior software engineer Rick Phillips, 53, was trying to sleep when he heard a crash in his room. He ignored it until morning. “I got up and went over to get in the shower, and there was a porcupine,” he said. “It must have climbed a tree and fallen through the ceiling.”