Instagram users could soon see more ways to tune their content, according to a recent post from Instagram head Adam Mosseri.

Specifically, Mosseri was showing off new ways that users might access Your Algorithm, a feature that allows them to specify which topics they want to see more of, and less of. Instagram launched Your Algorithm last year and has been introducing it to more areas of the app.

“We want to evolve Your Algorithm from a setting to something that feels central to your experience on Instagram,” Mosseri said. He also noted, “Some of this is testing now, some is coming soon, some might not work.”

The examples in his post include one where pulling down in your Instagram feed eventually brings up the Your Algorithm menu, and another where swiping up from a Reel could bring up a similar customization prompt. A third shows buttons beneath each Reel to indicate whether or not  you want to see more Reels like it.

The most popular comments on Mosseri’s post all make the same request. As one user put it, “WE JUST WANT OUR ALGORITHM TO SHOW THE PPL WE FOLLOW.”

Anyone who has squinted at a cramped laptop screen while trying to reference one document and type in another understands the daily friction of limited space. This monitor from ASUS cuts through that friction on its 15.6″ MB169CK portable monitor, priced at $75.05 (was $109), with a design focused on simplicity and adaptability.

A single USB-C cable connects to the screen and supplies both the video feed and power for the display, eliminating the need to carry a separate power adapter. This is especially beneficial if your laptop supports pass-through charging, as it will keep your primary computer running while you’re connected to this display. The weight is slightly under 800 grams with the stand attached, and the design is only 12 millimeters thick. That means it will fit easily into most laptop bags and you won’t have to rearrange your things.

Sale

MNN Portable Monitor 15.6inch FHD 1080P 60Hz USB C HDMI Gaming Ultra-Slim IPS Display w/Smart Cover…

• Full HD Portable Monitor – MNN 15.6inch portable laptop monitor with 1920*1080 resolution, advanced IPS matte screen support 178° full viewing angle…
• Double Type-C Port -For Plug & Play, the MNN monitor provides 2 Full Feature Type-C ports. Only One USB Type-C Cable is required to connect to the…
• Lightweight Ultra Slim for Travel – As a portable external monitor,MNN portable laptop monitor easily accommodate to every suitcase and backpack and…

The supplied stand is detachable, screws into the rear, and can spin 360 degrees. You can set it to landscape for a large spreadsheet or portrait for reading long reports or cramming code into a compact space. If you need to get the stand out of the way, you simply remove it and the entire unit will sit flat. Alternatively, use the stand’s cutout to hang the screen from the rear of a hook.

We’re talking Full HD resolution on that 15.6-inch IPS panel, so image quality is a big plus here. The viewing angles are also excellent, so it doesn’t matter if there are a lot of people staring over from the side, and the IPS display easily handles wide angles. We’ve also included an anti-glare coating to keep everything looking beautiful even with normal indoor lighting, as well as a blue light filter and flicker-free technology to help you get through your workflow without straining your eyes.

At home, this becomes a useful little station for doing serious work. You can arrange it in portrait next to your laptop, with reference materials on one side and the main task on the other, and then simply pack it away when you’re finished. There is no need to leave any permanent mounts or extra cables behind. Students will find that this monitor is a game changer in the library or dorm room; with the extra real estate, you can have a notebook and your source materials on one screen and only use the other for the task at hand, eliminating the need to constantly switch windows, and because it’s so portable, it’s easy to throw in a backpack alongside your books and laptop.

This is a lifesaver for professionals who are constantly on the run. You can simply plug it in and go, making it ideal for presentations, data review, or client work where you need to be able to wrap your head around a variety of different bits of information at the same time. The mini-HDMI port is a nice touch, allowing old systems with a USB-C connection to breathe a little easier.

Of course, for travelers, the lightness is what saves the day. Even with a full laptop set up inside your luggage, you won’t feel too burdened down. Setup in a hotel room or cafe takes seconds, and the 360-degree stand adapts to any surface you place it on. ASUS’ software even allows you to instantly switch between landscape and portrait mode based on how you hold the device, eliminating the need to navigate the menus.

Security

Personal cell phones on protective missions, no threat detection on government-issued devices among the litany of sins

It seems like nobody wants to carry a work phone and that includes even those charged with protecting the US president. The US Secret Service’s extremely lax mobile phone security practices – including using unsecured personal devices during mission operations – put America’s leaders’ and agents’ lives at risk, according to a government-issued report.

Secret Service agents routinely used personal cell phones to communicate with law enforcement and each other, including during protective operations in the US and overseas, because their government-issued devices lacked the capabilities they needed to perform their missions, according to a federal review ordered after the 2024 assassination attempt against President Trump in Butler, Pennsylvania.

Even when Secret Service employees did use government-furnished equipment (GFE), these mobile devices didn’t have sufficient security to “ensure real-time, continuous protection from cyberattacks by foreign adversaries or individuals,” according to a report by the Department of Homeland Security inspector general.

The inspector general’s investigation also found vulnerable apps on these GFE mobile devices. 

In addition to being prohibited – Homeland Security policy only allows Secret Service employees to use GFE devices for official business – using personal cell phones is especially bad from a cybersecurity perspective. 

As we have seen time and time again, government employees’ personal devices and private communications provide highly attractive targets for foreign spies or even homegrown criminals plotting attacks against elected leaders. 

Secret Service agents’ phones can also reveal mission-related details, geolocation – and, by proxy, the US president, vice president, and visiting heads of state’s geolocations – as well as photos, contacts, and other personal information such as family members and home addresses. 

Since these personal devices are not managed or secured by the US government, it’s much easier for attackers to plant surveillanceware and other malware on them.

“If a personal device is jailbroken, infected with malicious code, or not up to date on security software, an adversary could intercept device communication,” according to the report. “Outdated and vulnerable apps could enable malicious actors to conduct surveillance, track locations, or record employees’ communications. Connecting to unsecured networks may also allow cybercriminals to access data or install malware.”

The inspector general reviewed call and text logs from Secret Service GFE mobile device records from October 2022 through May 2025, and found more than 15,000 instances among 4.8 million calls in which employees sent and received calls from colleagues’ personal phones while working protective events. 

Investigators also examined travel vouchers for Secret Service employees who travelled internationally between October 2022 and April 2025. They found 30 employees who claimed reimbursement for using personal phones for official, government business. Most of these (23 of the 24 interviewed) said they needed to use their personal cell phones during nearly every foreign assignment.

Plus, they used personal mobile devices as hotspots to provide internet access for government-issued laptops, or to access websites blocked on GFE phones. 

Even when employees did use government-issued devices on overseas trips, these phones also lacked basic security, the investigation found. For example: the Secret Service did not begin installing mobile threat defense software on any GFE phones until August 2025. Nor did the agency consistently wipe data from GFE devices after employees returned from international missions despite Secret Service policy requiring employees to do this within 24 hours of returning to the US.

Do these 5 things

As a result of its findings, the inspector general made five recommendations to improve mobile device security. These include implementing a formal policy to ensure government-issued devices have all the needed capabilities to ensure mission functions can be conducted securely, and also ensure all employees complete cybersecurity awareness training, as required by the Secret Service.

The report also recommends the Secret Service office of the chief information officer do a better job communicating to employees that the use of personal devices is not allowed for official business, and implement controls to wipe all mobile devices returning from international missions.

Finally, the inspector general also recommends an updated vulnerability testing policy be applied to all mobile app code. 

The Secret Service “concurred” with all five recommendations. 

We reached out to the Secret Service about the report and recommended actions, and a spokesperson declined to comment beyond a letter from Secret Service Director Sean Curran included in the report. 

Curran said, among other things, that in response to the inspector general’s findings, the agency made “several comprehensive enhancements to Secret Service communications policies and protocols to both mitigate the potential for adversaries to intercept and exploit Secret Service information, as well as further strengthen the protective environment.”®

Now that Amazon Prime Day is over, it’s time to start gearing up for Fourth of July sales. Most large retailers pivoted their summer-sale timing to compete head-on with Amazon’s accelerated schedule, but you can still snag great deals this July 4th, particularly in active and outdoorsy categories.

REI has the hottest sale of the weekend as far as the WIRED Reviews team is concerned, but there are notable midsummer sales on other sites we shop, like Backcountry, Home Depot, and Lululemon. Also, make sure you don’t sleep on Duer.

The outdoorsy Canadian clothing brand makes highly functional classics that subtly incorporate performance elements like Tencel fabric and strategic triple-stitching. The No Sweat Relaxed Taper pants have been a weekly wear for me for years; they’re as comfy as sweatpants but look dapper enough to wear to a business meeting, while being durable enough for a weekend camping trip.

Duer rarely has sales, and prices typically hover around $100 for pants and $50 for a shirt. Those aren’t outrageous prices, but most guys I know won’t build a wardrobe primarily from $50 tees. In the run-up to July 4th, you can save around 20 percent on a few of the brand’s most popular pants and up to 35 percent on some styles of shorts and long-sleeve shirts.

For the last few months, I’ve had a handful of Duer garments in rotation: Performance Denim+ Straight, Live Lite Traveller Pant, Air Flow Pique Polo, PurePima Only Tee, and the aforementioned No Sweat Relaxed Taper.

In addition to my beloved No Sweat pants, the pima cotton tee (some styles of which are on sale) is a big winner. It’s soft and still fits great after two trips through the washer and dryer. It’s getting serious consideration for being my new favorite black T-shirt. (I would suggest the brand start claiming it’s the best T-shirt in the world so as to be eligible for our tailor-judged shootout of men’s shirts.)

The pique polo is also great (the Hazy Mauve color is currently discounted), as it’s super breathable, holds an appropriately stiff collar without feeling too rigid, and also keeps its shape perfectly through two washing cycles.

If you’ve got summer travel or a camping trip coming up, this clothing could be nice to bring with you.

Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.

It’s going to be a “messy” summer for security folks, especially when it comes to fixing the open source code that underpins their organizations.

That’s according to Dan Lorenc, CEO and co-founder of Chainguard, a software supply-chain security company leading Athena, a newly formed coalition of about two dozen companies that wants to make the process of finding and fixing open source bugs “as easy to consume as possible.” 

The members have committed to using AI to prevent attacks on open source software. In addition to Chainguard, other founding member companies include BNY, Cisco, Cloudflare, Corridor, DepthFirst, Docker, JPMorganChase, Kyndryl,  LTM, and PwC.  

Many of these member companies are also partners with Anthropic’s Project Glasswing and OpenAI Daybreak, which allow them to try out the pair’s most advanced bug-hunting models. The coalition accepts vulnerability findings generated by all frontier models, according to Lorenc.

Athena has already processed more than 20,000 findings and developed over 2,000 patches across 500 open source projects. 

In about three weeks, the coalition’s first wave of bug disclosures will begin.

“This is going to be a messy summer for everyone,” Lorenc told The Register in a phone interview.

“I know there’s still a percentage of people who think it’s all fake and marketing,” he said, talking about the newest, most advanced frontier models like Anthropic’s Mythos and OpenAI’s GPT‑5.5‑Cyber.

“The stats and data we’re seeing are so scary – if you just keep running scans on the same libraries and same code, it just keeps finding more [vulnerabilities],” Lorenc said. “We haven’t seen that curve start to bottom out yet.”

Chainguard isn’t part of Glasswing or Daybreak, but many of its customers and partners are. 

“Put yourself in the shoes of someone with Glasswing access,” he said. “You get this crazy, new model that can find vulnerabilities everywhere, that no one had seen and you had missed for years with all of your other tooling. You run it on your code, and it finds tons of stuff in your first-party code, the stuff that you’ve written, and you fix all of that.”

After running Mythos Preview on all of your organization’s proprietary code, imagine pointing the model at an application. Most modern apps contain a mixture of code from different sources, mostly third-party. According to Lorenc, 95 percent of the code in any of these codebases is open source.

“When you run [advanced models] at the application level, you find a ton of vulnerabilities in open source code that you can’t fix for yourself the same way you can that first-party code,” Lorenc said. “So then you’re left with: what to do?”

By now, most people are familiar with vulnerability disclosure processes and know they need to report these flaws to open source project maintainers. 

“But when the numbers start getting this large, and you’re finding thousands of these [bugs] at a time, and they’re across tons of projects you didn’t even know you were using before you ran this tool, and you don’t even know how to contact the people, you kind of get stuck,” he said. 

The only guarantee in the entire disclosure process is that attackers are moving quickly and the time to exploit – that’s the time between a CVE’s public disclosure and first confirmed in-the-wild exploitation – has essentially collapsed.

A clearinghouse for bug reports

This may mean that your application is vulnerable to attack even before someone develops a patch. “Then you’re putting yourself at risk – and you were already at risk before you ran these scans, but no one else knew about it,” Lorenc said. “In an unintended way, [AI] has created this pickle for everyone.”

In May, Anthropic said it used Mythos Preview to scan more than 1,000 open-source projects, which also underpin much of its own infrastructure, and found an estimated 6,202 high or critical-severity vulnerabilities in these projects.

“It’s a super awkward, strange world and timeline we are all living in,” Lorenc said. “There’s a ton of pressure because all of the frontier models are getting better, and the open models are getting better, and they’re going to be able to start discovering these at the same time, too. So, that’s what we’re trying to help with: to be that clearinghouse for critical industry.”

Athena coalition members submit vulnerabilities they find in open source code using any frontier model. Sometimes they find these bugs while scanning their own apps. In other cases they discover them after pointing Mythos or GPT‑5.5‑Cyber at a commonly used library, Lorenc said.

The companies submit a full report to Chainguard, which acts as a clearinghouse, deduplicating, correlating, and addressing findings from members in batches across entire libraries, hardening them against classes of vulnerabilities instead of just one bug. 

Affected projects are rebuilt as private, hardened versions available to Athena members through Chainguard Libraries before vulnerabilities are publicly disclosed – and hopefully addressed upstream – a month later. For maintainers that can’t make a permanent fix, Athena acts as a “maintainer of last resort,” according to Lorenc.

On Thursday, the Linux Foundation joined the effort and announced Akrites, an industry coalition to defend open source software against AI-enabled threats, by finding and fixing vulnerabilities. Akrites establishes a shared Security Incident Response Team (SIRT) and a standardized Coordinated Vulnerability Disclosure (CVD) process.

Founding companies include Amazon Web Services, Anthropic, Chainguard, Cisco, Citi, Endor Labs, Ericsson, Google, IBM, JPMorganChase, Microsoft and GitHub, Nvidia, OpenAI, RapidFort, Red Hat, Rust Foundation, Sonatype, Vodafone, and Zscaler.

“As AI finds more vulnerabilities, the industry will rush to patch them. Without coordination, those fixes will fragment across different patches and forks, and maintainers who are already overwhelmed, unreachable, or haven’t touched a project in years,” Lorenc said, adding that Akrites provides a coordinated way to fix flaws upstream before criminals exploit them.

Plus having a dedicated SIRT gives maintainers a single partner – and disclosure -to work with on remediation instead of a hundred uncoordinated reports.

“Now the work is making sure there’s always someone on the other end to catch them,” Lorenc said. ®

The FBI and CISA have warned that Russian intelligence hackers are now targeting Signal users’ backup recovery keys, an escalation of a phishing campaign that has already compromised thousands of accounts worldwide. The updated advisory, published Thursday, says that handing over the key once gives attackers the ability to restore an account’s backup, read its entire private and group message history, and take over the account.

The key keeps working even after the victim changes phones. If a target creates a new account on the same phone number, the old recovery key can still be used to access future backups, the advisory warns. The only fix is to generate a new key in Signal’s settings, which invalidates the old one for future downloads but cannot recover anything the attacker has already pulled.

The advisory, designated PSA I-062626-PSA, adds two public tracking names the FBI’s March notice did not include: UNC5792 and UNC4221. The bureau ties the activity to multiple Russian Intelligence Services groups, including FSB officers embedded with the FSB Border Guards and others working for the Russian military. The campaign targets both Signal and WhatsApp, though the recovery key tactic is specific to Signal.

The 💜 of EU tech

The latest rumblings from the EU tech scene, a story from our wise ol’ founder Boris, and some questionable AI art. It’s free, every week, in your inbox. Sign up now!

The targets are individuals the FBI describes as being of “high intelligence value,” including current and former US and international government officials, military personnel, political figures, journalists, and officials in Ukraine. The March advisory said the broader campaign had already compromised thousands of accounts worldwide.

The phishing messages pose as Signal support. Earlier waves asked for SMS verification codes and account PINs, or used doctored “group invite” links that silently linked an attacker’s device to the victim’s account. The updated version walks targets through turning on Signal backups, opening the recovery key screen, and pasting the key into the chat.

The FBI published two sample messages used in the campaign. One is disguised as a mandatory two-factor authentication rollout, and the other poses as an urgent “data recovery” fix for messages supposedly at risk of being lost. Both are social engineering attacks that exploit trust in a platform’s own interface rather than technical vulnerabilities.

The agencies are clear that none of these techniques break Signal’s encryption or the app itself. The attackers compromise individual accounts through social engineering, then walk in through a legitimate feature. It is a pattern that has become increasingly common across security products, where the weakest link is the person holding the device, not the cryptography protecting the data.

Alongside the advisory, the State Department’s Rewards for Justice programme is offering up to $10 million for information on UNC5792. The activity overlaps with earlier warnings from Dutch intelligence agencies AIVD and MIVD, Germany’s BfV and BSI, and France’s ANSSI. Google’s Threat Intelligence Group first documented UNC5792 abusing Signal’s linked-device feature in early 2025 and later observed the same tradecraft targeting WhatsApp and Telegram.

The campaign is a reminder that end-to-end encryption protects messages in transit but cannot protect users who are persuaded to hand over the keys themselves. Anyone who receives a message inside Signal asking for a recovery key, verification code, or PIN should treat it as hostile, regardless of how convincing the sender appears. Signal does not message users inside the app to request credentials.