Blogroll

In celebration of Memorial Day and as summer approaches, now is the perfect time to head to Home Depot and score some tools for DIY projects. If you need some new tools or additional battery packs, you'll be happy to hear Home Depot's buy-one-get-one deal is back, not to mention huge savings on power tools that you don't want to miss.

With most Android phones now shipping without a charger in the box, picking the right aftermarket charger has become more important than ever. Luckily, the USB Power Delivery (USB PD) standard has made this much easier by standardizing fast charging across brands.

I've been building PCs for 20 years, so it goes without saying that I've also done my fair share of troubleshooting various problems for myself, but also for friends, family, and random strangers on the internet. It's a tedious process, and prior to a few years ago, it involved strong googling skills. These days, many people turn to an AI chatbot of their choice and save themselves from sifting through various articles and forums.

Tesla has issued a slew of recalls for the Model Y and Cybertruck, including one over missing labels that could lead to crashes.

A new report in Security Week warns about a cyberattack that infected 5,561 GitHub open-source repositories with malware.

Cybersecurity researchers at SafeDep detailed how the May 18 supply chain attack, dubbed Megalodon, took advantage of GitHub Actions workflows to ultimately harvest user credentials and other data. A full list of the compromised GitHub repositories is available in the SafeDep security report.

The report also details how the hackers pulled off the attack:

On May 18, 2026, an automated campaign codenamed megalodon pushed 5,718 malicious commits to 5,561 GitHub repositories in a six-hour window. Using throwaway accounts and forged author identities (build-bot, auto-ci, ci-bot, pipeline-bot), the attacker injected GitHub Actions workflows containing base64-encoded bash payloads that exfiltrate CI secrets, cloud credentials, SSH keys, OIDC tokens, and source code secrets to a C2 server at 216.126.225.129:8443.

A blog post at StepSecurity also documented the details of the attack.

"Megalodon is a textbook direct Poisoned Pipeline Execution (d-PPE) attack, a class of CI/CD attack where an adversary with write access to a repository injects malicious code directly into workflow definition files, causing the CI system to execute attacker-controlled commands on the next pipeline run," the blog post reads. (Emphasis in original.)

SafeDep researchers warned GitHub users affected by the attack to revert their repositories and audit all workflow files.

On May 20, GitHub published a blog post about unauthorized access to GitHub-owned repositories via a compromised employee device, but the company hasn't said anything about the alleged Megalodon attack.

However, on April 1, the company published a blog post detailing a new trend of cyberattacks on the open-source supply chain, which often begin by compromising GitHub Actions workflows, as in the Megalodon attack. The blog post includes tips for open-source projects on how "to secure your GitHub Actions workflows" to prevent exactly these types of attacks in the future.

I've run a NAS for years, but it always felt like something was missing. Adding a Raspberry Pi to the mix changed everything. It's a small, cheap upgrade that quietly solved problems I didn't even know I had.

As a movie enthusiast, I’m always looking for a good thriller with a unique story where tension, danger, and uncertainty reign supreme. Whether it’s psychological mind games, a high-stakes mystery, or pulse-pounding action, it should tap into something primal that keeps me on the edge of my seat, with my eyes glued to the screen.

Krispy Kreme employees affected by a Nov. 2024 company data breach can still claim their portion of a $1.6 million pie.

The class action lawsuit was brought forth by impacted individuals after their personal information — including names, dates of birth, Social Security numbers, biometric data, and financial account credentials — was exposed in a 2024 cyberattack targeting the company's employee data. Krispy Kreme disclosed the breach in December 2024 and settled the class action case in March.

But the June deadline to claim your money is fast approaching.

The data breach impacted 161,000 current and former Krispy Kreme employees; individuals whose information was exposed should have received a notice from the company via email.

If you believe you were affected but didn't receive an alert, you can contact the settlement administrator at (877) 239-1879.

The deadline to file a claim online or by mail is June 22.

Settlement class members can either submit an itemized claim form for up to $3,500 in losses, or accept a $75 single time payment. If you want to opt out of the settlement, you have until June 6 to decline either online or by mail.

Want to learn more about getting the best out of your tech? Sign up for Mashable's Top Stories and Deals newsletters today.

As a family with kids, we have far more stuff than can comfortably fit in our home. Thankfully, there's a useful attic where we can dump stuff when it's not in use. In the past, finding things in the attic involved hunting through multiple storage bins, but some cheap NFC tags solved the problem.

Most people set up Google Wallet once for payments and never open it again. Once your credit or debit cards are loaded onto it, people simply tap and pay, and often don’t realize that Google Wallet holds a lot more potential.

At the time of writing, CachyOS sits in the #1 spot on DistroWatch. It’s been getting a lot of attention, and honestly, much of it is deserved. But there’s another Arch-based distro that doesn’t get nearly as much love, and I think it’s the better pick for most people—I’m talking about Garuda Linux. I’ve run both distros on real hardware, and here’s why I believe Garuda is better than CachyOS in the ways that actually matter.

Most people use Claude the same way. Open the app, type a question, read the answer, close the tab. It's useful enough that way and, in fact, better than a Google search for a lot of things. But if that's all you're doing, you're getting maybe 20% of what Claude actually is.

Your mini PC, or most mini PCs you might find for purchase new or used, probably comes with just one single Ethernet port. Yet, for full-size PCs it's becoming more common to have dual Ethernet ports as standard.

ITER is the world’s largest fusion reactor project, bringing together scientists from around the globe to pursue clean fusion energy. The goal is to recreate the same process that powers the sun and turn it into a usable energy source on Earth. Here’s a closer look inside one of the most ambitious scientific projects ever attempted.

If there is anything at all I'm obsessed with, it has to be modding Android devices/Fire Tablets and reading comics, books, magazines, and anything else I can get my grubby little hands on.

If you're just getting started with self-hosting apps and services in your homelab, there are a number of mistakes you should try to avoid. These are the five biggest mistakes that I see self-hosters make, and how you can avoid them.

SpaceX launched Flight Test 12 of its reusable Starship Version 3 rocket from Starbase in South Texas. The mission included deploying 22 Starlink satellite dummies, including one carrying a camera that captured views of Starship’s heat shield during flight. The test ended dramatically as SpaceX continued pushing development of the massive rocket system.

Android owners have two main smartwatch brands to choose from: Samsung Galaxy Watch or Google Pixel Watch. I’ve spent extensive time with both, but I just recently switched back to a Galaxy Watch after wearing a Pixel Watch for the last couple of years. I’ll explain why.

One of the biggest problems I have with AI is that it can do so many things that it's hard to know where to start. I decided to see if Claude could solve one of my biggest frustrations. The results were impressive, and I barely had to lift a finger.

Hybrid watches have always seemed like an interesting concept to me. I'm someone who loves tech, but when it comes to watches, nothing beats the aesthetics, reliability, and simplicity of a traditional wristwatch. Although the idea of adding smart features to a traditional watch sounds like a match made in heaven, it never quite comes together in reality.