When is the Black Ops 7 release date? This June, Activision dropped a casual reveal trailer for the next game in the Call of Duty line-up as part of a jam-packed Summer Game Fest weekend. The annualised series tends to bounce between Black Ops, Modern Warfare, and other Call of Duty sub-series, giving the respective teams time to bring their game to fruition.For the first time in Black Ops history, however, were going straight from one BO game to another following 2024s Black Ops 6. That said, were not continuing the story where it left off. Instead, Black Ops 7 takes us to a futuristic 2035, 40 years on from the 90s setting of BO6. Familiar faces do return in the FPS game, though, while mind-bending chaos takes the series to a place its never been before. Heres everything we know about the BO7 release date so far. Continue reading Call of Duty Black Ops 7 release date estimate, trailers, story, and latest newsMORE FROM PCGAMESN: Best FPS games, Best multiplayer games, Best single-player games

Every iPhone getting iOS 26: Is yours on the list? If you've been holding onto an older iPhone, it might be time to upgrade.  By ...

This rich and decadent seafood mac and cheese recipe features three types of cheese, crab meat, shrimp, and an Old Bay potato chip crumble to top it all off.

Don't settle for subpar frozen fries. Take your next serving of spuds from bland to brilliant with the right additions and cooking techniques.

It comes in so many colors!READ MORE...

I use them every single day!READ MORE...

Now that watchOS 26 has been officially announced, you should read this article before updating your Apple Watch to the first developer beta (or before you download the public beta next month). Long story short, unlike other operating system updates, Apple doesn't allow Apple Watch users to downgrade from a beta version to a stable one.As such, if you experience any critical bugs on your Apple Watch with watchOS 26 beta 1, you won't be able to go back to watchOS 18.5, as you would be able to do with iOS 26/iOS 18.5. With that in mind, you should only update to the first beta if you are a developer who wants to try the latest features to prepare your app for later in the fall.Even when Apple releases a public beta in July, we still wouldn't recommended downloading the watchOS 26 beta on your device for the same reason. If you plan to install the beta anyway, here's how you can get the update and its exciting new features.How to update your Apple Watch to watchOS 26 betaImage source: Jos Adorno for BGRTo update your Apple Watch to watchOS 26 beta 1, you need to update your iPhone to iOS 26 first. Follow the steps below to install the iOS 26 beta:On your iPhone, open theSettingsappTap onGeneraland thenSoftware UpdateTap onBeta Updatesand change theiOS 18 Developer Betato iOS 26 Developer BetaOnce you update to iOS 26, here are the steps to get the watchOS 26 beta:On your iPhone, open the Watch app;Tap onGeneraland thenSoftware UpdateTap onBeta Updatesand change thewatchOS 18 Developer Betato watchOS 26 Developer BetawatchOS 26 featuresImage source: Apple Inc.Apples visionOS-inspired Liquid Glass design brings new visual effects to all of Apples operating systems, including watchOS 26. Expect to see shimmering light reflections and refractions when interacting with menus and buttons on the Apple Watch.Apple also added a new Workout Buddy feature in watchOS 26. Powered by Apple Intelligence, it will access your Workout and Fitness history to offer personalized insights for your training sessions. The AI feature will analyze data privately and securely.In order to use Workout Buddy, you'll need Bluetooth headphones connected to your device and an iPhone that supports Apple Intelligence. Itll support some of the most popular workout types, including Outdoor and Indoor Run, Outdoor and Indoor Walk, Outdoor Cycle, HIIT, and Functional and Traditional Strength Training.Don't Miss: watchOS 26: Liquid Glass design, AI Workout Buddy, and third-party widgetsThe post Dont download the watchOS 26 beta before you read this appeared first on BGR.Today's Top DealsTodays deals: $15 Amazon credit, rare PS5 Pro sale, $263 HP Stream laptop, $298 Sony XM5 headphones, moreBest Ring Video Doorbell dealsTodays deals: Nintendo Switch games, $5 smart plugs, $150 Vizio soundbar, $100 Beats Pill speaker, moreBest deals: Tech, laptops, TVs, and more sales

At Monday's WWDC conference, Apple announced the new macOS Tahoe, which comes with a series of updates related to Apple Intelligence, continuity features with the iPhone, and Spotlight search.

Penetration testing (or pen testing) is an authorized, simulated cyberattack designed to test the security of a production system.Ethical hackers perform penetration tests, emulating the behavior of cybercriminals to evaluate your softwares security and identify any weaknesses. During a pen test, these cybersecurity specialists use a range of techniques to attack a system. Once they have gained access, their goal is to demonstrate the potential damage that somebody could do during a real attack.Penetration testing is an effective way to identify and prioritize security flaws in your software, protecting both your organization and users from cyberattacks. See also: SAST vs DAST: Differences And When to UseWhy is penetration testing important?Cybercriminals typically seek to steal sensitive data, such as company IP, financial information, or users data, and/or disrupt operations. A successful cyberattack can result in serious reputational and financial damage (enough to jeopardize the future of your business) and may also expose you to liability and regulatory penalties.With cyberattacks becoming increasingly common, the importance of software security cannot be overstated. A penetration test provides a realistic assessment of how well your system will withstand a cyberattack and identifies weaknesses that you should address. Why penetration testing matters: risk vs. resilienceWithout penetration testingWith penetration testing Unknown vulnerabilities remain hidden in your code or infrastructure Known exploits are identified before attackers can abuse them High risk of data breaches, IP theft, or operational disruption Stronger defenses built around real attack simulations Financial losses from fines, lawsuits, or ransom demands Demonstrated compliance with ISO27001, HIPAA, and other standards Reputational damage after publicized incidents Customer trust reinforced through visible due diligence Delayed response to incidents you didnt anticipate Faster remediation guided by expert pen test reportsAn external penetration testing service will provide a detailed report of the attempted attacks, the exploits found, and the potential harm that could be inflicted.As a proven security testing technique, penetration testing is recommended by several security standards and regulations, including ISO27001 and HIPAA. Running regular pen tests (and acting on the findings) can be used to demonstrate due diligence and compliance with these standards.Black box, white box, and gray box penetration testingDepending on your goals, you can run penetration tests using a black box, white box, or gray box approach. The different approaches refer to the amount of information provided to the pen testers in advance of the exercise.Black box testingAlso known as opaque box or blind testing, this approach simulates an attack by an outsider. In a black box test, the pen testers are given only the name of the organization or product under test. Its then up to them to glean whatever information they can to mount an attack.To make the test even more realistic, you can run a double-blind pen test, in which employees of your organization are unaware that the test is happening.Gray box testingIn a semi-opaque or gray box test, pen testers are given some information in advance. This might include system diagrams or design documents, or potentially credentials for a part of the system or a related service. Taking a gray box approach simulates an attack following a leak of confidential information or the actions of a disgruntled employee.White box testingWith a transparent or white box approach, pen testers have access to all the source code, binaries, containers, and any other artifacts of the system. While not a realistic attack, a white box penetration test is the quickest way to conduct this type of test and can be useful if you want rapid feedback so you can address security flaws quickly. Once you have addressed any issues, you may want to follow up with a black box test to ensure nothing has been missed.Vulnerability scanning vs. penetration testingAn effective cybersecurity strategy should involve multiple levels of security testing. This includes both automated vulnerability scans, such as Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), as well as manual techniques like pen testing.Vulnerability scanners check your source code or software systematically for known security flaws. Because they are reasonably quick to run and require no manual intervention, they are ideal for inclusion in your automated CI/CD pipeline. Vulnerability scanning vs. penetration testingAspectVulnerability scanningPenetration testingTypeAutomatedManualTechniquesSAST, DAST, predefined rule setsSimulated real-world attacks by ethical hackersScopeSource code, known vulnerabilitiesEntire system: code, infrastructure, social engineering, physical securityDetection abilityFast and repeatable; ideal for frequent useSlow; time-intensive due to human effortCostLow; can run in every CI/CD cycleHigh; typically done a few times a yearIdeal use caseContinuous feedback in CI/CD pipelineIn-depth analysis for high-risk releases or compliance needsLimitationsDoesnt test exploit feasibility or user behaviorNot scalable for every build; limited frequencyBest when combined withPenetration testing for real-world attack simulationAutomated scans for consistent baseline coverageThis ensures you get regular and rapid feedback on each set of code changes, allowing you to address any new security issues quickly and efficiently.On the other hand, automated security scans can only ever discover the issues theyve been programmed to detect. As a result, they cannot identify new vulnerabilities or combinations of exploits. The fully automated process also carries a higher risk of false positives. This is where pen testing can offer advantages.Penetration testing is a form of manual security testing that involves skilled individuals mounting realistic attacks on your system. In addition to checking for common vulnerabilities, pen testers often chain exploits together, leveraging each small weakness in the same way an attacker would to gain access to a system.Pen testers also look beyond the codebase, exploiting social engineering tactics and physical security gaps to compromise systems. As a result, penetration tests can reveal flaws in your defenses that might go unnoticed by automated security tests.The downside of pen tests is that they are expensive and time-consuming to run. How frequently you run penetration tests will depend on your risk profile and budget, but it is typically a few times a year or less.If youre releasing changes frequently, penetration testing alone is not enough to defend against cyberattacks. However, by combining pen testing with vulnerability scans and other automated security tests, you can leverage the benefits of each approach. Find out more about automated testing from our CI/CD guide.Types of penetration testingPen testing can involve a range of methods. Rather than focusing on a particular type to the exclusion of others, pen testers combine different methods according to the system under test and the organizations requirements.External vs. internalIn an external penetration test, the simulated attack starts from outside the organizations network. The initial target might be a router, external servers, employee computers, or cloud-hosted services. The pen tester aims to find a way in and then see what else they can access and what damage they can do.By contrast, an internal test starts from inside the network. You can use this to simulate an attack by a rogue employee or an attack that could follow a successful phishing attempt.Application testingApplication testing involves looking for vulnerabilities in deployed software, such as web apps, mobile apps, APIs, and IoT devices. Pen testers will look for common security flaws, such as SQL injection, broken authentication, and others listed in the OWASP Top 10.Although vulnerability scans can detect these types of issues, fixes are sometimes deprioritized if they are not considered a significant threat. However, minor exploits can be chained together by a creative pen tester to reveal a viable attack vector.Social engineeringSocial engineering targets the individuals working at an organization. Attack vectors include phishing emails and phone calls to extract valuable information and credentials, tailgating staff entering the building, or cloning office badges (often with the help of photos on social media) and masquerading as an employee or contractor.Physical securityPhysical security can involve searching for vulnerabilities in hardware, such as unpatched servers, or simply gaining entry to premises and then plugging a device into a network socket. Once a pen tester has gained access to the network in this way, they can seek to access key systems with the help of malware or key loggers, and then download or take screenshots of sensitive data.How to do penetration testingMost pen testers will follow a process that includes the following steps.Rules of engagementBefore starting, the pen testers should agree on a brief with the organization that defines the tests target and the rules of engagement. This should include what forms of testing are acceptable and what is off the table (such as phishing attempts on staff or forcing entry to premises), as well as the contact to inform of progress. The brief should also provide any additional context (in the case of a white or gray box test) and specify whether employees are aware that a pen test is being run.Planning and reconnaissanceBased on the brief, the pen testing team will collect as much information as possible about the software. This may include scouring public websites, published documentation, social media accounts, and public repositories to learn more about the software architecture and how its hosted. They will also gather intelligence about the organization and look for ways to get into the network so they can access key systems and data.Once the reconnaissance is complete, the pen testers identify potential attack vectors and prioritize them, while considering how to evade detection at all stages of the exercise.Gaining accessThe pen testing team then attempts to gain access to the system through any means allowed in the brief. During this stage, they may use various tools to automate specific elements of the process, including vulnerability scanners, credential cracking tools, port scanners, and network analyzers.If permitted by the rules of engagement, they may use social engineering techniques to gain access to premises and attempt to install malware on devices within the network so they can continue the attack remotely.Maintaining accessOnce inside, pen testers attempt to escalate privileges and access critical systems or demonstrate the potential to disrupt them.Remaining undetected throughout this process is crucial if somebody discovered a real hacker, they could avert the attack. The longer a pen tester can remain undetected, the higher the risk that an advanced persistent threat could be carried out.Covering tracksBefore concluding, pen testers remove all traces of their activity. This both tests the organizations ability to detect intrusions and ensures nothing remains for real attackers to exploit. This might involve removing any hardware or malware they have planted, and reverting any configurations to their original state.ReportingFinally, the pen testers will write a report detailing what they attempted, the defenses that worked, how they managed to gain access, and the damage they could have caused. They may provide evidence of how far they penetrated the defenses by placing a file in a secure location or taking a screenshot of sensitive data. They will also suggest recommendations on how you can enhance your security and prevent similar attacks in the future.Popular penetration testing toolsAlthough penetration testing is a form of manual security testing, pen testers typically use many tools to simulate an attack, just as a malicious actor would. By using these tools on your systems, you can also detect potential vulnerabilities and address them before theyre exploited.Reconnaissance toolsDuring the reconnaissance phase, pen testers may use network scanners, like Nmap, to scan IP addresses and ports to find out more about the system design and identify potential entry points. Network packet analyzers, such as Wireshark, are used to gain a deeper understanding of the systems in use and look for sensitive data or credentials being transmitted without encryption.Credential crackingTools designed to crack encryption protocols or mount brute force attacks, such as Hydra and John the Ripper, are frequently used to try to gain access to systems. Other options include installing key loggers on employees devices or using phishing emails to trick users into divulging their credentials.Exploitation toolsTools such as Metasploit, Burp Suite, and OWASP ZAP enable pen testers to automate common attacks including SQL injection, cross-site scripting, and fuzzing. Having identified a vulnerability, pen testers may then chain several exploits together to mount a more sophisticated attack.Business perspective: the ROI of penetration testingPenetration testing is often seen as a technical requirement, but it can also be viewed as a business safeguard. A successful cyberattack can lead to downtime, reputational damage, regulatory fines, or loss of sensitive data. In some cases, the financial impact may exceed the cost of a structured penetration testing program.While vulnerability scans are useful for identifying known issues, penetration testing simulates how an attacker might exploit multiple weaknesses in combination. This type of testing can uncover risks that are difficult to detect through automation alone.For organizations operating in regulated industries, penetration testing may also support compliance with standards such as ISO27001, HIPAA, and PCI DSS. In this context, it can be used to demonstrate due diligence and reduce legal exposure.When penetration testing pays for itselfAlthough penetration tests can be expensive to run, they are often justified in scenarios with elevated risk. These include:Launching a new product or major architectural changeStoring or processing sensitive information, such as personal data or payment detailsPreparing for a security certification or compliance auditFollowing a publicized security incident affecting a competitor or similar companyExpanding into new infrastructure environments, such as third-party APIs or cloud servicesIn such cases, the cost of remediation after a breach may significantly outweigh the cost of identifying and fixing issues earlier through targeted testing.Combining pen testing with automated security scanningPenetration testing offers detailed insight into your security posture, but it is not designed for continuous use. To maintain security at scale, its best used in combination with automated tools.For example, vulnerability scanners can be integrated into your CI/CD pipeline to provide regular feedback on source code and deployed software. This allows you to identify common issues quickly, without the need for manual intervention.Read also: What Is a CI/CD Pipeline?Pen testers, on the other hand, can focus on exploring complex attack paths, misconfigurations, or issues that are specific to your architecture. This combination ensures broader coverage while making efficient use of internal or third-party security resources.Tools such as OWASP ZAP or Snyk can be added to your build process, while platforms like TeamCity allow you to automate scanning tasks and generate reports at each deployment stage.Setting up TeamCity Snyk plugin

Hi there, Java fans! Its a new month, which means weve got a new batch of hot news, deep dives, and tasty tidbits from the Java world for you to enjoy. In this edition, Piotr Przyby joins us in the Featured Content section to share his cultivated list of content finds. Were also testing a new, more concise format that is faster to read but still packed with value. Let us know if you like it or miss the old style.Ready? Lets go!Featured Content Piotr Przyby Piotr Przyby Notorious engineer at work and after hours, tracing the meanders of the art of software engineering. Remote Software Gardener, mostly working in web-oriented Java gardens. Java Champion. Testcontainers Champion. Programming usually in Java (since 1.3), Scala, and Go, but in other languages too. A fan of agility, seen mostly as choosing the right tools and approaches after asking the right questions. Developer, trainer, and conference speaker, currently working for Elastic as a Senior Developer Advocate. Greetings, fellow Java developers! Its a pleasure to be here. Its exciting to be in the Java community, for a language that celebrated its 30th anniversary, which has been proclaimed to be dead so many times, and its still doing surprisingly well. We can see that with all the exciting stuff happening around Java 25, and changes in the ecosystem at large.Im humbled and honoured to be here. Its great to see the community and the ecosystem evolve, especially given that Ive been a part of it since (checks notes) 2003 ;-)I was first exposed to Java at my alma mater, Wrocaw University of Science and Technology. Recently, theres been one more reason to be a proud alumnus: Odra 5!Odra 5 is the name of Polands first quantum computer, recently launched at the Wrocaw University of Science and Technology. Its a five-qubit machine, developed by Finnish company IQM Quantum Computers, that represents a significant milestone in the advancement of quantum computing in Central and Eastern Europe. I find the name cute and not without meaning for local IT history fans. You can read more about it here at the Universitys official page. Also, Odra is the Polish name for the Oder river, and computers manufactured in Wrocaw in the 1960s.Lets get back from general Computer Science to Java. Unless you have been living in total wilderness, I think you might have heard a thing or two about the AI (r)evolution happening recently. ;-) Contrary to some rumours, Java is a very decent language that benefits from improvements in this area, and with the release of Spring AI 1.0, things will get even easier! The article by Josh Long, Philipp Krenn, and Laura Trotta (I know, and have lots of respect for all of them) will let you understand how to start with your own RAG quickly, benefiting from features of Spring AI, Elasticsearch, and more. Oh, and if youd like to learn more about stuff like vector search or searching in general, AI, and so on, Elasticsearch Labs might be a good place to start.Speaking about Java itself, theres of course the 30th anniversary of Java! Its a big thing, although it might be disturbing to some that the language that keeps dying is still pretty much alive and actively developed. Right now, there are 17 active Java Enhancement Proposals targeting Java 25, which in my opinion proves that despite its size and legacy, the Java ecosystem is still evolving fast. I couldnt resist, and wrote about Javas Structured Concurrency, Elasticsearch Java client, DevEx, and a Developer Advocates job on my personal page, touching on all of this.I think that some reasons why our ecosystem is still robust are that we can learn from our past mistakes. While some of them are irreversible, many of them can shape how we think and evolve our systems and our daily jobs. A great example is the Allegro folks sharing how to avoid mistakes in Gradle, because with flexibility comes responsibility. And also, our tech stack and our jobs are not only the language, the SDK, the frameworks, and build/CI/CD tools, but predominantly our mindset. Thats something we shall all keep improving!Java NewsCheck out the most recent news from the Java world:Java News Roundup 1, 2, 3, 4Java at 30: A Retrospective on a Language That Has Made a Big ImpactFoojay Podcast #71: Celebrating 30 Years of Java with James GoslingJava 30 by JetBrainsHappy 30th Birthday, Java!Javas 30th BirthdayJava at 30: The Genius Behind the Code That Changed TechStrings Just Got FasterJEP targeted to JDK 25: 511: Module Import DeclarationsJEP targeted to JDK 25: 512: Compact Source Files and Instance Main MethodsJEP targeted to JDK 25: 505: Structured Concurrency (5th Preview)JEP targeted to JDK 25: 513: Flexible Constructor BodiesJava 25 Introduces Stable Values API for Deferred Immutability and Improved Application StartupInstance Main Methods Move from Preview to Final in JDK25JEP 510: Key Derivation Function APIStructured Concurrency Revamp in Java 25 Inside Java Newscast #91Java Tutorials and TipsLearn new things and enjoy unique insights from industry experts:Episode 35 Stream Gatherers with Viktor KlangOracles new certification exam engineAdoption of the Model Context Protocol Within the Java EcosystemPresentation: Stream All the Things Patterns of Effective Data Stream ProcessingJavaFX 24 and BeyondGarbage Collection in Java: The Performance Benefits of UpgradingMastering JVM Memory Troubleshooting From OutOfMemoryErrors to LeaksEpisode 36 Ahead of Time Computation with Dan HeidingaJava 24, Faster Than EverStructured Concurrency in ActionPattern Matching in Java: Better Code, Better APIsTowards a JSON API for the JDKKotlin CornerEverything you might have missed about Kotlin in May:KotlinConf 2025 Unpacked: Upcoming Language Features, AI-Powered Development, and Kotlin Multiplatform UpgradesMeet Koog: Empowering Kotlin Developers to Build AI AgentsStrengthening Kotlin for Backend Development: A Strategic Partnership With Spring Present and Future of Kotlin for WebAmper Update, May25How to Use Kotlin Notebooks for Productive DevelopmentStructuring Ktor Projects Using Domain-Driven Design (DDD) ConceptsKotlin LSP The launch of the pre-Alpha Kotlin LSP and VS Code plugin.AILearn more about the most recent AI news, innovations, problems, and predictions:A Practical Guide on Effective AI Use AI as Your Peer ProgrammerWorking with Junie in legacy codeHelp Predict the Future of AI in Software Development!Vibe coding an MCP server with Micronaut, LangChain4j, and GeminiJava for AIBuild AI Apps and Agents in Java: Hands-On with LangChain4jFrom Architecture to Deployment: How AI-Powered Toolkits Are Unifying Developer WorkflowsPodcast: How To Improve the Quality of the Gen AI-Generated Code And Your Teams DynamicsGenAI blood, sweat, and tears: Loading data to PineconeMeet Koog: Empowering Kotlin Developers to Build AI AgentsJetBrains AI Assistant Now in Visual Studio CodeWrite AI agents in Java Agent Development Kit getting started guideHow to send prompts in bulk with Spring AI and Java Virtual ThreadsBeyond the chatbot or AI sparkle: a seamless AI integrationAI Test Generation: A Devs Guide Without Shooting Yourself in the FootThings you never dared to ask about LLMs Take 2Ethics in AIs Wild West: Biases & ResponsibilitiesContext Collection Competition by JetBrains and Mistral AIBrokk: AI for Large (Java) CodebasesLanguages, Frameworks, Libraries, and TechnologiesGet to know programming technologies and frameworks better:This Week in Spring 1, 2, 3, 4How to send prompts in bulk with Spring AI and Java Virtual ThreadsDynamic Tool Updates in Spring AIs Model Context ProtocolGradle Best Practices A Path to Build HappinessSemantic Search with Spring Boot & RedisLocal AI with Spring: Building Privacy-First Agents Using OllamaA Bootiful Podcast: V Krbes on security from the platform on upWhat is RAG, and How to Secure ItConferences and EventsHere are some of the must-attend online and offline events in June:IntelliJ IDEA Conf Online, June 34J-Spring Utrecht, Netherlands, June 5; Anton Arhipov is a speaker. Le Paris JUG Java Day Paris, France, June 5JConf Mx Nuevo Mxico, Mexico, June 7Devoxx Poland Krakow, Poland, June 1113; Anton Arhipov and Marit van Dijk are the speakers. DevConf Brno, Czechia, June 1214JSail Unconference Hemelum, Netherlands, June 2327Voxxed Days Luxembourg Mondorf-les-Bains, Luxembourg, June 1920Culture and CommunityTake some time to think about the non-tech topics that are of significance to tech people at the moment:Imposter Syndrome in TechAchieving Sustainable Mental Peace in Software Engineering with Help from Generative AIBe a Distinguished Java Engineer in the Age of Vibe CodingBuilt to Outlast: Cultivating a Culture of ResilienceBook Review: Raising Young CodersFrom Code to Charisma: Emotional Mastery for Tech Leaders97 Jokes Every Programmer Should KnowConversations Ive had with CodeWhat Can AI Do to Improve Diversity in the Tech Community?And FinallyDont miss the latest updates from the IntelliJ IDEA team:Sources, Bytecode, DebuggingDo You Really Know Java?Coding Guidelines for Your AI AgentsFinding Your Tribe JUGs UnveiledThe IntelliJ IDEA 2025.2 Early Access Program Is Open!Try Declarative Gradle EAP3 in IntelliJ IDEABuilding Cloud-Ready Apps Locally: Spring Boot, AWS, and LocalStack in ActionThats it for today! Were always collecting ideas for the next Java Annotated Monthly send us your suggestions via email or X by June 20. Dont forget to check out our archive of past JAM issues for any articles you might have missed!