We got a glimpse at a lot of new features coming to Gemini at Google IO and one of the most interesting is rolling out right now. The new Scheduled Actions feature lets you tell Gemini to run prompts at certain times in the future, and even recur on a regular basis. It sounds small, but it opens quite a few new possibilities.

This scheduling feature is designed to work seamlessly with ordinary Gemini prompts. Ask the chatbot to perform or repeat a task in the future and it will automatically schedule the tasks. You can even convert an existing chat into a scheduled action. Here’s how it works, and a few ideas of what you can do with it.

How Scheduled Actions work in Gemini

While the scheduling feature should just work, in theory, there are a couple of nuances in practice. In my testing, Gemini occasionally got confused and told me that it couldn’t perform a task now based on information in the future. However, a clarifying follow up usually did the trick.

There are also a couple of key limitations:

• You’ll need a subscription. For now, this feature is only available to paid users. You’ll need either Google AI Pro or the ludicrously expensive Google AI Ultra.

• You can only have 10 scheduled actions at a time. Gemini only has 10 slots for scheduled actions, though these can be one-off or recurring ones.

• You can use your location for an action, but you can’t change it. Gemini supports recurring scheduled actions that are based on location, like “Every morning, recommend a coffee shop near me.” The only hitch is, the location for that action will use the same location you used when you created the action. It won’t update based on wherever you are.

Once you have an action scheduled, you can see it and all your other saved actions by tapping your profile icon in the Gemini app or heading to Settings on the web and selecting “Scheduled actions.” You can’t do much here other than pause or delete the activity, but if you want to cancel the instructions, you have the option.

Get a summary of your email every day

I’ll admit, when I hear the stock AI use case example of “get a summary of your email!” I get skeptical. Is it really more efficient to ask a chatbot to summarize your emails than to just scan them yourself? Well, it is if you only have to ask once. Ask Gemini something like “Give me a summary of my new unread emails every morning” and you’ll get a notification each day.

You can further refine this approach by giving Gemini specific instructions for your needs. For example, you could instruct Gemini to highlight any emails from your boss, or filter out promotional emails, sales, or newsletters.

Keep in mind that this technique has the same error rate as anything else in Gemini (or any AI chatbot for that matter). It’s handy for getting a quick overview of the messages waiting for you, but it’s still probably a good idea to glance at your inbox before telling your boss you didn’t get that email.

Create weekly itineraries based on calendar events

Via the Workspace connection, you can ask Gemini to give you a rundown of all your events throughout the week that are in your calendar. Since Gemini can also query Google Maps, you can even ask complex questions like how far your doctor’s appointment is from your home.

Once again, the power in this technique comes in how you can ask Gemini for specific types of information or how to format the itinerary it presents. For example, on a day when I had two appointments in different parts of town, I asked Gemini how long I would spend driving. It was able to add the various estimated driving times and give me a grand total.

It can take a little finagling to get the wording right. It took a couple of tries before I settled on explicitly telling Gemini to “assume I’m starting and ending my day at home,” but once I found a prompt that worked, the scheduled action meant I only had to write it once.

Schedule queries for specific events

Sometimes you know some information you’re going to want to have, but it just doesn’t exist yet. For example, say you want to know who won the Oscars, but don’t plan to watch the show. You can schedule a query ahead of time and, once the big day arrives, Gemini will summarize the info for you.

Personally, I find it a bit more useful for things where the search is more complex than a simple “who won?” For example, Death Stranding 2 is coming out very soon. And while nothing could stop me from playing it myself, I would still like to read a selection of reviews.

So, I have a prompt scheduled next week to bring me a selection of reviews from some of my favorite sites. I don’t personally have a need for a generic summary (I read the humans’ writing for a reason), but you could ask Gemini for questions about a particular topic, like what reviewers think of the game mechanics, or how bafflingly convoluted they found the story.

In the future, do more with Agent Mode

For now, there are already a few cool uses for this feature, but it’s worth mentioning that Google demoed quite a lot more. As part of its demo of Agent Mode, the company showed an example of asking Gemini to find new apartments every week and send the user a summary.

That kind of task requires a lot more autonomy than the public version of Gemini is currently capable of, but it does highlight how handy scheduled actions can become in the future. We’d have to evaluate how well Agent Mode is at performing complex tasks, but for now Gemini is capable of simple internet queries, collating your emails and calendar, and performing some complex planning. 

We may earn a commission from links on this page.

Today, Meta announced a collaboration with Oakley to release limited-edition Oakley HSTN smart glasses, along with AI integration in other Oakley models. The special edition Oakley HSTN (pronounced “HOW-stun”) glasses feature gold accents and Oakley gold-tinted PRIZM lenses and will retail for $499. They will be available for preorder on July 11. Other Oakley models with Meta’s AI tech will be available starting at $399 this summer as well.

Like the second-generation Ray-Ban Meta smart glasses originally released in 2023, Oakley spectacles will feature a front-facing camera, open-ear speakers, a microphone, and built-in Meta AI capability that allows for visual descriptions, general questions, and real-time translation when paired with your smartphone. But the battery on the Oakley Meta glasses will last twice as long as Ray-Bans’—eight hours of use and 19 hours of standby. The charging case will provide and additional 48 hours of charge compared to 32 from the Ray-Bans. Another improvement: the built-in camera will shoot 3K video, compared to 1080p on second generation Meta Ray-Bans.

I’ve been wearing Ray-Ban Meta glasses regularly for more than six months, and, tech wise, the Oakleys are definitely an improvement, but an incremental one instead of a game-changing one. Longer battery life is always welcome, as is a camera with three times the resolution, but it’s not enough for me to feel like I have to switch. If you’re looking for new glasses, though, the Ray-Ban Meta Wayfarers currently retail for $379 as opposed to $399 for the non-special edition Oakleys. Bottom line: purely in terms of tech, Oakleys are better smart glasses at a comparable price, but whether those difference are enough to make a switch is more of a personal choice.

Given the Oakley brand’s association with sports, it’s a little surprising that Oakley Meta glasses feature the same water resistance as the Ray-Ban Metas. Both pairs are rated IPX4, meaning your glasses will be OK if you’re caught in a light rain. It would be nice to have a fully waterproof, IPX7, jump-in-the-pool smart glasses, but I guess we’ll have to wait for that.

As far as looks go, I happen to like the classic Wayfarer style of my Ray-Bans, but the Oakley’s definitely look slick. I mean, gold-tinted frames? Come on. Speaking of the design, here are the five varieties of limited edition HSTN frames that will be available in July:

• Oakley Meta HSTN Desert with PRIZM Ruby Lenses

• Oakley Meta HSTN Black with PRIZM Polar Black Lenses

• Oakley Meta HSTN Shiny Brown with PRIZM Polar Deep-Water Lenses

• Oakley Meta HSTN Black with Transitions Amethyst Lenses

• Oakley Meta HSTN Clear with Transitions Grey Lenses

The Centers for Disease Control used to have a vaccine advisory panel made of well-respected experts. This panel, the Advisory Committee for Immunization Practices (or ACIP), would meet to vote on which vaccines should be recommended by the government. An affirmative vote from ACIP means insurance companies have to cover that vaccine. But members of the panel were all abruptly dismissed earlier this month, and now their replacements are set to meet June 25, with votes planned for RSV, flu shots, and somewhat perplexingly, thimerosal. 

I’ll break down what this all means, why it’s likely very bad news, and what to watch for when the panel meets next week. And by the way, if you’ve been meaning to get any vaccines, I’d recommend scheduling those sooner rather than later, while we know they’re still covered, because there’s no telling what will happen.

What is (or was) ACIP? 

ACIP is the Advisory Committee for Immunization Practices. It’s a panel that the CDC convenes from time to time to decide whether to “recommend” certain vaccines. This is not the same thing as FDA approval—the Food and Drug Administration handles that. Rather, it is a decision to put vaccines on a list of the ones people should get. For example, the flu shot is recommended for nearly everyone aged 6 months and up. 

It was ACIP that decided that healthcare workers should be the first people to get COVID shots. It’s ACIP that puts various vaccines on the routine childhood vaccine schedule. Vaccines recommended by ACIP must, by law, be covered by nearly all insurance plans with no copay or out-of-pocket cost for people for whom they are recommended. 

Formerly, the members of ACIP included experts in vaccine science, pediatrics, immunology, epidemiology, and public health. There was an extensive vetting process for new members that included probing conflicts of interest, and any members who did have a conflict relating to a specific vote would sit out of that vote. 

I’ve watched quite a few ACIP meetings (they are always livestreamed) to report on COVID vaccines and others. The meetings and the members were always professional, focused on facts and on making good judgments that encompassed the big picture effects of any decisions they ended up making. ACIP was widely respected by healthcare professionals and researchers. That’s not to say everybody always agreed with their decisions, but it was widely viewed as a system that was working well, and resulted in millions of Americans having access to vaccines that they needed. 

Note carefully my use of the past tense.

What the hell is going on with ACIP now? 

That’s all, perhaps, in the past. The current secretary of Health and Human Services, Robert F. Kennedy, Jr., founded an anti-vaccine advocacy group before he became HHS secretary. He said in his confirmation hearings that he didn’t plan to take anyone’s vaccines away, and on occasion has grudgingly admitted that vaccines work—usually alongside spreading or alluding to misinformation about vaccines.

But Kennedy and the other political appointees who control the branches of government that deal with healthcare sure seem like they are trying to reduce access to vaccines. Kennedy attempted to overrule ACIP on COVID vaccines, and now seems to be taking that strategy a step farther by simply getting rid of all 17 ACIP members and filling the panel with eight handpicked replacements. The Center for Infectious Disease Research and Policy at the University of Minnesota has background information on the new picks, some of whom already have a reputation as “vaccine critics,” to use CIDRAP’s phrasing. 

Votes on several vaccines are coming up

ACIP’s meetings are announced to the public, and you can see the agenda for the next meeting here. It is a two-day meeting on June 25 and 26, 2025. Some of the agenda items look pretty typical, like presentations that give updates on the current COVID situation, the better to inform any decisions that might be made later about new COVID vaccines. 

But there are a few confusing things to note. After the COVID presentations, there is no vote on any COVID vaccines. The Associated Press reports that a few other expected agenda items are missing—policy proposals on HPV vaccines and meningococcal vaccines likewise aren’t on the agenda. 

The scheduled votes relate to maternal and pediatric RSV vaccines; RSV vaccines and the Vaccines for Children program; influenza vaccines (that is, flu shots); and “Thimerosal containing influenza vaccine recommendations.”

RSV is a virus that can be particularly dangerous to young infants. There is a vaccine that can be given in pregnancy that protects the infant for a few months after birth, and an antibody that can be given to infants. These are currently recommended by ACIP, and covered by insurance and by the Vaccines for Children program. We don’t know from the agenda exactly what the vote is about, or whether the panel may try to overturn that recommendation. 

Influenza vaccines are also currently recommended, and an influenza vaccine vote seems to be a routine part of ACIP’s agenda (it was on last year’s June meeting agenda, for example). Normally the decisions are about which flu shots to recommend, since the vaccines on offer can change from year to year. Let’s hope this year’s vote is just as straightforward.

Finally, there’s that perplexing vote about thimerosal in influenza vaccines. Thimerosal is a mercury-containing preservative that has been blamed (without any solid evidence) for a link to autism. Out of an abundance of caution, it was removed from the formulation of most vaccines in 2001. Some multi-dose vaccine vials still contain it, including the flu shot, which is also available in single-dose versions without the preservative. Study after study has shown that thimerosal is not linked to autism or neuropsychological problems. Scientists generally consider this a closed case. 

We can hope that the votes will be conducted appropriately and in keeping with the actual science surrounding these vaccines. But given that this meeting follows a sketchy-sounding shakeup of ACIP’s membership, I’m not very hopeful. 

(Washington, D.C., June 20, 2025) — Following U.S.

As malware evolves to be more sophisticated, seeing should not always equal believing. A new iteration of the “Godfather” malware found on Android is hijacking legitimate banking apps, making it increasingly difficult for users (and on-device protections) to detect.

An early version of Godfather utilized screen overlay attacks, which placed fraudulent HTML login screens on top of legitimate banking and crypto exchange apps, tricking users into entering credentials for their financial accounts. It was first detected on Android in 2021 and was estimated to target several hundred apps across more than a dozen countries.

The new threat, uncovered by security firm Zimperium, is Godfather’s virtualization, which allows the malware to create a complete virtual environment on your device rather than simply spoofing a login screen. It does so by installing a malicious “host” application, which scans for targeted financial apps and then downloads copies that can run in its virtual sandbox.

If you open one of those targeted apps, Godfather redirects you to the virtual version. You’ll see the real banking interface, but everything that happens within it can be intercepted and manipulated in real time. As Bleeping Computer notes, this includes harvesting account credentials, passwords, PINs, and capture responses from the bank’s back end. Further, the malware can control your device remotely, including initiating transfers and payments inside the banking or crypto app, even when you’re not using it.

This threat is severe not only because it is difficult for users to detect visually, but also because it can evade on-device security checks like root detection. Android protections see only the host app’s activity while the malware’s remains hidden.

How to protect your device from Godfather

According to Zimperium, while the current campaign affects nearly 500 apps, it has primarily focused on banks in Turkey. That said, it could easily spread to other countries, as the previous version did.

To protect against Godfather and any other malware targeting your Android device, download and install apps only from trusted sources, like the Google Play Store. You can change permission settings for unknown sources under Settings > Apps > Special app access > Install unknown apps. You should ensure Google Play Protect, which scans apps for malware, is enabled, and that your device and apps are kept up to date. Now would also be a good time to audit the apps you have on your device and delete any you don’t use or don’t need.

Since Godfather’s attack mechanism is so sophisticated, you should also follow other basic best practices for avoiding malware in the first place. Never open attachments or click links in emails, texts, or social media posts, and avoid clicking ads, which are used to spread malware.

Passwords are a staple of both the internet and computing at large. Even as new authentication protocols have emerged—from passkeys to biometrics—most of us use passwords to log into our daily accounts and websites using a code made up of letters, numbers, and symbols.

The problem is, the password was really a product of its time, and doesn’t really belong in the modern digital age. Cybersecurity threats have evolved so far beyond the capability of a password to protect from them that they have actually become a liability—even when you follow best practices for creating them and keeping them secure. Case in point: News of the latest data breach, one of the largest ever, in which researchers discovered not millions, but billions of passwords floating around on the web.

Sixteen billion passwords leaked on the internet

Cybernews broke the story Friday: This year, the outlet’s researchers found 30 datasets exposed on the internet, each containing anywhere from “tens of millions to over 3.5 billion records.” According to the researchers, they’ve found a collective 16 billion passwords leaked on the web.

What’s more, these passwords are all newly leaked. None of them have been reported in previous data breaches, save for roughly 180 million passwords found in an unprotected database back in May. The researchers say they continue find new “massive” datasets every few weeks, so the discoveries show no signs of slowing.

According to researchers, the way the data was structured strongly suggests the leaked credentials were stolen via infostealers, a type of malware that scrapes your devices for just this type of information. Bad actors were able to obtain the login details for major accounts, including Apple, Google, GitHub, Facebook, Telegram, and government services. As Cybernews makes clear, this doesn’t mean those companies suffered data breaches themselves; rather, the database contained login URLs for these companies’ login pages that were scraped from individual devices, likely using malware.

Some credentials also contained additional data aside from usernames and passwords, including cookies and session tokens. That means it’s possible that this information could be used to bypass two-factor authentication (2FA) for certain accounts, especially those that do not reset cookies after you change your password.

If there’s a silver lining in this story, it’s the fact that the 16 billion passwords leaked do not represent 16 billion individual records; there is some overlap, though it’s not clear how much: While it’s safe to say that fewer than 16 billion individual accounts were affected by these breaches, it’s also tough to know the exact number.

What can bad actors do with this data?

First and foremost, if your accounts are only protected by a password, and you haven’t changed your password recently, a bad actor could use this leaked password database to access your account.

But the implications go beyond that. As previously stated, leaked cookies and session tokens could be used to break into accounts with weaker 2FA. If your account doesn’t reset cookies after you change your password, they might be able to trick the 2FA system into thinking they’ve provided the proper 2FA code or credential. They can also use this information in phishing schemes: Hackers can use your password to trigger a 2FA code generation. When the code arrives on your end, they can try to trick you into handing it over, potentially posing as the company behind the account in question. If and when you send the code, they’ll gain access your account.

Why it’s time to stop using passwords altogether

This level of sophisticated (and routine) data breach just wasn’t a thing back when the password came into popular use as the primary digital security tool. For years, experts in tech and cybersecurity have preached the importance of using a combination of strong and unique passwords, password manager tools, and 2FA to keep your accounts safe and secure. Those are all still important today, but when malware exists that can scrape your credentials directly from your devices, those tactics don’t seem so bulletproof anymore.

The fact is, a security system that relies on something that can be stolen isn’t a secure system in 2025. Things need to change—and luckily, they are.

Passkeys are much more secure

Going forward, it’s time to take passkeys much more seriously. Passkeys, unlike passwords, are not at risk of theft, nor can bad actors trick you into sending your passkey to them. The tech is tied to a device you personally own, like a smartphone, and locked behind strong authentication. Without a face scan, fingerprint scan, or PIN entry on said personal device, no one is getting into your account.

Passkeys combine with the best parts of both passwords and 2FA: They’re convenient, since you quickly authenticate yourself with your smartphone (like autofilling with a password manager), but they also require that personal device to be in your posession to access the account, similar to how you need a secondary authentication method to log in with 2FA.

More and more companies are starting to adopt passkeys as a form of authentication, including Apple, Google, Facebook, Microsoft, and X. If any of your accounts support passkeys, I strongly suggest you set them up. That way, when the next inevitable data breach does occur, you’ll be protected.

What to do for accounts that don’t accept passkeys

Of course, not all accounts can use passkeys right now. In those cases, you’ll need to shore up your password security as best you can.

First, make sure each of your accounts has a password that is strong and unique. That means something that cannot be easily guessed by either a human or a computer, as well as something you haven’t used for any other account before. While you don’t need to change your passwords as frequently as traditional security advice has suggested, given the news, you might want to refresh your passwords, just in case.

It’s impossible to remember all those strong and unique passwords, which is where a good password manager comes in. These services use strong encryption to protect your database of passwords—all you need to remember is the one strong and unique password you use to access the password manager, and the app can remember the rest. Some of these services come with other tools as well, like authenticator code generation, so they’re well worth the investment. PCMag has a list of the best password managers for 2025, if you’re looking for hand-tested recommendations.

Speaking of authenticators, set up 2FA for every account that supports it—which, at this time, should be most of them. While passkeys are the strongest form of authentication, 2FA still beefs up your security in the event your password is leaked. Without the code or an authenticator tool, like a security key, bad actors won’t be able to access your account, even with your password in hand.

Finally, with more websites and companies adding support for passkeys all the time (including, earlier this week, Facebook), keep watching your accounts for the option, and make the switch as soon as you can. Stay safe out there.

We may earn a commission from links on this page. Deal pricing and availability subject to change after time of publication.

We’re getting to that time of the year when every major retailer seems to have a huge sale leading up to the summer. Amazon’s Prime Day sale is the main event in the summer, which all the other retailers seem to revolve around. Best Buy is calling its Prime Day competition sale “Black Friday in July,” and it lasts nearly a week. Here is what you can expect.

When is Best Buy’s ‘Black Friday in July’ sale?

Best Buy’s summer sale will take place from July 7 through July 13. It also so happens to overlap Prime Day (likely not by coincidence), which runs from July 8 through 11. This is the first time that this sale will last a week—previously, it was three days long.

What other retailers are competing with Amazon’s Prime Day?

After Amazon’s Prime Day announcement, both Target and Best Buy announced theirs. Target is having Circle Week, which will run from July 6 through 12, and Best Buy is having its Black Friday in July sale. Walmart hasn’t made an official announcement yet, but it’s surely just a matter of time before it does.

Do you need to be a member to shop Best Buy’s sale?

Best Buy hasn’t released details on whether the sale will be exclusively for paying members, but I have reached out for more info and will update here. Based on its previous sales, it’s likely that anyone who is subscribed to Best Buy’s free membership will be able to participate.

What can I expect from Best Buy’s Black Friday in July sale?

There is no official list of deals from Best Buy yet, but in an email, it said shoppers can expect deals on TVs, laptops, headphones, video games, electric bikes, and “more.” It also said you’ll be able to get new deals every day during the sale available in stores, on its website, and in the Best Buy mobile app.

We may earn a commission from links on this page.

When I first received the Merach Mini Stepper, I had visions of yet another bulky piece of exercise equipment taking over my already cramped Brooklyn apartment. You know the drill—another “compact” fitness gadget that somehow still manages to become the uninvited focal point of your living room, judging you silently from the corner.

As I wrote in my initial review of the Mini Stepper, I think this device is best viewed as an “anti-sedentary tool,” rather than legitimate exercise equipment—perfect for those modest fitness goals or anyone trying to sneak in gentle movement throughout the day. But here’s the real question: Does it actually disappear into your living space without becoming an eyesore? At 14.57″L x 13.39″W x 7.28″H and weighing 14.3 pounds, it’s certainly portable enough to move around.

After living with this little guy for several weeks, I put it to the ultimate small-apartment test: finding hiding spots that actually work. If you’re going to grab one of these devices but aren’t sure whether it’ll integrate into your space, maybe this will help.

Successful hiding spots for the Merach Mini Stepper

After some trial and error (more on the errors below), I found five sweet spots where my little stepper device fits well.

Between my living room furniture

The living room turned out to be my go-to home for this guy. The Mini Stepper slides perfectly into that awkward gap between furniture that usually just collects dust bunnies. It’s easily accessible when I want to get some steps in while educating myself on some classic movies. When I’m done, it’s out of the way. The narrow profile means it doesn’t interfere with foot traffic, and I can pull it out one-handed when the mood strikes.

Under the bed (Storage bed edition)

My bed lifts up for storage, so this might not work for everyone. But if you have a platform bed or decent clearance, the Mini Stepper slides underneath surprisingly well. The 7.28-inch height means it fits under most standard bed frames with room to spare. It’s completely out of sight and easily retrievable when needed.

Under my desk

This is where the Mini Stepper really shines as an office-adjacent tool. It fits perfectly under my desk, and if I had a standing desk, I could actually use it while working—though I wouldn’t recommend trying to type anything important while stepping. The compact footprint means it doesn’t interfere with my desk chair’s movement, and it’s right there when I need a break from sitting.

Where the Mini Stepper couldn’t hide

A few of the hiding spots in my apartment were promising, but not quite up to the task of storing my Mini Stepper.

Next to my roommate’s PS4

I had high hopes for this one, but the Mini Stepper is just slightly too wide and tall for most entertainment center cubbies. It looked awkward and blocked access to gaming systems and cable boxes. Unless you have an unusually spacious media console, skip this spot entirely.

Next to my roommate’s shoes

The idea seemed logical—it’s foot-related equipment, after all. But the Mini Stepper’s bulk was too much for my modest my shoe rack. It also looked a little ridiculous, like I was trying to exercise my footwear.

The mysterious gap next to my refrigerator

Known as “the crevasse,” this gap between the refrigerator and kitchen wall is my white whale. This maddening sliver of space seems designed for storing something useful. That something is not the Merach Mini Stepper. It’s about two inches too wide to fit—so close, yet so far.

The verdict on hiding your Mini Stepper

The Merach Mini Stepper does live up to its space-saving promises. It’s genuinely easy to move around and tuck away.

So, yes, for the $50 price point, it delivers on portability and storage convenience. Just remember what you’re getting: a tool for gentle, anti-sedentary movement rather than serious exercise equipment. If your fitness goals are modest and you primarily want something to counteract extended sitting, the Mini Stepper’s hide-and-seek capabilities might justify the investment.

For anyone with more substantial fitness ambitions, that $50 might be better saved toward adjustable dumbbells, quality resistance bands, or a month’s gym membership. But if you’re committed to the mini stepper life, at least you know it won’t completely take over your small apartment.