Blog

Apple’s Passwords app launched last year in iOS 18 as a new pre-installed password solution across iPhone, iPad, Mac, and more. iOS 26 changes for Passwords are pretty minimal, except there is one key fix that addresses my most common issue after a year of use.

Passwords app now saves login version history in iOS 26

For years, Apple has offered password management tools on the iPhone and its other devices. But until iOS 18, those tools were always hidden away inside the Settings app.

Fortunately, Apple Passwords finally debuted last fall and I quickly switched to it as my go-to password manager.

Over the past year, however, there is one issue I’ve periodically run into: my passwords would sometimes get overwritten by mistake.

How did this happen? I’m not entirely sure. But it’s come up on a number of occasions.

At times I believe a new password was generated, then I ran into issues finalizing the change on the website. Thus, Passwords had the new login, but the site still needed my old one.

In any case, whenever my password got overwritten, I would need to go through the whole “Forgot your password?” process.

But in iOS 26, that should be a completely solved issue.

That’s because the Passwords app now saves full version history for all your logins in iOS 26.

Open a login inside the app, and you’ll see a new ‘View History’ button.

It will only show up when there are multiple versions of a password saved. But with the history, you’ll see:

• each different password version
• when each password was created
• and an option to clear the history

My issues with Apple’s Passwords app have been pretty minimal since last year’s launch.

This iOS 26 change should ensure that Passwords works even more effectively for me in the year ahead.

Do you expect to use Passwords’ new version history in iOS 26? Let us know in the comments.

Best iPhone accessories

A small study found the larazotide—an experimental drug originally developed to treat Celiac disease—was both safe and effective in treating children with MIS-C. The results were published in the journal, Science Translational Medicine. ¹

“Children treated with larazotide displayed faster resolution of gastrointestinal symptoms, faster clearance of spike antigen, and a faster return to usual activities,” the investigators wrote.²

“Our findings suggest that larazotide is safe and quickly resolves symptoms in children with MIS-C,” lead author Lael Yonker, MD, co-director of the Cystic Fibrosis Center, Cystic Fibrosis Therapeutic Development Center, and Pulmonary Genetics Clinic at Mass General Brigham for Children, said in a statement. ¹

Current MIS-C treatments are limited. Some patients receive general anti-inflammatory drugs, but many experience a rebound of symptoms after completing a course. Such drugs are not designed to target the sticky SARS-CoV-2 viral particles that may persist in the gut.¹ Larazotide, an orally administered drug targets the gut. Larazotide is late-stage, investigational, oral therapy that is a novel, synthetic, eight-amino acid peptide that antagonizes zonulin, a key tight junction protein implicated in celiac disease pathogenesis.³ Larazotide strengthens intestinal barriers to limit the number of materials—like SARS-CoV-2 viral particles—that exit the intestines and enter circulation.¹

Study Specifics

The investigators conducted a double-blind clinical trial with 12 children experiencing early-stage MIS-C. The study was funded in part by the National Institutes of Health. Children were enrolled during hospitalization for acute MISC. The media age for the participants was 5.7 years.²

Each patient randomly received either a placebo or larazotide 4 times daily for 21 days, then was tracked over 6 months of recovery. No larazotide-related adverse events were reported according to the investigators. The findings demonstrate larazotide may be a safe and promising treatment option for children with MIS-C.¹

MIS-C is a rare but serious condition associated with COVID-19, which can cause internal and external parts of the body to become inflamed. ⁴ The number of cases reported decreased from 2020 to 2023 and it affects younger children compared to older adolescents.⁴

Yonker and her colleagues are going to see if this treatment may be applicable to another COVID-19 long-term issue. “We are now running a clinical trial to test whether larazotide may also be a useful therapy to treat patients with Long COVID.”¹

References
1. Clinical Trial Finds Safe, Effective Treatment for Children with Severe Post-COVID Syndrome. Mass General Brigham press release. July 30, 2025. Accessed July 30, 2025.
https://www.massgeneralbrigham.org/en/about/newsroom/press-releases/clinical-trial-finds-safe-effective-treatment-for-children-with-severe-post-covid-syndrome
2.Lael M. Yonker et al. Viral spike antigen clearance and augmented recovery in children with post-COVID multisystem inflammatory syndrome treated with larazotide.Sci. Transl. Med.17,eadu4284(2025).DOI:10.1126/scitranslmed.adu4284
3. Hoilat GJ, Altowairqi AK, Ayas MF, Alhaddab NT, Alnujaidi RA, Alharbi HA, Alyahyawi N, Kamal A, Alhabeeb H, Albazee E, Almustanyir S, Abu-Zaid A. Larazotide acetate for treatment of celiac disease: A systematic review and meta-analysis of randomized controlled trials. Clin Res Hepatol Gastroenterol. 2022 Jan;46(1):101782. doi: 10.1016/j.clinre.2021.101782. Epub 2021 Jul 31. PMID: 34339872.
4.About MIS. Centers for Disease Control and Prevention. Updated June 11, 2025. Accessed July 30, 2025.
https://www.cdc.gov/mis/about/index.html

Developer NetEase Games has pulled back the curtain on Marvel Rivals Season 3.5, revealing a first look at Blade and many of the other additions coming in August.

The studio offered a breakdown for everything included in the mid-season refresh today, including how players will be able to use the legendary comic book Daywalker’s abilities to cut through the new content included in the upcoming August 8 update. It follows the launch of Season 3: The Abyss Awakens – and Jean Grey – just weeks ago and is a sign that NetEase intends to stick to its quick content release schedule.

Marvel Rivals Season 3.5 Adds Blade and New Team-Ups Next Week

Blade’s introduction into Marvel Rivals as an actual playable character and not just a creative bit or world-building has been a long time coming. The infamous vampire-hunting hero first made his debut all the way back in Season 1, but has been sidelined as an NPC since.

Now, players finally have the chance to control Blade for themselves, and NetEase didn’t hold back. He’ll arrive next week as a Duelist, using his shotgun as a mid-to-close-range weapon before going in for the kill with his Ancestral Sword. Finally, players can use the Sword of Dracula for Blade’s ultimate ability, allowing him to tear through entire enemy teams with style.

“Almost a century ago, Eric Brooks was born of two worlds: the light of his mother’s embrace and the dark of the vampire that attacked her,” a description from NetEase says. “After embracing his existence as a dhampir, he became the Daywalker, the ultimate vampire hunter, combining unmatched combat skills and unwavering supernatural abilities.

“When Dracula reigned over New York City, it was none other than Blade who confronted him first. By then, however, it was too late. Dracula had mastered the almighty power of Chronovium, defeating the Daywalker and imprisoning him within the castle dungeon.

“After Dracula’s fall, Blade was sent to Wakanda to recover, but his story is far from over. Now recruited by Shuri to save all existence, Blade stands awake and at the ready against the dark forces of Hela and Knull.”

With the launch of the Marvel Rivals Season 3.5 update next week comes changes to the team-up abilities. Guardian Revival and Atlas Bond are both being removed from the experience, and Loki is being removed from Ragnarök Rebirth. In place of these adjustments come two new team-ups: Duality Dance and Vibrant Vitality. The former includes Adam Warlock and Luna Snow, while the latter brings Mantis together with either Groot or Loki. Existing team-ups are also expanding, with Iron Fist joining Chilling Assault, Star-Lord joining Rocket Network, and Blade joining Lunar Force.

NetEase Is Making a Splash With Marvel Rivals in August

Also set to join NetEase’s popular hero shooter come August 8 are adjustments to how players can help maintain a positive environment in their matches. In what the studio calls “Operation: Shield the Community,” players will be able to utilize a custom text chat filter, allowing users to mute specific words. NetEase says it will monitor popular muted words, which may then be added to its official list, while also saying that it’s been able to monitor all in-game voice chat conversations since July 24.

Marvel Rivals Season 3.5 will also introduce increased penalties for players who leave in the middle of Competitive game modes. Examples include longer bans from Competitive play and larger point deductions, with remaining players gifted point compensation at the end of affected matches. Leaver penalties will be handled on a case-by-case basis, with NetEase promising to speed up the appeals process for those looking to appeal a ban.

Finally, the new Resource Rumble game mode and its Throne of Knull map will arrive later in the month alongside an August 22 update. NetEase stops short of detailing exactly what makes these additions stand apart from other maps and modes but teases more with plans to premiere a gameplay deep dive soon. Expect to see Resource Rumble first launch in Quick Match before it joins Competitive at a later date.

Marvel Rivals is chugging forward as NetEase works to maintain the two-month seasonal release schedule it promised back in April. It means more characters will be added faster as the team continues to address player feedback with frequent updates.

Marvel Rivals Season 3.5 launches next week. While we wait for full patch notes, you can see how the cast of The Fantastic Four: First Steps reacted to the Invisible Woman’s infamous Malice skin.

Michael Cripe is a freelance contributor with IGN. He’s best known for his work at sites like The Pitch, The Escapist, and OnlySP. Be sure to give him a follow on Bluesky (@mikecripe.bsky.social) and Twitter (@MikeCripe).

A security advisory was issued for the AI Engine WordPress plugin, installed on over 100,000 websites, the fourth one this month. Rated 8.8, this vulnerability enables attackers with only subscriber-level authentication to upload malicious files when the REST API is enabled.

AI Engine Plugin: Fifth Vulnerability In 2025

This is the fourth vulnerability discovered in the AI Engine plugin in July, following the first one of the year discovered in June, making a total of five vulnerabilities discovered in the plugin so far in 2025. There were nine vulnerabilities discovered in 2024, one of which was rated 9.8 because it enabled unauthenticated attackers to upload malicious files, plus another rated 9.1 that also enabled arbitrary uploads.

Authenticated (Subscriber+) Arbitrary File Upload

The latest vulnerability enables authenticated file uploads. What makes this exploit more dangerous is that it requires only subscriber-level authentication for an attacker to take advantage of the security weakness. That isn’t as bad as a vulnerability that doesn’t require authentication, but it’s still rated 8.8 on a scale of 1 to 10.

Wordfence describes the vulnerability as being due to missing file type validation in a function related to the REST API in versions 2.9.3 and 2.9.4.

File type validation is a security measure typically used within WordPress to make sure that the content of a file matches the type of file being uploaded to the website.

According to Wordfence:

“This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server when the REST API is enabled, which may make remote code execution possible.”

Users of the AI Engine plugin are recommended updating their plugin to the latest version, 2.9.5, or a newer version.

The plugin changelog for version 2.9.5 shares what was updated:

“Fix: Resolved a security issue related to SSRF by validating URL schemes in audio transcription and sanitizing REST API parameters to prevent API key misuse.

Fix: Corrected a critical security vulnerability that allowed unauthorized file uploads by adding strict file type validation to prevent PHP execution.”

Featured Image by Shutterstock/Jiri Hera