Crime

Windows 11 Identifier Code Used to Arrest 19-Year-Old Over Alleged Ransomware Spree (tomshardware.com) 32

America's Justice Department and FBI teamed joined Finland's National Bureau of Investigation to arrest a teenager they say is part of one of the world's biggest cybercrime syndicates, reports Tom's Hardware. The "Scattered Spider" syndicate has extorted over $100 million in ransom payments, according to Department of Justice figures: 19-year-old Peter Stokes is a dual U.S.-Estonian citizen who was trying to board a flight to Japan from Helsinki, when law enforcement caught up with him. [T]he main criminal complaint against Stokes stems from a May 2025 attack on a luxury jewelry dealer based in the United States. The attackers apparently called the company's IT helpdesk using Google Voice, posing as employees. They were able to convince the help desk into resetting their credentials, which allowed them to infiltrate three accounts, two of which had admin privileges. From there, the group, allegedly including Stokes, stole important data and held the jeweler at ransom, demanding an $8 million payment in crypto. The company ultimately regained access to their infrastructure and avoided paying the ransom, but the operational disruption still caused a purported $2 million in losses. This served as the spark that led to Stokes' eventual arrest in Helsinki, as the prosecutors slowly followed the paper and digital trail laid by the attackers.

Microsoft played a key role in the process by providing GDID [Global Device Identifier] data to the FBI to help them apprehend the alleged criminal... [I]t's a unique identifier assigned to every Windows install that tracks device-specific telemetry. It's the reason why sometimes changing a major component in your PC can revoke your Windows license... [T]he court documents from the case reveal that Stokes used Windows, from which investigators were able to link his physical hardware to specific internet activity and locations... Stokes' web activity, videogame history, IP addresses, tool usage (including Ngrok), Azure status, and more were logged with timestamps, and were provided to the investigators by Microsoft...

Stokes was carrying two hard drives full of incriminating evidence with him when boarding his flight to Japan... His real identity has actually been known since 2024, but since he was a minor living across Estonia and the UAE at the time, he could only be monitored until the time was right.

The official criminal complaint even includes a selfie photo that Stokes posted on Snapchat (hiding his face behind dozens of hundred dollar bills). It then notes that behind Stokes the wallpaper, carpet, and furniture match New York's Empire Hotel — and that Stokes had visited the hotel's web site in Germany before then flying to New York...

"Following the arrest, Stokes was extradited to the U.S., where he appeared in front of a federal court in Chicago for the first time on June 30, 2026, and he remains in custody," adds Tom's Hardware.

"The accused is now awaiting trial, having been charged with conspiracy, cyber intrusion, and fraud..."
The Internet

GoDaddy Warns India's Crackdown on Fake Site Registrars Could Upend Internet Privacy Everywhere (reuters.com) 17

"The internet is filled with fakes," writes Gizmodo. "A court in India is setting out to address the problem by requiring more transparency from domain registrars to make it easier to crack down on fraud. And while the intentions might be good, Reuters is reporting that major American domain registrar GoDaddy is sounding the warning bells that the court's decision could fundamentally reshape the internet well beyond India's borders."

GoDaddy argues the move would even make the internet less safe, reports Reuters : [Online fraud] is a key challenge for Prime Minister Narendra Modi's government, which last year received 2.4 million complaints of alleged cyber fraud amounting to $2.4 billion. Starting in 2019, lawsuits were brought by dozens of Indian and global firms — Amazon against fake shopping sites trading on its name and McDonald's complaining against bogus sites offering franchises. [More than 20 companies filed a complaint, the article notes, including Microsoft.] In December, an Indian court blocked more than 1,100 such websites. The New Delhi judge however went further, ordering sweeping new measures that tech experts say have rewritten rules of internet governance: Domain sellers should not offer buyers free privacy protection by default, the buyer's details should be released to anyone with a "legitimate interest" within 72 hours, and website addresses that are variations of protected brand names must be prohibited.

U.S.-based GoDaddy has challenged the directives before a larger bench of judges at the Delhi High Court, according to a Reuters review of non-public filings. It says the ruling will affect legitimate businesses that have names similar to big brands. Stopping privacy-by-default features, GoDaddy said, will result in public disclosure of name, address, telephone and email of legitimate website owners, exposing them to "foreseeable privacy and security risks" such as stalking and harassment.

As domain names operate globally, not locally, the order could force GoDaddy to regulate website addresses across the world, it said. On the court's order imposing a 72-hour deadline on companies to provide registration details to anyone with "legitimate interest", GoDaddy argues it has no wherewithal to assess who has legitimate interest or not. The "commercially destabilising" directives may force domain name companies to "exit India", said one of GoDaddy's appeal documents that ran into 5,121 pages... GoDaddy rivals, Arizona-based Namecheap and Netherlands-based Hosting Concepts, have also challenged the New Delhi ruling, court records show, although Reuters could not ascertain details of their appeals...

GoDaddy argues that diluting the privacy feature will run contrary to India's data protection law and the European Union GDPR law which mandates a "privacy by default" approach. Farzaneh Badii, a New York-based researcher on internet governance, criticised the New Delhi ruling, noting that Europe redacted such details because publishing them had been abused by harassment and targeted phishing. "The people exposed will be journalists, activists, small business owners, and private individuals. The brand impersonators will not," she said...

While the sweeping December directives were issued by a court, they followed government's submissions, documents showed... The judges will hear the appeals on July 16.

GoDaddy manages 80 million domains and serves over 20 million users, the article points out, with annual revenue over $5 billion.
Microsoft

Did Microsoft Shift Its Profits to Low-Tax Countries? (nytimes.com) 60

Microsoft is apparently shifting its profits to countries with low taxes — and out of countries where they have many more employees and significant sales. Back in 2005 Former Microsoft CEO Steve Ballmer even said that a low corporate tax rate "is part of the overall advantage of doing business in Ireland," remembers long-time Slashdot reader theodp. (Ballmer added "It would be disingenuous to say otherwise.")

But in 2026 the EU now requires a country-by-country compliance report, and the New York Times notes that Microsoft "was most likely the first major U.S. technology company to make a so-called country by country report of its finances to comply..." Like other big companies, Microsoft uses transactions between subsidiaries to shift profits around to reduce its tax bill. The report revealed a consistent pattern: high returns in low-tax jurisdictions and slim margins in higher-tax ones. The report showed the sometimes absurd results. Microsoft said it had generated almost 40 percent of its pretax income in tax-friendly Ireland, where it employed about 3 percent of its global work force. In higher-tax Germany, the largest economy in Europe, Microsoft earned barely half of 1 percent of its global profits, it said.

Excluding Ireland, the company said, it generated less than 2 percent of its worldwide pretax earnings in Europe... [In Luxembourg Microsoft said it had $283 million in pretax income with only 34 employees.]

[America's] Internal Revenue Service is challenging profit-shifting transactions used by Microsoft, and is seeking back taxes of nearly $29 billion4. The company has said it disagrees with the I.R.S. and said in a securities filing that it "will vigorously contest" the proposed tax bills.

This week a Microsoft blog post offered their own "context," arguing that tax is "one important measure of contribution, but it is not the only one.

"Our investments, partnerships, infrastructure, and long-term presence in countries around the world also reflect a commitment to helping strengthen the economies and communities where we operate, today and for the future."
Science

What Is a Quantum Computer Good For? Absolutely Nothing - Yet (theverge.com) 53

The Verge argues that researchers "have made genuine progress in quantum computing — it's just been largely incremental and too esoteric to immediately capture the public's imagination."

And there are predictions that quantum computers will finally do something useful as soon as 2028: The drama can overshadow the real progress in quantum computing... Researchers have improved the qubits themselves, so they hold onto information longer. When they hold onto information longer, you can fit in more operations and do more complicated algorithms. Last November, Andrew Houck of Princeton University and his colleagues reported that they'd made a superconducting qubit that can hold onto information three times longer than the previous record holder... And in the last two years, researchers have made substantial strides in what's known as quantum error correction... In addition, researchers have developed algorithms to correct errors while the quantum computer operates... Microsoft claimed, which experts dispute, that it made an object made of electrons known as a Majorana particle [which should make fewer errors and be easier to scale up]...

"We 100 percent stand behind our results. We stand by our roadmap," Microsoft's quantum lead, Chetan Nayak, responded in an interview with The Verge. In an email statement, he added that Microsoft's "papers do show that we are creating and controlling Majorana [particles]... Microsoft's supporting evidence is unconvincing [according to [Henry Legg, a physicist from the University of St. Andrews and a longtime Microsoft critic]Rnqyq. What it claimed as evidence of a Majorana particle, he says, could actually be due to quantum dots forming in its device. Quantum dots are electron-containing objects that are not useful for Microsoft's quantum computer. It also bases its claim on data from a single device, says Legg. He wants to see Microsoft replicate the results in multiple chips. "If you repeatedly try and find Jesus in your toast, eventually you'll find Jesus in your toast," he says. "But that one piece of toast doesn't mean you had some kind of epiphany."

"While we appreciate the religious fervor, our data maintains the strength and consistency of our roadmap, as we have for the past several years across previous milestones. We look forward to delivering the world's first quantum machine and sharing the energy of our achievements with the world," wrote Nayak in response.

Past spurious work from Microsoft-affiliated researchers adds to the doubt. In 2021, the journal Nature retracted an article from Microsoft-affiliated researchers in which they'd claimed strong experimental evidence that they'd created a Majorana particle.

"Even hopeful experts have varying opinions about when a quantum computer will demonstrate something useful," the article acknowledges.

But quantum computing lecturer Eleanor Crane of King's College London predicts researchers will have demonstrated a useful scientific simulation on a quantum computer by 2028.

Thanks to Slashdot reader joshuark for sharing the article.
Microsoft

Microsoft Previews Linux Containers That Run In Windows (theregister.com) 92

Microsoft has released a public preview of Windows Subsystem for Linux (WSL) containers, adding a built-in command-line tool and API for running Linux containers directly inside Windows applications without third-party software. The update also introduces faster file access, improved networking and memory management, plus integration with Defender, Intune, and VS Code. The Register reports: WSL has always been a handy way to run Linux workloads from Windows, and is particularly convenient for Linux developers who must comply with corporate edicts to use a Windows device. The CLI for end-to-end container workflows furthers this. Microsoft stated, "WSL containers make it easier for developers and organizations to build, test, and run containerized workloads while benefiting from the security, manageability, and integration of the Windows platform."

Alternatively, you could run your preferred Linux distribution natively, but that might not be an option, particularly if an organization is keen on the "security, manageability, and integration of the Windows platform." And this is an important point. WSL's existing Microsoft Defender for Endpoint (MDE) has been updated (in private preview) to be aware of Linux container events, and there are settings in Intune for managing WSL containers. Support is also in a pre-release version of VS Code, where the Docker path in the dev container settings can be changed to wslc.

There is also a new default file system for WSL container that Microsoft claims makes Windows file access twice the speed. So, going from terribly slow to just slow? We'll wait until general availability is reached before passing judgment. There's a new default networking mode to improve compatibility and better memory reclaim techniques. However, none of these tweaks will be enabled by default in WSL. Microsoft wrote, "Since these changes touch mission critical paths like file system access and network, for now they are enabled just in WSL container."

Microsoft

Remembering How Microsoft's Fake Windows Error Ended In a $280 Million Secret Settlement (makeuseof.com) 73

Slashdot reader joshuark summarizes this walk down memory lane from the tech site MakeUseOf: Facing real competition from Digital Research's DR DOS, Microsoft secretly embedded a sabotaging mechanism known as "AARD code" into beta versions of Windows 3.1 to prevent it from running on Digital Research's competing DR DOS operating system.
This code triggered fake, alarming error messages to convince developers that DR DOS was unstable... Although Microsoft disabled the feature in the final retail release, the California-based firm Caldera, Inc., which had acquired DR DOS assets, sued Microsoft for anti-competitive practices.
Microsoft settled the lawsuit out of court in 2000 for $280 million, a figure that remained sealed until it was unsealed in 2009.

AI

Ex-Governors, Big Tech Launch Coalition To Help Workers 'Navigate the AI Economy' (nytimes.com) 92

"Amid growing public anger over A.I. and a debate over how to regulate it, a group of employers, state governors and foundations has raised $500 million to try to answer some of those questions themselves," reports the New York Times.

"Just how many jobs will AI upend?" asks the Wall Street Journal, reporting that the new coalition says it's time to ready the U.S. workforce for a "major" disruption — no matter how large it turns out to be. The coalition "has so far raised more than $500 million — about half of its multiyear goal — from companies and nonprofit groups. It will initially work with state governments in Arkansas, Maryland, Utah and Connecticut. OpenAI and Anthropic are also involved, and academics including MIT economist David Autor sit on an advisory board." [The new "RAISE US" coalition] will be led by former Commerce Secretary Gina Raimondo, who served under former President Joe Biden, and former Indiana Gov. Eric Holcomb, a Republican. Its mandate, they said, isn't just to build retraining programs but also to reconsider decades-old policies such as unemployment insurance and act as a working lab for testing the most effective ways to transition workers to new fields. The group will explore corporate incentives for employers to hold on to workers whose jobs are disrupted by AI and prep them for new roles... The mission of the group is to "pull all the levers at once," Raimondo said. That means teaming up with employers to find ways to help workers gain skills or new roles and joining with educators to roll out different types of training. It also plans to propose policy changes such as tweaking unemployment benefits to let displaced workers continue to get them while they, for instance, start new businesses with AI... In Maryland, the group plans to expand a service-year option in the state to help people gain exposure to such growing fields as healthcare. An effort in Arkansas will focus on supporting "an AI-powered career navigation platform."
More from New York Times: The organization will work primarily with governors... The theory: States generally control their community college systems, which can translate work force policy through course offerings and industry partnerships. The bulk of the budget will fund pilot programs overseen by about 15 staff members and consultants. For example, Maryland will expand a "service year" for recent high school graduates to provide experience in fields where there are shortages, such as health care. In other states, Raise Us hopes to offer "wage insurance" for workers who take lower-paying jobs rather than dropping out of the work force entirely.

The group plans to furnish technical assistance for companies that want to retain workers as A.I. changes their roles, rather than eliminating them. Microsoft, one of the companies backing the organization, said it had already found a promising model: cross-training its entry-level lawyers in different parts of the organization and equipping them with A.I. skills in order for them to be repositioned as technology evolves. "You can think of doing that with almost any job we have," said Brad Smith, vice chair and president at Microsoft. "It creates an opportunity to transfer people from jobs that are being eliminated to jobs that are being created...."

Ms. Raimondo and her colleagues are not fans of a universal basic income, an idea that has gained popularity in Silicon Valley as an answer to job disruption. They emphasize that work provides more than just wages, and plan to focus on helping people find pathways to new jobs. But it's unclear whether A.I. will create jobs at the rate that it will destroy them. Jack Malde studied work force policy for the Bipartisan Policy Center and is now going to work for the Windfall Trust, another A.I.-focused think tank. He said long-term income support might be necessary, even if better models for transitioning workers were found. "The truth is, there's still a lot of uncertainty," Mr. Malde said. "What we think is resilient now might not be resilient later. We're not going to get everything right, so we're going to need those strong safety-net programs."

Long-time Slashdot reader theodp writes: If you think you've seen this movie before, prior to "partnering with governors, employers, and training partners to help the American workforce make a successful transition to an AI economy" with RAISE US, Raimondo and Holcomb partnered with governors, employers and training partners to help U.S. K-12 students make a successful transition to a CS economy with the Governors for Computer Science coalition.
AI

Microsoft Slammed for Building Copyright-Infringing Supercomputer for OpenAI in New Court Filing (arstechnica.com) 86

The New York Times alleges Microsoft actively encouraged OpenAI to steal its copyrighted work, reports Ars Technica, citing a new (and heavily redacted) court filing Thursday: NYT's motion comes after the [U.S.] Supreme Court sided with Cox Communications in a case where Sony tried and failed to claim that Cox was contributing to music piracy as an Internet service provider, which set a new standard for contributory infringement. Moving forward, plaintiffs will have to prove that parties intentionally acted to induce illegal conduct. Recognizing that the legal precedent has changed, the NYT now wants to amend its complaint to align its contributory infringement claim against Microsoft with that new standard... A Microsoft spokesperson told Ars that the company views the amended complaint as "a last-ditch effort by the plaintiff to save its claim from unfavorable precedent set in other recent rulings..."

The updated complaint seeks to specify that [Microsoft's] supercomputer was tailor-made to help OpenAI infringe and allege that it was built for the explicit purpose of training AI on copyrighted works without permission. And as the NYT alleged, its articles were more heavily weighted by this system, as both firms hoped to train models on the highest-quality journalism possible, so that level of writing could be confidently mimicked in outputs. By building this "unusually complex" machine, Microsoft not only helped select the works that were infringed but also provided a means to seize copyrighted works without permission, the NYT alleged. "Microsoft specifically designed it for the purpose of using essentially the whole Internet — curated to disproportionately feature Times Works — to train the most capable LLM in history," the NYT alleged... Similarly as problematic for the NYT are hallucinations where Microsoft and OpenAI models falsely cite the NYT for content that they never published... "Users who ask a search engine what The Times has written on a subject should be provided with neither an unauthorized copy nor an inaccurate forgery of a Times article, but a link to the article itself," the NYT alleged...

In a statement provided to Ars, OpenAI spokesperson Drew Pusateri reiterated the AI firm's often-repeated claims that AI training on copyrighted works is indisputably fair use... OpenAI has argued that "ChatGPT is not a substitute for a Times subscription," the NYT reported, partly because "they transformed the material for a different use."

An OpenAI spokesperson told Ars Technica that OpenAI's models "empower innovation," while a New York Times spokesperson insisted that Microsoft "actively encouraged OpenAI to steal our copyrighted works... [O]ur core claims remain the same from the day we filed this lawsuit — that Microsoft and OpenAI stole millions of The Times's copyrighted works to compete with our products and illegally enrich themselves."

The article speculates that the case's most extreme outcome "could require OpenAI and Microsoft to wipe models and start over. The NYT has also asked for permanent injunctive relief to prevent future infringement, as well as extensive damages..."
China

China's AI Matches Anthropic in Cybersecurity, Causing Worry Over US Restrictions (msn.com) 57

Chinese AI systems "have matched the performance of Anthropic's powerful model Mythos in some cybersecurity scenarios," reports the Wall Street Journal.

They call it "a development poised to reset the global tech race and pressure the White House in its overhaul of U.S. AI policy." Security researchers said that a new AI model, released this month by China's Zhipu AI, also known as Z.ai, can match the latest U.S. models when it comes to finding security bugs, although it still lags behind Anthropic's and OpenAI's products in other tasks. Overall, the capability gap between top U.S. models and those built by Chinese companies has narrowed significantly, and use of Chinese AI systems has surged as businesses seek to rein in runaway costs. A host of companies, including Microsoft, are weighing how they can offer Chinese models on their platforms, a development that is set to alter the balance of power among tech companies...

Unlike models from Anthropic or OpenAI, Zhipu's GLM-5.2 is open-weight. That means it can be downloaded and run on hardware operated by anybody and can be modified and used without supervision. Open-weight models are ideal for users who want unfettered access to systems they control, but they are also ideal for hackers, who can run them in the shadows. GLM-5.2 has ranked as one of the 10 most-used AI models, according to data from OpenRouter, a company that provides access to more than 400 AI models. In some benchmarking tests, according to the cybersecurity company Semgrep, GLM-5.2 bested Anthropic's Claude Opus 4.8 model, which was released in May. When given further instructions, Opus 4.8 and GLM-5.2 can match Mythos in bug-finding ability, according to researchers...

"Banning Fable while selling chips China needs to develop its own version is a gift to China," said Saif Khan, a distinguished technology fellow at the Institute for Progress think tank who worked on export restrictions in the Biden administration. The U.S. needs to maximize the use of Mythos and comparable models to harden its cyber defenses while it can, he added. Among the Mythos 5 and Fable 5 users that had lost access before Friday's decision to restore Mythos 5 access for some trusted entities: the National Security Agency, which had been testing the tools and found them impressive in trials, according to people familiar with the matter... "It is incentivizing companies across the globe to use cheaper but very capable Chinese open-weight models, while at the same time undermining the U.S. AI industry," said Niels Provos, a researcher who led security teams at Google and Stripe. "I don't understand it."

Thanks to long-time Slashdot reader schwit1 for sharing the article.
Microsoft

Microsoft Adds Another Year To Windows 10 Extended Update Program (arstechnica.com) 122

Microsoft has quietly extended free Windows 10 security updates for consumers by another year, pushing the Extended Security Updates (ESU) program's end date from October 12, 2026, to October 12, 2027. "The ESU support page was updated with that date, and Microsoft's blog post on the program has a new editor's note confirming the change," reports Ars Technica. From the report: The prevalence of Windows across so many devices and form factors has given Microsoft a massive customer base for decades, but it has also stymied the company's efforts to roll out new operating systems. Microsoft famously extended the support window for Windows XP numerous times throughout the 2010s as it became apparent that millions of PCs would never be updated. Windows 10 isn't quite as entrenched as XP was, but it has still been a slog getting people to upgrade to Windows 11 even nearly five years after release.

Unlike many past Windows updates, Windows 11 required some users to buy new PCs with specific CPU technologies and a Trusted Platform Module (TPM). Microsoft was widely criticized for excluding perfectly serviceable PCs, and that's turning into a problem in 2026. The AI-driven shortage of storage and memory has made system upgrades vastly more expensive, potentially slowing upgrades. Some have also avoided Windows 11 due to Microsoft's intense focus on AI features.

The result is that Windows 10 remains stubbornly popular. According to StatCounter data, Windows 10 is still running on about 26 percent of PCs, while Windows 11 sits at 72 percent. That means there are still hundreds of millions of active Windows 10 installs, but those machines will be up to date for at least an additional year.

AI

Linux Foundation Launches Akrites To Coordinate AI-Driven Open Source Security (nerds.xyz) 17

BrianFagioli writes: The Linux Foundation has announced Akrites, a new initiative to coordinate vulnerability disclosure and remediation for critical open source software as AI dramatically speeds up vulnerability discovery. Founding members include AWS, Google, Microsoft, OpenAI, Red Hat, NVIDIA, IBM, Cisco, JPMorganChase, and others. Akrites will provide a shared Security Incident Response Team (SIRT), a standardized coordinated vulnerability disclosure process, and act as a "maintainer of last resort" for abandoned but widely used packages.

The goal is to reduce duplicate reports, avoid conflicting patches, and help upstream maintainers address vulnerabilities before they can be exploited. As AI makes it easier to find security flaws, can a coordinated industry effort help protect open source, or does it risk giving large corporations too much influence over the ecosystem?
"Akrites is the largest coordinated effort in history to create systems and deploy tooling that leverages the collective power of the community to make everyone safer," the Linux Foundation said in an open letter. "Akrites participants will contribute engineering resources; work to build and ship fixes; or fund the engineers who do. Some companies have contributed mightily already. The reality is, collectively, we need to contribute more."
Python

Boffin Claims Microsoft's 'Quantum Leap' Is Invalid Due To 'Basic Python Errors' (theregister.com) 75

A peer-reviewed Nature critique argues that Microsoft's 2025 Majorana quantum-computing breakthrough -- and its claim that it could enable "a truly meaningful quantum computer not in decades, as some have predicted, but in years" -- is fundamentally flawed. According to Dr Henry Legg, a lecturer at the University of St Andrews, the claims were undermined by omitted data, selective plotting, and basic Python errors that concealed alternative results. Microsoft, for its part, says the bugs were minor and stands by its findings and roadmap. The Register reports: "Last year they claimed to be years, not decades from a 'topological quantum supercomputer,'" Legg told The Register in an email. "My feeling is that they are centuries, not decades away. If it works at all -- and, based on what I have seen, the most likely scenario is that it doesn't work." Based on his analysis of the research Microsoft published in 2025, Legg argues that the company's claims about finding and being able to control the elusive Majorana particle to build a topological superconductor do not withstand scrutiny.

"I demonstrate that Microsoft's tune-up software is flawed and that coding errors resulted in incorrect statements to peer reviewers," said Legg. "Raw data, which was omitted from the original paper, also appears to indicate Microsoft's devices contain considerable disorder and are not compatible with the existence of a topological gap. In other words, the prerequisites for Microsoft's claims do not appear to be met, but this was obscured because this data did not appear in the original publication."

Essentially, Microsoft has proposed a Topological Gap Protocol (TGP) that can be used to detect the phase transition deemed to be a prerequisite for conducting quantum calculations using Majorana particles. Legg argues that based on his analysis of underlying transport data (measurements of particle change) -- omitted from the original publication -- Microsoft chose to focus on results that supported its thesis and ignored data that could be interpreted as a negative result. As he notes in his critique: "The TGP plotting code was set to highlight only the largest purportedly topological region."

"The primary consequence was the omission of other regions that passed their tune-up protocol (the TGP)," said Legg. "When peer reviewers asked if other regions existed, Microsoft inaccurately stated that they had investigated the only region passing the protocol within the explored range. This was not correct." Legg also argues that Microsoft mishandled its code. "The code antisymmetrized bias voltage based on array index rather than physical value," his analysis says.

In other words, Microsoft's researchers made a basic programming mistake by evaluating the array index -- the number identifying a value's position in an array -- instead of the value to which the index refers. "There were two pretty basic Python programming errors that hid these alternative regions," Legg explained. "Their plotting software was hardcoded with a filter (zbp_cluster_numbers=[1]) that forced it to display only the single largest region, concealing other successful results from their phase maps. Changing this to zbp_cluster_numbers=[1,2] shows already a second region." Legg added: "The TGP software transformed the data by simply reversing a Python array (x[::-1]) based on its index position, ignoring the actual physical bias voltages."

Bug

Microsoft Accidentally Breaks Replying To an Email On Outlook (theregister.com) 70

Microsoft has accidentally introduced a bug in Outlook for Mac that omits the original message from email replies, making it difficult for recipients to follow conversation history. Until Microsoft releases a fix, its suggested workaround is to roll back from version 16.110 and disable automatic updates, which is "great for users in full control of their devices -- not so good for anyone with a managed device," notes The Register. "Administrators with fleets of Macs running Outlook should brace for helpdesk tickets." From the report: In some instances, having a user copy and paste the salient bits of the email they are responding to might not be such a bad thing. We've all had emails that required epic amounts of scrolling to find what started the conversation, so forcing users to think about what they actually need to include is no bad thing. However, disrupting user workflows without warning -- well, that is undoubtedly a bad thing.

This is, after all, one of the most basic things an email client needs to do, so shipping a product with a bug that breaks this functionality says more about Microsoft's approach to quality than anything else.

Security

Microsoft Discovers Cryptocurrency Stealer That Spreads Through USB Drives and Uses Tor (arstechnica.com) 12

Ars Technica's senior security editor reports: Microsoft says it has detected new self-propagating malware that spreads through USB drives in search of cryptocurrency credentials, which it then sends to attacker-controlled servers.

The company named the worm Crypto Clipper because it monitors the contents of device clipboards for patterns consistent with wallet addresses or seed phrases. When found, the malware also takes five screenshots over a 10-second period... "The execution of this clipper is notable because it does not depend on a traditional installer or exposed IP-based C2 infrastructure," Microsoft said Thursday. "Instead, it deploys a portable Tor client, routes traffic through a local SOCKS5 proxy, and blends data theft with remote code execution, turning a financially motivated stealer into a lightweight backdoor."

Microsoft said it observed Crypto Clipper spreading through .lnk file on a USB drive. These files store executable code. When an infected USB drive is plugged into a device, the code checks whether it is already installed on the machine. If it isn't, the malware downloads it through the Tor proxy. To better conceal evidence of the worm, the malware scans the infected USB drive and names the .lnk files with similar names... The stealer also replaces addresses it finds with ones belonging to attacker-controlled wallets. This allows the malware to divert payments to the attacker's pockets. Microsoft believes the purpose of the screenshots is to provide context that may be useful. "This malware family shows how lightweight, script-based stealers can deliver outsized impact when paired with anonymized communications and runtime tasking," Microsoft said. "The combination of Tor-routed C2, clipboard targeting, screenshot capture, and remote code execution gives attackers both immediate monetization paths and continued control over compromised devices."

Thanks to Slashdot reader joshuark for sharing the news.
Cloud

EU To Soon Classify AWS and Azure As Gatekeepers Under DSA (heise.de) 39

The European Commission is reportedly preparing to provisionally classify Amazon Web Services and Microsoft Azure as "gatekeepers" under the Digital Markets Act, bringing cloud infrastructure under the law's stricter competition rules for the first time. The designation could require greater interoperability and data portability, making it easier for customers to switch providers, with a final decision expected by the end of 2026. Heise reports: This investigation began in November 2025, when the EU targeted the cloud power of US tech giants. The trigger was outages in cloud services with sometimes significant impacts on other internet services. Shortly before, an approximately 15-hour outage of the AWS cloud in the US meant that not only Amazon's own streaming services but also Atlassian, Docker, Epic Games, and the Signal messenger were unavailable or severely restricted. Shortly thereafter, Microsoft Azure also struggled with an outage, preventing air passengers from checking in and interrupting votes in the Scottish Parliament.

As a result, European antitrust authorities have also scrutinized cloud services under the Digital Markets Act for the first time. The major cloud providers, primarily from the US, have so far evaded the EU's Digital Markets Act because a large part of their business is handled through corporate contracts. This makes it difficult to determine the number of individual users. However, this is one of the EU's most important criteria for determining the market power of companies. [...] As gatekeepers, AWS and Azure would be obliged to ensure interoperability and data portability. This would, for example, simplify switching cloud providers and allow customers to link other services with AWS or Azure clouds, instead of being limited to AWS and Azure offerings. Significant fines could also be imposed if the cloud services are found to be in violation of existing regulations.

Security

Microsoft Working To Patch 'RoguePlanet' Zero-Day (securityweek.com) 30

wiredmikey shares a report from SecurityWeek: Microsoft on Wednesday published an advisory acknowledging the public disclosure of a vulnerability in Defender that could lead to privilege escalation. The security defect, tracked as CVE-2026-50656 (CVSS score of 7.8), was dropped last week by security researcher Nightmare Eclipse (also known as Chaotic Eclipse). "We are working to provide a high-quality security update that addresses this vulnerability. We will provide information in this CVE when the update is available," Microsoft adds.

RoguePlanet, Nightmare Eclipse explained last week, targets a race condition in Microsoft Defender and allows attackers to gain System privileges. The researcher released a proof-of-concept (PoC) exploit that demonstrates local privilege escalation (LPE) on Windows 11 and Windows 10 systems with the June 2026 patches installed. [...] On Wednesday, Nightmare Eclipse pointed out that the PoC works regardless of whether Defender's real-time protection is enabled or disabled. It may even work in passive mode, the researcher said.

Open Source

Google, Microsoft, and OpenAI Back Linux Foundation's Appia AI Standards Initiative (nerds.xyz) 24

BrianFagioli writes: Google, Microsoft, OpenAI, Arm, Mastercard, Siemens, and other companies have joined the newly launched Appia Foundation under the Linux Foundation. The project aims to create common specifications and assessment frameworks that organizations can use to demonstrate AI systems meet emerging safety, trust, and compliance requirements. According to the Linux Foundation, the framework is designed to allow conformity evidence to be reused across the AI supply chain, potentially reducing duplicate assessments and compliance costs. The announcement comes as governments around the world move toward enforcing AI regulations and organizations face increasing pressure to prove AI systems are trustworthy. "As international standards and legal frameworks become more established, global organizations need a consistent, practical way to verify that AI systems conform to new expectations," said Jim Zemlin, CEO of the Linux Foundation. "The Appia Foundation establishes a neutrally governed environment where the entire industry can collaborate on a common assessment framework. By building this infrastructure in the open, we are helping organizations reduce complexity, lower operational costs and build trust."

Craig Shank, Executive Director of the Appia Foundation, added: "AI systems now make decisions about people's loans, their children's schools and their jobs. People on the receiving end deserve to know those systems were built and assessed against criteria that hold up to scrutiny. The Appia Foundation was formed to do that work: creating publicly available specifications that organizations across the AI value chain use to demonstrate their systems meet those criteria. By establishing this open framework, we are building the accountability layer required to scale safe and trusted AI across major industries."
Privacy

FBI Issues Urgent Kali365 Security Warning For Teams, Outlook, OneDrive Users (thehill.com) 10

alternative_right shares a report from The Hill: The FBI released an urgent security warning to the public about a fast-acting scam targeting Microsoft 365 users on Teams, Outlook and OneDrive. The agency warned that the hacking platform Kali365 seeks out OAuth device codes, allowing scammers to sneak past multi-factor authentication codes, and without the need for a password, to access Microsoft accounts. Scammers will send a phishing email impersonating a trusted document-sharing service with a device code and instructions on how to verify, according to the FBI.

"Kali365 lowers the barrier of entry, providing less-technical attackers access to AI-generated phishing lures, automated campaign templates, real-time targeted individual/entity tracking dashboards, and OAuth token capture capabilities," the FBI stated. The platform is sold to scammers with a $250 per month subscription. The FBI, which first detected Kali365 in April, described the hacking platform as an "emerging Phishing-as-a-Service platform." Hackers with limited skills can access advanced phishing tools through the platform, according to NordPass.

Chrome

Google Chrome's Next Update Will Mark the End of Popular Ad Blockers (9to5google.com) 161

Google is removing Chrome's last remaining workarounds for Manifest V2 extensions, effectively ending support for legacy ad blockers such as the original uBlock Origin. 9to5Google reports: CyberNews points out a Chromium commit that removes support for the "kExtensionManifestV2Disabled" flag, which is referred to as "dead code" seeing as Chrome no longer supports Manifest V2 extensions. This removal acts as the final stop for many Manifest V2-based ad blocker extensions that were still in use today -- the flag was effectively a loophole to continue using these extensions.

A Googler on the commit explains: "MV2 extensions are no longer allowed in any supported version of Chrome, and we are removing support for them and the associated functionality. We won't be able to provide / maintain this functionality indefinitely due to the complexity and tech debt, as well as the security risks it entails (we've actually found a number of bugs that are specific to MV2 lately). Of course, other browsers can continue supporting these if they so desire."

This will also impact other Chromium-based browsers, though the comment notes that "other browsers can continue supporting these if they so desire." Neowin points out that Microsoft Edge and Opera are likely to follow suit. Chrome 150, set to be released later this month, will remove this flag, while other leftover bits of Manifest V2 will be removed in the v151 release.

Windows

Microsoft Updates Six Windows Apps. 'Photos' Gets Watermarks for Copilot Images (Off by Default) (neowin.net) 31

Microsoft dropped "massive" updates for six stock Windows apps, reports the "Microsoft enthusiast" site Neowin.

Here's some of their more interesting highlights for Clock, Media Player, Calculator, Voice Recorder, Photos, and Paint:

The Photos app (version 2026.11060.2004.0):
  • AI watermarking — "AI-generated or edited images can now carry a visible Copilot watermark. You choose Never, Always, or Ask Every Time in Settings, with a confirmation when saving. The watermarking is off by default in settings."

Calculator (version 11.2605.9.0):

  • More accurate square-root results. "Fixed rare cases where a calculation that should equal zero (like sqrt(2.25) — 1.5) returned a tiny leftover value instead...."
  • Reliable launch after upgrading. "Fixed an issue where upgrading from much older versions could leave outdated settings that stopped the app from opening..."

The Clock app (version 11.2605.9.0):

  • "Timers keep counting after they hit zero — When a timer runs out, it now keeps counting up (for example, -00:27:31) so you can see how far past the time you've gone..."
  • "Correct sun and moon icons during midnight sun — Fixed an icon that wrongly showed a moon during all-day daylight in polar regions... "
  • "No more double announcements — Screen readers no longer read the timer value twice."

Media Player (version 11.2605.14.0).

  • "Playlists need a name — You can no longer accidentally save a playlist with a blank name."

Slashdot Top Deals