Data visualizations are the bridge between user and data.But building AI agents that can generate visualizations reliably can be very tricky:- simple chart specs can be reliable, but generated charts are often of low quality due to reliance on system defaults;
- complex chart specs with explicit de…
Microsoft's latest environmental report shows the growing tension between its race to build AI infrastructure and its long-standing climate commitments.Why it matters: The report mirrors recent disclosures from Google and Amazon, whose emissions and resource use have also climbed alongside AI growth…
The newest, unexpected addition to the Mesa codebase by Microsoft engineers is contributed accelerated AV1 video encoding on the GPU using a combination of DirectX 12 and the Hardware Media Foundation Transform (HMFT) support that is part of the Windows Media Foundation layer...
Microsoft has released a security patch to address a Defender zero-day vulnerability known as "RoguePlanet," disclosed after the June 2026 Patch Tuesday. [...]
agrupados por: microsoft · rogueplanet · defender · patches · vulnerability · zero
Microsoft cut around 4,800 roles, or 2.1% of its global workforce, on Monday — the latest in a series of layoffs that’s stoking fears of AI replacing jobs. The layoffs will hit Xbox and commercial sales the hardest.
Microsoft says Windows users should expect to see an increase in security updates as the company increasingly relies on artificial intelligence to discover vulnerabilities in its codebase. [...]
On this week’s show special guest co-host Chris Wade, the founder of Corellium turned Cellebrite CTO, joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news.
They cover:
Microsoft has repos owned, GitHub tokens popped, and a new 0day dropped on them
Meanwhile, researcher…
U.S. prosecutors linked an alleged Scattered Spider hacker to a break-in at a luxury jewelry retailer using a persistent Windows device ID, according to a newly unsealed federal complaint.
Microsoft records tied that ID first to the account the attackers used to keep access during the May 2025 intr…
A new phishing-as-a-service (PhaaS) operation called Forg365 focuses on stealing Microsoft 365 accounts by combining adversary-in-the-middle (AiTM) and device code methods with AI-assisted lure generation. [...]
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerabilities are listed below -
CVE-2026-48282 (CVSS score: 10.0) - A path traversal vulnera…
A recent EvilTokens campaign targeting businesses across the US and Europe is exposing a new email security blind spot. This “ghost phishing” technique keeps the malicious page hidden until it decrypts and comes to life inside the victim’s browser.
For security leaders, the risk is clear: tradition…
GitHub has officially announced the release of npm version 12 with install scripts disabled by default, along with deprecating granular access tokens (GATs) designed to bypass two-factor authentication (2FA).
The Microsoft-owned subsidiary noted that the following npm install behaviors that used to…
Microsoft has taken apart a destructive Windows backdoor it calls GigaWiper. What stands out is how it is built: not one tool but three older destructive programs bolted into one, offered as commands the operator can choose from.
Each is a different way to break a machine: wipe the whole disk, over…
A threat actor has been targeting organizations across multiple sectors with voice-based fake security requests that ask Microsoft 365 users to enroll a new Entra passkey. [...]
Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and exploi…
With the AMD Ryzen AI Halo developer platform there is the option of ordering this Ryzen AI Max+ mini PC with either Microsoft Windows 11 or "Linux OS". When receiving a AMD Ryzen AI Halo review sample last month, I fully expected it to just be an Ubuntu LTS install with ROCm preloaded. I was quite …
With 3mdeb's Dasharo port of AMD openSIL and Coreboot running on the Gigabyte EPYC motherboard, 3mdeb engineers have been devoting more time to their bring-up of Coreboot+openSIL on the MSI PRO B850-P consumer motherboard for desktop AMD Ryzen. They now even have Microsoft Windows 11 working atop th…
Microsoft has fixed a known issue causing the Copilot Chat or Copilot buttons in Classic Outlook to disappear for Windows users with the Copilot Chat (Basic) license. [...]
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
A new phishing-as-a-service (PhaaS) platform dubbed "ARToken" appears to operate as an affiliate of the EvilTokens phishing platform, giving researchers a glimpse into an extensive toolkit designed to compromise Microsoft 365. [...]
El MundoMIXED 6.5generalcenter-rightFri, 03 Jul 2026 00:01:48
Tras recibir una oferta a la baja por parte de la empresa tecnológica y el aviso de que serían expropiados sí o sí, los afectados han puesto el caso en manos de sus abogados Leer
Microsoft's new Teams admin policy requires organizer approval for external AI bots, giving organizations greater visibility and control over automated participants in sensitive meetings.
The post Microsoft Adds New Teams Controls to Block Unauthorized AI Bots From Meetings appeared first on Securit…
On this week’s show special guest co-host Andy Boyd joins Patrick Gray and James Wilson to discuss the week’s cybersecurity news. Andy is the CEO of REDLattice, which makes the Paragon “intelligence collection and reconnaissance” solution.
They cover:
Adversaries are tracking US troop locations…
An aggressive password-spraying campaign targeting Microsoft 365 environments generated more than 81 million login attempts over a two-week period. [...]
Apple. Anthropic. Disney Research. Google. Meta. Microsoft. NVIDIA. OpenAI. Few places outside Silicon Valley can claim R&D hubs from all of these companies. Fewer still are concentrated in a city of just over 400,000 people—roughly half the size of San Francisco. Over the past two decades, however,…
PhoronixRELIABLE 7.0tecnología✓ 3 fuentes📊 datosMon, 29 Jun 2026 11:49:29
Microsoft today shipped the first public preview of WSL Containers "WSLC" as their latest extension of the Windows Subsystem for Linux on Windows 11...
The Microsoft Defender vulnerability CVE-2026-33825 was exploited in the wild as a zero-day before patches were released.
The post BlueHammer Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
Meta is developing plans for a cloud infrastructure business, selling access to AI compute power and models. The move would pit it against the big cloud providers like Amazon Web Services, Google Cloud, and Microsoft Azure.
Linux users who have Secure Boot enabled on
their systems rely on certificates issued by Microsoft to verify the software
used to boot a system is trusted by the user. One of those certificates expired
recently, but that will not cause systems that are able to boot to stop doing
so. There are situat…
The Courses Digest, Labs Digest, and Exams Digest Bundle gives you unlimited access to expertly crafted online courses, interactive labs and study tools. Whether you’re aiming for industry-recognized certifications or expanding your tech expertise, this bundle will help you get there with courses on…
A follow up to our open letter regarding Microsoft’s formal review of recent allegations about Israel’s usage of Azure cloud for the surveillance and targeting of Palestinians.
The post Joint letter to Microsoft regarding Israeli military use of Azure cloud and AI services appeared first on Access …
Through a new joint letter, we're calling on Microsoft to publish the findings of its review into the Israeli military’s use of the company services.
The post Microsoft: it’s time to come clean about your ties to the Israeli military appeared first on Access Now.
Microsoft has found a malicious Chrome extension that posed as the AI search engine Perplexity and quietly logged what people searched for. It routed every query and every character typed into the address bar through an attacker-controlled server before redirecting users to real results.
Microsoft …
New Microsoft research shows how attackers can hijack AI agents that act on a user's behalf, using nothing more than a poisoned tool description to make the agent quietly hand over company data to an outsider.
The trick is that the agent never breaks a rule. Every step looks routine, so in a defaul…
Cybersecurity researchers have warned of a "massive, ongoing, automated password spray attack" aimed at Microsoft's Azure command-line interface (CLI), compromising dozens of accounts in the process.
The activity, per Huntress, originates from an IPv6 address range (2a0a:d683::/32) controlled by in…
Microsoft on Tuesday said it's accelerating its quantum safe security roadmap, stating technology advances in quantum computing are making it essential to replace existing encryption standards sooner than previously expected.
"Advances in quantum research and development have shifted the risk horiz…
Separate but similar campaigns described by Microsoft and Trend Micro use malicious zip files to spread malware via social engineering and obsfucation, including blockchain abuse.
Microsoft announced today that it is accelerating its quantum-safe security roadmap, saying advances in quantum computing are bringing the need to replace today's encryption standards sooner than previously expected. [...]
AxiosRELIABLE 7.5geopolítica✓ 7 fuentesFri, 26 Jun 2026 08:30:04
People spend a lot of time on their devices. The AI boom means they will also be spending more for them.Why it matters: The enormous sums of money going into the AI race are driving up costs for resources and components throughout the economy.That's now becoming increasingly apparent to ordinary Ame…
The Linux Foundation along with others like Amazon, Anthropic, OpenAI, NVIDIA, Microsoft, Red Hat, and others have joined forces to launch Akrites. The Akrites project is aiming to help defend critical open-source software from the brisk pace of new AI/LLM-discovered software bugs and vulnerabilitie…
Microsoft, with law enforcement and industry partners, disrupted more than 200 command and control servers for Amadey and StealC, often used in conjunction.
The post In a first, a court takedown goes after two cybercrime tools at once appeared first on CyberScoop.
WIREDRELIABLE 8.0tecnologíacenter-left✓ 10 fuentesSat, 27 Jun 2026 10:30:00
Plus: Former national security advisor John Bolton pleads guilty in classified-materials case, Microsoft helps take down major infostealer infrastructure, and more.
Patrick Gray and Adam Boileau are joined by the newest guy on the Risky Business Media team, James WIlson. They discuss the week’s cybersecurity news, including:
Notepad++ update supply chain attack has been attributed to China
The AI agent future is even more stupid than expected; behold the …
On this week’s show Patrick Gray and Adam Boileau discuss the week’s cybersecurity news, including:
Microsoft reshuffles security leadership. It doesn’t spark joy.
Russia is hacking the Winter Olympics. Again. But y tho?
China-linked groups are keeping busy, hacking telcos in Norway, Singapo…
Cybersecurity researchers have flagged a new class of CI/CD workflow weakness that allows attackers to hijack workflows and compromise open-source supply chains.
The "critical exploitable pattern" has been codenamed Cordyceps by Novee Security. The issue can allow full attacker control of repositor…
A coordinated law enforcement operation, in partnership with private sector companies, including Bitdefender, Bitsight, ESET, and Microsoft, has resulted in the takedown of criminal infrastructure powering Amadey and StealC.
"The main common goal was to disrupt the 'assembly lines' cybercriminals u…
An active phishing campaign has been targeting hotel and other hospitality organizations across Europe and Asia since April 2026, using photo-themed ZIP files to drop a Node.js implant and dig into front-desk machines, Microsoft says.
The company has not attributed the activity to a known threat ac…
Microsoft has quietly extended its free Windows 10 Extended Security Updates (ESU) program for consumers by an additional year, allowing enrolled devices to continue receiving security updates until October 12, 2027. [...]
There’s something going on over in Microsoft’s Xbox division and it isn’t good. Don’t take my word on that. Apparently the bosses over there are circulating an email to staff talking about how properly fucked everyone is if something doesn’t change soon. Xbox CEO Asha Sharma and Xbox Game Studios he…
On this week’s show Patrick Gray, Adam Boileau and James Wilson discuss the week’s cybersecurity news. They cover:
Anthropic’s Fable 5 and Mythos 5 get nuked by the US government four days after launch “because security”
Why “guardrails” won’t keep the world safe from your AI doomsday machine
…
Microsoft has formally disclosed that it's working to release a patch to address a Defender zero-day codenamed RoguePlanet.
The vulnerability has now been assigned the CVE identifier CVE-2026-50656 (CVSS score: 7.8), with the tech giant describing it as a privilege escalation flaw.
"Microsoft is a…
Threat actors associated with the DragonForce ransomware have been observed using a custom Go-based remote access trojan (RAT) called Backdoor.Turn to conceal command-and-control (C2) traffic inside Microsoft Teams relay infrastructure.
According to findings from Broadcom-owned Symantec and Carbon …
Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users since February 2026.
"The clipper in this campaign relies on Windows Script Host and ActiveX-driven logic to launch a bundled Tor proxy and poll a hidden-service C2 [command-and-control] serve…
Microsoft is investigating a new issue preventing third-party applications from launching Microsoft Office applications or opening documents on up-to-date Windows systems. [...]
Microsoft 365 helps keep services running, but protecting and recovering business data remains your responsibility. Acronis breaks down five gaps organizations should consider when evaluating Microsoft 365 data protection. [...]
AxiosRELIABLE 7.5geopolítica📎 bien sourcedTue, 16 Jun 2026 09:49:01
Brad Smith, vice chair and president of Microsoft, slammed tech moguls for hypocritical, grandiose warnings that are alienating Americans at a time of huge workforce opportunity."Nobody knows for sure, but let's not panic," Smith, who has been with Microsoft for 33 years, said from the tech giant's …
DragonForce ransomware used a custom malware named 'Backdoor.Turn' to hide command-and-control traffic inside Microsoft Teams relay infrastructure. [...]
GhostTree uses recursive NTFS junctions to generate vast numbers of valid Windows file paths. Varonis explains how the technique could cause Microsoft Defender folder scans to never complete, leaving malware undetected. [...]
The North Korean state-sponsored hacking group known as ScarCruft (aka APT37) has been observed using spear-phishing messages impersonating Microsoft Account security notifications to deliver malware called NarwhalRAT.
"The attack email contained a message impersonating an MS account security alert…
The FreeBSD Project announced today the launch of an AI-Assisted Vulnerability Discovery Project with grant funding provided by the Linux Foundation backed Alpha-Omega project. Alpha-Mega has sponsors including Microsoft, AWS, Google, Anthrophic, OpenAI, and others who will now be helping with FreeB…
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search.
Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link poin…
A critical vulnerability chain dubbed SearchLeak in Microsoft 365 Copilot Enterprise could allow attackers to steal sensitive data from a target's mailbox, OneDrive, or SharePoint account through a specially crafted URL. [...]