Kategorie

An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information. [...]

OpenAI is reportedly testing a new "watermark" for the Image Generation model, which is a part of the ChatGPT 4o model. [...]

A newly discovered malicious PyPi package named 'disgrasya' that abuses legitimate WooCommerce stores for validating stolen credit cards has been downloaded over 34,000 times from the open-source package platform. [...]

A likely lone wolf actor behind the EncryptHub persona was acknowledged by Microsoft for discovering and reporting two security flaws in Windows last month, painting a picture of a "conflicted" individual straddling a legitimate career in cybersecurity and pursuing cybercrime. In a new extensive analysis published by Outpost24 KrakenLabs, the Swedish security company unmasked the up-and-coming Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.com

Coinbase is fixing an incorrect account activity message that freaks out customers and makes them think their credentials were compromised. [...]

The North Korean threat actors behind the ongoing Contagious Interview campaign are spreading their tentacles on the npm ecosystem by publishing more malicious packages that deliver the BeaverTail malware, as well as a new remote access trojan (RAT) loader. "These latest samples employ hexadecimal string encoding to evade automated detection systems and manual code audits, signaling a variationRavie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.com

A vulnerability in the WinRAR file archiver solution could be exploited to bypass the Mark of the Web (MotW) security warning and execute arbitrary code on a Windows machine. [...]

Cybersecurity researchers have uncovered malicious libraries in the Python Package Index (PyPI) repository that are designed to steal sensitive information and test stolen credit card data. Two of the packages, bitcoinlibdbfix and bitcoinlib-dev, masquerade as fixes for recent issues detected in a legitimate Python module called bitcoinlib, according to ReversingLabs. A third package discovered Ravie Lakshmananhttp://www.blogger.com/profile/09767675513435997467noreply@blogger.com

Microsoft 365 (and Office 365) subscribers get more frequent software updates than those who have purchased Office without a subscription, which means subscribers have access to the latest features, security patches, and bug fixes. But it can be hard to keep track of the changes in each update and know when they’re available. We’re doing this for you, so you don’t have to.

Following are summaries of the updates to Microsoft 365/Office 365 for Windows over the past year, with the latest releases shown first. We’ll add info about new updates as they’re rolled out.

Note: This story covers updates released to the Current Channel for Microsoft 365/Office 365 subscriptions. If you’re a member of Microsoft’s Office Insider preview program or want to get a sneak peek at upcoming features, see the Microsoft 365 Insider blog.

Version 2503 (Build 18623.20156)

Release date: April 2, 2025

This build lets you use Dark Mode in Excel, which darkens your entire sheet, including cells, and may reduce eye strain. It also fixes several bugs, including one in Word in which opening specific files that contain many tracked changes and comments resulted in poor performance, and one in PowerPoint in which the app was not displaying the icon for an inserted PDF object.

Get more info about Version 2503 (Build 18623.20156).

Version 2502 (Build 18526.20168)

Release date: March 11, 2025

This build fixes several bugs, including one in which some Word files with numerous tracked changes and comments were slow. It also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2502 (Build 18526.20168).

Version 2502 (Build 18526.20144)

Release date: March 5, 2025

This build fixes a wide variety of bugs, including one in Word in which the default font size may not be 12pt as expected, and another in which PowerPoint automatically closed when the system went into hibernate or sleep mode.

Get more info about Version 2502 (Build 18526.20144).

Version 2501 (Build 18429.20158)

Release date: February 11, 2025

This build removes the option to display Track Changes balloons in left margin in Word. It also includes a variety of security updates. See “Release notes for Microsoft Office security updates” for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2501 (Build 18429.20158).

Version 2501 (Build 18429.20132)

Release date: January 30, 2025

In this build, the advanced Track Changes option to set the margin for balloons in Word has been removed.

A wide variety of bugs have also been fixed, including one in which ActiveX controls used an excessive amount of GDI handles in PowerPoint, and another for the entire Office suite in which images couldn’t be pasted from SharePoint.

 Get more info about Version 2501 (Build 18429.20132).

Version 2412 (Build 18324.20194)

Release date: January 16, 2025

This build fixes one bug, in which apps would exit unexpectedly when running on Windows Server 2016.

Get more info about Version 2412 (Build 18324.20194).

Version 2412 (Build 18324.20190)

Release date: January 14, 2025

This build fixes a bug in Word in which the layout of tables were changed unexpectedly. It also includes a variety of security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2412 (Build 18324.20190).

Version 2412 (Build 18324.20168)

Release date: January 7, 2025

This build makes tables in Outlook more accessible for screen readers. It also fixes a wide variety of bugs, including one in Word in which a document saved to a network shared folder and set to “Always Open Read-Only” would open in “Editing” mode, and another for the entire Office suite in which application didn’t render the grid properly after switching from page break preview to normal view.

Get more info about Version 2412 (Build 18324.20168).

Version 2411 (Build 18227.20162)

Release date: December 10, 2024

This build fixes a bug in Word and Outlook where characters didn’t render correctly when using Save Selection to Text Box Gallery. It also includes a variety of security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2411 (Build 18227.20162).

Version 2411 (Build 18227.20152)

Release date: December 5, 2024

This build fixes a wide variety of bugs, including one in Excel in which some cells might not be rendered properly upon scrolling in a worksheet using freeze panes, one in Word which prevented emails with linked SVG content from saving or sending, and one in which some PowerPoint presentations created by third-party tools didn’t open correctly and some content was removed.

Get more info about Version 2411 (Build 18227.20152).

Version 2410 (Build 18129.20158)

Release date: November 12, 2024

This build fixes a variety of bugs, including one in Word in which all characters didn’t appear correctly when creating an Outlook task from OneNote, and one in PowerPoint in which embedded BMP images in the PowerPoint slide were not opening.

This build also includes a variety of security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2410 (Build 18129.20158).

Version 2410 (Build 18129.20116)

Release date: October 28, 2024

This build enables filtering capabilities for the comment pane in Excel and fixes a variety of bugs, including one in Word in which the title bar no longer showed a “Saved” status for locally saved files, and one in PowerPoint in which a graphics-related issue caused the app to close unexpectedly at times.

Get more info about Version 2410 (Build 18129.20116).

Version 2409 (Build 18025.20160)

Release date: October 15, 2024

This build fixes a single bug in Word, in which emails with linked SVG content couldn’t be saved or sent.

Get more info about Version 2409 (Build 18025.20160).

Version 2409 (Build 18025.20140)

Release date: October 8, 2024

This build fixes a variety of bugs, including one in Word in which text wasn’t clearly visible in High Contrast Mode when using “Draft with Copilot” and referencing a meeting under “Reference your content.”

This build also includes multiple security updates. See Release notes for Microsoft Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2409 (Build 18025.20140).

Version 2409 (Build 18025.20104)

Release date: September 25, 2024

This build fixes a single bug, in which when you saved a file in Word, the save status was missing from the Title bar.

Get more info about Version 2409 (Build 18025.20104).

Version 2409 (Build 18025.20096)

Release date: September 23, 2024

This build improves the user experience for selecting which users should have which permissions when a sensitivity label configured for user-defined permissions is applied to a file or when configuring standalone Information Rights Management through the Restrict Access feature. This change affects Excel, PowerPoint, and Word.

The build also fixes a variety of bugs, including one in Word in which Document Mode would switch from “editing” to “viewing” if user enabled “Track Changes” and set “For Everyone.”

Get more info about Version 2409 (Build 18025.20096).

Version 2408 (Build 17928.20156)

Release date: September 10, 2024

This update will remove Flip video support when the service goes offline on October 1, 2024. The build also includes a variety of security updates. Go here for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2408 (Build 17928.20156).

Version 2408 (Build 17928.20114)

Release date: August 26, 2024

This build allows you to disable connected experiences for privacy concerns without impacting data security policies, such as sensitivity labels. Services associated with Microsoft Purview (e.g., sensitivity labels and rights management) are no longer controlled by policy settings to manage privacy controls for Microsoft 365 Apps. Instead, these services will rely on their existing security admin controls in Purview portals.

The build also fixes a variety of bugs, including one in Outlook that caused default SMIME labels to fail to apply when a user replied to or forwarded an unlabeled message, and one for the entire suite in which people couldn’t install Microsoft 365 apps on an enrolled device.

Get more info about Version 2408 (Build 17928.20114).

Version 2407 (Build 17830.20166)

Release date: August 13, 2024

This build includes a variety of security updates for Excel, Outlook, PowerPoint, Project, Visio, and the entire Office suite. See Microsoft’s Release notes for Office security updates for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2407 (Build 17830.20166).

Version 2407 (Build 17830.20138)

Release date: August 1, 2024

This build fixes a wide variety of bugs, including one in which coauthoring on text boxes in Excel sometimes gave unexpected results, another in PowerPoint in which line widths were not preserved when exporting arrow shapes to PDF, and another in Word in which revisions were sometimes skipped when reviewing using VBA.

Get more info about Version 2407 (Build 17830.20138).

Version 2406 (Build 17726.20160)

Release date: July 9, 2024

This build fixes several bugs, including one in Word and Excel in which characters don’t appear correctly in Text Box Gallery. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2406 (Build 17726.20160).

Version 2406 (Build 17726.20126)

Release date: June 26, 2024

This build fixes a wide variety of bugs, including one in which Excel documents might be unexpectedly edited when a mandatory sensitivity label has not been applied, one that caused Outlook to exit unexpectedly shortly after launch for some users, and one in which pasting data from Word or Excel to an Outlook template as a link would cause an error message to appear.

Get more info about Version 2406 (Build 17726.20126).

Version 2405 (Build 17628.20164)

Release date: June 19, 2024

This build includes a variety of unspecified bug and performance fixes.

Get more info about Version 2405 (Build 17628.20164).

Version 2405 (Build 17628.20144)

Release date: June 11, 2024

This build fixes one bug, which prevented users from sending mail for a few hours after updating add-ins with on-send events. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2405 (Build 17628.20144).

Version 2405 (Build 17628.20110)

Release date: May 30, 2024

This build fixes a wide variety of bugs, including one in Excel in which an embedded workbook in .xls format might not have closed properly, one that that caused Outlook to close when using Copilot Summarize, one in Word in which content controls may have been removed when coauthoring, and one for the entire Office suite in which the Organization Chart Add-In for Microsoft programs was not loading properly.

Get more info about Version 2405 (Build 17628.20110).

Version 2404 (Build 17531.20152)

Release date: May 14, 2024

This build fixes a number of bugs, including one in Word where content controls might be removed when coauthoring, and one that caused Sovereign users to be unable to create ToDo tasks from Outlook.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2404 (Build 17531.20152).

Version 2404 (Build 17531.20140)

Release date: May 7, 2024

This build fixes two bugs in Outlook, one in which it closed unexpectedly using the Scheduling Assistant when creating a new meeting or viewing an existing meeting, and another that caused add-in developers to hit timeouts when retrieving notifications from an Outlook client context.

Get more info about Version 2404 (Build 17531.20140) .

Version 2404 (Build 17531.20120)

Release date: April 29, 2024

This build reduces workbook size bloat from unnecessary cell formatting with a new “Check Performance” task pane. In addition, it fixes a wide variety of bugs, including one in Excel in which the default font could not be set; one in Outlook in which custom forms from MAPI form servers stopped responding; one in PowerPoint in which online videos did not play in some cases; one in which when opening certain Word documents would cause the error, “Word experienced an error trying to open the file”; and one in which the Office update installer appeared to be unresponsive.

Get more info about Version 2404 (Build 17531.20120) .

Version 2403 (Build 17425.20176)

Release date: April 9, 2024

This build fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2403 (Build 17425.20176).

Version 2402 (Build 17328.20184)

Release date: March 12, 2024

This build fixes three bugs: one in which Access closed unexpectedly, one in which Excel closed unexpectedly when opening files with pivot tables and table design in macro-enabled files, and one in which Word closed unexpectedly when the undo function was used.

This build also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2402 (Build 17328.20184).

Version 2402 (Build 17328.20162)

Release date: March 4, 2024

This build fixes several bugs, including one that crashed Outlook when a link was clicked on, and another for the entire Office suite in which opened Office apps didn’t automatically start when a laptop was reopened, and an error message appeared after manual relaunch.

Get more info about Version 2402 (Build 17328.20162).

Version 2402 (Build 17328.20142)

Release date: February 28, 2024

This build fixes a variety of bugs, including one that caused Outlook to exit unexpectedly when expanding a conversation in the search results from a search of “All Mailboxes,” and another in which users were not able to create a bullet list with hyphens in PowerPoint.

Get more info about Version 2402 (Build 17328.20142).

Version 2401 (Build 17231.20236)

Release date: February 13, 2024

This build fixes several bugs, including one in which macros were being corrupted when saving Excel files and another that affected the entire Office suite in which add-ins would not load after Click trust for content add-in was selected.

This build also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2401 (Build 17231.20236).

Version 2401 (Build 17231.20194)

Release date: February 1, 2024

This build fixes a single bug in which expanded groups in the message list collapsed when users changed which column they were arranged by.

Get more info about Version 2401 (Build 17231.20194).

Version 2401 (Build 17231.20182)

Release date: January 30, 2024

This build fixes a wide variety of bugs, including one in which Excel would stop responding when saving changes, one in PowerPoint in which Notes and Slide layout would open with incorrect proportions when a file was opened from a protected view, and one in Word in which comment cards appeared too wide and cut off text when changing or switching the screen in use.

Get more info about Version 2401 (Build 17231.20182).

Version 2312 (Build 17126.20132)

Release date: January 9, 2024

This build fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2312 (Build 17126.20132).

Version 2312 (Build 17126.20126)

Release date: January 4, 2023

This build introduces a new sensitivity toolbar in Word, Excel, and PowerPoint that helps users understand the security policies that apply to their documents. It’s available when users are creating copies of their documents in File / Save As. In addition, Office now had a new default theme, which Microsoft says is “more modern and accessible.”

It also fixes a wide variety of bugs, including one in Excel in which Custom Menu text was truncated when right-clicking in a cell, one in PowerPoint in which restoring a previous version of a presentation was not working as expected when using Version History, and one in Word in which the content control end tag was marked at the end of the document automatically if the document was edited in Word Online and then opened in Word desktop.

Get more info about  Version 2312 (Build 17126.20126).

Version 2311 (Build 17029.20108)

Release date: December 12, 2023

This build fixes one bug in Outlook, in which the message list was blank when switching between the “Focused” and “Other” views.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2311 (Build 17029.20108).

Version 2311 (Build 17029.20068)

Release date: November 29, 2023

This build automatically inserts image captioning for Excel’s images. When you insert an image into a spreadsheet, accessibility image captioning is automatically generated for you.

It also fixes a wide variety of bugs, including one in Excel in which list box controls would not respond to mouse clicks after scrolling using the mouse wheel, and one in Word in which the language of a presentation was not retained when saving or exporting the presentation to a PDF file.

Get more info about Version 2311 (Build 17029.20068).

Version 2310 (Build 16924.20150)

Release date: November 14, 2023

This build fixes several bugs, including one in which Outlook failed to comply with the default browser settings for some users, and another in which new lines were added to an Outlook signature when pressing Enter in the body of the email.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2310 (Build 16924.20150).

Version 2310 (Build 16924.20124)

Release date: Oct. 31, 2023

This build fixes a bug that caused Outlook to exit unexpectedly when clicking the More link in the Search results list.

Get more info about Version 2310 (Build 16924.20124).

Version 2310 (Build 16924.20106)

Release date: Oct. 25, 2023

In this build, the Teams Meeting App works in Outlook, too. With it, you’ll be able to configure a meeting app while scheduling an invite in Outlook. The meeting app will be ready to use when you chat or join the meeting on Teams.

A wide variety of bugs have also been fixed, including one in Excel where certain Pivot Tables would load slowly; one in which OneNote would close unexpectedly when rapidly navigating from one .PDF file to another .PDF file between different sections, or when performing an undo operation on a .PDF printout insertion; and one in the entire Office suite that caused unexpected black borders to appear around screen captures added with the Insert Screenshot functionality.

Get more info about Version 2310 (Build 16924.20106).

Version 2309 (Build 16827.20166)

Release date: October 10, 2023

This build fixes two bugs, one in which users were missing their Outlook add-ins, and another in Word in which subheading numbering with a custom Style would disappear if the file was saved and reopened. It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2309 (Build 16827.20166).

Version 2309 (Build 16827.20130)

Release date: September 28, 2023

This build introduces two new features, including the ability to disable specific types of automatic data conversions in Excel and support for the “Present in Teams” button to present local files in PowerPoint Live in Microsoft Teams.

Several bugs have also been fixed, including one in which the setting to control how Outlook opens previous items at start-up was missing from the Options window, and another in Word in which the Add-ins tab was not visible when using custom toolbar information.

Get more info about Version 2309 (Build 16827.20130).

Version 2308 (Build 16731.20234)

Release date: September 12, 2023

This build fixes several bugs, including one that caused Outlook to close unexpectedly when viewing an email, and another in PowerPoint in which the presenter view slide section zoomed in and out when zooming in the notes section.

It also fixes a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2308 (Build 16731.20234).

At a special 50th anniversary event on Friday, Microsoft executives reflected on the company’s storied past and on how it’s now reinventing itself for an AI-focused future.

With previous CEOs Bill Gates and Steve Ballmer in attendance, current CEO Satya Nadella boasted that the company is “leading this new wave of AI innovation, and more importantly, democratizing just like we did it with the PC.”

Details about the company’s plans were laid out by Microsoft Executive Vice President Mustafa Suleyman, who noted that the ability to customize Windows to every person’s specific needs is coming. “Years ago, Bill laid out a bold ambition, which at the time probably felt like a pretty crazy dream — to put a PC on every desk and in every home.

“Today, we’re creating a Copilot for everyone,” Suleyman said at the event, which was webcast. 

Suleyman talked about how the company is transforming its generative AI (genAI)-based Copilot into a personal assistant. Microsoft is replicating key sensory features from humans into the software.

“Today, we’re taking the very first steps towards rich memory and personalization, the very foundations of an AI companion,” Suleyman said.

Copilot is gradually adding a “Memory” feature that can personalize the tool to remember human preferences, dates, events and more. Suleyman pointed out how the AI agent over time will be able to remember birthdays, and provide reminders on tasks. It will also provide advice on how users go through each step in training sessions on specific topics and even memorize individual traits, such as whether a person greets others formally or informally.

The memory feature works with others such as “Actions,” which can complete tasks in the background.

Microsoft is also developing avatars for Copilot that make interacting with it more fun. Suleyman showed off avatars as animated characters, and in jest showcased the dreaded Clippy — of old Microsoft Office fame — as an avatar.

The company’s main announcements included Copilot Vision, a mobile app that can help users interact with the real-world. The app uses the phone’s camera to capture images and in real-time provide context of the surroundings.

“With our new mobile app, Copilot can actually see what you see and talk to you about it in real time,” Suleyman said.

The second piece to Copilot Vision is a Windows app, which can take a snapshot of a user’s PC screen and help explain what is being displayed. The app works across applications, browser tabs or files.

“It will read the screen and interact with the content. You’ll be able to use Copilot to search, change settings, organize files and collaborate on projects without switching between files or apps,” the company said in a blog post.

“With my permission it can see my screen like a second set of eyes,” Suleyman said at the event said. “It’s my sounding board. And most importantly, it can respond in the context of what I’m seeing on my screen.”

Suleyman made no reference to Windows Recall, the controversial Copilot feature that uses snapshots to log the history of activity on a PC. Recall was unveiled last year and quickly ran into a storm of controversy related to privacy concerns.

Microsoft has also started rolling out Copilot Search, with AI integrated into a conventional Bing search to provide better search results. The search results will be personalized and dynamically generated on the screen.

“With Copilot’s new search capabilities, you can get many magazine style cards made just for you, on any topic that you care about, with text, images, videos, and maps built right in,” Suleyman said.

Microsoft also unveiled “Podcasts,” an AI feature that can instantly generate podcasts with video and audio, and new AI technologies for Azure AI Foundry. 

For enterprise users, Microsoft recently rolled out Research and Analyst agents to boost enterprise search and employee productivity. 

AI will be the biggest change to the PC since the graphical user interface (GUI), and it may be as important as the first databases for enterprise users, said Jack Gold, principal analyst at J. Gold Associates.

But harnessing its potential is a challenge, with numerous usability, privacy and security challenges. “The ability to make AI most useful and efficient for enterprise needs still needs a lot of work. We’re in the first innings,” Gold said.

Microsoft’s challenge with AI is not just in the OS, but also in apps that support enterprise users, where Microsoft has a large installed base.

“While Copilot may make the way we interact with our devices through agents that implement and execute tasks for us more personal, it’s what AI may do to enhance our insights from our increasingly complex enterprise informational environment that could be a game changer,” Gold said.

It’s likely to be a decade-long maturing process before enterprises see the same level of maturity and creativity users have grown to expect in day-to-day go-to apps.

“Enterprises need to start down the path now, but don’t expect to achieve the end state in the short term,” Gold said.

Posted by Elie Burzstein and Marianna Tishchenko, Sec-Gemini team

Today, we’re announcing Sec-Gemini v1, a new experimental AI model focused on advancing cybersecurity AI frontiers. 

As outlined a year ago, defenders face the daunting task of securing against all cyber threats, while attackers need to successfully find and exploit only a single vulnerability. This fundamental asymmetry has made securing systems extremely difficult, time consuming and error prone. AI-powered cybersecurity workflows have the potential to help shift the balance back to the defenders by force multiplying cybersecurity professionals like never before.

 

Effectively powering SecOps workflows requires state-of-the-art reasoning capabilities and extensive current cybersecurity knowledge. Sec-Gemini v1 achieves this by combining Gemini’s advanced capabilities with near real-time cybersecurity knowledge and tooling. This combination allows it to achieve superior performance on key cybersecurity workflows, including incident root cause analysis, threat analysis, and vulnerability impact understanding.

We firmly believe that successfully pushing AI cybersecurity frontiers to decisively tilt the balance in favor of the defenders requires a strong collaboration across the cybersecurity community. This is why we are making Sec-Gemini v1 freely available to select organizations, institutions, professionals, and NGOs for research purposes.

Sec-Gemini v1 outperforms other models on key cybersecurity benchmarks as a result of its advanced integration of Google Threat Intelligence (GTI), OSV, and other key data sources. Sec-Gemini v1 outperforms other models on CTI-MCQ, a leading threat intelligence benchmark, by at least 11% (See Figure 1). It also outperforms other models by at least 10.5% on the CTI-Root Cause Mapping benchmark (See Figure 2):

Figure 1: Sec-Gemini v1 outperforms other models on the CTI-MCQ Cybersecurity Threat Intelligence benchmark.

Figure 2: Sec-Gemini v1 has outperformed other models in a Cybersecurity Threat Intelligence-Root Cause Mapping (CTI-RCM) benchmark that evaluates an LLM's ability to understand the nuances of vulnerability descriptions, identify vulnerabilities underlying root causes, and accurately classify them according to the CWE taxonomy.

Below is an example of the comprehensiveness of Sec-Gemini v1’s answers in response to key cybersecurity questions. First, Sec-Gemini v1 is able to determine that Salt Typhoon is a threat actor (not all models do) and provides a comprehensive description of that threat actor, thanks to its deep integration with Mandiant Threat intelligence data.

Next, in response to a question about the vulnerabilities in the Salt Typhoon description, Sec-Gemini v1 outputs not only vulnerability details (thanks to its integration with OSV data, the open-source vulnerabilities database operated by Google), but also contextualizes the vulnerabilities with respect to threat actors (using Mandiant data). With Sec-Gemini v1, analysts can understand the risk and threat profile associated with specific vulnerabilities faster.

If you are interested in collaborating with us on advancing the AI cybersecurity frontier, please request early access to Sec-Gemini v1 via this form.

The tech market lost 29,000 jobs in March, even as the unemployment rate for tech-related jobs slipped 0.1% to 3.1%, according to an analysis of US Labor Department data released today.

At the same time, tech sector employment fell by 8,428 jobs last month, driven largely by job cuts in tech services and telecommunications, according to CompTIA, a non-profit IT trade association that analyzed figures from the US Bureau of Labor Statistics (BLS)

The BLS data, CompTIA said, sent conflicting signals about the IT job market as uncertainty around it “accelerated.”

“With many employers in wait-and-see mode, the jobs data is about in line with expectations for the month,” said Tim Herbert, chief research officer at CompTIA.

Overall, US job growth beat expectations, with the broader economy adding 228,000 positions. That’s nearly 100,000 more than the 135,000 economists had predicted would be added. Conversely, the federal government lost 4,000 jobs, due to reduction in force efforts by the unofficial Department of Government Efficiency (DOGE).

Victor Janulaitis, CEO of IT industry research firm Janco Associates, said DOGE’s impact is causing IT contracts to be delayed, leaving government IT professionals uncertain about their future.

The overall US unemployment rate rose slightly to 4.2% in March, just 0.1% higher than in February. Previous US job gains for January and February were revised down by a total of 48,000, with January reduced by 14,000 and February by 34,000, according to BLS data.

In the first quarter of 2025, the IT job market shrank by 34,200 jobs, according to Janulaitis. The number of unemployed IT professionals dropped slightly in March to 133,000 from 148,000 at the start of the year. “We believe that many low-skilled, legacy-skilled IT pros, or displaced IT professionals have stopped looking for jobs in the IT sector,” he said.

CompTIA said new employee job postings for tech occupations rose slightly to more than 213,000. In all, there were nearly 478,000 active tech job postings last month. Industry sectors adding the most new tech job postings included professional, scientific and technical services (52,526), administrative and support services (26,099) and manufacturing (21,975).

Software developers and engineers, tech support specialists, systems engineers and architects, and cybersecurity engineers and analysts were in highest demand, according to CompTIA’. Positions in artificial intelligence (AI) or that require AI skills accounted for 21% of all active tech job postings. And half of all tech job postings did not require a four-year academic degree.

Several industry experts saw the uptick in overall hiring and steady unemployment rates as a good omen.

Martha Heller, CEO of executive search firm Heller, called the BLS jobs report healthy, and said it reinforces “the plain truth that technology innovation (primarily AI) will drive up employment. In every sector, companies need people to realize the return on their AI investments, and while those people are often technologists, the AI employment boom will expand to include a broader range of skills.

“With the nearly certain instability that our current economic policy brings, technology and the people who can use it to navigate uncertainty will have job security for a long time,” Heller said.

Kye Mitchell, head of US tech recruiting firm Experis North America, sees AI as a boon for all businesses. “In the tech sector, our real-time data shows that businesses are addressing their AI needs by focusing on their data to be prepared to best leverage AI in this new era,” he said.

Quarter over quarter, demand for data analysis and cleansing has risen sharply, he said. For example, roles for data scientists are up 238%. Database architect positions rose 142%. And, job openings for mathematicians were up 1,272%, Mitchell said.

“Additionally, there’s a growing need for executive management, indicating businesses are relying on leadership to drive AI integration,” he said. “The impact of recent economic policy shifts on AI worker demand is still unfolding, and market uncertainty may lead to longer decision timelines and adjustments.”

Others familiar with the tech industry saw the latest jobs report as positive, including Ger Doyle, US country manager at global staffing firm ManpowerGroup. “Today’s jobs report is a welcome sign, given the negative indicators we saw leading into it. While the US labor market is proving to be resilient, there are signs of cooling that are consistent with employers navigating uncertainty.”

ManpowerGroup data shows a 2% overall decline in all job postings and a 3% drop in new job postings. While the labor market appears stable, Doyle said employers remain cautious, with the exception of healthcare and education sectors.

“Uncertainty is keeping both employers and employees from making moves, leading businesses to focus on maintaining current workforces but considering adjustments if the uncertainty persists,” he said.

Janulaitis said interviews he performed with more than 100 CFOs and CIOs revealed optimism about Trump administration, though many anticipate a mild economic downturn in mid-2025. “Unemployed IT pros found jobs faster than expected as CIOs quickly filled positions while hiring was still authorized,” he said.

`

​Port of Seattle, the U.S. government agency overseeing Seattle's seaport and airport, is notifying roughly 90,000 individuals of a data breach after their personal information was stolen in an August 2024 ransomware attack. [...]

Posted by Mihai Maruseac, Google Open Source Security Team (GOSST)

In partnership with NVIDIA and HiddenLayer, as part of the Open Source Security Foundation, we are now launching the first stable version of our model signing library. Using digital signatures like those from Sigstore, we allow users to verify that the model used by the application is exactly the model that was created by the developers. In this blog post we will illustrate why this release is important from Google’s point of view.

With the advent of LLMs, the ML field has entered an era of rapid evolution. We have seen remarkable progress leading to weekly launches of various applications which incorporate ML models to perform tasks ranging from customer support, software development, and even performing security critical tasks.

However, this has also opened the door to a new wave of security threats. Model and data poisoning, prompt injection, prompt leaking and prompt evasion are just a few of the risks that have recently been in the news. Garnering less attention are the risks around the ML supply chain process: since models are an uninspectable collection of weights (sometimes also with arbitrary code), an attacker can tamper with them and achieve significant impact to those using the models. Users, developers, and practitioners need to examine an important question during their risk assessment process: “can I trust this model?”

Since its launch, Google’s Secure AI Framework (SAIF) has created guidance and technical solutions for creating AI applications that users can trust. A first step in achieving trust in the model is to permit users to verify its integrity and provenance, to prevent tampering across all processes from training to usage, via cryptographic signing. 

The ML supply chain

To understand the need for the model signing project, let’s look at the way ML powered applications are developed, with an eye to where malicious tampering can occur.

Applications that use advanced AI models are typically developed in at least three different stages. First, a large foundation model is trained on large datasets. Next, a separate ML team finetunes the model to make it achieve good performance on application specific tasks. Finally,  this fine-tuned model is embedded into an application.

The three steps involved in building an application that uses large language models.

These three stages are usually handled by different teams, and potentially even different companies, since each stage requires specialized expertise. To make models available from one stage to the next, practitioners leverage model hubs, which are repositories for storing models. Kaggle and HuggingFace are popular open source options, although internal model hubs could also be used.

This separation into stages creates multiple opportunities where a malicious user (or external threat actor who has compromised the internal infrastructure) could tamper with the model. This could range from just a slight alteration of the model weights that control model behavior, to injecting architectural backdoors — completely new model behaviors and capabilities that could be triggered only on specific inputs. It is also possible to exploit the serialization format and inject arbitrary code execution in the model as saved on disk — our whitepaper on AI supply chain integrity goes into more details on how popular model serialization libraries could be exploited. The following diagram summarizes the risks across the ML supply chain for developing a single model, as discussed in the whitepaper.

The supply chain diagram for building a single model, illustrating some supply chain risks (oval labels) and where model signing can defend against them (check marks)

The diagram shows several places where the model could be compromised. Most of these could be prevented by signing the model during training and verifying integrity before any usage, in every step: the signature would have to be verified when the model gets uploaded to a model hub, when the model gets selected to be deployed into an application (embedded or via remote APIs) and when the model is used as an intermediary during another training run. Assuming the training infrastructure is trustworthy and not compromised, this approach guarantees that each model user can trust the model.

Sigstore for ML models

Signing models is inspired by code signing, a critical step in traditional software development. A signed binary artifact helps users identify its producer and prevents tampering after publication. The average developer, however, would not want to manage keys and rotate them on compromise.

These challenges are addressed by using Sigstore, a collection of tools and services that make code signing secure and easy. By binding an OpenID Connect token to a workload or developer identity, Sigstore alleviates the need to manage or rotate long-lived secrets. Furthermore, signing is made transparent so signatures over malicious artifacts could be audited in a public transparency log, by anyone. This ensures that split-view attacks are not possible, so any user would get the exact same model. These features are why we recommend Sigstore’s signing mechanism as the default approach for signing ML models.

Today the OSS community is releasing the v1.0 stable version of our model signing library as a Python package supporting Sigstore and traditional signing methods. This model signing library is specialized to handle the sheer scale of ML models (which are usually much larger than traditional software components), and handles signing models represented as a directory tree. The package provides CLI utilities so that users can sign and verify model signatures for individual models. The package can also be used as a library which we plan to incorporate directly into model hub upload flows as well as into ML frameworks.

Future goals

We can view model signing as establishing the foundation of trust in the ML ecosystem. We envision extending this approach to also include datasets and other ML-related artifacts. Then, we plan to build on top of signatures, towards fully tamper-proof metadata records, that can be read by both humans and machines. This has the potential to automate a significant fraction of the work needed to perform incident response in case of a compromise in the ML world. In an ideal world, an ML developer would not need to perform any code changes to the training code, while the framework itself would handle model signing and verification in a transparent manner.

If you are interested in the future of this project, join the OpenSSF meetings attached to the project. To shape the future of building tamper-proof ML, join the Coalition for Secure AI, where we are planning to work on building the entire trust ecosystem together with the open source community. In collaboration with multiple industry partners, we are starting up a special interest group under CoSAI for defining the future of ML signing and including tamper-proof ML metadata, such as model cards and evaluation results.

A large-scale phishing campaign dubbed 'PoisonSeed' compromises corporate email marketing accounts to distribute emails containing crypto seed phrases used to drain cryptocurrency wallets. [...]

We are still within the sequence of energies described in Newton’s Third Law of Motion, “every action has an equal and opposite reaction.” In this case, Apple, already badly bruised by Trump’s tariffs and their impact on its business, will now take another kicking as nations react to those oddly calculated trade taxes. Europe is gunning for Apple’s services, while China is about to stick some of the world’s rarest components behind its own trade wall. 

The third law

China, predictably, isn’t happy. Not only has it slapped a reciprocal 34% tariff against US goods, but it also introduced export restrictions on rare earth materials — this will have a direct and significant impact on tech, as these are used in almost every electronic device.

That includes Macs and PCs, smartphones and tablets, as well as weapons systems, energy-generation tech, and electric cars. China produces around 90% of the world’s refined rare earths and the new export restrictions are being applied against exports to all countries. The exports haven’t been banned, but the latest move does give Beijing the strategic power to restrict them or even turn them off. (Not all is lost, of course. Other nations also have some of these materials, including Canada, for example).

France, meanwhile, is warning that the EU’s second line response to these tariffs will be aimed at digital services, such as those provided by all the Big Tech firms — Amazon, Apple, Google, Meta, and Microsoft.

This is also a strategic approach, given that services are popular across the region and have already emerged as the bulwark against the recession those firms all knew was coming but never called out, preferring socialism for the rich. (And given Apple’s really under pressure in the EU, at what point will the US decide to relent in some fields to give its big tax revenue generator a break?)

Also, in the run up to this chapter, don’t be too surprised if Apple — and other companies selling products into the US — imported bigly piles of hardware to meet short-term demand. 

Tactical silence

Don’t expect to hear much from Apple’s leadership quite yet. Execs recognize that the sensible approach is to stay under water until others throw their own responding stones into the pool as the rocks of Trump’s tariff troubles ripple across an angry world trade pond.

They may have gamed out a whole range of potential scenarios, but must now wait to see what’s left after the storm. It’s only after both action and reaction have had time to play out that defensive plans can be put into effect.

I don’t imagine they feel particularly optimistic in the medium term. Investment bank JP Morgan now sees a 60% chance of global economic recession this year, up from a still uninspiring 40% before. A recession would further deepen the damage to consumer confidence, and no doubt cut tithes from product sales across every category, not just iPhones. But America’s biggest company will be especially impacted, and given it already supports 2.9 million US jobs, what’s good for Apple is good for America. 

As is what’s bad.

Battle of the bean counters

While the extent of the tariffs and the unpredictable nature of reactions to them makes the future hard to see, Apple’s leadership is shrewd. They’ll have read The Art of War enough times to understand the need to preserve what resources they do possess and use what defensive opportunities they can exploit.

Look at it this way: every company involved in hardware production rationally knows that the cost of repatriating production to the US would be trillions of dollars, and would take years, even if there were enough skilled workers to handle all that.

With trillions at stake, what do they do? Backstage, anticipate political maneuvering, lobbying, and a chance for a cohort of people not usually celebrated too much at Apple to shine. I’m talking about lawyers, accountants, tax experts, PR types, and corporate staff.

This really is their time.

Way I see it, just as product design saved Apple in the late ’90s with a message that echoed the zeitgeist then, tactical use of obscure tax and territorial law has now become equally important to the future of Apple and any other multinational company exposed to risk. In terms of profit and revenue, this is the time when the back room professionals must save the day. Defend. Delay. Navigate. Obfuscate. Be ready to innovate. Your shareholders are counting on you.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

On April 4, 1975, two childhood friends, Paul Allen and Bill Gates, started what is today one of the world’s leading technology companies. Inspired by the January cover of Popular Electronics magazine, they created Microsoft (then Micro-Soft, referring to microprocessors and software) to develop software for the Altair 8800, one of the first personal computers on the market.

Half a century later, and after establishing its operations center in Redmond, Washington, in 1986, the company has diversified its activity, from Windows operating systems to the cloud and the video game industry, reaching a present dominated by artificial intelligence (AI).

In the stock market — where it listed in March 1986 — it has always occupied the top positions on the Nasdaq, where it is known as one of “the magnificent seven” along with other major players in the digital landscape.

Throughout these five decades it has only had three global CEOs: Bill Gates himself, Steve Ballmer and Satya Nadella, in an industry accustomed to the constant dance of names. But in that time it has acquired and merged with hundreds of companies, including Hotmail, Nokia’s mobile devices division, and more recently Skype, GitHub, Linkedin and Activision Blizzard, the latter, related to gaming, being the most expensive at $68.7 billion.

But let’s look back to some of the earliest milestones in the development of the organization. In 1980, Gates and Allen signed an agreement to provide an operating system for IBM’s first personal computer. After presenting its MS-DOS PC in 1981, Windows came along in 1985 and, by the end of the decade, it was already the most recognized software brand on the planet. The first version of Microsoft Office arrived around that time, the productivity suite that today, under the Microsoft 365 brand, is used by more than 1.5 billion people.

One of the first images of the Microsoft team, TAKEN shortly after its founding. In the bottom row are Bill Gates (left) and Paul Allen (right).

Microsoft

During the 1990s, Bill Gates’ vision of the potential of the World Wide Web led to the integration of the company’s products and services into the network and the creation of one of the most famous browsers in the digital world, Internet Explorer. Gates has become one of the leading gurus of the computer industry and his thinking has permeated the world through numerous lectures, public appearances and published books.

In 1995 he set out a roadmap for the IT revolution in his first major text, The Road Ahead. Of the changes to come, he told Time magazine in a 1997 interview, “People always fear change. People feared electricity when it was invented, didn’t they?” That year he created the Bill and Melinda Gates Foundation to address health and education issues of our time.

The arrival of the new century crowned a new CEO, Steve Ballmer. Gates stepped back to let the company’s first business manager continue with his strategy. Through 2013 Ballmer laid the first stones of the company’s video game business with the launch of the Xbox game console, and of the cloud with the 2008 launch of Azure. It was in 2011 that Office made the leap to the cloud with Office 365, and the company too a further step in collaboration with the purchase of the Skype video calling tool. In Ballmer’s final years in charge the Surface line of tablets emerged.

Bill Gates and Steve Ballmer during a meeting in the 1990s.

Microsoft

In 2014 comes the Satya Nadella era, characterized by a hitherto unknown acceleration of the technology industry around the planet. It stands out for the consolidation of cloud business and video games while introducing new trends, such as AI. Along the way, Windows 10, the purchase of LinkedIn, GitHub, the launch of Teams, which became the fastest growing application for the company, and the strong investment in OpenAI, the creator of ChatGPT. His great achievement, perhaps, is to take Microsoft to a market value of $3 trillion dollars by 2024 thanks to this strategy. But it was in 2015 that he turns the technology around with a new corporate mission: “To empower every person and every organization on the planet to achieve more” through IT.

Today, Nadella leads a company of 228,000 employees spread across more than 190 countries.

Supplied Art (with Permission)

Paco Salcedo, head of the company’s Spanish subsidiary, says, “The most relevant learning in these 50 years is to have gone from believing we were a company ‘that knew everything’ to wanting to become a brand that ‘wants to learn everything’. And, if we look to the future, we believe that AI can enable the next billion jobs in all parts of the economy.”

A marathon journey

Reviewing this trajectory, Foundry consultant Fernando Maldonado says the company has adapted to change. “You have to know how to rise to disruptions in time,” he said, noting the company’s entry into the cybersecurity sector under the premise that “without protection there is nothing” when hardly anyone understood this need. Also, the company’s switch to embrace open source, even before its acquisition of GitHub. “At the beginning, open source was the enemy and, today, we can say that it also knew how to adapt. […] A lot of its software is already open source.”

“All this gives you an idea that it has always been able to react in time to macro-trends,” Maldonado said. Although, he added, the company has taken several hits, inevitable for a company that has been around for half a century, such as the flop of the Bing search engine. “If it hadn’t had any friction, we wouldn’t be talking about its achievements,” he says. “But it has worked on a very solid foundation with Office, which is the anchoring of all types of companies.”

Now, it remains to be seen how it fares in the still very young world of AI, with the billion-dollar investments it is making, although there is some slowdown in terms of data centers. In any case, says the analyst, “it is also making a very strong bet on the future”.

Nadella’s reflection regarding Microsoft’s anniversary is in line with the expert’s analysis: “I’ve found myself reflecting on how Microsoft has remained a consequential company decade after decade in an industry with no franchise value. And I realize that it’s because -time and time again, when tech paradigms have shifted- we have seized the opportunity to reinvent ourselves to stay relevant to our customers, our partners and our employees. And that’s what we are doing again today,” he said.

Over the weekend, a massive wave of credential stuffing attacks hit multiple large Australian super funds, compromising thousands of members' accounts. [...]

A hacker breached the GitLab repositories of multinational car-rental company Europcar Mobility Group and stole source code for Android and iOS applications, as well as some personal information belonging to up to 200,000 users. [...]

ChatGPT Plus subscription is now free, but only if you're a student based out of the United States of America and Canada. [...]