Microsoft Ends Desktop Detour for Sensitivity Labels in Office Web Apps
Microsoft has updated Office for the web to let users apply sensitivity labels with custom permissions directly in Word, Excel and PowerPoint. The new Permissions dialog mirrors the desktop experience, enabling the assignment of Viewer, Editor or Owner roles without leaving the browser. Previously, only files with existing permissions could be edited online, and any changes required the desktop client. The feature depends on Microsoft Purview licensing and labels configured for user‑defined permissions.
OpenSSL 4.0.0 Release Cuts Deprecated Protocols and Gains Post-Quantum Support
OpenSSL has released version 4.0.0, removing legacy protocols such as SSLv3 and the SSLv2 client hello, and eliminating the engine API. The update introduces Encrypted Client Hello (ECH) per RFC 9849 and adds several post‑quantum cryptographic primitives, including the hybrid curveSM2MLKEM768...
Claroty Advances CPS Security with Visibility Orchestration in xDome
Claroty has launched Visibility Orchestration within its SaaS platform Claroty xDome, turning vague asset visibility into a measurable score that drives security actions. The new capabilities automatically assess visibility gaps, prioritize remediation tasks, and enrich asset data using AI, Edge scans,...
DavMail 6.6.0 Patches a Regex Flaw and Advances Its Microsoft Graph Backend
DavMail 6.6.0 was released this week, addressing a regex‑based security alert, updating the OAuth redirect URI to match Microsoft’s recent OIDC change, and fixing multiple IMAP, SMTP, CalDAV and CardDAV bugs. The update adds VCARD4 birthday support, switches CardDAV photo...
DataVisor Brings Conversational AI Agents to Fraud and AML Operations
DataVisor unveiled Vera, a conversational AI agent suite that lets financial institutions manage fraud and AML tasks through plain‑language commands. The platform automates detection, investigation, and regulatory reporting, promising up to three‑fold gains in detection coverage and a 20‑30× reduction...
$12 Million Frozen, 20,000 Victims Identified in Crypto Scam Crackdown
International law‑enforcement operation Operation Atlantic froze more than $12 million and identified over 20,000 victims of cryptocurrency scams. The crackdown also uncovered $45 million in suspected fraud losses, while FBI data shows $11.3 billion in crypto‑related fraud last year, with $7.2 billion tied to...
Google Makes It Harder to Exploit Pixel 10 Modem Firmware
Google has bolstered the security of its Pixel 10 smartphones by embedding a Rust‑based DNS parser into the cellular baseband modem firmware. The new component, derived from the open‑source hickory‑proto library, replaces legacy C code and adds roughly 371 KB to the...
Siemens Expands Industrial Automation DataCenter with Edge AI and Cybersecurity
Siemens announced an upgraded Industrial Automation DataCenter that ships as a pre‑installed, AI‑ready turnkey solution for production environments. The platform combines NVIDIA GPUs and BlueField DPUs for edge AI acceleration with Palo Alto Networks Prisma AIRS delivering zero‑trust security. By integrating...
Seized VerifTools Servers Expose 915,655 Fake IDs, 8 Arrested
Dutch police, in coordination with the FBI, arrested eight men aged 20‑34 after seizing VerifTools servers that had produced 915,655 counterfeit identity documents. The investigation uncovered 5,169 fake Dutch IDs and 236,002 U.S.-linked documents sold for roughly $1.47 million. VerifTools generated...
Fixing Vulnerability Data Quality Requires Fixing the Architecture First
Art Manion of Tharros argues that vulnerability data quality is fundamentally an architecture issue, not merely a metrics problem. He introduces the concept of Minimum Viable Vulnerability Enumeration (MVVE) and finds no single set of assertions can guarantee cross‑repository consistency....
ZeroID: Open-Source Identity Platform for Autonomous AI Agents
ZeroID is an open‑source identity platform that adds a credentialing layer for autonomous AI agents and multi‑agent systems. It uses RFC 8693 token exchange to create verifiable delegation chains, automatically attenuating scopes as tasks cascade. The platform supports real‑time revocation through...
Week in Review: Windows Zero-Day Exploit Leaked, Patch Tuesday Forecast
The week’s headlines were dominated by a leaked Windows local‑privilege‑escalation exploit dubbed BlueHammer, raising immediate concerns for enterprise patching cycles. At the same time, the April Patch Tuesday forecast warned of a heavy update load, especially for AI‑related vulnerabilities. Cloudflare...
Poisoned “Office 365” Search Results Lead to Stolen Paychecks
Microsoft researchers identified a financially motivated hacking group, Storm‑2755, that poisons Office 365 search results and runs malicious ads to lure Canadian employees to a counterfeit Microsoft 365 login page. The attackers capture credentials and proxy authentication tokens in real time, bypassing...
Gmail’s End-to-End Encryption Comes to Mobile, No Extra Apps Required
Google has extended its Gmail client‑side end‑to‑end encryption (E2EE) to Android and iOS, letting Enterprise Plus users protect sensitive emails on mobile devices. The feature works directly inside the Gmail app, requiring no extra software and preserving the familiar compose‑and‑send...
Little Snitch for Linux Shows What Your Apps Are Connecting To
Objective Development released a free Linux version of its Little Snitch firewall, delivering per‑process outbound connection visibility using eBPF. The backend is written in Rust and the UI is a web application, allowing remote monitoring from any device. The kernel...
