T-Mobile employees from around the country are reportedly receiving text messages offering them cash in exchange for swapping SIMs. SIM swapping is when cybercriminals trick a cellular service provider into switching a victim's service to a SIM card that they control, essentially hijacking the victim's phone number and gaining access to two-factor authentication codes. From the Mobile Report: The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block. The text also claims they acquired the employee's number "from the T-Mo employee directory." If true, it could mean T-Mobile's employee directory, with contact numbers, has somehow been accessed. It's also possible the bad actor has live/current access to this data, though we consider that less likely due to the fact that some impacted people are former employees who have not worked at the company in months.

Still, the biggest issue here is how this person (or multiple people) obtained the employee phone numbers. We're not sure yet which employees are impacted, but based on comments online it seems at least a few third-party employees are affected, and we've independently confirmed current corporate employees have also received the message. Though we can't say for certain, this likely means the information is not the same data as what was leaked during the Connectivity Source breach [from September]. We can't, however, eliminate that possibility. As mentioned, there are reports that some of the contacted people are former employees, and haven't been employed at T-Mobile for months, so the information being acted upon is likely a few months old at the very least. That being said, we're pretty confident based on corporate employees being included that this is a different source of data being used.

An anonymous reader shares a report: Shakeeb Ahmed, a cybersecurity engineer convicted of stealing around $12 million in crypto, was sentenced on Friday to three years in prison. In a press release, the U.S. Attorney for the Southern District of New York announced the sentence. Ahmed was accused of hacking into two cryptocurrency exchanges, and stealing around $12 million in crypto, according to prosecutors.

Adam Schwartz and Bradley Bondi, the lawyers representing Ahmed, did not immediately respond to a request for comment. When Ahmed was arrested last year, the authorities described him as "a senior security engineer for an international technology company." His LinkedIn profile said he previously worked at Amazon. But he wasn't working there at the time of his arrest, an Amazon spokesperson told TechCrunch. While the name of one of his victims was never disclosed, Ahmed reportedly hacked into Crema Finance, a Solana-based crypto exchange, in early July 2022.

AT&T, Charter, Comcast and Verizon are quietly trying to weaken a $42.5 billion federal program to improve internet access across the nation, aiming to block strict new rules that would require them to lower their poorest customers' monthly bills in exchange for a share of the federal aid. From a report: In state after state, the telecom firms have blasted the proposed price cuts as illegal -- forcing regulators in California, New York, South Carolina, Tennessee, Virginia and elsewhere to rethink, scale back or abandon their plans to condition the federal funds on financial relief for consumers. The lobbying campaign threatens to undermine the largest burst of money to upgrade the country's internet service in U.S. history. Enacted by President Biden as part of a sprawling 2021 infrastructure law, the funds are intended to deliver speedy and affordable broadband to the final unserved pockets of America by 2030 -- a goal that the White House likens to the federal campaign nearly a century ago to electrify the nation's heartland.

A business columnist at the Los Angeles Times notes Sam Bankman-Fried's judge issued another ruling "that may have a more far-reaching effect on the crypto business.

U.S. Judge Failla "cleared the Securities and Exchange Commission to proceed with its lawsuit alleging that the giant crypto broker and exchange Coinbase has been dealing in securities without a license." What's important about Failla's ruling is that she dismissed out of hand Coinbase's argument, which is that cryptocurrencies are novel assets that don't fall within the SEC's jurisdiction — in short, they're not "securities." Crypto promoters have been making the same argument in court and the halls of Congress, where they're urging that the lawmakers craft an entirely new regulatory structure for crypto — preferably one less rigorous than the existing rules and regulations promulgated by the SEC and the Commodity Futures Trading Commission...

Failla saw through that argument without breaking a sweat. "The 'crypto' nomenclature may be of recent vintage," she wrote, "but the challenged transactions fall comfortably within the framework that courts have used to identify securities for nearly eighty years...." Since Congress hasn't enacted regulations specifically aimed at crypto, Coinbase said, the SEC's lawsuit should be dismissed. The judge's opinion of that argument was withering. "While certainly sizable and important," she wrote, "the cryptocurrency industry 'falls far short of being a "portion of the American economy" bearing vast economic and political significance....'"

Failla's ruling followed another in New York federal court in which a judge deemed crypto to be securities. In that case, Judge Edgardo Ramos refused to dismiss SEC charges against Gemini Trust Co., a crypto trading outfit run by Cameron and Tyler Winkelvoss, and the crypto lender Genesis Global Capital. The SEC charged that a scheme in which Gemini pooled customers' crypto assets and lent them to Genesis while promising the customers high interest returns is an unregistered security. The SEC case, like that against Coinbase, will proceed....

The hangover from March continued into this month. On April 5, a federal jury in New York found Terraform Labs and its chief executive and major shareholder, Do Kwon, liable in what the SEC termed "a massive crypto fraud...." The value of UST fell in effect to zero, the SEC said, "wiping out over $40 billion of total market value ... and sending shock waves through the crypto asset community."

In two recent papers, an international team of scientists describes the first known nitrogen-fixing organelle within a eukaryotic cell, which the researchers are calling a nitroplast. Phys.Org reports: The discovery of the organelle involved a bit of luck and decades of work. In 1998, Jonathan Zehr, a UC Santa Cruz distinguished professor of marine sciences, found a short DNA sequence of what appeared to be from an unknown nitrogen-fixing cyanobacterium in Pacific Ocean seawater. Zehr and colleagues spent years studying the mystery organism, which they called UCYN-A. At the same time, Kyoko Hagino, a paleontologist at Kochi University in Japan, was painstakingly trying to culture a marine alga. It turned out to be the host organism for UCYN-A. It took her over 300 sampling expeditions and more than a decade, but Hagino eventually successfully grew the alga in culture, allowing other researchers to begin studying UCYN-A and its marine alga host together in the lab. For years, the scientists considered UCYN-A an endosymbiont that was closely associated with an alga. But the two recent papers suggest that UCYN-A has co-evolved with its host past symbiosis and now fits criteria for an organelle.

In a paper published in Cell in March 2024, Zehr and colleagues from the Massachusetts Institute of Technology, Institut de Ciencies del Mar in Barcelona and the University of Rhode Island show that the size ratio between UCYN-A and their algal hosts is similar across different species of the marine haptophyte algae Braarudosphaera bigelowii. The researchers use a model to demonstrate that the growth of the host cell and UCYN-A are controlled by the exchange of nutrients. Their metabolisms are linked. This synchronization in growth rates led the researchers to call UCYN-A "organelle-like." "That's exactly what happens with organelles," said Zehr. "If you look at the mitochondria and the chloroplast, it's the same thing: they scale with the cell."

But the scientists did not confidently call UCYN-A an organelle until confirming other lines of evidence. In the cover article of the journal Science, published today, Zehr, Coale, Kendra Turk-Kubo and Wing Kwan Esther Mak from UC Santa Cruz, and collaborators from the University of California, San Francisco, the Lawrence Berkeley National Laboratory, National Taiwan Ocean University, and Kochi University in Japan show that UCYN-A imports proteins from its host cells. "That's one of the hallmarks of something moving from an endosymbiont to an organelle," said Zehr. "They start throwing away pieces of DNA, and their genomes get smaller and smaller, and they start depending on the mother cell for those gene products -- or the protein itself -- to be transported into the cell."

Coale worked on the proteomics for the study. He compared the proteins found within isolated UCYN-A with those found in the entire algal host cell. He found that the host cell makes proteins and labels them with a specific amino acid sequence, which tells the cell to send them to the nitroplast. The nitroplast then imports the proteins and uses them. Coale identified the function of some of the proteins, and they fill gaps in certain pathways within UCYN-A. "It's kind of like this magical jigsaw puzzle that actually fits together and works," said Zehr. In the same paper, researchers from UCSF show that UCYN-A replicates in synchrony with the alga cell and is inherited like other organelles.

The Securities and Exchange Commission warned Uniswap on Wednesday that it intends to bring an enforcement action against the company, which is the leading platform for DeFi -- a segment of the crypto market where traders rely on computer protocols that act as automated market makers for exchanging various tokens. From a report: The warning came in the form of a so-called Wells Notice, which the SEC sends to a company prior to launching a formal lawsuit and which provides it a final opportunity to rebut any allegations. In this case, that process is likely to prove little more than a formality as the agency has reportedly been investigating Uniswap for some time, and is in the midst of a sweeping crackdown of the crypto industry.

A jailed trader accused of stealing $110 million on the Mango Markets exchange faces a criminal trial this week that will test the reach of a US crackdown on cryptocurrencies. From a report: Prosecutors charged Avraham Eisenberg with manipulating Mango Markets futures contracts on Oct. 11, 2022, to boost the price of swaps by 1,300% in 20 minutes. He then "borrowed" from the exchange against the inflated value of those contracts, a move the government claims was a theft. Jury selection begins Monday in New York federal court, where groundbreaking crypto cases have played out. FTX co-founder Sam Bankman-Fried was sentenced there last month to 25 years in prison for orchestrating a multibillion-dollar scheme, while Terraform Labs Pte. and co-founder Do Kwon were found liable Friday for fraud in civil trial over the firm's 2022 collapse, which wiped out $40 billion in investor assets.

Eisenberg, a self-described "applied game theorist," claims his actions weren't theft at all. Rather, he says, he legally exploited a weakness in the decentralized finance application. The trial will apparently be the first time a US criminal jury will weigh what type of "DeFi" transactions are legal. In the crypto world, where digital blockchains govern who owns what, the virtual ecosystem is built around the notion that "code is law." It means that if something isn't explicitly forbidden by terms of a crypto platform, then government can't intercede. But prosecutors say those rules can't protect traders against possible criminal charges for market manipulation or fraud.

Jon Brodkin reports via Ars Technica: California can keep enforcing its state net neutrality law after the Federal Communications Commission implements its own rules. The FCC could preempt future state laws if they go far beyond the national standard but said that states can "experiment" with different regulations for interconnection payments and zero-rating. The FCC scheduled an April 25 vote on Chairwoman Jessica Rosenworcel's proposal to restore net neutrality rules similar to the ones introduced during the Obama era and repealed under former President Trump. The FCC yesterday released the text of the pending order, which could still be changed but isn't likely to get any major overhaul.

State-level enforcement of net neutrality rules can benefit consumers, the FCC said. The order said that "state enforcement generally supports our regulatory efforts by dedicating additional resources to monitoring and enforcement, especially at the local level, and thereby ensuring greater compliance with our requirements." [...] In the order scheduled for an April 25 vote, the FCC said the California law "appears largely to mirror or parallel our federal rules. Thus we see no reason at this time to preempt it." That doesn't mean the rules are exactly the same. Instead of banning certain types of zero-rating entirely, the FCC will judge on a case-by-case basis whether any specific zero-rating program harms consumers and conflicts with the goal of preserving an open Internet. The FCC said it will evaluate sponsored-data "programs based on a totality of the circumstances, including potential benefits."

The FCC order cautions that the agency will take a dimmer view of zero-rating in exchange for payment from a third party or zero-rating that favors an affiliated entity. But those categories will still be judged by the FCC on a case-by-case basis, whereas California bans paid data cap exemptions entirely. Despite that difference, the FCC said it is "not persuaded on the record currently before us that the California law is incompatible with the federal rules." The FCC also found that California's approach to interconnection payments is compatible with the pending federal rule. Interconnection was the subject of a major controversy involving Netflix and big ISPs a decade ago. The FCC said it found no evidence that the California law has "unduly burdened or interfered with interstate communications service." When it comes to zero-rating and interconnection, the FCC said there is "room for states to experiment and explore their own approaches within the bounds of our overarching federal framework." The FCC said it will reconsider preemption of California rules if "California state enforcement authorities or state courts seek to interpret or enforce these requirements in a manner inconsistent with how we intend our rules to apply."

quonset shares a report: In a scathing indictment of Microsoft corporate security and transparency, a Biden administration-appointed review board issued a report Tuesday saying "a cascade of errors" by the tech giant let state-backed Chinese cyber operators break into email accounts of senior U.S. officials including Commerce Secretary Gina Raimondo.

The Cyber Safety Review Board, created in 2021 by executive order, describes shoddy cybersecurity practices, a lax corporate culture and a lack of sincerity about the company's knowledge of the targeted breach, which affected multiple U.S. agencies that deal with China. It concluded that "Microsoft's security culture was inadequate and requires an overhaul" given the company's ubiquity and critical role in the global technology ecosystem. Microsoft products "underpin essential services that support national security, the foundations of our economy, and public health and safety."

The panel said the intrusion, discovered in June by the State Department and dating to May "was preventable and should never have occurred," blaming its success on "a cascade of avoidable errors." What's more, the board said, Microsoft still doesn't know how the hackers got in. [...] It said Microsoft's CEO and board should institute "rapid cultural change" including publicly sharing "a plan with specific timelines to make fundamental, security-focused reforms across the company and its full suite of products."

Intel on Tuesday disclosed $7 billion in operating losses for its foundry business in 2023, "a steeper loss than the $5.2 billion in operating losses the year before," reports Reuters. "The unit had revenue of $18.9 billion for 2023, down 31% from $27.49 billion the year before." From the report: Intel shares were down 4.3% after the documents were filed with the U.S. Securities and Exchange Commission (SEC). During a presentation for investors, Chief Executive Pat Gelsinger said that 2024 would be the year of worst operating losses for the company's chipmaking business and that it expects to break even on an operating basis by about 2027. Gelsinger said the foundry business was weighed down by bad decisions, including one years ago against using extreme ultraviolet (EUV) machines from Dutch firm ASML. While those machines can cost more than $150 million, they are more cost-effective than earlier chip making tools.

Partially as a result of the missteps, Intel has outsourced about 30% of the total number of wafers to external contract manufacturers such as TSMC, Gelsinger said. It aims to bring that number down to roughly 20%. Intel has now switched over to using EUV tools, which will cover more and more production needs as older machines are phased out. "In the post EUV era, we see that we're very competitive now on price, performance (and) back to leadership," Gelsinger said. "And in the pre-EUV era we carried a lot of costs and (were) uncompetitive." Editor's note: This story has been corrected to change the 2022 revenue figure for Intel Foundry to $27.49 billion, as reflected in the source article. We apologize for the math error.

Bitcoin fell more than 4.76% on Tuesday to $66,134 amid rising Treasury yields and strength in the U.S. dollar. CNBC reports: On Monday morning, it was trading at about $70,000 before data came out showing growth in the manufacturing sector for the first time since September 2022 and investor bets on June rate cuts began to cool. Bitcoin is now off its all-time high, reached on March 14, by about 11%. Ether went down with it, losing 5.6% to trade at $3,240.27. Meanwhile, the 10-year U.S. Treasury yield hit its highest level of the year and the dollar, which has an inverse relationship with bitcoin, hit a five-month high.

Bitcoin's move may have been exacerbated by a large bitcoin holder, or "whale," who transferred more than 4,000 bitcoin to the Bitfinex exchange late Monday night. Data from CryptoQuant shows a spike in that exchange's reserves -- which typically signals a boost in selling activity -- that coincides with the sudden drop in bitcoin price late Monday night. Stocks tied to the performance of bitcoin were dragged down but traded off their lows to end the day.

AWS has expanded its free credits program for startups to cover the costs of using major AI models. From a report: In a move to attract startup customers, Amazon now allows its cloud credits to cover the use of models from other providers including Anthropic, Meta, Mistral AI, and Cohere. "This is another gift that we're making back to the startup ecosystem, in exchange for what we hope is startups continue to choose AWS as their first stop," said Howard Wright, vice president and global head of startups at AWS.

[...] As part of the deal, Anthropic will use AWS as its primary cloud provider, and Trainium and Inferentia chips to build and train its models. Wright said Amazon's free credit will contribute to revenue of Anthropic, one of the most popular models on Bedrock.

Last Monday shares of Reddit's stock soared 30%, reports CNBC — and then another 8.8% on Tuesday.

But the moves happened "even after New Street Research issued a neutral rating on the company" — and by the end of the week, CNBC was reporting that "Reddit shares are plummeting..." Shares closed at $49.32, ending the week below their closing price on Reddit's first day of trading on the New York Stock Exchange [on March 21st, when they closed at $50.44 ]... Stock markets are closed on Good Friday.

Reddit shares began their downward spiral on Wednesday, when they sank about 11% to $57.75 at market close. That day, Hedgeye Risk Management described Reddit's stock as "grossly overvalued" in a report cited by Bloomberg News, adding the company was on the firm's "short bench."
The article notes Reddit's CEO sold 500,000 shares in the company — nearly 40% of his holdings — which Ben Silverman, vice president of research at Verity, told CNBC was expected — while Reddit's COO sold another 514,000 shares.

"There's always a bit of a disconnect," Silverman said in the interview, because bringing a company public "is not just to generate liquidity for the company itself so that it can expand and grow. In these situations, it often allows insiders to cash out to generate liquidity.

"And that's something investors have to consider here. If the prospects are so bright, why are insiders selling?"

An anonymous reader quotes a report from Gizmodo: Do you remember Facebook Watch? Me neither. Mark Zuckerberg's short-lived streaming service never really got off the ground, but court filings unsealed in Meta's antitrust lawsuit claim "Watch" was kneecapped starting in 2018 to protect Zuckerberg's advertising relationship with Netflix CEO Reed Hastings. "For nearly a decade, Netflix and Facebook enjoyed a special relationship," said plaintiffs in filings (PDF) made public on Saturday. "It is no great mystery how this close partnership developed, and who was its steward: from 2011-2019, Netflix's then-CEO Hastings sat on Facebook's board and personally directed the companies' relationship"

The filings detail Hastings' uncomfortably close relationship with Meta's upper management, including Zuckerberg and Sheryl Sandberg. During these years, Netflix was allegedly granted special access to Facebook users' private message inboxes, among other privileged analytics tools, in exchange for hundred-million-dollar advertising deals. This gave Facebook greater dominance in its all-important ad division, plaintiffs allege, so the company was fine to retreat from Netflix's streaming territory by shuttering Watch. In 2017, Facebook Watch began signing deals to populate its streaming service with original TV Shows from movie stars such as Bill Murray. A year later, the service attempted to license the popular '90s TV show Dawson's Creek. Facebook Watch had meaningful reach on the home screen of the social media platform, and an impressive budget as well. Facebook and Netflix appeared ready to butt heads in the streaming world, and the Netflix cofounder found himself in the middle as a Facebook board member. [...]

Netflix was a large advertiser to Facebook, and plaintiffs allege Zuckerberg shuttered its promising Watch platform for the sake of the greater advertising business. Zuckerberg personally emailed the head of Facebook Watch in May of 2018, Fidji Simo, to tell her their budget was being slashed by $750 million, just two years after Watch's launch, according to court filings. The sudden pivot meant Facebook was now dismantling the streaming business it had spent the last two years growing. During this time period, Netflix increased its ad spend on Facebook to roughly $150 million a year and allegedly entered into agreements for increased data analytics. By early 2019, the ad spend increased to roughly $200 million a year. Hastings left Facebook's board later in 2019.
UPDATE: Meta (Again) Denies Netflix Read Facebook Users' Private Messenger Messages.

According to Bloomberg, the U.S. and U.K. are investigating more than $20 billion worth of USDT transactions that have passed through Garantex, a Russia-based crypto exchange. Milk Road reports: If confirmed, the $20 billion in transactions would represent one of the most significant breaches of the sanctions imposed on Russia since the conflict began. However, the sources cautioned that the inquiries are ongoing and that it is too early to draw conclusions given the complexity of crypto transactions. They also noted that there was no immediate suggestion of wrongdoing by Tether.

Key points:

- The transactions under scrutiny were conducted using Tether (USDT).
- The US and UK sanctioned Garantex on suspicion of facilitating financial crimes and illicit transactions in Russia.
- The $20 billion USDT transactions would represent one of the biggest breaches of sanctions imposed on Russia since the start of the war.
- Tether froze assets of entities on the U.S. sanctions list.

Portugal's data regulator has ordered Sam Altman's iris-scanning project Worldcoin to stop collecting biometric data for 90 days, it said on Tuesday, in the latest regulatory blow to a venture that has raised privacy concerns in multiple countries. From a report: Worldcoin encourages people to have their faces scanned by its "orb" devices, in exchange for a digital ID and free cryptocurrency. More than 4.5 million people in 120 countries have signed up, according to Worldcoin's website. Portugal's data regulator, the CNPD, said there was a high risk to citizens' data protection rights, which justified urgent intervention to prevent serious harm. More than 300,000 people in Portugal have provided Worldcoin with their biometric data, the CNPD said.

An anonymous reader quotes a report from Reuters: Reddit will need to spend heavily on content moderation as it may face greater scrutiny as a public company, analysts said, threatening its longstanding policy of relying on an army of volunteers to maintain order on its platform. The newly listed company warned in its initial public offering (IPO) paperwork that its unique approach to content moderation can sometimes subject it to disruptions like in 2023, when several moderators protested against its decision to charge third-party app developers for access to its data.

Depending on volunteers is not sustainable, given the regulatory scrutiny that the company will now face, said Julian Klymochko, CEO of alternative investment solutions firm Accelerate Financial Technologies. "It's like relying on unpaid labor when the company has nearly a billion dollars in revenue," he added. Reddit reported revenue of $804 million in 2023, according to an earlier filing. Reddit will need to make substantial investments in trust and safety, which could lead to a "dramatic" rise in expenses, Klymochko said. Josh White, former economist at the Securities and Exchange Commission and assistant professor of finance at Vanderbilt University, also said that banking on free volunteers is Reddit's biggest risk. The company would need to ramp up spending on anti-misinformation efforts especially as the U.S. prepares for the presidential election later this year, White said. "We believe our approach is the most sustainable and scalable moderation model that exists online today. We are continually investing in and iterating on new tools and policies to improve our internal capabilities," the Reddit spokesperson said.

A top executive from the crypto exchange Binance has escaped custody in Nigeria after being arrested for allegedly destabilizing the country's national currency. The Associated Press reports: Nadeem Anjarwalla, the regional manager for Binance in Africa, "fled Nigeria using a smuggled passport," the office of Nigeria's National Security Adviser said in a statement, calling for "whatever information that can assist law enforcement agencies to apprehend the suspect." Anjarwalla, who holds dual British and Kenyan citizenship, had been detained in Nigeria along with another colleague since Feb. 26 when they arrived in the country following a crackdown on the crypto platform. Tigran Gambaryan, the colleague who is an American citizen, remains in captivity.

Nigeria is Africa's largest crypto economy in terms of trade volume with many citizens using crypto to hedge their finances against surging inflation and the declining local currency. Binance stopped all trading with the Nigerian naira currency on its platform in early March after authorities accused it of being used for money laundering and terrorism financing -- without providing evidence publicly. It was not clear how Anjarwalla fled custody. The Abuja-based Premium Times newspaper, which broke the news of his escape, reported that he fled from a guest house in the capital city after guards led him to a nearby mosque for prayers. "The personnel responsible for the custody of the suspect have been arrested, and a thorough investigation is ongoing to unravel the circumstances that led to his escape from lawful detention," Zakari Mijinyawa, spokesman for the office of Nigeria's National Security Adviser said in a statement.

The FTX bankruptcy estate has raised $884 million by selling the majority of its Anthropic shares to two dozen institutional investors. "The sale of the Anthropic shares is a big win for the FTX estate, which pledged in January to pay back the defunct exchange's customers 100% of the value of their holdings at the time of the exchange's collapse," reports CoinDesk. "FTX's FTT token climbed 10% on the news." From the report: According to Friday court filings, the top buyer is ATIC Third International Investment Company, a tech investment company wholly owned by the government of Abu Dhabi's sovereign wealth fund, Mubadala. ATIC has agreed to purchase 16,664,167 shares of Anthropic from FTX for $500 million. Other buyers include Jane Street Global Trading -- an affiliate of the erstwhile employer of former FTX CEO Sam Bankman-Fried -- "certain funds" tied to Fidelity Investments and The Ford Foundation.

"Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash," BleepingComputer reported Thursday.

Friday Microsoft wrote that the issue "was resolved in the out-of-band update KB5037422," only available via the Microsoft Update Catalog. (The update "is not available from Windows Update and will not install automatically.")

BleepingComputer reported the leak only affected "enterprise systems using the impacted Windows Server platform," and home users were not affected. But Microsoft confirmed it impacted all domain controller servers with the latest Windows Server 2012 R2, 2016, 2019, and 2022 updates: As BleepingComputer first reported on Wednesday and as many admins have warned over the last week, affected servers are freezing and restarting unexpectedly due to a Local Security Authority Subsystem Service (LSASS) process memory leak introduced with this month's cumulative updates.

"Since installation of the March updates (Exchange as well as regular Windows Server updates) most of our DCs show constantly increasing lsass memory usage (until they die)," one admin said.

"Our symptoms were ballooning memory usage on the lsass.exe process after installing KB5035855 (Server 2016) and KB5035857 (Server 2022) to the point that all physical and virtual memory was consumed and the machine hung," another Windows admin told BleepingComputer.
The leak "is observed when on-premises and cloud-based Active Directory Domain Controllers service Kerberos authentication requests," Microsoft wrote. "Extreme memory leaks may cause LSASS to crash, which triggers an unscheduled reboot of underlying domain controllers..."

"We strongly recommend you do not apply the March 2024 security update on DCs and install KB5037422 instead..."