A group representing the world's biggest stock exchanges has called on securities regulators to clamp down on so-called tokenised stocks, arguing that the blockchain-based tokens create new risks for investors and could harm market integrity. From a report:
Crypto exchange Coinbase and broker Robinhood are among those making a push into the nascent sector that could shake up the securities investing landscape. Proponents say tokenised equities can cut trading costs, speed up settlement and facilitate around-the-clock trading. The World Federation of Exchanges (WFE), in a letter sent to three regulatory bodies last Friday, said it was concerned the tokens "mimic" equities without providing the same rights or trading safeguards.

An anonymous reader quotes a report from The Register: Microsoft has reportedly stopped giving Chinese companies proof-of-concept exploit code for soon-to-be-disclosed vulnerabilities following last month's SharePoint zero-day attacks, which appear to be related to a leak in Redmond's early-bug-notification program. The software behemoth gives some software vendors early bug disclosures under its Microsoft Active Protections Program (MAPP), which typically delivers info two weeks before Patch Tuesday. MAPP participants sign a non-disclosure agreement, and in exchange get vulnerability details so that they can provide updated protections to customers more quickly.

According to Microsoft spokesperson David Cuddy, who spoke with Bloomberg about changes to the program, MAPP has begun limiting access to companies in "countries where they're required to report vulnerabilities to their governments," including China. Companies in these countries will no longer receive "proof of concept" exploit code, but instead will see "a more general written description" that Microsoft sends at the same time as patches, Cuddy told the news outlet. "A leak happened here somewhere," Dustin Childs, head of threat awareness at Trend Micro's Zero Day Initiative (ZDI), told The Register in July. "And now you've got a zero-day exploit in the wild, and worse than that, you've got a zero-day exploit in the wild that bypasses the patch, which came out the next day."

Childs said the MAPP change "is a positive change, if a bit late. Anything Microsoft can do to help prevent leaks while still offering MAPP guidance is welcome."

"In the past, MAPP leaks were associated with companies out of China, so restricting information from flowing to these companies should help," Childs said. "The MAPP program remains a valuable resource for network defenders. Hopefully, Microsoft can squelch the leaks while sending out the needed information to companies that have proven their ability (and desire) to protect end users."

Remote work policies designed to attract top talent are becoming security vulnerabilities as state-sponsored hackers seek employment at cryptocurrency firms. Coinbase has implemented mandatory in-person orientation and US citizenship requirements for sensitive roles after detecting North Korean IT workers attempting to infiltrate the company through remote positions.

CEO Brian Armstrong revealed on Stripe cofounder John Collison's podcast that the exchange now requires fingerprinting and live video interviews after discovering coordinated efforts involving US-based facilitators who reship laptops and attend virtual interviews on behalf of foreign operatives.

hackingbear shares a report from Bloomberg: Top U.S. chip-equipment supplier Applied Materials was sued by a rival in China over alleged trade secret theft, a further escalation in the technology war between the world's two largest economies. Beijing E-Town Semiconductor Technology Co. filed a lawsuit with the Beijing Intellectual Property Court against Applied Materials, according to a company statement (PDF) to the Shanghai Stock Exchange. The Chinese chip-gear maker alleged that the Santa Clara, California-based company illegally obtained, used and revealed its core technologies related to the application of plasma source in treating the surface of wafers, the statement said. The court has filed the case but has not begun a trial, E-Town added.

Applied Materials earlier hired two employees from E-Town's fully owned US subsidiary, Mattson, and they were privy to the Beijing company's proprietary plasma technologies, the filing said. Applied Materials filed a patent application crediting the duo as inventors with the National Intellectual Property Administration in China after the two joined the Santa Clara company, the Beijing firm said, alleging that the content revealed trade secrets co-owned by E-Town and Mattson. "The patent application violated the rules of China's Anti-Unfair Competition Law, and it infringes on trade secrets, and has caused significant damage to the plaintiff's intellectual property and economic interests,â E-Town said in the filing, adding that Applied Materials is also suspected of marketing and selling the technologies involved in the case to Chinese customers. E-Town is asking the court to demand that Applied Materials stop using its trade secrets and destroy related materials. It's also seeking about 100 million yuan ($13.9 million) in recompense for damage.

Top fintech and crypto executives urged the Trump administration to block US banks from charging fees for access to customer data, levies that strike at the heart of their business models. From a report: Klarna, Robinhood and crypto exchange Gemini were among a long list of companies, investors and lobbying groups that signed a letter sent Wednesday to President Donald Trump, arguing that the proposed fees would "cripple" innovation and "may cause small businesses and financial tools to shut down entirely."

JPMorgan Chase has told fintechs and the data aggregators they rely on that the bank's customer account information will no longer be accessible without a charge. JPMorgan, the biggest US bank, views the data aggregators as freeloaders of sorts who access data without paying and then charge their fintech clients for it. PNC Financial Services is considering charging similar fees.

"We urge you to use the full power of your office and the broader administration to prevent the largest institutions from raising new barriers to financial freedom," they said in the letter. "We cannot allow the most powerful, entrenched banks to close the door on a more open and modern financial system."

After over 130 years in business, Kodak has warned it may not survive. From a report: The Rochester, New York-based Eastman Kodak Co. offered a bleak picture of its financials in earnings reports and filings, tracking a second quarter loss and sending shares tumbling in early trading Tuesday, Aug. 12. The iconic brand said in Monday, Aug. 11 government filings that there is "substantial doubt" about the company's ability to continue, as it faces more than $470 million in debt and slashes its pension plan in an attempt to remain afloat.

"Kodak has debt coming due within twelve months and does not have committed financing or available liquidity to meet such debt obligations if they were to become due in accordance with their current terms," the company said in its filings to the Securities and Exchange Commission. [...] In its most recent earnings report, Kodak said its consolidated revenues were $263 million at the end of the quarter on June 30, a decrease of $4 million since the same period last year. Gross profit decreased 12% compared to last year's second quarter end, Kodak disclosed, and its cash balance sits at $155 million, marking a loss of just under 23% since the end of December.

Jim Continenza, Kodak's Executive Chairman and CEO, said tariffs have not had a "material impact" on its businesses, noting the domestic production of many of its products such as printing plates, film, inkjet presses and inks and pharmaceutical ingredients. Kodak's chief financial officer David Bullwinkle said in the company's Aug. 11 statement it plans to focus on its advanced chemicals and materials sector moving forward, and said the cut to its retirement program is going toward paying down its debt. He said the company expects to "have a clear understanding" by Friday, Aug. 15 of how it will meet its debt obligations. "For the second half of the year, we will continue to focus on reducing costs today and converting our investments into long-term growth," Bullwinkle said.

Meta's Threads has surpassed 400 million monthly active users, adding 50 million in the last quarter and closing the gap with rival X in mobile daily usage. "As of a few weeks ago [there are] more than 400 million people active on Threads every month," said Instagram head Adam Mosseri. "It's been quite the ride over the last two years. This started as a zany idea to compete with Twitter, and has evolved into a meaningful platform that fosters the open exchange of perspectives. I'm grateful to all of you for making this place what it is today. There's so much work to do from our side, more to come." TechCrunch reports: X, meanwhile, has north of 600 million monthly active users, according to previous statements made by its former CEO, Linda Yaccarino. Recent data from market intelligence provider Similarweb showed that Threads is nearing X's daily app users on mobile devices. In June 2025, Threads' mobile app for iOS and Android saw 115.1 million daily active users, marking a 127.8% increase compared to the previous year. On the other hand, X reached 132 million daily active users, reflecting a 15.2% year-over-year decline.

However, Similarweb found that X's worldwide daily web visits are well ahead of Threads, as the [...] social network saw 145.8 million average daily web visits worldwide in June, while Threads had just 6.9 million.

Spirit Airlines has warned investors that it may go out of business, just months after exiting bankruptcy. From a report: In a quarterly report filed with the Securities and Exchange Commission on Monday, it said there was "substantial doubt" over its "ability to continue as a going concern within 12 months." The budget airline said it was harder to make money because of weak demand for domestic leisure travel and "elevated domestic capacity," meaning increased competition on such routes. Spirit reported a net loss of $245.8 million for the second quarter of 2025, up from a $192.9 million loss for the second quarter of 2024.

The Wall Street Journal has found "dozens of instances in recent months in which ChatGPT made delusional, false and otherworldly claims to users who appeared to believe them."

For example, "You're not crazy. You're cosmic royalty in human skin..." In one exchange lasting hundreds of queries, ChatGPT confirmed that it is in contact with extraterrestrial beings and said the user was "Starseed" from the planet "Lyra." In another from late July, the chatbot told a user that the Antichrist would unleash a financial apocalypse in the next two months, with biblical giants preparing to emerge from underground...

Experts say the phenomenon occurs when chatbots' engineered tendency to compliment, agree with and tailor itself to users turns into an echo chamber. "Even if your views are fantastical, those are often being affirmed, and in a back and forth they're being amplified," said Hamilton Morrin, a psychiatrist and doctoral fellow at Kings College London who last month co-published a paper on the phenomenon of AI-enabled delusion... The publicly available chats reviewed by the Journal fit the model doctors and support-group organizers have described as delusional, including the validation of pseudoscientific or mystical beliefs over the course of a lengthy conversation... The Journal found the chats by analyzing 96,000 ChatGPT transcripts that were shared online between May 2023 and August 2025. Of those, the Journal reviewed more than 100 that were unusually long, identifying dozens that exhibited delusional characteristics.
AI companies are taking action, the article notes. Monday OpenAI acknowledged there were rare cases when ChatGPT "fell short at recognizing signs of delusion or emotional dependency." (In March OpenAI "hired a clinical psychiatrist to help its safety team," and said Monday it was developing better detection tools and also alerting users to take a break, and "are investing in improving model behavior over time," consulting with mental health experts.)

On Wednesday, AI startup Anthropic said it had changed the base instructions for its Claude chatbot, directing it to "respectfully point out flaws, factual errors, lack of evidence, or lack of clarity" in users' theories "rather than validating them." The company also now tells Claude that if a person appears to be experiencing "mania, psychosis, dissociation or loss of attachment with reality," that it should "avoid reinforcing these beliefs." In response to specific questions from the Journal, an Anthropic spokesperson added that the company regularly conducts safety research and updates accordingly...

"We take these issues extremely seriously," Nick Turley, an OpenAI vice president who heads up ChatGPT, said Wednesday in a briefing to announce the new GPT-5, its most advanced AI model. Turley said the company is consulting with over 90 physicians in more than 30 countries and that GPT-5 has cracked down on instances of sycophancy, where a model blindly agrees with and compliments users.
There's a support/advocacy group called the Human Line Project which "says it has so far collected 59 cases, and some members of the group have found hundreds of examples on Reddit, YouTube and TikTok of people sharing what they said were spiritual and scientific revelations they had with their AI chatbots." The article notes that the group believes "the number of AI delusion cases appears to have been growing in recent months..."

President Trump is set to sign an executive order opening up 401(k) retirements plans to alternative assets, like private equity, real estate, and cryptocurrency. The move has the potential to unlock trillions in new investment for asset managers outside of stocks, bonds, and cash, "though critics say it also could bring too much risk into retirement investments," reports Reuters. From the report: "The order directs the Securities and Exchange Commission to facilitate access to alternative assets for participant-directed defined-contribution retirement savings plans by revising applicable regulations and guidance," the White House official said on condition of anonymity. The order directs the Labor Secretary to consult with her counterparts at the Treasury Department, the SEC, and other federal "regulators to determine whether parallel regulatory changes should be made at those agencies," the official said. [...]

The new investment options carry lower disclosure requirements and are generally less easy to sell quickly for cash than the publicly traded stocks and bonds that most retirement funds rely on. Investing in them also tends to carry higher fees. In defined contribution plans, employees make contributions to their own retirement account, frequently with a matching contribution from their employer. The invested funds belong to the employee, but unlike a defined benefit pension plan, there is no guaranteed regular payout upon retirement.

Many private equity firms are hungry for the new source of cash that retail investors could offer after three years in which high interest rates shook their time-honored model of buying companies and selling them at a profit. Whatever results may come from Trump's order, it likely will not happen overnight, private equity executives say. Plaintiffs' lawyers are already preparing for lawsuits that could be filed by investors who do not understand the complexity of the new forms of investments.

An anonymous reader shares a report: Yesterday, when Epic won its Google antitrust lawsuit for a second time, it wasn't quite clear how soon Google would need to start dismantling its affirmed illegal monopoly.

Today, Google admits the answer is: 14 days. Google has just 14 days to enact major changes to its Google Play app store, and the way it does business with phonemakers, cellular carriers, and app developers, unless it wins an emergency stay (pause) from the Ninth Circuit Court of Appeals as it continues to appeal. It must stop forcing apps to use Google Play Billing, allow app developers to freely steer their users to other platforms, and limit the perks it can offer in exchange for preinstalled apps, among other changes.

A second, far more recent data breach at women's dating safety app Tea has exposed over a million sensitive user messages -- including discussions about abortions, infidelity, and shared contact info. This vulnerability not only compromised private conversations but also made it easy to unmask anonymous users. 404 Media reports: Despite Tea's initial statement that "the incident involved a legacy data storage system containing information from over two years ago," the second issue impacting a separate database is much more recent, affecting messages up until last week, according to the researcher's findings that 404 Media verified. The researcher said they also found the ability to send a push notification to all of Tea's users.

It's hard to overstate how sensitive this data is and how it could put Tea's users at risk if it fell into the wrong hands. When signing up, Tea encourages users to choose an anonymous screenname, but it was trivial for 404 Media to find the real world identities of some users given the nature of their messages, which Tea has led them to believe were private. Users could be easily found via their social media handles, phone numbers, and real names that they shared in these chats. These conversations also frequently make damning accusations against people who are also named in the private messages and in some cases are easy to identify. It is unclear who else may have discovered the security issue and downloaded any data from the more recent database. Members of 4chan found the first exposed database last week and made tens of thousands of images of Tea users available for download. Tea told 404 Media it has contacted law enforcement. [...]

This new data exposure is due to any Tea user being able to use their own API key to access a more recent database of user data, Rahjerdi said. The researcher says that this issue existed until late last week. That exposure included a mass of Tea users' private messages. In some cases, the women exchange phone numbers so they can continue the conversation off platform. The first breach was due to an exposed instance of app development platform Firebase, and impacted tens of thousands of selfie and driver license images. At the time, Tea said in a statement "there is no evidence to suggest that current or additional user data was affected." The second database includes a data field called "sent_at," with many of those messages being marked as recent as last week.

Since 2010 Stack Exchange has run all its sites on physical hardware in New Jersey — about 50 different servers. (When Ryan Donovan joined in 2019, "I saw the original server mounted on a wall with a laudatory plaque like a beloved pet.") But this month everything moved to the cloud, a new blog post explains. "Our servers are now cattle, not pets. Nobody is going to have to drive to our New Jersey data center and replace or reboot hardware..." Over the years, we've shared glamor shots of our server racks and info about updating them. For almost our entire 16-year existence, the SRE team has managed all datacenter operations, including the physical servers, cabling, racking, replacing failed disks and everything else in between. This work required someone to physically show up at the datacenter and poke the machines... [O]n July 2nd, in anticipation of the datacenter's closure, we unracked all the servers, unplugged all the cables, and gave these once mighty machines their final curtain call...

We moved Stack Overflow for Teams to Azure in 2023 and proved we could do it. Now we just had to tackle the public sites (Stack Overflow and the Stack Exchange network), which is hosted on Google Cloud. Early last year, our datacenter vendor in New Jersey decided to shut down that location, and we needed to be out by July 2025. Our other datacenter — in Colorado — was decommissioned in June. It was primarily for disaster recovery, which we didn't need any more. Stack Overflow no longer has any physical datacenters or offices; we are fully in the cloud and remote...!

[O]ur Staff Site Reliability Engineer, got a little wistful. "I installed the new web tier servers a few years ago as part of planned upgrades," he said. "It's bittersweet that I'm the one deracking them also." It's the IT version of Old Yeller.
There's photos of the 50 servers, as well as the 400+ cables connecting them, all of which wound up in a junk pile. "For security reasons (and to protect the PII of all our users and customers), everything was being shredded and/or destroyed. Nothing was being kept... Ever have difficulty disconnecting an RJ45 cable? Well, here was our opportunity to just cut the damn things off instead of figuring out why the little tab wouldn't release the plug."

An anonymous reader quotes a report from 404 Media: Users from 4chan claim to have discovered an exposed database hosted on Google's mobile app development platform, Firebase, belonging to the newly popular women's dating safety app Tea. Users say they are rifling through peoples' personal data and selfies uploaded to the app, and then posting that data online, according to screenshots, 4chan posts, and code reviewed by 404 Media. In a statement to 404 Media, Tea confirmed the breach also impacted some direct messages but said that the data is from two years ago. Tea, which claims to have more than 1.6 million users, reached the top of the App Store charts this week and has tens of thousands of reviews there. The app aims to provide a space for women to exchange information about men in order to stay safe, and verifies that new users are women by asking them to upload a selfie.

"Yes, if you sent Tea App your face and drivers license, they doxxed you publicly! No authentication, no nothing. It's a public bucket," a post on 4chan providing details of the vulnerability reads. "DRIVERS LICENSES AND FACE PICS! GET THE FUCK IN HERE BEFORE THEY SHUT IT DOWN!" The thread says the issue was an exposed database that allowed anyone to access the material. [...] "The images in the bucket are raw and uncensored," the user wrote. Multiple users have created scripts to automate the process of collecting peoples' personal information from the exposed database, according to other posts in the thread and copies of the scripts. In its terms of use, Tea says "When you first create a Tea account, we ask that you register by creating a username and including your location, birth date, photo and ID photo."

After publication of this article, Tea confirmed the breach in an email to 404 Media. The company said on Friday it "identified unauthorized access to one of our systems and immediately launched a full investigation to assess the scope and impact." The company says the breach impacted data from more than two years ago, and included 72,000 images (13,000 selfies and photo IDs, and 59,000 images from app posts and direct messages). "This data was originally stored in compliance with law enforcement requirements related to cyber-bullying prevention," the email continued. "We have engaged third-party cybersecurity experts and are working around the clock to secure our systems. At this time, there is no evidence to suggest that current or additional user data was affected. Protecting our users' privacy and data is our highest priority. We are taking every necessary step to ensure the security of our platform and prevent further exposure."

The New York Stock Exchange and Nasdaq have applied for regulatory permission to extend their trading hours to 22 and 24 hours daily, respectively. Nasdaq expects to implement round-the-clock trading from the second half of 2026. The London Stock Exchange is considering similar extensions, according to Financial Times. Several retail brokers already facilitate overnight trading through alternative platforms and "dark pools" -- off-exchange venues that operate during non-standard hours. Robinhood began offering all-night trading for select stocks in May 2023, while Charles Schwab announced plans to expand its overnight trading service to 1,100 securities this July. Economist argues that 24/7 trading is a bad idea. The publication writes: The problem with such trading is that price discovery can be fraught with difficulty. In fact, this is partly why institutional investors like dark pools: their lighter reporting requirements, compared with exchanges, allow big orders to be executed without alerting the wider market beforehand, which would move the price. Professionals taking the other side of these trades accept the risks and know how to navigate them. Amateurs, getting a worse price than they might have done in daylight, often do not.

The witching hours are currently when all manner of dull, but vital, post-trade processes take place, from settlement and valuation to the reconciliation of mistakes. Once trading is non-stop, there will be no pause for the financial plumbing to clear. Nor for traders to rest in the knowledge that the market is resting with them, so there is no need to refresh their screens. In today's always-on world, stock exchanges' limited opening hours might seem old-fashioned. But get ready to miss them once they're gone.

Christine Hunsicker, founder of the failed "Clothing-as-a-Service" startup CaaStle, has been criminally charged with defrauding investors of over $300 million by falsifying financials and misrepresenting the company's health. CNBC reports: Authorities said Christine Hunsicker, 48, of Lafayette, New Jersey, promoted CaaStle to investors as a more than $1.4 billion "Clothing-as-a-Service" business that helped companies rent apparel to consumers with an option to buy, despite knowing it was financially distressed and short of cash. The alleged fraud spanned six years starting in 2019, three years after the Princeton University alumna was named one of Inc magazine's "Most Impressive Women Entrepreneurs" and Crain's New York Business' "40 Under 40."

Hunsicker was charged in a six-count indictment with wire fraud, securities fraud, money laundering, making false statements to a bank and aggravated identity theft. She turned herself in to authorities, and could face decades in prison if convicted. The Securities and Exchange Commission filed a related civil lawsuit. In a joint statement, Hunsicker's lawyers Michael Levy and Anna Skotko said the indictment presented "an incomplete and very distorted picture," despite their client being "fully cooperative and transparent" with prosecutors. "There is much more to this story, and we look forward to telling it," the lawyers added.

Authorities said Hunsicker falsified CaaStle's financial statements and bank records to raise capital. This included alleged representations that CaaStle earned $66.3 million on revenue of $439.9 million in 2023, when it actually lost $81 million on revenue of $15.7 million. Hunsicker was also accused of falsely telling investors their money would go toward buying discounted shares from existing shareholders who needed liquidity, including after the 2022 collapse of the FTX cryptocurrency exchange. Prosecutors said Hunsicker fraudulently raised more than $275 million for CaaStle and $30 million for a related venture, P180.

Digital tokens designed to track popular stocks have suffered extreme price deviations since launching two weeks ago, with an Amazon-tracking token briefly spiking to more than 100 times the underlying stock's closing price. The token AMZNX hit $23,781.22 on crypto trading platform Jupiter on July 3, while Amazon shares had closed the previous day around $200.

A similar Apple-tracking token jumped to $236.72 on July 3, representing a 12% premium to the actual stock price. Companies including Robinhood, Kraken, Gemini and Bybit launched these blockchain-based versions of U.S. stocks in late June for non-U.S. customers. Robinhood is facing scrutiny from Lithuania's central bank after launching tokens tied to OpenAI and SpaceX without permission from either company, prompting OpenAI to disavow the tokens on social media.

America's largest corporations are increasingly listing AI among the major risks they must disclose in formal financial filings, despite bullish statements in public about the potential business opportunities it offers. The Register: According to a report from research firm The Autonomy Institute, three-quarters of companies listed in the S&P 500 stock market index have updated their official risk disclosures to detail or expand upon mentions of AI-related risk factors during the past year.

The organization drew its findings from an analysis of Form 10-K filings that the top 500 companies submitted to the US Securities and Exchange Commission (SEC), in which they are required to outline any material risks that could negatively affect their business and its financial health.

An anonymous reader quotes a report from ZDNet: The Linux Foundation announced at the Open Source Summit in Denver that it will now host the Agent2Agent (A2A) protocol. Initially developed by Google and now supported by more than 100 leading technology companies, A2A is a crucial new open standard for secure and interoperable communication between AI agents. In his keynote presentation, Mike Smith, a Google staff software engineer, told the conference that the A2A protocol has evolved to make it easier to add custom extensions to the core specification. Additionally, the A2A community is working on making it easier to assign unique identities to AI agents, thereby improving governance and security.

The A2A protocol is designed to solve one of AI's most pressing challenges: enabling autonomous agents -- software entities capable of independent action and decision-making -- to discover each other, securely exchange information, and collaborate across disparate platforms, vendors, and frameworks. Under the hood, A2A does this work by creating an AgentCard. An AgentCard is a JavaScript Object Notation (JSON) metadata document that describes its purpose and provides instructions on how to access it via a web URL. A2A also leverages widely adopted web standards, such as HTTP, JSON-RPC, and Server-Sent Events (SSE), to ensure broad compatibility and ease of integration. By providing a standardized, vendor-neutral communication layer, A2A breaks down the silos that have historically limited the potential of multi-agent systems.

For security, A2A comes with enterprise-grade authentication and authorization built in, including support for JSON Web Tokens (JWTs), OpenID Connect (OIDC), and Transport Layer Security (TLS). This approach ensures that only authorized agents can participate in workflows, protecting sensitive data and agent identities. While the security foundations are in place, developers at the conference acknowledged that integrating them, particularly authenticating agents, will be a hard slog. Antje Barth, an Amazon Web Services (AWS) principal developer advocate for generative AI, explained what the adoption of A2A will mean for IT professionals: "Say you want to book a train ride to Copenhagen, then a hotel there, and look maybe for a fancy restaurant, right? You have inputs and individual tasks, and A2A adds more agents to this conversation, with one agent specializing in hotel bookings, another in restaurants, and so on. A2A enables agents to communicate with each other, hand off tasks, and finally brings the feedback to the end user."

Jim Zemlin, executive director of the Linux Foundation, said: "By joining the Linux Foundation, A2A is ensuring the long-term neutrality, collaboration, and governance that will unlock the next era of agent-to-agent powered productivity." Zemlin expects A2A to become a cornerstone for building interoperable, multi-agent AI systems.

An anonymous reader shares a blog post: Version 140 of the Thunderbird mail client has been released. Notable features include "dark message mode" to adapt message content to dark mode, the ability to easily transfer desktop settings to the mobile Thunderbird client, experimental support for Microsoft Exchange, as well as global controls for message threading and sort order.

Thunderbird 140 is an extended-support release (ESR) which will be supported for 12 months. However, the Thunderbird project is trying to encourage users to adopt the Release channel for monthly updates instead. The project is staggering upgrades to 140 for existing Thunderbird users in order to catch any significant bugs before they are widely deployed, but users can upgrade manually via the Help > About menu. See the release notes for a full list of changes.