Mozilla is testing a free, built-in VPN for Firefox that routes traffic through Mozilla-managed servers directly in the browser. The Register reports: According to a staff post on Mozilla Connect, the company's idea-sharing platform, Firefox VPN is still an experimental feature in the early stages of development, but users will be selected at random to test it "over the next few months." Moz describes the feature as one that will sit beside the search bar on Firefox, routing web traffic through a Mozilla-managed VPN server, concealing the user's real IP address while adding a layer of encryption to their communications. Firefox VPN is a different project entirely from Mozilla VPN, a separate, paid-for product. The Firefox version will be free to use and confined to the browser itself, while Mozilla VPN can be used by up to five devices at a time.

The Moz staffer on the product team who announced the feature said of the upcoming beta test: "We'll start simple, then gradually add new capabilities while learning how it impacts browsing, usage, and overall satisfaction. "Our long-term vision is ambitious: to build the best VPN-integrated browser on the market." In response to feedback, the staffer noted that while it will be a desktop browser feature first, "mobile is definitely a natural next step."

Chinese companies now produce most of the world's freely available AI models. DeepSeek leads Hugging Face in popularity. Chinese firms like Alibaba receive higher ratings than OpenAI and Meta on LMArena. The site uses blind tests to measure user preferences. Chinese developers ship open models more frequently than American rivals.

Irene Solaiman is chief policy officer at Hugging Face. She said Chinese companies build their user base by shipping frequently and quickly. American companies like OpenAI and Google keep their best models proprietary. Meta once led in open AI models. Mark Zuckerberg argued last year that the world would benefit if AI companies shared their technology freely. He pledged Meta would release its AI openly. The company has since become more cautious. Zuckerberg wrote in a new essay that Meta might need to keep the best models for itself.

Mozilla Firefox's new "Shake to Summarize" feature earned a spot on TIME's Best Inventions of 2025, allowing users to shake their phone to instantly summarize long web pages. Anthony Enzor-DeMeo, general manager of Firefox, calls it a "testament to the incredible work of our UX, design, product, and engineering teams who brought this innovation to life." Neowin reports: Shake to summarize works exactly how you suspect: you physically shake your phone to generate a summary of a long article. This can be quite handy if you are trying to get the gist of a long read without scrolling through the whole thing. Other ways to activate the feature include tapping the thunderbolt icon in the address bar and selecting "Summarize Page" from the three-dot menu.

For now, the feature is limited to iOS users in the US with their system set to English, but Mozilla promises an Android version is in the works. If you have an iPhone 15 Pro or newer running iOS 26, Apple Intelligence generates the summaries on the device. For older iPhones or those on earlier iOS versions, the page text is sent to Mozilla's servers for processing. You can view the full list of TIME's "Special Mentions" here.

An anonymous reader quotes a report from the New York Times: Over the course of a nearly four-decade career, Cory Doctorow has written 15 novels, four graphic novels, dozens of short stories, six nonfiction books, approximately 60,000 blog posts and thousands of essays. And yet for all the millions of words he's published, these days the award-winning science fiction author and veteran internet activist is best known for just a single one: Enshittification. The term, which Doctorow, 54, popularized in essays in 2022 and 2023, refers to the way that online platforms become worse to use over time, as the corporations that own them try to make more money. Though the coinage is cheeky, in Doctorow's telling the phenomenon it describes is a specific, nearly scientific process that progresses according to discrete stages, like a disease.

Since then, the meaning has expanded to encompass a general vibe -- a feeling far greater than frustration at Facebook, which long ago ceased being a good way to connect with friends, or Google, whose search is now baggy with SEO spam. Of late, the idea has been employed to describe everything from video games to television to American democracy itself. "It's frustrating. It's demoralizing. It's even terrifying," Doctorow said in a 2024 speech. On Tuesday, Farrar Straus & Giroux will release "Enshittification: Why Everything Suddenly Got Worse and What to Do About It," Doctorow's book-length elaboration on his essays, complete with case studies (Uber, Twitter, Photoshop) and his prescriptions for change, which revolve around breaking up big tech companies and regulating them more robustly. Further reading: The Enshittification Hall of Shame

"A group of researchers from the University of California, Irvine, have developed a way to use the sensors in high-quality optical mice to capture subtle vibrations and convert them into audible data," reports Tom's Hardware: [T]he high polling rate and sensitivity of high-performance optical mice pick up acoustic vibrations from the surface where they sit. By running the raw data through signal processing and machine learning techniques, the team could hear what the user was saying through their desk. Mouse sensors with a 20,000 DPI or higher are vulnerable to this attack. And with the best gaming mice becoming more affordable annually, even relatively affordable peripherals are at risk....

[T]his compromise does not necessarily mean a complicated virus installed through a backdoor — it can be as simple as an infected FOSS that requires high-frequency mouse data, like creative apps or video games. This means it's not unusual for the software to gather this data. From there, the collected raw data can be extracted from the target computer and processed off-site. "With only a vulnerable mouse, and a victim's computer running compromised or even benign software (in the case of a web-based attack surface), we show that it is possible to collect mouse packet data and extract audio waveforms," the researchers state.
The researchers created a video with raw audio samples from various stages in their pipeline on an accompanying web site where they calculate that "the majority of human speech" falls in a frequency range detectable by their pipeline. While the collected signal "is low-quality and suffers from non-uniform sampling, a non-linear frequency response, and extreme quantization," the researchers augment it with "successive signal processing and machine learning techniques to overcome these challenges and achieve intelligible reconstruction of user speech."

They've titled their paper Invisible Ears at Your Fingertips: Acoustic Eavesdropping via Mouse Sensors. The paper's conclusion? "The increasing precision of optical mouse sensors has enhanced user interface performance but also made them vulnerable to side-channel attacks exploiting their sensitivity."

Thanks to Slashdot reader jjslash for sharing the article.

"It's not just you. The internet is getting worse, fast," writes Cory Doctorow. Sunday he shared an excerpt from his upcoming book Enshittification: Why Everything Suddenly Got Worse and What to Do About It.

He succinctly explains "this moment we're living through, this Great Enshittening" using Amazon as an example. Platforms amass users, but then abuse them to make things better for their business customers. And then they abuse those business customers too, abusing everybody while claiming all the value for themselves. "And become a giant pile of shit."

So first Amazon subsidized prices and shipping, then locked in customers with Prime shipping subscriptions (while adding the chains of DRM to its ebooks and audiobooks)... These tactics — Prime, DRM and predatory pricing — make it very hard not to shop at Amazon. With users locked in, to proceed with the enshittification playbook, Amazon needed to get its business customers locked in, too... [M]erchants' dependence on those customers allows Amazon to extract higher discounts from those merchants, and that brings in more users, which makes the platform even more indispensable for merchants, allowing the company to require even deeper discounts...

[Amazon] uses its overview of merchants' sales, as well as its ability to observe the return addresses on direct shipments from merchants' contracting factories, to cream off its merchants' bestselling items and clone them, relegating the original seller to page umpty-million of its search results. Amazon also crushes its merchants under a mountain of junk fees pitched as optional but effectively mandatory. Take Prime: a merchant has to give up a huge share of each sale to be included in Prime, and merchants that don't use Prime are pushed so far down in the search results, they might as well cease to exist. Same with Fulfilment by Amazon, a "service" in which a merchant sends its items to an Amazon warehouse to be packed and delivered with Amazon's own inventory. This is far more expensive than comparable (or superior) shipping services from rival logistics companies, and a merchant that ships through one of those rivals is, again, relegated even farther down the search rankings.

All told, Amazon makes so much money charging merchants to deliver the wares they sell through the platform that its own shipping is fully subsidised. In other words, Amazon gouges its merchants so much that it pays nothing to ship its own goods, which compete directly with those merchants' goods.... Add all the junk fees together and an Amazon seller is being screwed out of 45-51 cents on every dollar it earns there. Even if it wanted to absorb the "Amazon tax" on your behalf, it couldn't. Merchants just don't make 51% margins. So merchants must jack up prices, which they do. A lot... [W]hen merchants raise their prices on Amazon, they are required to raise their prices everywhere else, even on their own direct-sales stores. This arrangement is called most-favoured-nation status, and it's key to the U.S. Federal Trade Commission's antitrust lawsuit against Amazon...

If Amazon is taxing merchants 45-51 cents on every dollar they make, and if merchants are hiking their prices everywhere their goods are sold, then it follows you're paying the Amazon tax no matter where you shop — even the corner mom-and-pop hardware store. It gets worse. On average, the first result in an Amazon search is 29% more expensive than the best match for your search. Click any of the top four links on the top of your screen and you'll pay an average of 25% more than you would for your best match — which, on average, is located 17 places down in an Amazon search result.
Doctorow knows what we need to do:

• Ban predatory pricing — "selling goods below cost to keep competitors out of the market (and then jacking them up again)."

• Impose structural separation, "so it can either be a platform, or compete with the sellers that rely on it as a platform."

• Curb junk fees, "which suck 45-51 cents on every dollar merchants take in."

• End its most favoured nation deal, which forces merchants "to raise their prices everywhere else, too.

• Unionise drivers and warehouse workers.

• Treat rigged search results as the fraud they are.

These are policy solutions. (Because "You can't shop your way out of a monopoly," Doctorow warns.) And otherwise, as Doctorow says earlier, "Once a company is too big to fail, it becomes too big to jail, and then too big to care."

In the mean time, Doctorow also makes up a new word — "the enshitternet" — calling it "a source of pain, precarity and immiseration for the people we love.

"The indignities of harassment, scams, disinformation, surveillance, wage theft, extraction and rent-seeking have always been with us, but they were a minor sideshow on the old, good internet and they are the everything and all of the enshitternet."

Thanks to long-time Slashdot readers mspohr and fjo3 for sharing the article.

There's an 85-second ad (starring a humanoid robot) that argues "Technology promised to save us time. Instead it stole our focus. Opera Neon gives you both back."

Or, as BleepingComputer describes it, Opera Neon "is a new browser that puts AI in control of your tabs and browsing activities, but it'll cost $19.90 per month." It'll do tasks for you, open websites for you, manage tabs for you, and listen to you. The idea behind these agentic browsers is to put AI in control. "Neon acts at your command, opening tabs, conducting research, finding the best prices, assessing security, whatever you need. It delivers outcomes you can use, share, and build on," Opera noted...

As spotted on X, Opera Neon, the premium AI browser for Windows & macOS, costs $59.90 for nine months. Opera neon invite. This is an early bird offer, but when the offer expires, Opera Neon will cost $19.90 per month.
The browser's web page says Opera Neon "can handle everyday tasks for you, like filling in forms, placing orders, replying to emails, or tidying up files. Reusable cards turn repeated chores into single-step tasks, letting you focus on the work that matters most to you."

Opera describes itself as "the company that gave you tabs..."

The book Life 3.0 remembers a 2017 conversation where Alphabet CEO Larry Page "made a 'passionate' argument for the idea that 'digital life is the natural and desirable next step' in 'cosmic evolution'," remembers an essay in the Wall Street Journal. "Restraining the rise of digital minds would be wrong, Page contended. Leave them off the leash and let the best minds win..."

"As it turns out, Larry Page isn't the only top industry figure untroubled by the possibility that AIs might eventually push humanity aside. It is a niche position in the AI world but includes influential believers. Call them the Cheerful Apocalyptics... " I first encountered such views a couple of years ago through my X feed, when I saw a retweet of a post from Richard Sutton. He's an eminent AI researcher at the University of Alberta who in March received the Turing Award, the highest award in computer science... [Sutton had said if AI becomes smarter than people — and then can be more powerful — why shouldn't it be?] Sutton told me AIs are different from other human inventions in that they're analogous to children. "When you have a child," Sutton said, "would you want a button that if they do the wrong thing, you can turn them off? That's much of the discussion about AI. It's just assumed we want to be able to control them." But suppose a time came when they didn't like having humans around? If the AIs decided to wipe out humanity, would he be at peace with that? "I don't think there's anything sacred about human DNA," Sutton said. "There are many species — most of them go extinct eventually. We are the most interesting part of the universe right now. But might there come a time when we're no longer the most interesting part? I can imagine that.... If it was really true that we were holding the universe back from being the best universe that it could, I think it would be OK..."

I wondered, how common is this idea among AI people? I caught up with Jaron Lanier, a polymathic musician, computer scientist and pioneer of virtual reality. In an essay in the New Yorker in March, he mentioned in passing that he had been hearing a "crazy" idea at AI conferences: that people who have children become excessively committed to the human species. He told me that in his experience, such sentiments were staples of conversation among AI researchers at dinners, parties and anyplace else they might get together. (Lanier is a senior interdisciplinary researcher at Microsoft but does not speak for the company.)"There's a feeling that people can't be trusted on this topic because they are infested with a reprehensible mind virus, which causes them to favor people over AI when clearly what we should do is get out of the way." We should get out of the way, that is, because it's unjust to favor humans — and because consciousness in the universe will be superior if AIs supplant us. "The number of people who hold that belief is small," Lanier said, "but they happen to be positioned in stations of great influence. So it's not something one can ignore...."

You may be thinking to yourself: If killing someone is bad, and if mass murder is very bad, then the extinction of humanity must be very, very bad — right? What this fails to understand, according to the Cheerful Apocalyptics, is that when it comes to consciousness, silicon and biology are merely different substrates. Biological consciousness is of no greater worth than the future digital variety, their theory goes... While the Cheerful Apocalyptics sometimes write and talk in purely descriptive terms about humankind's future doom, two value judgments in their doctrines are unmissable.The first is a distaste, at least in the abstract, for the human body. Rather than seeing its workings as awesome, in the original sense of inspiring awe, they view it as a slow, fragile vessel, ripe for obsolescence... The Cheerful Apocalyptics' larger judgment is a version of the age-old maxim that "might makes right"...

Currently DNA synthesis companies "deploy biosecurity software designed to guard against nefarious activity," reports the Washington Post, "by flagging proteins of concern — for example, known toxins or components of pathogens." But Microsoft researchers discovered "up to 100 percent" of AI-generated ricin-like proteins evaded detection — and worked with a group of leading industry scientists and biosecurity experts to design a patch. Microsoft's chief science officer called it "a Windows update model for the planet.

"We will continue to stay on it and send out patches as needed, and also define the research processes and best practices moving forward to stay ahead of the curve as best we can."

But is that enough? Outside biosecurity experts applauded the study and the patch, but said that this is not an area where one single approach to biosecurity is sufficient. "What's happening with AI-related science is that the front edge of the technology is accelerating much faster than the back end ... in managing the risks," said David Relman, a microbiologist at Stanford University School of Medicine. "It's not just that we have a gap — we have a rapidly widening gap, as we speak. Every minute we sit here talking about what we need to do about the things that were just released, we're already getting further behind."
The Washington Post notes not every company deploys biosecurity software. But "A different approach, biosecurity experts say, is to ensure AI software itself is imbued with safeguards before digital ideas are at the cusp of being brought into labs for research and experimentation." "The only surefire way to avoid problems is to log all DNA synthesis, so if there is a worrisome new virus or other biological agent, the sequence can be cross-referenced with the logged DNA database to see where it came from," David Baker, who shared the Nobel Prize in chemistry for his work on proteins, said in an email.

"Microsoft buys a lot of GPUs from both Nvidia and AMD," writes the Register. "But moving forward, Redmond's leaders want to shift the majority of its AI workloads from GPUs to its own homegrown accelerators..." Driving the transition is a focus on performance per dollar, which for a hyperscale cloud provider is arguably the only metric that really matters. Speaking during a fireside chat moderated by CNBC on Wednesday, Microsoft CTO Kevin Scott said that up to this point, Nvidia has offered the best price-performance, but he's willing to entertain anything in order to meet demand.

Going forward, Scott suggested Microsoft hopes to use its homegrown chips for the majority of its datacenter workloads. When asked, "Is the longer term idea to have mainly Microsoft silicon in the data center?" Scott responded, "Yeah, absolutely...

Microsoft is reportedly in the process of bringing a second-generation Maia accelerator to market next year that will no doubt offer more competitive compute, memory, and interconnect performance... It should be noted that AI accelerators aren't the only custom chips Microsoft has been working on. Redmond also has its own CPU called Cobalt and a whole host of platform security silicon designed to accelerate cryptography and safeguard key exchanges across its vast datacenter domains.

An anonymous reader quotes a report from TorrentFreak: The operator of a popular pirate sports streaming site in Argentina has gone from spending time in jail with murderers to landing a new high-profile job a month later. Alejo "Shishi" Warles, the 25-year-old operator of Al Angulo TV, was arrested on August 20 in a LaLiga-backed crackdown. After his release on bail, he was hired by professional esports team 9z Globant, a partnership involving Argentine tech unicorn Globant. [...] The team is the result of a partnership between 9z Team and Argentinian tech unicorn Globant. Somewhat ironically, Globant previously worked with LaLiga to monitor the live-streaming user experience. Warles welcomed himself to 9z Globant via the team's social media account, referring to himself as an idol, genius, and GOAT.

Lucia Quinteros, the main social media manager at the esports team, informed Entre Rios that after considering their new hire's history, they believe that he can add value to the team. "We hired Alejo, not the person who set up that project (Al Angulo TV). Of course, we evaluated what happened, but we believe that, from now on, Alejo can pursue a different career path," Quinteros said. According to Warles himself, he was hired because he's the best. Like many of his comments, this bravado should not be taken too seriously, but nevertheless sits in stark contrast to the typical pirate site operator facing criminal charges.

Top college degrees may no longer provide the edge they once did in the job market, per LinkedIn CEO Ryan Roslansky. "I think the mindset shift is probably the most exciting thing because my guess is that the future of work belongs not anymore to the people that have the fanciest degrees or went to the best colleges, but to the people who are adaptable, forward thinking, ready to learn, and ready to embrace these tools," Roslansky said. "It really kind of opens up the playing field in a way that I think we've never seen before."

A 2024 Microsoft survey found 71% of business leaders would choose less-experienced candidates with AI skills over experienced candidates without them. LinkedIn data showed job postings requiring AI literacy increased about 70% year-over-year. Roslansky said AI will not replace humans but people who embrace AI will replace those who don't.

Friday the security researchers at Arctic Wolf Labs wrote: In late July 2025, Arctic Wolf Labs began observing a surge of intrusions involving suspicious SonicWall SSL VPN activity. Malicious logins were followed within minutes by port scanning, Impacket SMB activity, and rapid deployment of Akira ransomware. Victims spanned across multiple sectors and organization sizes, suggesting opportunistic mass exploitation.

This campaign has recently escalated, with new infrastructure linked to it observed as late as September 20, 2025.
More from Cybersecurity News: SonicWall has linked these malicious logins to CVE-2024-40766, an improper access control vulnerability disclosed in 2024. The working theory is that threat actors harvested credentials from devices that were previously vulnerable and are now using them in this campaign, even if the devices have since been patched. This explains why fully patched devices have been compromised, a fact that initially led to speculation about a potential zero-day exploit.

Once inside a network, the attackers operate with remarkable speed. The time from initial access to ransomware deployment, known as "dwell time," is often measured in hours, with some intrusions taking as little as 55 minutes, Arctic Wolf said. This extremely short window for response makes early detection critical.
"Threat actors in the present campaign successfully authenticated against accounts with the one-time password (OTP) MFA feature enabled..." notes Artic Wolf Labs: The threats described in this campaign demand early detection and a rapid response to avoid catastrophic impact to organizations. To facilitate this process, we recommend monitoring for VPN logins originating from untrusted hosting infrastructure. Equally important is ensuring visibility into internal networks, since lateral movement and ransomware encryption can occur within hours or even minutes of initial access. Monitoring for anomalous SMB activity indicative of Impacket use provides an additional early detection opportunity.

When firewalls are confirmed to be running firmware versions vulnerable to credential access or full configuration export, patching alone is not enough. In such situations, credentials must be reset wherever possible, including MFA-related secrets that might otherwise be thought of as secure, and Active Directory credentials with VPN access. These considerations are best practices that apply regardless of which firewall products are in use.
Thanks to Slashdot reader Mirnotoriety for suggesting this story.

Videogame maker Electronic Arts is in advanced talks to go private in a roughly $50 billion deal that would likely be the largest leveraged buyout of all time, WSJ is reporting, citing people familiar with the matter. From the report: A group of investors including private-equity firm Silver Lake, Saudi Arabia's Public Investment Fund and Jared Kushner's investment firm Affinity Partners could unveil a deal for the publisher best known for its sports games as soon as next week, the people said.

EA has long made games including FIFA, the soccer videogame now known as FC, and the football game Madden NFL as well as The Sims and other titles. The California-based company had a market value of around $43 billion before The Wall Street Journal reported on the talks, which sent the stock up nearly 15% Friday. Its shares closed at $193.35, a record high, giving the company a market value of around $48 billion.

Spotify says it has has removed over 75 million fraudulent tracks in the past year as it works to combat "AI slop," deepfake impersonations, and spam uploads. Variety reports: Its new protections include a policy to police unauthorized vocal impersonation ("deepfakes") and fraudulent music uploaded to artists' official profiles; an enhanced spam filter to prevent mass uploads, duplicates, SEO hacks, artificially short tracks designed to fraudulently boost streaming numbers and payments. The company also says it's collaborating with industry partners to devise an industry standard in a song's credits to "clearly indicate where and how AI played a role in the creation of a track."

"The pace of recent advances in generative AI technology has felt quick and at times unsettling, especially for creatives," the company writes in a just-published post on its official blog. "At its best, AI is unlocking incredible new ways for artists to create music and for listeners to discover it. At its worst, AI can be used by bad actors and content farms to confuse or deceive listeners, push 'slop' into the ecosystem, and interfere with authentic artists working to build their careers. The future of the music industry is being written, and we believe that aggressively protecting against the worst parts of Gen AI is essential to enabling its potential for artists and producers."

In a press briefing on Wednesday, Spotify VP and Global Head of Music Product Charlie Hellman said, "I want to be clear about one thing: We're not here to punish artists for using AI authentically and responsibly. We hope that they will enable them to be more creative than ever. But we are here to stop the bad actors who are gaming the system. And we can only benefit from all that good side if we aggressively protect against the bad side."

An anonymous reader shares a report: Battered by funding cuts, bombarded by the White House and braced for demographic changes set to send enrollment into a nosedive, America's colleges and universities have spent this year in flux. But one of higher education's rituals resurfaced again on Tuesday, when U.S. News & World Report published the college rankings that many administrators obsessively track and routinely malign. And, at least in the judgment of U.S. News, all of the headline-making upheaval has so far led to ... well, a lot of stability.

Princeton University, the Massachusetts Institute of Technology and Harvard University retained the top three spots in the publisher's rankings of national universities. Stanford University kept its place at No. 4, though Yale University also joined it there. Williams College remained U.S. News's pick for the best national liberal arts college, just as Spelman College was again the top-ranked historically Black institution. In one notable change, the University of California, Berkeley, was deemed the country's top public university. But it simply switched places with its counterpart in Los Angeles.

An anonymous reader quotes a report from Bloomberg: MediaTek is launching a mobile processor more capable of handling agentic AI tasks on devices, positioning to better compete with Qualcomm. The new Dimensity 9500 will provide users with better summaries of calls and meetings, improved output from AI models and superior 4K photos, the Taiwanese company said in a statement. The chip is made using an advanced 3-nanometer process by Taiwan Semiconductor Manufacturing Co., according to MediaTek, and handsets carrying the new chip will become available in the fourth quarter.

Xiaomi is set to launch its latest handset range powered by Qualcomm's newest Snapdragon processor later this week, and the Chinese smartphone maker is aiming to benchmark its upcoming devices against Apple Inc.'s iPhone 17. MediaTek's processor, meanwhile, is expected to give Xiaomi's rivals including Vivo a boost in the premium segment. [...] Separately, the Taiwanese company is preparing to place chip orders for automotive and more sensitive applications with TSMC's Arizona plant as some US customers have security concerns, according to the executives.

The U.S. General Services Administration has approved Meta's AI system Llama for use by federal agencies, declaring that it meets government security and legal standards. Reuters reports: "It's not about currying favor," [said Josh Gruenbaum, the GSA's procurement lead, when asked whether tech executives are giving the government discounts to get President Donald Trump's approval]. "It's about that recognition of how do we all lock in arms and make this country the best country it could possibly be." Federal agencies will be able to deploy the tool to speed up contract review or more quickly solve information technology hiccups, among other tasks, he said.

Microsoft is adding the free Microsoft 365 Copilot Chat and agents to Office apps for all Microsoft 365 business users today. From a report: Word, Excel, PowerPoint, Outlook, and OneNote are all being updated with a Copilot Chat sidebar that will help draft documents, analyze spreadsheets, and more without needing an additional Microsoft 365 Copilot license.

"Copilot Chat is secure AI chat grounded in the web -- and now, it's available in the Microsoft 365 apps," explains Seth Patton, general Manager of Microsoft 365 Copilot product marketing. "It's content aware, meaning it quickly understands what you're working on, tailoring answers to the file you have open. And it's included at no additional cost for Microsoft 365 users."

While this free version of Copilot will rewrite documents, provide summaries, and help create slides in PowerPoint, the $30 per month, per user Microsoft 365 Copilot license will still have the best integration in Office apps. The Microsoft 365 Copilot license is also not limited to a single document, and can reason over entire work data.

"There has never been a successful, widespread malware attack against iPhone," notes Apple's security blog, pointing out that "The only system-level iOS attacks we observe in the wild come from mercenary spyware... historically associated with state actors and [using] exploit chains that cost millions of dollars..."

But they're doing something about it — this week announcing a new always-on memory-safety protection in the iPhone 17 lineup and iPhone Air (including the kernel and over 70 userland processes)... Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry... For Apple, improving memory safety is a broad effort that includes developing with safe languages and deploying mitigations at scale...

Our analysis found that, when employed as a real-time defensive measure, the original Arm Memory Tagging Extension (MTE) release exhibited weaknesses that were unacceptable to us, and we worked with Arm to address these shortcomings in the new Enhanced Memory Tagging Extension (EMTE) specification, released in 2022. More importantly, our analysis showed that while EMTE had great potential as specified, a rigorous implementation with deep hardware and operating system support could be a breakthrough that produces an extraordinary new security mechanism.... Ultimately, we determined that to deliver truly best-in-class memory safety, we would carry out a massive engineering effort spanning all of Apple — including updates to Apple silicon, our operating systems, and our software frameworks. This effort, together with our highly successful secure memory allocator work, would transform MTE from a helpful debugging tool into a groundbreaking new security feature.

Today we're introducing the culmination of this effort: Memory Integrity Enforcement (MIE), our comprehensive memory safety defense for Apple platforms. Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies. MIE is built right into Apple hardware and software in all models of iPhone 17 and iPhone Air and offers unparalleled, always-on memory safety protection for our key attack surfaces including the kernel, while maintaining the power and performance that users expect. In addition, we're making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that we released earlier this year during WWDC...

Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products. Because of how dramatically it reduces an attacker's ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.