Microsoft has revealed that the global computer outage caused by a faulty CrowdStrike software update, which impacted numerous major corporations, affected far more devices than initially reported, with the tech giant stating that the previously announced figure of 8.5 million affected Windows machines represents only a "subset" of the total impact. Microsoft has refrained from providing a revised estimate of the full scope of the disruption.

The revelation comes as the technology sector continues to grapple with the fallout from the incident, which occurred 10 days ago and led to widespread disruptions across various industries, prompting Microsoft to face criticism despite the root cause being traced back to a third-party cybersecurity provider's error. Microsoft clarified that the initial 8.5 million figure was derived solely from devices with enabled crash reporting features, suggesting that the true extent of the outage could be substantially higher, given that many systems do not have this optional feature activated.

Further reading: Delta Seeks Damages From CrowdStrike, Microsoft After Outage.

Long-time Slashdot reader sandbagger writes: Have you ever wondered if it's true you can instantly get malware? In this video, a person connects an XP instance directly to the internet with no firewall to see just how fast it gets compromised by malware, rootkits, malicious services and new user accounts. The answer — fast!
Malwarebytes eventually finds eight different viruses/Trojan horses -- and a DNS changer. (One IP address leads back to the Russian federation.) Itâ(TM)s fun to watch -- within just a few hours a new Windows user has even added themself. And for good measure, he also opens up Internet Explorer...

âoeWindows XP -- very insecure,â they conclude at the end of the video. âoeVery easy for random software from the internet to get more privileges than you, and it is very hard to solve that.

âoeAlso, just out of curiosity I tried this on Windows 7. And even with all of the same settings, nothing happened. I let it run for 10 hours. So it seems like this may be a problem in historical Windows.â

Slashdot reader Seven Spirals brings news about the lossless compression algorithm LZ4: The already wonderful performance of the LZ4 compressor just got better with multi-threaded additions to it's codebase. In many cases, LZ4 can compress data faster than it can be written to disk giving this particular compressor some very special applications. The Linux kernel as well as filesystems like ZFS use LZ4 compression extensively. This makes LZ4 more comparable to the Zstd compression algorithm, which has had multi-threaded performance for a while, but cannot match the LZ4 compressor for speed, though it has some direct LZ4.
From Linuxiac.com: - On Windows 11, using an Intel 7840HS CPU, compression time has improved from 13.4 seconds to just 1.8 seconds — a 7.4 times speed increase.
- macOS users with the M1 Pro chip will see a reduction from 16.6 seconds to 2.55 seconds, a 6.5 times faster performance.
- For Linux users on an i7-9700k, the compression time has been reduced from 16.2 seconds to 3.05 seconds, achieving a 5.4 times speed boost...

The release supports lesser-known architectures such as LoongArch, RISC-V, and others, ensuring LZ4's portability across various platforms.

A little-known spyware maker based in Minnesota has been hacked, TechCrunch reports, revealing thousands of devices around the world under its stealthy remote surveillance. From the report: A person with knowledge of the breach provided TechCrunch with a cache of files taken from the company's servers containing detailed device activity logs from the phones, tablets, and computers that Spytech monitors, with some of the files dated as recently as early June.

TechCrunch verified the data as authentic in part by analyzing some of the exfiltrated device activity logs that pertain to the company's chief executive, who installed the spyware on one of his own devices. The data shows that Spytech's spyware -- Realtime-Spy and SpyAgent, among others -- has been used to compromise more than 10,000 devices since the earliest-dated leaked records from 2013, including Android devices, Chromebooks, Macs, and Windows PCs worldwide. Spytech is the latest spyware maker in recent years to have itself been compromised, and the fourth spyware maker known to have been hacked this year alone, according to TechCrunch's running tally.

The pace of China's clean energy transition "is roughly the equivalent of installing five large-scale nuclear power plants worth of renewables every week," according to a report from Australia's national public broadcaster ABC (shared by long-time Slashdot reader AmiMoJo): A report by Sydney-based think tank Climate Energy Finance (CEF) said China was installing renewables so rapidly it would meet its end-of-2030 target by the end of this month — or 6.5 years early.

It's installing at least 10 gigawatts of wind and solar generation capacity every fortnight...

China accounts for about a third of the world's greenhouse gas emissions. A recent drop in emissions (the first since relaxing COVID-19 restrictions), combined with the decarbonisation of the power grid, may mean the country's emissions have peaked. "With the power sector going green, emissions are set to plateau and then progressively fall towards 2030 and beyond," CEF China energy policy analyst Xuyang Dong said... [In China] the world's largest solar and wind farms are being built on the western edge of the country and connected to the east via the world's longest high-voltage transmission lines...

Somewhat counterintuitively, China has built dozens of coal-fired power stations alongside its renewable energy zones, to maintain the pace of its clean energy transition. China was responsible for 95 per cent of the world's new coal power construction activity last year. The new plants are partly needed to meet demand for electricity, which has gone up as more energy-hungry sectors of the economy, like transport, are electrified. The coal-fired plants are also being used, like the batteries and pumped hydro, to provide a stable supply of power down the transmission lines from renewable energy zones, balancing out the intermittent solar and wind.

Despite these new coal plants, coal's share of total electricity generation in the country is falling. The China Energy Council estimated renewables generation would overtake coal by the end of this year.
CEF director Tim Buckley tells the site that China installed just 1GW of nuclear power last year — compared to 300GW of solar and wind. "They had grand plans for nuclear to be massive but they're behind on nuclear by a decade and five years ahead of schedule on solar and wind." Last year China accounted for 16% of the world's nuclear-generated power — but also more than half the world's coal-fired power generation, according to this year's analysis from the long-running International Energy Agency. The IEA estimated that in 2023, China's electricity demand rose by 6.4%, and they're predicting that by 2026 the country will see an increase "more than half of the EU's current annual electricity consumption."

And yet in China "the rapid expansion of renewable energy sources is expected to meet all additional electricity demand..." according to the IEA analysis. "Coal-fired generation in China is currently on course to experience a slow structural decline, driven by the strong expansion of renewables and growing nuclear generation, as well as moderating economic growth."

There's also some interesting stats on the "CO2 intensity" of power generation around the world. "The EU is expected to record the highest rate of progress in reducing emissions intensity, averaging an improvement of 13% per year. This is followed by China, with annual improvements forecast at 6%, and the United States at 5%."

Long-time Slashdot reader Uncle_Meataxe shares a related article from Electrek ...

Slashdot reader joshuark shared this report from BetaNews: Check Point Research has identified a critical zero-day spoofing attack exploiting Microsoft Internet Explorer on modern Windows 10/11 systems, despite the browser's retirement.

Identified as CVE-2024-38112, this vulnerability allows attackers to execute remote code by tricking users into opening malicious Internet Shortcut (.url) files. This attack method has been active for over a year and could potentially impact millions... Attackers use a sophisticated trick to mask the malicious .hta extension, making use of the outdated security of Internet Explorer to compromise systems running updated Windows operating systems.
From Check Point Research: Even though IE has been proclaimed "retired and out-of-support," technically speaking, IE is still part of the Windows OS and is "not inherently unsafe, as IE is still serviced for security vulnerabilities, and there should be no known exploitable security vulnerabilities," according to our communications with Microsoft.

Speaking of Xbox, the Xbox 360 Store and Marketplace are coming to a close later this month. From a report: Microsoft announced this last year and put an official end date of July 29, according to its official FAQ page. In case you didn't notice, the end of July is fast approaching. All of the games, DLC and any gaming tidbits for Microsoft's second generation console won't be available to purchase or download on the Xbox 360 console. Your games and movie purchases are still safe, however, if you've got any throwback titles on your Xbox One or Series X/S console. You can also still watch your purchased movies and shows on Windows 10 and 11 devices.

Longtime Slashdot reader ArchieBunker shares a report from TIME Magazine: On an evening in December 2023, 43-year-old small business owner Sarah Rosenkranz collapsed in her home in Granbury, Texas and was rushed to the emergency room. Her heart pounded 200 beats per minute; her blood pressure spiked into hypertensive crisis; her skull throbbed. "It felt like my head was in a pressure vise being crushed," she says. "That pain was worse than childbirth." Rosenkranz's migraine lasted for five days. Doctors gave her several rounds of IV medication and painkiller shots, but nothing seemed to knock down the pain, she says. This was odd, especially because local doctors were similarly vexed when Indigo, Rosenkranz's 5-year-old daughter, was taken to urgent care earlier that year, screaming that she felt a "red beam behind her eardrums." It didn't occur to Sarah that these symptoms could be linked. But in January 2024, she walked into a town hall in Granbury and found a room full of people worn thin from strange, debilitating illnesses. A mother said her 8-year-old daughter was losing her hearing and fluids were leaking from her ears. Several women said they experienced fainting spells, including while driving on the highway. Others said they were wracked by debilitating vertigo and nausea, waking up in the middle of the night mid-vomit. None of them knew what, exactly, was causing these symptoms. But they all shared a singular grievance: a dull aural hum had crept into their lives, which growled or roared depending on the time of day, rattling their windows and rendering them unable to sleep. The hum, local law enforcement had learned, was emanating from a Bitcoin mining facility that had recently moved into the area -- and was exceeding legal noise ordinances on a daily basis.

Over the course of several months in 2024, TIME spoke to more than 40 people in the Granbury area who reported a medical ailment that they believe is connected to the arrival of the Bitcoin mine: hypertension, heart palpitations, chest pain, vertigo, tinnitus, migraines, panic attacks. At least 10 people went to urgent care or the emergency room with these symptoms. The development of large-scale Bitcoin mines and data centers is quite new, and most of them are housed in extremely remote places. There have been no major medical studies on the impacts of living near one. But there is an increasing body of scientific studies linking prolonged exposure to noise pollution with cardiovascular damage. And one local doctor -- ears, nose, and throat specialist Salim Bhaloo -- says he sees patients with symptoms potentially stemming from the Bitcoin mine's noise on an almost weekly basis. "I'm sure it increases their cortisol and sugar levels, so you're getting headaches, vertigo, and it snowballs from there," Bhaloo says. "This thing is definitely causing a tremendous amount of stress. Everyone is just miserable about it." "By the end of 2024, we intend to have replaced the majority of air-cooled containers with immersion cooling, with no expansion required," said a representative for Marathon Digital Holdings, the company that owns the mine. "Initial sound readings on immersion containers indicate favorable results in sound reduction and compliance with all relevant state noise ordinances." They did not answer questions about the health impacts their mining site was causing.

"We're living in a nightmare," said Rosenkranz. She clocked the hum at 72 decibels in Indigo's bedroom in the dead of night. "Indigo's room directly faces the mine, which sits about a mile and a half away," notes TIME. She had to be pulled from her school after she developed so many ear infections from the sound.

The report also said a resident's dog "started going bald and developed debilitating anxiety shortly after the Bitcoin mine began operating four blocks away." TIME added: "Directly next door, Tom Weeks' dog Jack Rabbit Slim started shaking and hyperventilating uncontrollably for hours on end; a vet placed him on the seizure medication Gabapentin. Rosenkranz's chickens stopped laying eggs for months. And Jerry and Patricia Campbell's centuries-old oak tree, which had served as the family's hub and protector for generations of backyard family reunions and even a wedding, died suddenly three months ago."

Microsoft and Apple dropped plans to take board roles at OpenAI in a surprise decision that underscores growing regulatory scrutiny of Big Tech's influence over artificial intelligence. From a report: Microsoft, which invested $13 billion in the ChatGPT creator, will withdraw from its observer role on the board, the company said in a letter to OpenAI on Tuesday, which was seen by Bloomberg News. Apple was due to take up a similar role, but an OpenAI spokesperson said the startup won't have board observers after Microsoft's departure. Regulators in the US and Europe had expressed concerns about Microsoft's sway over OpenAI, applying pressure on one of the world's most valuable companies to show that it's keeping the relationship at arm's length. Microsoft has integrated OpenAI's services into its Windows and Copilot AI platforms and, like other big US tech companies, is banking on the new technology to help drive growth.

Longtime Slashdot reader theodp writes: "If Einstein paved the way for a new era in physics," explains auction house Christie's in a promotion piece for its upcoming offering of 150+ "objects of scientific and historical importance" from the Paul G. Allen Collection (including items from the shuttered Living Computers Museum), "Mr. Allen and his collaborators ushered in a new era of computing. Starting with MS-DOS in 1981, Microsoft then went on to revolutionize personal computing with the launch of Windows in 1985."

Christie's auction and characterization of MS-DOS as an Allen and Microsoft innovation comes 30 years after the death of Gary Kildall, whose unpublished memoir, the Seattle Times reported in Kildall's July 1994 obituary, called DOS "plain and simple theft" of Kildall's CP/M OS. PC Magazine's The Rise of DOS: How Microsoft Got the IBM PC OS Contract notes that Paul Allen himself traced the genesis of MS-DOS back to a phone call Allen made to Seattle Computer Products owner Rod Brock in which Microsoft licensed Tim Paterson's CP/M-inspired QDOS (Quick and Dirty Operating System) for $10,000 plus a royalty of $15,000 for every company that licensed the software. A shrewd buy-low-sell-high business deal, yes, but hardly an Einstein-caliber breakthrough idea.

Bloomberg and The Washington Post "claim AI power usage is dire," writes Slashdot reader NoWayNoShapeNoForm. But Ars Technica "begs to disagree with those speculations."

From Ars Technica's article: The high-profile pieces lean heavily on recent projections from Goldman Sachs and the International Energy Agency (IEA) to cast AI's "insatiable" demand for energy as an almost apocalyptic threat to our power infrastructure. The Post piece even cites anonymous "some [people]" in reporting that "some worry whether there will be enough electricity to meet [the power demands] from any source." Digging into the best available numbers and projections available, though, it's hard to see AI's current and near-future environmental impact in such a dire light... While the headline focus of both Bloomberg and The Washington Post's recent pieces is on artificial intelligence, the actual numbers and projections cited in both pieces overwhelmingly focus on the energy used by Internet "data centers" as a whole...

Bloomberg asks one source directly "why data centers were suddenly sucking up so much power" and gets back a blunt answer: "It's AI... It's 10 to 15 times the amount of electricity." Unfortunately for Bloomberg, that quote is followed almost immediately by a chart that heavily undercuts the AI alarmism. That chart shows worldwide data center energy usage growing at a remarkably steady pace from about 100 TWh in 2012 to around 350 TWh in 2024. The vast majority of that energy usage growth came before 2022, when the launch of tools like Dall-E and ChatGPT largely set off the industry's current mania for generative AI. If you squint at Bloomberg's graph, you can almost see the growth in energy usage slowing down a bit since that momentous year for generative AI.
Ars Technica first cites Dutch researcher Alex de Vries's estimate that in a few years the AI sector could use between 85 and 134 TWh of power. But another study estimated in 2018 that PC gaming already accounted for 75 TWh of electricity use per year, while "the IEA estimates crypto mining ate up 110 TWh of electricity in 2022." More to the point, de Vries' AI energy estimates are only a small fraction of the 620 to 1,050 TWh that data centers as a whole are projected to use by 2026, according to the IEA's recent report. The vast majority of all that data center power will still be going to more mundane Internet infrastructure that we all take for granted (and which is not nearly as sexy of a headline bogeyman as "AI").
The future is also hard to predict, the article concludes. "If customers don't respond to the hype by actually spending significant money on generative AI at some point, the tech-marketing machine will largely move on, as it did very recently with the metaverse and NFTs..."

It was analgous to the "Blue Screen of Death" that Windows gives for critical errors, Phoronix wrote. To enable error messages for things like a kernel panic, Linux 6.10 introduced a new panic handler infrastructure for "Direct Rendering Manager" (or DRM) drivers.

Phoronix also published a follow-up from Red Hat engineer Javier Martinez Canillas (who was involved in the new DRM Panic infrastructure). Given complaints about being too like Microsoft Windows following his recent Linux "Blue Screen of Death" showcase... Javier showed that a black screen of death is possible if so desired... After all, it's all open-source and thus can customize to your heart's content.
And now the panic handler is getting even more new features, Phoronix reported Friday: With the code in Linux 6.10 when DRM Panic is triggered, an ASCII art version of Linux's mascot, Tux the penguin, is rendered as part of the display. With Linux 6.11 it will also be able to handle displaying a monochrome image as the logo.

If ASCII art on error messages doesn't satisfy your tastes in 2024+, the DRM Panic code will be able to support a monochrome graphical logo that leverages the Linux kernel's boot-up logo support. The ASCII art penguin will still be used when no graphical logo is found or when the existing "LOGO" Kconfig option is disabled. (Those Tux logo assets being here.)

This monochrome logo support in the DRM Panic handler was sent out as part of this week's drm-misc-next pull request ahead of the Linux 6.11 merge window in July. This week's drm-misc-next material also includes TTM memory management improvements, various fixes to the smaller Direct Rendering Manager drivers, and also the previously talked about monochrome TV support for the Raspberry Pi.
Long-time Slashdot reader unixbhaskar thinks the new option "will certainly satisfy the modern people... But it is not as eye candy as people think... Moreover, it is monochrome, so certainly not resource-hungry. Plus, if all else fails, the ASCII art logo is still there to show!"

It transforms water into the fuel — one of the first fuel plants in the world to do so.

The Washington Post visits a facility in Corpus Christi, Texas using renewable energy to produce "green" hydrogen. The plant feeds water through machines that pull out its hydrogen atoms... [T]he hydrogen is chemically transformed into diesel for delivery trucks. This process could represent the biggest change in how fuel for planes, ships, trains and trucks is made since the first internal combustion engine fired up in the 19th century... Turning hydrogen into liquid fuel could help slash planet-warming pollution from heavy vehicles, cutting a key source of emissions that contribute to climate change. But to fulfill that promise, companies will have to build massive numbers of wind turbines and solar panels to power the energy-hungry process. Regulators will have to make sure hydrogen production doesn't siphon green energy that could go towards cleaning up other sources of global warming gases, such as homes or factories.

Although cars and light trucks are shifting to electric motors, other forms of transport will likely rely on some kind of liquid fuel for the foreseeable future. Batteries are too heavy for planes and too bulky for ships. Extended charging times could be an obstacle for long-haul trucks, and some rail lines may be too expensive to electrify. Together, these vehicles represent roughly half of emissions from transportation, the fourth-biggest source of greenhouse gases. To wean machines off oil, companies like Infinium, the owner of this plant, are starting to churn out hydrogen-based fuels that — in the best case — produce close to net zero emissions. They could also pave the way for a new technology, hydrogen fuel cells, to power planes, ships and trucks in the second half of this century. For now, these fuels are expensive and almost no one makes them, so the U.S. government, businesses and philanthropists including Bill Gates are investing billions of dollars to build up a hydrogen industry that could cut eventually some of the most stubborn, hard-to-remove carbon pollution.

Most scenarios for how the world could avoid the worst effects of climate change envision hydrogen cleaning up emissions in transportation, as well as in fertilizer production and steel and chemical refining. But if they're not made with dedicated renewable energy, hydrogen-based fuels could generate even more pollution than regular diesel, creating a wasteful boondoggle that sets the world back in the fight against climate change. Their potential comes down to the way plants like this produce them... Only about 40 percent of the power on the [Texas] electric grid is from renewables, with the rest coming from natural gas and coal, according to state data. That grid energy is what flows through the power line into the Infinium plant.
"One day, heavy transportation may shift to fuel cells that run on pure hydrogen and emit only water vapor from their tailpipes," the article points out. But to accommodate today's carbon-burning vehicles, Infinium produces "chemical copies of existing fuels made with crude oil" by combining captured carbon with green hydrogen.

"A truck running on diesel made from hydrogen using only renewable electricity would create 89 percent fewer greenhouse gas emissions over the course of its lifetime than a truck burning diesel made from petroleum, according to a 2022 analysis from the European nonprofit Transport & Environment."

An anonymous reader shares a report: IT asset management platform Lansweeper has dispensed a warning for enterprise administrators everywhere. Exactly how old is that Microsoft SQL Server on which your business depends? According to chief strategy officer Roel Decneut, the biz scanned just over a million instances of SQL Server and found that 19.8 percent were now unsupported by Microsoft. Twelve percent were running SQL Server 2014, which is due to drop out of extended support on July 9 -- meaning the proportion will be 32 percent early next month.

For a fee, customers can continue receiving security updates for SQL Server 2014 for another three years. Still, the finding underlines a potential issue facing users of Microsoft's flagship database: Does your business depend on something that should have been put out to pasture long ago? While Microsoft is facing a challenge in getting users to make the move from Windows 10 to Windows 11, admins are facing a similar but far less publicized issue. Sure, IT professionals are all too aware of the risks of running business-critical processes on outdated software, but persuading the board to allocate funds for updates can be challenging.

In 2016, Phoronix remembered how the early days of Linux kernel mode-setting (KMS) had brought hopes for improved error messages. And one long-awaited feature was errors messages for "Direct Rendering Manager" (or DRM) drivers — something analgous to the "Blue Screen of Death" Windows gives for critical errors.

Now Linux 6.10 is introducing a new DRM panic handler infrastructure enabling messages when a panic occurs, Phoronix reports today. "This is especially important for those building a kernel without VT/FBCON support where otherwise viewing the kernel panic message isn't otherwise easily available." With Linux 6.10 the initial DRM Panic code has landed as well as wiring up the DRM/KMS driver support for the SimpleDRM, MGAG200, IMX, and AST drivers. There is work underway on extending DRM Panic support to other drivers that we'll likely see over the coming kernel cycles for more widespread support... On Linux 6.10+ with platforms having the DRM Panic driver support, this "Blue Screen of Death" functionality can be tested via a route such as echo c > /proc/sysrq-trigger.
The article links to a picture shared on Mastodon by Red Hat engineer Javier Martinez Canillas of the error message being generated on a BeaglePlay single board computer.

Phoronix also points out that some operating systems have even considered QR codes for kernel error messages...

Slashdot reader BrianFagioli shares his report from BetaNews: The PC community is abuzz with Qualcomm's recent announcement of its Snapdragon X Elite SoC, a powerhouse chipset that promises to revolutionize the performance and energy efficiency of laptops and tablets. While Windows 11 Copilot+ PCs are set to feature this advanced processor, Linux enthusiasts have reasons to celebrate as well. You see, TUXEDO Computers is bringing this cutting-edge technology to the Linux world with its upcoming ARM notebook, positioning it as a strong competitor to Windows 11 Copilot+ devices.

In a recent update, TUXEDO Computers revealed its ambitious project of developing an ARM notebook powered by the Snapdragon X Elite SoC from Qualcomm. This announcement has generated significant excitement, as it presents a viable alternative to traditional x86 notebooks, offering comparable performance with lower energy consumption, directly challenging the dominance of Windows 11 Copilot+... Benchmarks suggest that the Snapdragon X Elite can not only rival but potentially surpass Apple's M2 SoCs, boasting higher energy efficiency. TUXEDO's preliminary tests confirm these impressive claims, setting the stage for a fierce competition with Windows 11 Copilot+ PCs.
"We recently presented a prototype of the ARM notebook we are working on at the Computex computer trade fair in Taiwan," according to TUXEDO's announcement.

"On the software side, a port of TUXEDO OS with KDE Plasma to the ARM platform is our goal for this project running internally under the working title Drako...

"It is quite conceivable that an ARM notebook from TUXEDO will be under your Christmas tree in 2024... If you have subscribed to our newsletter, you will be the first to know."

A critical vulnerability in the PHP programming language (CVE-2024-4577) has been exploited by ransomware criminals, leading to the infection of up to 1,800 servers primarily in China with the TellYouThePass ransomware. This vulnerability, which affects PHP when run in CGI mode, allows attackers to execute malicious code on web servers. Ars Technica's Dan Goodin reports: As of Thursday, Internet scans performed by security firm Censys had detected 1,000 servers infected by a ransomware strain known as TellYouThePass, down from 1,800 detected on Monday. The servers, primarily located in China, no longer display their usual content; instead, many list the site's file directory, which shows all files have been given a .locked extension, indicating they have been encrypted. An accompanying ransom note demands roughly $6,500 in exchange for the decryption key. The vulnerability, tracked as CVE-2024-4577 and carrying a severity rating of 9.8 out of 10, stems from errors in the way PHP converts Unicode characters into ASCII. A feature built into Windows known as Best Fit allows attackers to use a technique known as argument injection to convert user-supplied input into characters that pass malicious commands to the main PHP application. Exploits allow attackers to bypass CVE-2012-1823, a critical code execution vulnerability patched in PHP in 2012.

CVE-2024-4577 affects PHP only when it runs in a mode known as CGI, in which a web server parses HTTP requests and passes them to a PHP script for processing. Even when PHP isn't set to CGI mode, however, the vulnerability may still be exploitable when PHP executables such as php.exe and php-cgi.exe are in directories that are accessible by the web server. This configuration is extremely rare, with the exception of the XAMPP platform, which uses it by default. An additional requirement appears to be that the Windows locale -- used to personalize the OS to the local language of the user -- must be set to either Chinese or Japanese. The critical vulnerability was published on June 6, along with a security patch. Within 24 hours, threat actors were exploiting it to install TellYouThePass, researchers from security firm Imperva reported Monday. The exploits executed code that used the mshta.exe Windows binary to run an HTML application file hosted on an attacker-controlled server. Use of the binary indicated an approach known as living off the land, in which attackers use native OS functionalities and tools in an attempt to blend in with normal, non-malicious activity.

In a post published Friday, Censys researchers said that the exploitation by the TellYouThePass gang started on June 7 and mirrored past incidents that opportunistically mass scan the Internet for vulnerable systems following a high-profile vulnerability and indiscriminately targeting any accessible server. The vast majority of the infected servers have IP addresses geolocated to China, Taiwan, Hong Kong, or Japan, likely stemming from the fact that Chinese and Japanese locales are the only ones confirmed to be vulnerable, Censys researchers said in an email. Since then, the number of infected sites -- detected by observing the public-facing HTTP response serving an open directory listing showing the server's filesystem, along with the distinctive file-naming convention of the ransom note -- has fluctuated from a low of 670 on June 8 to a high of 1,800 on Monday. Censys researchers said in an email that they're not entirely sure what's causing the changing numbers.

An anonymous reader quotes a report from MacRumors: iOS 18, iPadOS 18, and macOS Sequoia feature a new, dedicated Passwords app for faster access to important credentials. The Passwords app replaces iCloud Keychain, which is currently only accessible via a menu in Settings. Now, passwords are available directly via a standalone app for markedly quicker access, bringing it more in line with rival services. The Passwords app consolidates various credentials, including passwords, passkeys, and Wi-Fi passwords, into a single, easily accessible location. Users can filter and sort their accounts based on various criteria, such as recently created accounts, credential type, or membership in shared groups.

Passwords is also compatible with Windows via the iCloud for Windows app, extending its utility to users who operate across different platforms. The developer beta versions of iOS 18, iPadOS 18, and macOS Sequoia are available today with official release to the public scheduled for the fall, providing an early look at the Passwords app.

Apple will introduce a new app called Passwords next week, aiming to simplify website and software logins for users, according to Bloomberg. The app -- offered as part of iOS 18, iPadOS 18, and macOS 15 -- will be unveiled at Apple's Worldwide Developers Conference on June 10. Powered by iCloud Keychain, Passwords will generate and manage passwords, allowing imports from rival services, and support Vision Pro headset and Windows computers.

Microsoft is ending support for Windows 10 in October 2025, but the company is now taking the unusual step of reopening its beta program for Windows 10 to test new features and improvements. From a report: Windows 10 already got the AI Copilot feature that was originally exclusive to Windows 11, and it may well get other features soon. "To bring new features and more improvements to Windows 10 as needed, we need a place to do active feature development with Windows Insiders," explains Microsoft's Windows Insider team in a blog post. "So today, we are opening the Beta Channel for Windows Insiders who are currently on Windows 10."

Microsoft hasn't revealed what additional Windows 10 features it plans to test next, but Windows Insiders can opt into the beta channel to get them early. Crucially, the Windows 10 end of support date of October 14th, 2025 is still unchanged. "Joining the Beta Channel on your Windows 10 PC does not change that," says Microsoft.