#Microsoft is clearly becoming desperate due to low adoption rates of #Copilot. Apparently, Microsoft is now pushing Copilot to all #Microsoft365 personal subscribers and calling it a "subscription price increase". Only when you decide to cancel your subscription are you presented with the option to switch to "Microsoft 365 Personal Classic" without Copilot (and nearly the old price). The classic plan is not presented as an option unless you try to cancel your subscription. This is a classic scammy trick: Modify the existing plan and add the feature no one wants and hide the old plan from view. Presto, now you have an insane adoption rate you can present to investors as a great success. I personally don't use Microsoft subscription services, so I don't know if they tried this bullshit in the EU, but if they did, they're asking for trouble. They got sued in Australia over this already:

Australian Competition and Consumer Commission

Microsoft in court for allegedly misleading millions of Australians over Microsoft 365 subscriptions

The ACCC has commenced proceedings in the Federal Court against Microsoft Australia and its US-based parent company Microsoft Corporation for alleg...

"Microsoft in court for allegedly misleading millions of Australians over Microsoft 365 subscriptions"

Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776). Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access. The root cause of this bug is the incorrect use of == to match the password hash: if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password ) The fix is to use === for the comparison. This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability.

Mantis Bug Tracker

MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. MantisBT has bee...

#CVE_2025_47776 #infosec #cybersecurity

I would be glad to donate to the #Python project, but doing so requires me to divulge my name and contact information as per their 501(c)(3) charitable organisation status: "Contact information is required for tax reporting purposes and will be shared only with the US government." Considering the current status of the US government, I don't feel comfortable doing this. Are there some other ways to donate to Python project without getting the US government involved? -

Python Software Foundation Blog

The PSF has withdrawn a $1.5 million proposal to US government grant program

In January 2025, the PSF submitted a proposal to the US government National Science Foundation under the Safety, Security, and Privacy of Op...

-

Donation for the PSF – Python Software Foundation

@npub1vv84...6fhk

IRC is working just fine. As always.

A lot of services that are supposedly running in EU are currently having significant issues due to AWS US-EAST-1 being impacted. But surely this is just some dependencies that are down and all our data is really stored in EU. Right? https://health.aws.amazon.com/health/status

#Signalapp appears to have some issues. The desktop app appears "offline" and messages are not going through, EDIT: This likely is an outage resulting from AWS US-EAST-1 having some issues: https://health.aws.amazon.com/health/status Many services are impacted. See https://downdetector.com/

AlphaPhoenix's video about the home-built 2 billion fps camera is one of the coolest videos for a long time. The premise is so simple that anyone (even people without degrees) can follow and understand it. Educational and cool as heck! #alphaphoenix #science #physics

While the latest #ChatControl proposal didn't proceed to a vote, the proponents of the interception of all chat traffic will undoubtedly continue their efforts to get the law passed - like they have for years now. It will resurface shortly, disguised and modified but effectively pushing for the same end result: removal of end-to-end encryption. We must stay vigilant and continue to fight for our freedoms. #StopChatcontrol #privacy

Broadcom has stopped delivering automated updates to #VMware Fusion and Workstation. All updates have to be downloaded and installed manually from the Broadcom Support Portal (as a side note: This portal is one of the worst corporate "support" websites I've seen in the last decade). This is terrible. It will lead to tens of thousands of VMware installations remaining vulnerable to trivially exploitable flaws, for example, local privilege escalation via CVE-2025-41244

Support Portal

Support Content Notification - Support Portal - Broadcom support portal

BTW, Please note that to fix CVE-2025-41244 you must now manually download the correct VMware Tools package from the support portal, unpack the zip, mount the ISO image, and then execute the setup.exe from the mounted ISO image. There is currently no VMware releases that include the fixed VMware Tools, so if you create any new VMs you MUST install the update manually to each new VM. Did I already mention this is terrible? #enshittification #infosec #cybersecurity

Aleksanteri Kivimäki - the person who mercilessly extorted psychotherapy centre patients with the leaked patient data - has been released from prison. Generally, I feel that the Finnish justice system is doing a fairly good job, but in this case, I feel like this is just outright wrong. This person should have served full time and not be considered a first-time offender. #vastaamo #vastaamopsychotherapycenter