#Microsoft is clearly becoming desperate due to low adoption rates of #Copilot. Apparently, Microsoft is now pushing Copilot to all #Microsoft365 personal subscribers and calling it a "subscription price increase". Only when you decide to cancel your subscription are you presented with the option to switch to "Microsoft 365 Personal Classic" without Copilot (and nearly the old price). The classic plan is not presented as an option unless you try to cancel your subscription. This is a classic scammy trick: Modify the existing plan and add the feature no one wants and hide the old plan from view. Presto, now you have an insane adoption rate you can present to investors as a great success. I personally don't use Microsoft subscription services, so I don't know if they tried this bullshit in the EU, but if they did, they're asking for trouble. They got sued in Australia over this already:

Australian Competition and Consumer Commission

Microsoft in court for allegedly misleading millions of Australians over Microsoft 365 subscriptions

The ACCC has commenced proceedings in the Federal Court against Microsoft Australia and its US-based parent company Microsoft Corporation for alleg...

"Microsoft in court for allegedly misleading millions of Australians over Microsoft 365 subscriptions"

Several months ago, I found a #vulnerability from #MantisBT - Authentication bypass for some passwords due to PHP type juggling (CVE-2025-47776). Any account that has a password that results in a hash that matches ^0+[Ee][0-9]+$ can be logged in with a password that matches that regex as well. For example, password comito5 can be used to log in to the affected accounts and thus gain unauthorised access. The root cause of this bug is the incorrect use of == to match the password hash: if( auth_process_plain_password( $p_test_password, $t_password, $t_login_method ) == $t_password ) The fix is to use === for the comparison. This vulnerability has existed in MantisBT ever since hashed password support was added (read: decades). MantisBT 2.27.2 and later include a fix to this vulnerability.

Mantis Bug Tracker

MantisBT is a popular free web-based bug tracking system. It is written in PHP works with MySQL, MS SQL, and PostgreSQL databases. MantisBT has bee...

#CVE_2025_47776 #infosec #cybersecurity

I would be glad to donate to the #Python project, but doing so requires me to divulge my name and contact information as per their 501(c)(3) charitable organisation status: "Contact information is required for tax reporting purposes and will be shared only with the US government." Considering the current status of the US government, I don't feel comfortable doing this. Are there some other ways to donate to Python project without getting the US government involved? -

Python Software Foundation Blog

The PSF has withdrawn a $1.5 million proposal to US government grant program

In January 2025, the PSF submitted a proposal to the US government National Science Foundation under the Safety, Security, and Privacy of Op...

-

Donation for the PSF – Python Software Foundation

@npub1vv84...6fhk