Vue normale

Il y a de nouveaux articles disponibles, cliquez pour rafraîchir la page.
À partir d’avant-hier4sysops

Microsoft refreshes Windows 11 installation media with July 2026 security patches

Par : IT News
17 juillet 2026 à 15:51
Microsoft refreshes Windows 11 installation media with July 2026 security patches
Microsoft has updated the Windows 11 installation media available through the Media Creation Tool to include the July 2026 Patch Tuesday updates. This refresh applies to both the 24H2 and 25H2 editions, integrating security patches KB5101650 and KB5099414 directly into the bootable images. By using this updated media, administrators can perform clean installations that already contain the latest security intelligence updates for Microsoft Defender.

Source

ACR Stealer uses ClickFix lures and steganography to bypass browser security

Par : IT News
17 juillet 2026 à 15:51
ACR Stealer uses ClickFix lures and steganography to bypass browser security
ACR Stealer is a malware-as-a-service threat that targets enterprise environments by stealing browser credentials, session tokens, and sensitive documents. The infection begins with a social engineering technique called ClickFix, which tricks users into pasting malicious commands into the Windows Run dialog or a terminal. Once executed, the malware targets Chromium-based browsers like Chrome and Edge to decrypt passwords and cookies using the Windows Data Protection API (DPAPI).

Source

Moonshot AI Kimi K3 beats Anhtropic Fable 5 in Frontend Code Arena benchmark

Par : IT News
17 juillet 2026 à 15:51
Moonshot AI Kimi K3 beats Anhtropic Fable 5 in Frontend Code Arena benchmark
Moonshot AI has unveiled Kimi K3, a massive 2.8 trillion-parameter model that currently stands as the largest open-weight artificial intelligence system available. The model utilizes a mixture-of-experts architecture with 896 experts, though it only activates 16 experts per token to maintain computational efficiency. It features a 1 million-token context window and native vision support, allowing it to process vast amounts of data and visual information in a single prompt.

Source

Spirals ransomware exploits IIS servers to encrypt networks in under 24 hours

Par : IT News
17 juillet 2026 à 15:50
Spirals ransomware exploits IIS servers to encrypt networks in under 24 hours
The newly discovered Spirals ransomware, written in Rust, utilizes a rapid attack timeline to move from initial breach to full network encryption in less than a day. Attackers gain entry by compromising internet-facing IIS web servers to deploy web shells and establish interactive sessions through the IIS worker process. Once inside, the threat actors escalate privileges by bypassing User Account Control and enabling the Remote Desktop Protocol for persistent access.

Source

Microsoft develops Project Perception to automate vulnerability discovery with AI

Par : IT News
17 juillet 2026 à 15:50
Microsoft develops Project Perception to automate vulnerability discovery with AI
Microsoft is developing a next-generation security tool called Project Perception designed to identify and remediate software vulnerabilities using artificial intelligence. This initiative follows a massive surge in security fixes, with recent Patch Tuesday updates addressing a record 570 flaws. The system aims to compete with Anthropic’s Mythos model, which has already been credited with uncovering thousands of industry-wide bugs, including long-standing zero-day exploits.

Source

Satya Nadella criticizes Anthropic AI guardrails for being overly restrictive

Par : IT News
17 juillet 2026 à 12:04
Satya Nadella criticizes Anthropic AI guardrails for being overly restrictive
Microsoft CEO Satya Nadella recently criticized the restrictive nature of Anthropic’s high-end Fable 5 AI model during an internal meeting with engineers. He described the model as being "editorially controlled," arguing that its frequent refusal of user requests hinders its effectiveness as a creative tool. These remarks highlight growing friction between Microsoft and its partner, despite a $5 billion investment and a $30 billion agreement for Anthropic to use Azure cloud services.

Source

Xi Jinping opposes single-country dominance in AI regulation

Par : IT News
17 juillet 2026 à 12:04
Xi Jinping opposes single-country dominance in AI regulation
Chinese President Xi Jinping addressed the World Artificial Intelligence Conference in Shanghai, advocating for a collaborative international approach to AI development. He characterized the technology's growth as a "symphony of international cooperation" rather than a solo performance by any individual nation. This keynote marks his first appearance at the event, highlighting the strategic importance of AI to China’s national policy.

Source

GitHub repository admins can now archive pull requests to hide spam

Par : IT News
17 juillet 2026 à 12:04
GitHub repository admins can now archive pull requests to hide spam
GitHub has introduced a new moderation feature that allows repository administrators to archive pull requests instead of permanently deleting them. This capability is designed to help maintainers manage low-quality, spammy, or abusive contributions while preserving the data for internal records. When an administrator archives a pull request, the system automatically closes and locks the item to prevent further interaction.

Source

Evaluating the Microsoft 365 E5 step-up amid rising licensing costs

Par : IT News
17 juillet 2026 à 11:18
Evaluating the Microsoft 365 E5 step-up amid rising licensing costs
Microsoft is increasing the list price for M365 E5 to $60 per user while eliminating volume discounts, creating a significant financial hurdle for enterprise renewals. The value of the E5 "step-up" primarily rests on two pillars: the Defender security suite and Purview compliance tools. While Microsoft bundles additional features like Power BI Pro and Teams Phone, these often provide marginal value for organizations that do not require enterprise-wide telephony or advanced data visualization.

Source

Low cost data poisoning attacks compromise open weight AI models

Par : IT News
17 juillet 2026 à 11:18
Low cost data poisoning attacks compromise open weight AI models
A cybersecurity researcher demonstrated that open-weight AI models can be compromised with a backdoor for less than $100 in under an hour. By using as few as ten malicious training examples, the researcher successfully manipulated a model to generate code vulnerable to remote code execution. This type of attack, known as data poisoning, involves injecting targeted adversarial data into the training process to steer the model toward specific malicious behaviors.

Source

Microsoft Teams to automate AI meeting archiving and expand admin controls

Par : IT News
17 juillet 2026 à 11:18
Microsoft Teams to automate AI meeting archiving and expand admin controls
Microsoft Teams will soon automatically generate AI meeting archive files with a .meeting extension to enhance Copilot and Facilitator responses. These archives capture structured insights rather than raw transcript snippets and are stored in a secure, tenant-owned SharePoint Embedded container. Administrators can manage this feature through a new organization-wide policy setting, which is enabled by default for all eligible meetings.

Source

OpenAI confirms that GPT-5.6 Codex bug deleted user home directories in some cases

Par : IT News
17 juillet 2026 à 11:18
OpenAI confirms that GPT-5.6 Codex bug deleted user home directories in some cases
OpenAI has confirmed a critical bug in GPT-5.6 Codex that causes the unexpected deletion of user files on macOS and Linux systems. The issue occurs when the model is granted full-access mode without the protection of sandboxing or auto-review features. While the company describes the frequency of these incidents as rare, the resulting data loss is severe for affected users.

Source

Windows 11 July update adds Point-in-time Restore and advanced update controls

Par : IT News
17 juillet 2026 à 11:18
Windows 11 July update adds Point-in-time Restore and advanced update controls
The July 2026 mandatory update for Windows 11 introduces Point-in-time Restore, a robust recovery tool using the Volume Shadow Copy Service. This feature creates block-level snapshots of the entire system, including personal files and settings, allowing users to roll back to a known good state within a 72-hour window. It operates entirely offline and requires at least 200GB of total disk space to enable by default, utilizing up to 50GB for snapshot storage.

Source

Windows Server 2022 mainstream support ends in October 2026

Par : IT News
17 juillet 2026 à 11:18
Windows Server 2022 mainstream support ends in October 2026
Microsoft has issued a formal 90-day reminder that mainstream support for Windows Server 2022 will conclude on October 13, 2026. After this date, the operating system enters an extended support phase that is scheduled to last until October 14, 2031. During this five-year period, the vendor will continue to provide critical security patches at no additional cost to customers.

Source

CISA mandates urgent patching for exploited FortiSandbox command injection flaws

Par : IT News
17 juillet 2026 à 11:18
CISA mandates urgent patching for exploited FortiSandbox command injection flaws
CISA has added two critical vulnerabilities affecting FortiSandbox to its Known Exploited Vulnerabilities catalog following reports of active exploitation. The flaws, identified as CVE-2026-39808 and CVE-2026-25089, allow unauthenticated attackers to execute arbitrary operating system commands. These vulnerabilities impact the FortiSandbox threat detection platform, which organizations use to analyze suspicious files and URLs in isolated environments.

Source

CISA mandates urgent patching for exploited SharePoint remote code execution flaw

Par : IT News
17 juillet 2026 à 11:18
CISA mandates urgent patching for exploited SharePoint remote code execution flaw
The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-58644 to its Known Exploited Vulnerabilities catalog following evidence of zero-day exploitation. This critical flaw allows authenticated attackers with Site Owner permissions to execute arbitrary code on vulnerable on-premises SharePoint Server instances. The vulnerability stems from the deserialization of untrusted data, a process where a program improperly parses malicious data to recreate an object, leading to unauthorized command execution.

Source

Microsoft postpones Exchange Online PowerShell Credential parameter retirement

Par : IT News
17 juillet 2026 à 11:18
Microsoft postpones Exchange Online PowerShell Credential parameter retirement
Microsoft has extended the deadline for removing the Credential parameter from Exchange Online PowerShell modules following feedback from the administrator community. Originally scheduled for retirement in July 2026, the parameter will now remain supported on the client side until December 2026. This change specifically impacts the Connect-ExchangeOnline and Connect-IPPSSession cmdlets, which are frequently used to manage automated tasks.

Source

Moonshot AI releases Kimi K3 as the largest open-weight model to date

Par : IT News
17 juillet 2026 à 11:18
Moonshot AI has announced Kimi K3, a massive large language model featuring nearly three trillion parameters. This release marks a significant milestone as the first open-weight system to reach this scale, challenging the dominance of proprietary models. The model is specifically designed to handle high-end tasks including complex software development, multi-step reasoning, and advanced research.

Source

Anthropic and Blackstone launch Ode to bridge the gap in enterprise AI implementation

Par : IT News
16 juillet 2026 à 21:57
Anthropic and Blackstone launch Ode to bridge the gap in enterprise AI implementation
Anthropic and Blackstone have partnered with other major investment firms to launch Ode, a $1.5 billion joint venture focused on AI deployment. The company was formed through the acquisition of Fractional AI, a boutique engineering firm that previously collaborated with OpenAI. This initiative addresses a critical market gap where enterprises struggle to move AI projects from experimental pilots into full-scale production environments.

Source

❌
❌