Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Leaks hint at Operator-like tool in ChatGPT ahead of GPT-5 launch

Bleeping Computer - 2 hodiny 45 min zpět
A few new code references in the ChatGPT web app and Android point to an Operator-like tool in GPT's chain of thoughts. [...]
Kategorie: Hacking & Security

Leaks hints at Operator-like tool in ChatGPT ahead of GPT-5 launch

Bleeping Computer - 2 hodiny 45 min zpět
A few new code references in the ChatGPT web app and Android point to an Operator-like tool in GPT's chain of thoughts. [...]
Kategorie: Hacking & Security

xAI prepares Grok 4 Code as it plans to take on Claude and Gemini

Bleeping Computer - 3 Červenec, 2025 - 21:00
xAI is preparing the rollout of Grok 4, which replaces Grok 3 as the new state-of-the-art model. [...]
Kategorie: Hacking & Security

Police dismantles investment fraud ring stealing €10 million

Bleeping Computer - 3 Červenec, 2025 - 19:53
The Spanish police have dismantled a large-scale investment fraud operation based in the country, which has caused cumulative damages exceeding €10 million ($11.8M). [...]
Kategorie: Hacking & Security

Grafana releases critical security update for Image Renderer plugin

Bleeping Computer - 3 Červenec, 2025 - 18:16
Grafana Labs has addressed four Chromium vulnerabilities in critical security updates for the Grafana Image Renderer plugin and Synthetic Monitoring Agent. [...]
Kategorie: Hacking & Security

IdeaLab confirms data stolen in ransomware attack last year

Bleeping Computer - 3 Červenec, 2025 - 17:14
IdeaLab is notifying individuals impacted by a data breach incident last October when hackers accessed sensitive information. [...]
Kategorie: Hacking & Security

Microsoft investigates ongoing SharePoint Online access issues

Bleeping Computer - 3 Červenec, 2025 - 16:53
​Microsoft is investigating an ongoing incident causing intermittent issues for users attempting to access SharePoint Online sites. [...]
Kategorie: Hacking & Security

Tech layoffs this year: A timeline

Computerworld.com [Hacking News] - 3 Červenec, 2025 - 15:44

Among a range of factors leading to a wave of tech sector layoffs in 2025 is the rapid rise of artificial Intelligence (AI) and automation. Companies are reconfiguring their workforces to leverage AI for increased efficiency and reduced operating costs. This realignment and reduction is in redundancy is often implemented even by companies reporting strong financial performance.

But it’s not just AI leading to workforce cuts. Complementing this technological shift are ongoing economic uncertainty, inflation, and higher interest rates. This combo is driving companies to cut costs and streamline operations for increased efficiency.

As we hit the mid-point of 2025, this combination of AI-driven restructuring, economic uncertainty, and market normalization is shifting the tech employment landscape, indicating a shift to leaner, more AI-centric operations.

According to data compiled by Layoffs.fyi, an online tracker keeping tabs on job losses in the technology sector, 63,823 employees were laid off at 150 tech companies in first half of 2025, In 2024, 152,104 employees laid off by 547 companies, The site is also now tracking tech layoffs at U.S. federal government employees laid off by the U.S. DOGE. To date in 2024, it’s tracked 61,296 government employees laid at 171,843 total federal departures.

Here is a list — to be updated regularly — of some of the most prominent technology layoffs the industry has experienced recently.

Tech layoffs in 2025
  • Microsoft
  • Intel
  • Crowdstrike
  • HPE
  • Autodesk
  • HPE
  • CISA
  • Workday
  • Salesforce
  • Meta
July 2, 2025: Microsoft will cut 9,000 workers

Microsoft will lay off about 9,000 employees, a source familiar with the workforce cut told CNBC.  The cuts will reportedly affect less than 4% of Microsoft’s global workforce and will impact different teams, geographies and levels of experience. This is the latest in a string of cuts the tech giant has made this year.

June 17, 2025: Intel looks to factory layoffs to return to profitability

Intel will lay off up to 20% of its manufacturing sector employees starting in July, according to media reports, as the company looks for options as it seeks a return to profitability. The cuts reportedly will be made around the world, but some of the layoffs will be closer to home, according to a report in The Oregonian citing an internal company memo from Intel manufacturing Vice President Naga Chandrasekaran.

May 7, 2025: CrowdStrike to lay off 5% of staff

CrowdStrike announced a plan to cut about 500 roles, roughly 5% of its workforce, to streamline operations and reduce costs. The cybersecurity company will incur about $36 million to $53 million in charges related to the layoffs

March 6, 2025: HPE cuts 2,500 jobs, remains committed to Juniper buy

CEO Antonio Neri told Wall Street analysts that HPE would begin implementing a cost-cutting program involving layoffs of about 2,500 employees over the next 18 months. HPE employs about 61,000 people worldwide.

Feb. 27, 2025: Autodesk to lay off 9% of workforce

Software maker Autodesk is laying off 1,350 staff. With the rise of subscription and multi-year contracts billed annually, and self-service enablement, it finds it needs fewer sales staff, CEO Andrew Anagnost said in a message to employees. And with its cloud, platform, and AI products proving most profitable, it’s concentrating its staff and investments there.

Feb. 27, 2025: HP to lay off 2,000 more

As part of an ongoing restructuring, HP plans to lay off up to another 2,000 workers. In recent weeks, the company has tried — unsuccessfully — to do away with telephone support staff by forcing callers to wait for at least 15 minutes if they refuse to use self-service support resources online. The company swiftly backtracked, but wider job cuts are still on.

Feb. 21, 2025: CISA lays off 130

Government employees get laid off too: In this case, 130 workers at the US Cybersecurity and Infrastructure Security Agency are being shown the door as a result of a DOGE decision. Cybersecurity experts are concerned that the cuts will harm the international collaborations that CISA has fostered, quite apart from their concerns about the security of the DOGE layoff process itself.

Feb. 5, 2025: Workday lays off 1,750

As it moves to invest more in AI and international growth, Workday is laying off 8.5% of its workforce and disposing of unused office space. Some analysts fear the cutbacks will affect the company’s customer service — unless AI can pick up the slack.

Feb. 4, 2025: Salesforce lays off over 1,000

At the same time as it’s hiring sales staff for its new artificial intelligence products, Salesforce is laying off over 1,000 workers across the company, according to Bloomberg. As of June, 2024, the company had over 72,000 employees, according to its website. Salesforce did not comment on the report. In 2024 the company reportedly laid off around 1,000 staff too, in two waves: January and July.

Jan. 14, 2025: Meta will lay off 5% of workforce

Mark Zuckerberg told Meta employees he intended to “move out the low performers faster” in an internal memo reported by Bloomberg. The memo announced that the company will lay off 5% of its staff, or around 3,600 staff, beginning Feb. 10. The company had already reduced its headcount by 5% in 2024 through natural attrition, the memo said. Among those leaving the company will be staff previously responsible for fact checking of posts on its social media platforms in the US, as the company begins relying on its users to police content.

Tech layoffs in 2024
  • Equinix
  • AMD
  • Freshworks
  • Cisco
  • General Motors
  • Intel
  • OpenText
  • Microsoft
  • AWS
  • Dell
Nov. 26, 2024: Equinix to cut 3% of staff

Despite intense demand for its data center capacity, Equinix is planning to lay off 3% of its workforce, or around 400 employees. The announcement followed the appointment of Adaire Fox-Martin to replace Charles Meyers as CEO and the departures of two other senior executives, CIO Milind Wagle and CISO Michael Montoya.

Nov. 13, 2024: AMD to cut 4% of workforce

AMD will lay off around 1,000 employees as it pivots towards developing AI-focused chips, it said. The move came as a surprise to staff, as the company also reported strong quarterly earnings.

Nov. 7, 2024: Freshworks lays off 660

Enterprise software vendor Freshworks laid off around 660 staff, or around 13% of its headcount, despite reporting increased revenue and profits in its fourth fiscal quarter. The company described the layoffs as a realignment of its global workforce.

Sept. 17, 2024: Cisco lays off 6,000

After laying off around 4,200 staff in February, Cisco is at it again, laying off another 6,000 or around 7% of its workforce. Among the divisions affected were its threat intelligence unit, Talos Security.

Aug. 20, 2024: General Motors lays off 1,000 software staff

More than 1,000 software and services staff are on the way out at General Motors, signalling that it could be rethinking its digital transformation strategy. In an internal memo, the company said that it was moving resources to its highest-priority work and flattening hierarchies.

August 1, 2024: Intel removes 15,000 roles

Intel plans to cut its workforce by around 15% to reduce costs after a disastrous second quarter. Revenue for the three months to June 29 stagnated at around $12.8 billion, but net income fell 85% to $83 million, prompting CEO Pat Gelsinger to bring forward a company-wide meeting in order to announce that 15,000 staff would lose their jobs. “This is an incredibly hard day for Intel as we are making some of the most consequential changes in our company’s history,” Gelsinger wrote in an email to staff, continuing: “Our revenues have not grown as expected — and we’ve yet to fully benefit from powerful trends, like AI. Our costs are too high, our margins are too low. We need bolder actions to address both — particularly given our financial results and outlook for the second half of 2024, which is tougher than previously expected.”

July 4, 2024: OpenText to lay off 1,200

OpenText said it will lay off 1,200 staff, or about 1.7% of its workforce, in a bid to save around $100 million annually. It plans to hire new sales and engineering staff in other areas in 2025, it said.

June 4, 2024: Microsoft lays off staff in Azure division

Microsoft laid off staff in several teams supporting its cloud services, including Azure for Operations and Mission Engineering. The company didn’t say exactly how many staff were leaving.

April 4, 2024: Amazon downsizes AWS in a fresh cost-cutting round

Amazon announced hundreds of layoffs in the sales and marketing teams of its AWS cloud services division — and also in the technology development teams for its physical retail stores, as it stepped back from efforts to generalize the “Just Walk Out” technology built for its Amazon Fresh grocery stores.

April 1, 2024: Dell acknowledges 13,000 job cuts

Dell Technologies’ latest 10K filing with the US Securities and Exchange Commission disclosed that the company had laid off 13,000 employees over the course of the 2023 fiscal year; it characterized the layoffs and other reorganizational moves as cost-cutting measures. “These actions resulted in a reduction in our overall headcount,” the company said. A comparison to the previous year’s 10K filing, performed by The Register, found that Dell employed 133,000 people at that point, compared to 120,000 as of February 2024. Dell announced layoffs of 6,650 staffers on Feb. 6, but it is unclear whether those cuts were reflected in the numbers from this year’s 10K statement.

See news of earlier layoffs.

Kategorie: Hacking & Security

US lets China buy semiconductor design software again

Computerworld.com [Hacking News] - 3 Červenec, 2025 - 15:41

The US has lifted export restrictions on semiconductor design software to China, reversing a controversial policy imposed just six weeks ago that had threatened to cripple China’s chip design capabilities. 

The three leading semiconductor design software providers, Synopsys, Cadence Design Systems, and Germany’s Siemens, announced they had been notified that export license requirements for business in China are no longer in place. 

Kategorie: Hacking & Security

SSH Under Siege: Hardening Your Linux Server Against Proxy Abuse

LinuxSecurity.com - 3 Červenec, 2025 - 14:35
Let's be honest''your Linux server isn't the fortress you hope it is if your SSH setup isn't locked down tight. Recently, security teams have been tracking a spike in attacks, and it's not just the usual malware game we've seen before. Attackers are going low-key and crafty, exploiting weak SSH security to install legitimate tools like TinyProxy and Sing-box to turn compromised servers into proxy nodes. These tools are completely normal when used properly, but they're a dream for attackers who want to hide their tracks or sell access to your system.
Kategorie: Hacking & Security

Ivanti CSA Flaws Weaponized by Houken for Linux Rootkit Attacks

LinuxSecurity.com - 3 Červenec, 2025 - 14:15
Linux admins and infosec pros, we've got a real problem on our hands. There's a group out there''the Houken threat actor''that's not messing around. These guys have been targeting industries that form the backbone of society: government, telecoms, finance, you name it. Using unpatched Ivanti devices as their entry point, they're pulling off some slick and dangerous moves. This isn't some dime-a-dozen botnet attack or basic ransomware scheme''it's targeted, it's precise, and it's making life a nightmare for Linux admins tasked with safeguarding critical systems.
Kategorie: Hacking & Security

Microsoft: Exchange Server Subscription Edition now available

Bleeping Computer - 3 Červenec, 2025 - 14:03
Microsoft has announced that the Exchange Server Subscription Edition (SE) is now available to all customers of its enterprise email service. [...]
Kategorie: Hacking & Security

Hunters International ransomware shuts down, releases free decryptors

Bleeping Computer - 3 Červenec, 2025 - 12:53
​The Hunters International Ransomware-as-a-Service (RaaS) operation announced today that it has officially closed down its operations and will offer free decryptors to help victims recover their data without paying a ransom. [...]
Kategorie: Hacking & Security

Microsoft asks users to ignore Windows Firewall config errors

Bleeping Computer - 3 Červenec, 2025 - 12:02
Microsoft asked customers this week to disregard incorrect Windows Firewall errors that appear after rebooting their systems following the installation of the June 2025 preview update. [...]
Kategorie: Hacking & Security

The one secret to using genAI to boost your brain

Computerworld.com [Hacking News] - 3 Červenec, 2025 - 12:00

We’ve got a big problem on our hands. The public is using generative AI (genAI) to write, create, and think. But the brain is a use-it-or-lose-it organ — and we’re starting to lose it. 

That doesn’t have to happen to you. Here’s what you need to know about genAI-related brain rot, and the one approach that lets you take advantage of the technology while retaining and even enhancing your own natural intelligence. 

But first, let’s look at what science says about genAI brain rot.

Creativity

Research published by Carnegie Mellon University this month found that groups that turned to Google Search came up with fewer creative ideas during brainstorming sessions compared to groups without access to Google Search. Not only did each Google Search group come up with the same ideas as the other Search groups, they also presented them in the same order, suggesting that the search results replaced their actual creativity. 

The researchers called this a “fixation effect.” When people see a few examples, they tend to get stuck on those and struggle to think beyond them. For example, if you see “butter” and “jam” as things you can spread, you’re more likely to think of other foods and less likely to think of “rumors” or “disease.”

Earlier this year, The Journal of Creative Behavior published a study called “Am I Still Creative? The Effect of Artificial Intelligence on Creative Self-Beliefs.” That study looked at the difference between how creative people think they are in general and how creative they feel when working with AI. The researchers focused on “creative self-beliefs,” which means a person’s confidence in their own creative ability — they wanted to know whether using AI changes this confidence, and if so, how. 

The study found that most people felt less creative with genAI than without it. If someone already doubted their own creative skills, using it made them feel even less sure. Even people who usually felt very creative did not always feel that way when they used genAI. Trust in the technology helped, but it did not erase the feeling of lost creativity. People who saw genAI as a helpful tool sometimes felt more confident, but if they thought it was taking over, their sense of creativity dropped.

Importantly, the study also found that people who feel sure of their own creativity tend to achieve more in creative work. But this self-confidence does not always help when they use genAI.

Brain rot

new study from MIT’s Media Lab offers a rare glimpse inside the brain during the act of writing, with and without AI assistance. The team recruited 54 college students from the Boston area and had them write short essays under three conditions: 1) unaided, 2) using a search engine, or 3) with OpenAI’s GPT-4o chatbot. 

Each participant wore an EEG cap to track real-time brain activity. The experiment ran for four months, with each student writing three essays, and a fourth session where some swapped their assigned method.

Unfortunately, the results were exactly what you might expect. Students who wrote their essays without any outside help showed the highest brain activity, especially in regions tied to memory, creativity, and semantic processing. Those who used search engines showed less activity but still engaged their brains more than the group using the AI chatbot. The ChatGPT group showed the lowest brain activity of all, with up to a 55% drop in neural connectivity compared to the unaided group, as measured by a method called Dynamic Directed Transfer Function. (This technique tracks how information moves across different parts of the brain and is considered a good marker for executive function, attention, and semantic processing.)

It gets worse. When researchers asked students to recall or summarize what they had written, the genAI-assisted group remembered less and felt less ownership of their work. In the final session, when students who had used the tech were suddenly asked to write without it, their performance and brain engagement lagged behind those who had started out unaided. 

Researchers found that this “cognitive offloading” effect means users rely on genAI for tasks they would otherwise perform themselves, potentially undermining their own mental capabilities and creativity.

On the other hand, students who switched from brain-only to genAI showed a jump in brain connectivity when allowed to use the tool, but only when they already understood the topic.

The researchers said that the timing and context of genAI use matter. Using it after you’ve already engaged deeply with a topic can be helpful. But letting the tools do the heavy lifting from the start appears to short-circuit the learning process. 

The study’s bottom line: there’s a real tradeoff between the convenience of external support and the lasting benefits of internal effort.

Groupthink

Another risk from an over-reliance on genAI and search is originality. GenAI tools are actually changing how we think, feel, and act. Tools always shape our minds, from the typewriter to the PC. 

Social media platforms like TikTok, Facebook, and Instagram use AI to decide what we see. Their algorithms pick content based on what keeps us engaged. This often means we get more of what we already like or believe. Over time, this narrows our interests and beliefs. (Psychologists call this “preference crystallization.”)

Our knowledge of and perspective on the world becomes less our own and more what the algorithms feed us. They do this by showing us content that triggers strong feelings — anger, joy, fear. Instead of feeling a full range of emotions, we bounce between extremes. Researchers call this “emotional dysregulation.” The constant flood of attention-grabbing posts can make it hard to focus or feel calm.

AI algorithms on social grab our attention with endless new content. It shapes how we learn from others by controlling what social behaviors we see online. It even changes how we remember things, since we now rely on AI to store and recall information for us.

A similar effect happens when people use genAI-based chatbots unskillfully. 

When you ask chatbots like ChatGPT or Google Gemini a question, you get the most common answer from what people wrote online, a kind of consensus or average. When millions or billions of people are turning to chatbots for answers, you can see how that can become a social media-like echo chamber devoid of original thought.

The secret to brain-boosting use of AI

To elevate both the quality of your work and the performance of your mind, begin by crafting your paper, email, or post entirely on your own, without any assistance from genAI tools. Only after you have thoroughly explored a topic and pushed your own capabilities should you turn to chatbots, using them as a catalyst to further enhance your output, generate new ideas, and refine your results.

And don’t get your initial information from social media or those chatbots. Learn by reading high-quality books and magazine articles; only after that traditional learning should you expose your mind to the same subjects on social or chatbots. 

Brainpower and creativity are a use-it-or-lose-it proposition. So, challenge yourself and then —  and only then — turn to genAI to learn just a little bit more. Always turn to technology at the end, never the beginning, of any endeavor. 

Kategorie: Hacking & Security

Why I hope Apple keeps investing in on-device AI

Computerworld.com [Hacking News] - 3 Červenec, 2025 - 11:55

Recent reports say Apple may use artificial intelligence models from OpenAI or Anthropic to provide the smarter Siri experience it promised us over a year ago. That’s good in the sense that it means we’ll get yesterday’s jam tomorrow, but it may mean the company ceases to invest as much as it should in the development of genAI models that run on the device.

This concerns me because I think on-device, edge-based intelligence has a huge part to play in the future evolution of AI services. I think there are lots of reasons for this to be the case — security and privacy, obviously, but also for another good reason: the network.

The network, don’t forget the network

Switched-on tech purchasers are making huge investments in network infrastructure to support the AI services they hope to deploy across their companies.

A recent Cisco survey tells us that 97% of IT leaders see the network as critical to rolling out rolling out AI, IoT, and cloud, and 91% of them plan to increase the amount of money they spend on networking as a result. They’re also investing in data centers, and all of them seem to think that the networks themselves need to become smarter.

“AI is changing everything — and infrastructure is at the heart of that reinvention. The network has powered every wave of digital transformation, accelerating the convergence of IoT, cloud, hybrid work, and defending against rising security threats,” said Chintan Patel, CTO and Vice President Solutions Engineering, Cisco EMEA in a press release.

“IT leaders know the network they build today will shape the business they become tomorrow. Those who act now will be the ones who lead in the AI era.” 

The thing is, when it comes to network resources, we already know that the best way to optimize network capacity is to offload traffic to other services where possible. That’s why phones like to use Wi-Fi for calls, for example. Why would it be any different for AI? 

Making AI mundane again

Once you accept that optimizing access to these resources is what’s happening, it becomes easier to accept that one way to reduce demand is to create AI models that run on the device itself. Apple’s devices are, after all, equipped with super powerful low-energy processors and should be more than equal to a range of AI-driven tasks. That’s why it makes sense for the company to invest and continue to invest in genAI models that can work on the device, as so many Apple Intelligence models already do.

The conservation of network resources isn’t predicated only on cost efficiency, but also response. Look at it this way: as AI is inevitably more widely deployed in mission-critical environments, any kind of lag between an AI request and resolution of that request is unacceptable.

Just as you don’t want an AI-powered vehicle to suffer from lag as it approaches a pedestrian crossing, you don’t want lag to hit a rail traffic management system as two express trains speed toward each other on the same track. In some situations, network-derived lag costs lives, and while the drip-fed TV broadcast images of human misery we see so regularly today suggests lives don’t matter as much now as they did at the end of the last century, it still makes sense to offload mundane requests like spelling, summarization, and transcription so more critically important needs can be met within the context of network congestion and scarcity.

This also means it makes sense to continue to invest in edge intelligence. 

Eyes on the prize(s)

Doing so answers another burning need in enterprise deployment for privacy and security. It simply seems better to put more intelligence on the edge device. That means creating focused AI models capable of running on the device.

Doing so dramatically reduces the attack surface, eliminates network-derived lag, and ensures better privacy.

That’s why intelligence at the edge will inevitably become more important over time. Apple’s own on-device Apple Intelligence tools are likely to be the first in a larger suite, though building out that suite may take a while. That time frame is reflected in Apple’s purported decision to open Siri up to additional AI services.

In the end, as you can see, a confluence of factors make intelligence at the edge vital to the overall AI ecosystem. As more and more services and systems become network-reliant, all stakeholders will seek to offload some of those demands elsewhere (just as mobile telcos already shift traffic to Wi-Fi when they can), and the most logical place to run at least the most commonplace demands will be on the devices themselves. Every genAI transaction that can be handled on the device means one less whirl on the server and the preservation of the fragment of power it takes to send the instruction there and back again. 

So, who will make the mobile AI infrastructure?

Of all the AI firms I’m reading about, and all the Big Tech firms working with them, only Apple seems to have made significant investment in delivering such services in this way. That doesn’t mean it is the only one, nor does it mean it will succeed — it may already have declared failure internally — but the direction remains the same: networks will become smarter and devices more capable of handling more complex models natively.

With that in mind, despite the relatively short-term obstacles Apple seems to face, in the longer term it still makes sense for it to invest in on-device AI, because that is the direction of travel. And that’s why I hope Apple continues to invest in it.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Kategorie: Hacking & Security

Microsoft’s Exchange Server Subscription Edition now GA to replace standalone Exchange 2016 and 2019

Computerworld.com [Hacking News] - 3 Červenec, 2025 - 03:18

If you’re an enterprise still hosting on-premises Exchange 2016 or Exchange 2019 email, it’s time to stop dragging your feet: Microsoft has now made Exchange Server Subscription Edition (SE) generally available to replace them.

SE is just what it sounds like: Enterprise users must soon buy subscription licenses for all users and servers. The change, now in effect, comes with an immediate 10% price hike for standalone on premises server products, as well as a 15% increase for the on-prem Core CAL Suite and a 20% increase for the on-prem Enterprise CAL Suite, effective August 1.

For Exchange Server SE, Microsoft explained, in addition to purchasing the required Server licenses and CALs, customers must also maintain an active subscription. This means purchasing either:

  • Cloud subscription licenses for all users and devices that access Exchange Server SE (for example, Microsoft 365 E3 or E5 licenses); or
  • Exchange Server SE Server licenses and CALs with Software Assurance (SA).

The tech giant will officially end support for Exchange Server 2016 and 2019 on October 14, meaning it will provide no more updates, technical help, bug fixes, or security patches.

Enterprises can continue to use Exchange Server 2016 and 2019 after end-of-life (EOL), but they do so at their own risk, the company said.

Moving to a ‘modern lifecycle policy’ with continuous service and support

“With an EOL date some 3.5 months away, this will give laggards (and those with compliance and business reasons to remain on-prem) a supported path forward,” said John Annand, digital infrastructure practice lead at Info-Tech Research Group.

Microsoft released its final cumulative update (CU) for Exchange Server 2019 in February, which means that, if customers want to keep email on-premises, they must upgrade to the SE licensing model to keep receiving support and updates. If ready to make the shift to the cloud, they can also choose Microsoft’s fully-hosted platforms Exchange Online or M365.

“Exchange SE demonstrates our commitment to ongoing support for scenarios where on-premises solutions remain critical,” Microsoft wrote in a blog post.

The good news is that SE will be governed by Microsoft’s ‘modern lifecycle policy,’ meaning it will be an evergreen product that receives continuous service and support. There will be no fixed end dates for the release, allowing customers to keep configurations fresh.

“This will create unique opportunities to simplify, streamline, and modernize the product over the coming years,” Microsoft said. 

The company said it will continue releasing Exchange SE CUs at the “same cadence” of two per calendar year, with security or hotfix updates — targeted software updates to address specific, typically critical issues that arise between CUs — released as needed.

Analysts point out that this shouldn’t be unexpected: Microsoft has been making it known for some time that it intended to end support for 2016 and 2019 Exchange editions and move to a subscription model.

But Annand pointed out that, three years ago, there were still rumored to be around 300,000 physical servers on prem with 7.3 billion mailboxes.

Of course, Microsoft wants to “see more money in the bank,” he noted, pointing to the 10% price increase on server licensing and a 15% or 20% increase on client access licensing, depending on the purchasing vehicle.

“Price increases are never welcomed by customers, and our members are no different,” Annand said. “That being said, they’re resigned to that fact of life. As long as MS continues to let them host their data locally and manage the update cycle (as opposed to updates being forced on them, as with Exchange Online), they’ll grudgingly acquiesce.”

How to upgrade to Exchange SE

The final Exchange Server 2019 update incorporates all prior security patches and introduces server-side components for Feature Flighting, an optional cloud-based service that supports immediate updating when new features become available. This can help ensure stability and security up to EOL this fall.

Microsoft advises upgrading to Exchange SE as soon as possible and decommissioning Exchange 2016 or 2019. After moving to SE, as of SE CU2, enterprises will no longer be able to also have Exchange 2016 or 2019 servers on premises.

Organizations have two upgrade options: A legacy upgrade that requires new servers, or an “in-place” upgrade (available only for Exchange 2019), which involves downloading and installing the latest upgrade package.

During this process, there can be some disruption, Microsoft said, as mailboxes will be temporarily paused; however, enterprises can plan around this by performing upgrades overnight, on the weekend, or when offices are otherwise closed.

Microsoft pointed out that the move to SE is unlike previous releases, as it does not contain a major code upgrade and does not have any major changes. No new license keys are required, no features were added or removed, no installation prerequisites were changed and there are no Active Directory schema changes.

While there’s little time left, analysts advise organizations still on Exchange 2016 or 2019 to build a migration strategy, plan extensively, and assess infrastructure needs to avoid migration headaches. Beyond budgeting for extra costs, they said, it’s also helpful to have project managers, IT personnel skilled in Exchange, and support from vendors skilled in migration available during the changeover.

Kategorie: Hacking & Security

NimDoor crypto-theft macOS malware revives itself when killed

Bleeping Computer - 2 Červenec, 2025 - 21:36
North Korean state-backed hackers have been using a new family of macOS malware called NimDoor in a campaign that targets web3 and cryptocurrency organizations. [...]
Kategorie: Hacking & Security

Google to give enterprises control over beta Workspace feature rollouts

Computerworld.com [Hacking News] - 2 Červenec, 2025 - 21:29

Google is adding a new feature that allows system administrators to control when users try out beta features in Workspace.

The features in Workspace typically pop up silently within menus and interfaces, but some companies might want a slower rollout. “As an administrator, you can choose whether your users can try out early general availability Google features or wait until after they’re released by selecting a release track,” Google said in a support document.

There are two paces at which the beta features can be rolled out. A “Rapid Release” track will make new features available to users immediately. A “Scheduled Release” track allows enterprises to roll out new features at a gradual pace. 

The latter will be available starting July 15.

“Your users get new features at least one week after they’re released to Rapid Release domains,” Google said. “This gives you more time to prepare your organization for changes.”

Google isn’t alone in tweaking how updates are rolled out. Microsoft, for instance, has also made changes to how Microsoft 365 support updates are done. The company is encouraging enterprises to adopt more frequent software updates.

Microsoft and Google are rapidly pushing out new generative AI (genAI) features for their productivity suites. Microsoft has close to 1,000 new M365 features under development, with most involving Copilot. For its part, Google maintains a weekly feature release calendar, with most of the new features based on Google’s Gemini AI model.

The companies are hoping to get users on to genAI features quickly and collect feedback from them to develop more functionality and automation tools in the productivity suites.

Google this week also made Gemini available in Google Docs on Android devices in more than 20 languages. The company also released its genAI video tool called Vids to Workspace for Education customers.

More on Google Workspace:

>
Kategorie: Hacking & Security

DOJ investigates ex-ransomware negotiator over extortion kickbacks

Bleeping Computer - 2 Červenec, 2025 - 21:14
An ex-ransomware negotiator is under criminal investigation by the Department of Justice for allegedly working with ransomware gangs to profit from extortion payment deals. [...]
Kategorie: Hacking & Security
Syndikovat obsah