Kategorie

A British national known online as "IntelBroker" has been charged by the U.S. for stealing and selling sensitive data from dozens of victims, causing an estimated $25 million in damages. [...]

Threat actors are abusing the ConnectWise ScreenConnect installer to build signed remote access malware by modifying hidden settings within the client's  Authenticode signature. [...]

A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft's ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. [...]

A new wave of North Korea's 'Contagious Interview' campaign is targeting job seekers with malicious npm packages that infect dev's devices with infostealers and backdoors. [...]

Google has released Gemini 2.5 Pro-powered Gemini CLI, which allows you to use Gemini inside your terminal, including Windows Terminal. [...]

Citrix is warning that a vulnerability in NetScaler appliances tracked as CVE-2025-6543 is being actively exploited in the wild, causing devices to enter a denial of service condition. [...]

When MS-DOS 5.0 was released in 1991, one of the big innovations was the MS-DOS Editor, a classic text editor that quickly became popular with users. Now, Microsoft has developed a new version of MS-DOS Editor called Edit, according to Ars Technica.

Compared to the original, Edit offers a number of improvements, including support for Unicode. In addition, the 300-kilobyte limit has been removed, meaning users can work with gigabyte-sized files if they want.

Edit was written in the Rust programming language and is based on open-source code. And it doesn’t require Windows to run; the text editor works just as well on macOS or Linux.

If you want to try Edit, it can be downloaded from Github.

Google subsidiary Deepmind has unveiled Gemini Robotics On-Device, a new version of the Gemini AI model meant to be used in robots and work without an internet connection. The new model reportedly supports natural language, making it easy to control the robot’s movements.

In terms of performance, Gemini Robotics On-Device performs almost as well as the connected Gemini Robotics, Techcrunch reports.

Developers interested in working with Gemini Robotics On-Device can download the Gemini Robotics SDK from Github.

WinRAR has addressed a directory traversal vulnerability tracked as CVE-2025-6218 that, under certain circumstances, allows malware to be executed after extracting a malicious archive. [...]

A recent vulnerability in Citrix NetScaler ADC and Gateway is dubbed "CitrixBleed 2," after its similarity to an older exploited flaw that allowed unauthenticated attackers to hijack authentication session cookies from vulnerable devices. [...]

“Stay on the right side of risk.” That’s what a new advertisement from Microsoft says, urging businesses and consumers to upgrade their Windows 10 PCs in the coming months. After all, Windows 10 will stop getting security updates in October. That’s now only four months away.

Microsoft has spent a lot of time talking about how wonderfully fast Windows 11 PCs are — especially its Copilot+ PCs, which are the focus of a major marketing campaign. However, as the clock ticks down to October, Microsoft is starting to shift from talking about the carrot (those performance improvements) to the stick (the security threats Windows 10 PCs will face).

But Microsoft has a weird history here — the company even patched major Windows XP threats years after officially ending support for that platform, repeatedly breaking its own update policy. That’s why it was no surprise when Microsoft announced a grand compromise a few weeks after I wrote the original version of this article: Consumers will be able to get that extra year of security updates for free (without the $30 fee).

To do so, they’ll just have to use Windows Backup to sync their settings to the cloud — or redeem 1,000 Microsoft Rewards points. That settings sync method is particularly easy, and it means all you have to do is sign into your personal Windows 10 PC with a Microsoft account and set up the syncing. The new options will be presented via an “enrollment wizard” in the Settings window. Businesses, however, will still have to pay.

So let’s look at what to expect, whether you’re managing a fleet of business PCs or you have a Windows 10 PC at home.

Got Windows 10 — or Windows 11? Sign up for my free Windows Intelligence newsletter. I’ll send you free copies of Paul Thurrott’s Windows Field Guides as a bonus, too!

What’s happening with Windows 10 today

First, a quick refresher: Microsoft will officially end support for Windows 10 on Oct. 14, 2025. After that date, Microsoft will stop issuing security updates for Windows 10 (at least, based on its current statements and guidance in that area).

Existing Windows 10 PCs will keep working, but they won’t get security updates. For a business, this is obviously a problem — just as it’s a big problem for home PC users.

Microsoft does have a solution for people who don’t want to upgrade immediately. It’s called Windows 10’s Extended Security Updates (ESU) program. You can pay a fee for up to three years of extra security updates. Individuals can only purchase one year’s worth of updates, however. Businesses will have to pay $61 per device for the first year, $122 device for the second year, and $244 device for the third year. Consumers can only get one year, and it’ll cost $30 — but Microsoft has now announced some easy ways to do that for free as a compromise, as mentioned a moment ago.

It’s worth noting that this applies only to typical editions of Windows 10. Microsoft also offers a Long-Term Service Channel (LTSC) of Windows to enterprises, which has a different software lifecycle. (In other words, the LTSC version of Windows 10 won’t stop getting security updates in October 2025.)

Windows 10 PCs are ramping up the messages about Windows 11 — and security warnings around sticking with Windows 10.

Chris Hoffman, Foundry

Will Microsoft change its mind?

While Microsoft has mostly plowed forward with its plans to ax Windows 10, the situation is a mess. We’ve never seen any version of Windows that was this popular right before it was exiting support. Microsoft doesn’t release information about Windows version usage, but third-party estimates put Windows 10 use at 53% of Windows PCs worldwide and 43% of Windows PCs in the US, specifically.

Microsoft initially said that it would immediately stop issuing security updates for Microsoft 365 subscription apps such as Word, Excel, and PowerPoint on Windows 10 after October 14, 2025. However, the company recently backpedaled: it now says Microsoft 365 apps will be supported with security updates through Oct. 10, 2028.

Additionally, Microsoft’s offer to sell an extra year of security updates to home PC users for $30 is new. It has never done this before. Previously, ESUs have only been for businesses. Microsoft can now shrug and say that people who want to keep using Windows 10 in a secure way have a way to pay for that security — at least for the first year. And they can even get it for free if they’re individual consumers!

I doubt we’ll see Microsoft cancel the big October deadline. In fact, Microsoft watered it down, offering a way to get on the ESU update path for free to consumers. I wouldn’t be shocked to see Microsoft offer a second year of ESUs as an option to home users if Windows 10 use remains high come October 2026, too.

This also helps Microsoft cover itself. Let’s say there’s a huge Windows 10 security problem and Microsoft executives are dragged in front of Congress to answer for it. They can say that they do offer security updates to consumers, but consumers have to sign up for it like any other service. That’s a better answer than, “We sell extended updates to businesses but not to consumers.”

The Windows XP lesson

If there is a huge security problem for Windows 10 PCs down the line, I would expect Microsoft to patch Windows 10, anyway. The company did this for Windows XP several times.

While Windows XP support ended in 2014, Microsoft released patches for Windows XP in 2017 (to patch WannaCry) and even in 2019 to prevent worms from exploiting a vulnerability. That was five years after Windows XP’s official end-of-life marker.

That doesn’t mean Windows XP machines were secure, exactly — but that Microsoft at least had an eye on blocking the worst threats that could take root on Windows XP systems and cause problems for the rest of the internet.

Don’t want to pay? You have options

Microsoft would prefer to nudge you into buying a new PC. That’s what that fee is all about: Microsoft wants people to see the $30 fee and decide it’s time to buy a new Windows 11 laptop after all. Or, at the very least, by signing in with a Microsoft account and syncing your settings, Microsoft wants you to start thinking about how easy a hardware upgrade would be. Microsoft’s marketing is performing a pincer move here: talking not just about the security risks of sticking with Windows 10 but the upgraded performance, battery life, and AI features of getting a new Windows 11 laptop. Microsoft wants businesses to see the steeply increasing fee and make plans to buy new hardware.

But you certainly don’t have to go down that road. If you have a Windows 10 PC you want to keep using, but with truly secure software at its core, you could keep it, ditch Windows and install a Linux distribution on it. You could also install Google’s ChromeOS Flex, a version of ChromeOS Google offers for existing PCs. Both are free.

There are also ways to upgrade some existing Windows 10 PCs to Windows 11, even if Microsoft says the upgrade isn’t “officially supported.” For a home PC, this is one way to keep getting security updates for an old Windows 10 PC — by bumping it up to Windows 11. Some PCs that are just below the hardware cutoff for Windows 11 will work great, while older PCs might not perform as well.

Additionally, you could instead consider 0Patch. That’s a company that creates security software designed to run in the background and use “micropatches” that block known security vulnerabilities from running. The service wouldn’t be free for Windows 10, but it is less expensive than most other options. And, for home users, it looks like it’ll be a way to keep getting a sort of security protection for Windows 10 after that first year.

I’ve spoken to the company, and they seemed eager to keep supporting Windows 10 for as long as it’s a good investment — they’re not eager to move on from Windows 10.

The Windows 10 PCs getting left behind

Let’s consider things from Microsoft’s perspective: Windows 10 was released on July 29, 2015, which means the operating system has had just over a decade of support. That same year, Google released the Nexus 6P with Android 6.0 Marshmallow. Google stopped supporting both the Nexus 6P and that version of Android back in 2018.

Windows 11 was released in October 2021, but most PCs released in 2019 to 2020 could upgrade to it — even many of those released in 2018 to 2019 might be able to do so, too.

The most realistic worst-case scenario here is that if you bought an older Windows 10 PC in 2019 and it can’t upgrade to Windows 11, you still got roughly six years of use from it. Also, if it’s that close to the cutoff, you likely can upgrade it to Windows 11, just through an “unofficial” upgrade method that Microsoft leaves open with a wink and a nudge.

Still, your Windows 10 PC’s long life is no consolation if you’re happy with your hardware and you feel like you’re having your arm twisted into upgrading when you’d rather not.

PCs are becoming so good that, assuming they boot and run well, it’s easy to treat them as an appliance. If you don’t feel like upgrading, why should you? After all, aren’t we supposed to be avoiding unnecessary e-waste? By avoiding the upgrade, you’re arguably helping Microsoft achieve its sustainability goals. Microsoft should thank you!

If your PC is so old that it can’t realistically be upgraded, though, Microsoft is right: Newer PCs are a lot faster, and even a budget-tier Windows 11 PC will deliver a much nicer experience. And between the “unofficial” way to upgrade to Windows 11, switching to desktop Linux, and Google’s ChromeOS Flex software, there are lots of paths forward for Windows 10 hardware that still has useful life left in it.

Want more in-depth Windows analysis and useful PC tips? Sign up for my free Windows Intelligence newsletter. I’ll send you three new things to try each Friday.

The French police have reportedly arrested five operators of the BreachForum cybercrime forum, a website used by cybercriminals to leak and sell stolen data that exposed the sensitive information of millions. [...]

SAP’s open-source energy management app, Power Monitor, shows how you could manage energy costs for your devices — and your Mac could help you do so.

Designed for business users managing large fleets, the app should also benefit consumers concerned about energy use. It’s a great example of a tool that does one useful thing well, which is track Mac energy use and calculate cost.

Who doesn’t worry about energy costs? They’ve risen steeply since 2020. That concerns people using Macs at home, but price is a major worry for larger enterprises managing hundreds of Macs in a challenging business environment. Managing energy also matters to larger enterprises struggling to adopt ISO 50001 energy management systems, and we know Apple understands energy use.

What is SAP’s Power Monitor?

Available via GitHub, Power Monitor is designed to help enterprise users get a handle on sustainability efforts. If you are someone who continues to cling to the faith that human impact on the environment is minimal, then Power Monitor does do something else useful, too – it calculates your energy costs. 

What’s neat about the app is that it provides you with this information in a very Apple-like way. Open it up and at a glance you’ll see your current system power in Watts, along with average power, highest peak power, and energy costs that day. You can also see how much CO2 has been emitted by the energy use of your Mac. You can access this information in the app or via the Menu bar.

The application requires you to enter your energy costs and can let you activate flexible energy tariffs for those with suppliers that charge different rates at different times of day. You gain a good, in-depth overview of the costs and consequences of Mac use.

Screenshot

Jonny Evans

When it comes to managed fleets, IT can poll this data from across their devices to gain excellent oversights into energy use. If you’re running a business that uses dozens, hundreds, or thousands of Macs, you’ll already know that this information can tangibly help manage costs. It’s the kind of information any graduate of the Apple-supported Clean Energy Procurement Academy needs sometimes.

What alternatives exist?

I’m sure there are other apps that deliver similar insights, but they seem hard to find. Those I did find either track use on a per-app basis (like Activity Monitor), or are tied to specific energy suppliers, which SAP’s app is not. The Home app will track electricity use across compatible HomeKit devices, but doesn’t track the cost of running your Mac or, weirdly, any other Apple device on the network.

I find it strange that, at a time of rapidly accelerating energy costs, finding an off-the-shelf solution to help manage those costs appears challenging. That should change, which is why I think Apple should Sherlock SAP’s Power Monitor app and provide this simple but useful tool within macOS. 

Why isn’t this a Mac feature already?

Why isn’t a feature like this already inside Macs?

Perhaps because people haven’t said they need it. Or maybe Apple just doesn’t want to remind people that using their Mac costs money? Potentially, it is because the most popular Macs work on battery power. There may be perfectly good reasons not to include a tool of this kind, but one more major reason Apple should do so is for bragging rights.

You see, we already know Macs deliver more performance per watt than other systems, thanks to the five-year-old move to Apple Silicon. What better way to show how that low energy promise translates into real economic benefit than by making it possible to track accurate performance/energy costs against the estimated costs per hour when using other platforms? 

Would you use Power Monitor?

Enterprises attempting to tally their carbon emissions to achieve compliance with national climate targets will eventually demand access to data of that kind. Why not make this information an operating system feature? And why not make this available across all Apple’s products, rather than only Macs? Do you think Apple should integrate a tool like this to help you manage your fleets?

I do.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Microsoft’s latest Windows 10 Extended Security Updates announcement reveals a telling double standard: while home users get multiple free pathways to maintain security beyond the October 2025 deadline, enterprises face the same expensive pay-or-migrate ultimatum.

The software giant announced in a blog post that individual consumers can secure an additional year of Windows 10 security updates for free, either through Windows Backup, or by redeeming 1,000 Microsoft Rewards points. They also have the option to access the updates by paying a $30 fee.

Meanwhile, businesses must still pay $61 per device for first-year coverage, with costs doubling annually thereafter, and there are no pathways to free access.

“ESU coverage for personal devices runs from Oct. 15, 2025, through Oct. 13, 2026,” Microsoft said in its blog post. But businesses? They’re still looking at the same three-year, escalating fee structure with no free alternatives.

Industry experts see Microsoft’s approach as strategic pressure rather than customer accommodation.

“This fee is a nudge towards Windows 11 and confirms that the vendor has a firm intention to see enterprise customers moving to Windows 11,” said Dario Maisto, senior analyst at Forrester Research.

Enterprise reality: Same expensive options, different messaging

Microsoft first launched its Windows 10 Extended Security Updates program in April 2024 with enterprise-focused pricing: $61 per device for year one, $122 for year two, and $244 for year three. Tuesday’s announcement doesn’t change those enterprise rates.

Business options remain available through the Microsoft Volume Licensing Program, with Cloud Service Provider partners able to sell commercial ESUs starting September 1. Maisto notes this timing “should ease the impact of these measures on the vendor’s cloud services revenue strategy.”

For organizations with 1,000 Windows 10 devices, Microsoft’s ESU program represents a $61,000 first-year commitment. A three-year ESU commitment totals $427,000, enough to purchase significant new hardware.

However, Maisto observes that “many organizations may rather pay the ESU subscription than make major investments in accelerating Windows 11 hardware refresh cycles,” particularly given current economic uncertainties and geopolitical volatility.

Current StatCounter data shows that Windows 10’s market share stands at 53% of the global Windows market, with Windows 11 at 43%. In enterprise environments, where hardware refresh cycles are longer, Windows 10 penetration often runs higher.

The strategic calculation and planning time

Sanchit Vir Gogia, chief analyst at Greyhound Research, warned that enterprises viewing ESU as a long-term solution are accumulating “strategic debt.” He noted that relying on ESU instead of refreshing devices may offer short-term budget relief but defers readiness for AI-era workloads.

However, Maisto pointed to a silver lining: “This additional time will give enterprises a breath to plan for Windows 11 adoption and do a proper risk assessment regarding security and compliance issues related to staying on Windows 10.”

Microsoft’s approach reflects calculated pressure: make staying on Windows 10 expensive enough to drive migration decisions, while offering consumers relief to avoid platform defection. The cloud exception for Windows 365 and Azure Virtual Desktop users proves Microsoft’s priorities — steering organizations toward higher-margin, recurring revenue streams.

Maisto noted that organizations are “trying to understand which scenario will materialize given the current geopolitical volatility,” with each organization taking “a different path depending on its risk appetite.”

Compliance gaps and enterprise risks

Extended Security Updates deliver only critical and important security patches. Even after paying $61 per device, IT departments won’t receive new features, non-security bug fixes, or technical support.

Gogia emphasized that ESU creates compliance risks beyond basic security. “Microsoft’s ESU program may keep vulnerabilities patched, but it doesn’t close the compliance gap,” he said. “Without support for evolving identity frameworks, telemetry, or zero-trust baselines, Windows 10 — even patched — is an aging platform.”

For regulated industries, the absence of advanced encryption support or newer multi-factor authentication integrations may result in failed audits. “Security updates alone do not equal a secure posture — especially in regulated sectors,” Gogia noted.

Maisto acknowledged this will “ease the pressure on organizations in these already turbulent times,” but warned each enterprise must conduct proper risk assessments when weighing ESU against immediate Windows 11 migration.

The cloud backup enterprise dilemma

Microsoft’s free consumer ESU option requires enabling cloud backup through Microsoft services — a condition that creates enterprise policy conflicts.

“Microsoft is not just offering patches — it’s offering them in exchange for cloud footprint expansion,” Gogia explained. The cloud backup requirement raises concerns for organizations managing complex data residency and encryption frameworks.

Many enterprise policies disallow external backups that bypass data loss prevention workflows. For regulated enterprises in healthcare and public infrastructure, defaulting to cloud sync may violate internal mandates.

Implementation complexity

Organizations evaluating ESU face complexity that consumer programs don’t address. Devices must run Windows 10 version 22H2, potentially requiring extensive patch management before ESU activation.

The enrollment process integrates with volume licensing systems rather than simplified consumer wizards. Enterprise IT teams must coordinate with procurement, legal, and finance departments for multi-year ESU agreements.

Most critically, Microsoft offers no technical support as part of ESU programs. Organizations paying premium prices still depend on community forums or expensive Microsoft consulting services for implementation issues.

Microsoft’s enhanced Windows 10 ESU program confirms that enterprises are expected to pay their way through the transition while consumers get multiple free options. The timing of Cloud Service Provider availability in September aligns with Microsoft’s cloud revenue strategy.

Both analysts agree the program serves Microsoft’s interests while providing enterprises limited relief. “It’s security with strings — and a subtle shift in monetization logic,” Gogia said.

For IT leaders, this represents both breathing room and continued pressure. While ESU provides time for proper Windows 11 planning and risk assessment, the escalating costs ensure that staying on Windows 10 becomes increasingly expensive each year, exactly as Microsoft intended.

With Microsoft set to stop security updates for Windows 10 in October — unless you pay extra — security is top of mind for many businesses and individual users right now. And whether you’re planning on sticking with Windows 10 or you’ve already upgraded to Windows 11, there’s almost certainly more you can do to increase your PC’s security.

Here’s a look at some of the actual software tools you can use to make your system more secure — not basic behavioral advice like “don’t run sketchy software” or broad, theoretical tips on avoiding threats online. That’s all fine advice, but we’ve all seen it before. 

Instead, we’re going to dive deep into worthwhile tweaks and critical checks in the Windows software already on your PC. They’re simple steps that’ll make an immediate impact on your system’s security and the protection of your professional and/or personal data — and they’re right there just waiting to be used.

Want more Windows PC tips? Sign up for my free Windows Intelligence newsletter. I’ll send you free Windows Field Guides as a special welcome bonus!

Windows security boost #1: Block bad apps

Windows can automatically block “potentially unwanted apps,” but it doesn’t do so by default. The phrase “potentially unwanted apps” is a euphemism for programs that aren’t technically malware or anything illegal, but they may do things you don’t want — like spy on you or show ads. Also called “potentially unwanted programs” or “PUPs,” they’ve been dubbed “malware with a legal team” — an obvious exaggeration, but not exactly wrong.

To ensure Windows is blocking these, launch the “Windows Security” app from the Start menu, select “App & browser control,” click “Reputation-based protection settings,” and ensure “Potentially unwanted app blocking” is set to “On.”

Windows can block annoying apps — but the setting isn’t on by default.

Chris Hoffman, Foundry

Windows security boost #2: Check your encryption

Modern Windows PCs automatically set up “Device Encryption” when you sign into them with a Microsoft account, ensuring someone who steals your laptop can’t get access to your private files. But, again, the option might not always be activated by default out of the box. To check whether your PC storage is encrypted, open the Start menu, search for “BitLocker,” and select “Manage BitLocker.”

The BitLocker page in the Control Panel will show if your PC’s storage is encrypted.

Chris Hoffman, Foundry

If you don‘t see that your PC’s storage is securely encrypted with either Device Encryption or BitLocker, there are two possible explanations:

• You’ve signed in with a local account and need to sign in with a Microsoft account to activate the Device Encryption feature on your PC.
• You’re using an older PC that doesn’t support Device Encryption, and you need to pay for an upgrade to the Professional edition of Windows to activate the BitLocker feature.

For what it’s worth, Device Encryption is more of a “BitLocker light” experience without all the features, while BitLocker is the full-featured, more customizable disk encryption software. However, they’re built on the same underlying technology, and both will securely encrypt PC files. 

Read my BitLocker encryption guide for more information.

Windows security boost #3: Consider your syncing setup

On both Windows 10 and 11, Microsoft wants OneDrive to automatically sync folders such as your Desktop, Documents, and Pictures folders. Their contents will be stored in your Microsoft account online and synced between your PCs.

That can be convenient, but depending on the data you work with, you might not want to sync it to your Microsoft account. It’s a matter of data security — especially within organizations, which often want to maintain close control over corporate data.

To control exactly what OneDrive is doing on your PC and what it’s syncing, consult my guide to taming OneDrive on Windows.

Windows security boost #4: Turn off less secure sign-ins

Windows normally lets you sign in by typing your password. If you use a Microsoft account, that same password will be your Microsoft account’s online password. If you have a PC with Windows Hello biometric sign-in support — a fingerprint reader, facial recognition, or both — you can turn off password sign-ins and opt to sign in only with those more secure biometric methods.

To do this, head to Settings > Accounts > Sign-in options. Under Additional settings, activate, “For improved security, only allow Windows Hello sign-in for Microsoft accounts on this device.”

Once that’s done, if someone else does gain access to your PC, they won’t be able to sign into it — even if they’ve captured your Microsoft account password. For optimal security, beyond that, be sure to use a long PIN and avoid typing it in public. (Your PC will enforce a limit on how often people can guess the PIN, so it doesn’t have to be uncrackable — just hard to guess.)

Windows security boost #5: Activate ransomware protection

Ransomware literally holds your files for ransom. The malware encrypts your files and prevents you from accessing them until you pay up — often with Bitcoin or another cryptocurrency.

To prevent ransomware from running roughshod over your files, Windows has a “Controlled folder access” feature that will keep questionable-looking apps from tampering with your Documents, Pictures, Music, and Video folders. It’s designed to let friendly apps through, but it might block apps you use and require you to let them through manually. However, it will still provide extra protection — if you’re willing to accept a little bit of extra configuration and the occasional extra bit of hassle.

Here’s what you need to know about Controlled folder access — and how to set it up.

Windows security boost #6: Double-check Office updates

Do you use Microsoft Office? If so, you should ensure it’s getting security updates. I’ve noticed many people end up with outdated versions of Office that aren’t still getting security updates — sometimes even because they (or someone) turned off the Office updates without realizing the implications. It’s important to protect Office from threats that could arrive via malicious downloaded documents, so that’s not an advisable move.

To confirm that your Office setup is in good shape, open an Office app (like Word), click “File,” and click “Account” at the bottom left corner of the window. Look at the Update Options button at the right side of the window and ensure it says “Updates are automatically downloaded and installed” — if not, you can click “Update options” to activate automatic updates.

If you’re using an outdated version of Office, it won’t warn you — it’ll just stop downloading security updates.

Chris Hoffman, Foundry

You should also look at the name of your Office product at the top of the window in this same area. If it says you’re using “Microsoft 365,” then you’re using Microsoft’s subscription-based version of Office that will always get updates.

If it says a specific version (like Office 2021), be sure to consult the end of support table on Microsoft’s website for more information. (As of now, Office 2016 and Office 2019 are set to be phased out in October 2025, while Office 2021 has until October 2026. Office 2024 has until October 2029.)

Windows security boost #7: Check whether your apps are current

Windows apps don’t necessarily always update themselves with security updates. It’s one of the big security challenges on Windows, and it forces many organizations to roll their own software update strategies to monitor and deliver security patches. While Microsoft is finally moving toward fixing this, it’s still a problem.

First, ensure apps managed by the Store app are actively receiving updates. Launch the Store from the Start menu, click your profile picture, and click “Settings.” Ensure the “App updates” option is set to “On.” (Even if you don’t use the Store, many apps included with Windows can still be updated using it.)

Second, check to see whether you have vulnerable, out-of-date apps installed. You can use tools like the winget command built into Windows, the slick UniGetUI tool for it, or Patch My PC’s free Home Updater tool.

Windows security boost #8: Activate isolation

Windows has a variety of low-level system hardening features that will make the Windows system kernel — the core part of Windows — harder to exploit. They should work well with modern PCs, and many of them may be activated automatically, depending on how old your computer is. In general, if you aren’t using extremely old hardware drivers or other low-level software, they should just work — and boost your PC’s security.

To activate them or confirm that they’re active, open the Windows Security app from your Start menu. Click “Device security” and then “Core isolation details.” (This is available on both Windows 10 and 11, but you might not see it, or you might see different features — it depends on the specifics of your PC and what its hardware supports.)

The options you see on the Core isolation settings screen will depend on your PC’s hardware.

Chris Hoffman, Foundry

When you activate any one of these security features, Windows will check to see whether it will work well on your system. If it won’t — for example, if you have an old hardware driver that doesn’t work properly with one of these features — Windows will generally spot the problem and turn the feature off automatically.

Windows security boost #9: Start sandboxing

While it’s always a good idea to avoid sketchy software, let’s say you do want to run a program without giving it too much access to your system. In any such scenario, I recommend using the Windows Sandbox — a feature that requires the Professional edition of Windows 10 or 11.

The Windows Sandbox creates a temporary Windows environment within Windows, letting you run software without giving it to access the rest of your files and hardware. To activate it — assuming you have the right edition of Windows — open the “Turn Windows features on or off” tool from the Start menu and install the “Windows Sandbox” feature.

Since this does require the Professional edition of Windows, many people and organizations won’t have access to it. You can always install Windows in a virtual machine like VirtualBox, too, and run software in there as an alternative.

Windows security boost #10: Consider tighter protection settings

Many years ago, I recommended installing exploit-protection software like Microsoft’s EMET (Enhanced Mitigation Experience Toolkit) or Malwarebytes Anti-Exploit. These days, it generally isn’t necessary; Windows has integrated its own native anti-exploit protection to provide your programs with extra protection from attacks.

To see these settings, you can open the Windows Security app from the Start menu, click “App & browser control,” and click “Exploit protection settings.”

Almost everything there should be turned on by default. If you want some extra security, you could activate “Force randomization for images (Mandatory ASLR).” However, this could cause problems with some old programs, so you’ll probably want to skip it.

I recommend leaving it alone — and feeling secure that anti-exploit protection is now part of Windows and the type of thing you don’t have to hunt down separately, just like antivirus software.

Want more in-depth Windows analysis and useful PC tips? Sign up for my free Windows Intelligence newsletter today. I’ll send you three new things to try each Friday.

Google’s Android tablet saga is a seemingly endless series of almosts, what ifs, and coulda-beens — and now, we’ve got one more chapter to add into that book.

First, a quick and very pertinent three-part power-round of context catch-up. Part one:

• Way back in 2010, Google bought a company called BumpTop and seemed set to bring its wild three-dimensional interface concepts into the Android tablet arena — as I pieced together and recounted some years back.
• But then, by 2011, with new leadership in place, the BumpTop concepts were mostly set aside.
• And instead, in 2011, Google came out with an ambitious and almost completely different interface for large-screen Android tablet experiences with the Android 3.0 Honeycomb release. The software reimagined every bit of how we interact with our devices in an effort to take full advantage of the newfound screen space and create a more efficiency-optimized, productivity-minded environment.
• But then — well, y’know: Google Googled. It failed to get developers on board with its vision, lost focus, pivoted, then flailed for a while, ultimately eliminating most of the Honeycomb concepts and making tablets look and work exactly like Android phones.

That’s the first chapter, in a sense. Then came the middle part of the story — part two, for our purposes:

• In 2015, Google came out with an awkwardly positioned Android tablet called the Pixel C. It brought back a kinda-sorta tablet-optimized interface, but something always seemed slightly strange about the product — and certain slivers of sleuthing suggested it might’ve originally been intended to be a ChromeOS, not Android, device.
• By 2017, the lack of any focus or momentum on Android tablets led me to declare that the Chromebook was, for all intents and purposes, the new Android tablet. It was clear by then that Google didn’t see much future in the tablet form or reason to invest in making it a good experience at the platform level.
• And sure enough, by 2020, the company confirmed to me that it was done making its own tablets and would focus instead on laptop-style devices for its own self-made products.

You might think the fairy tale ends there — but, no siree, Bob, we’ve got another era yet. Here’s part three:

• In 2022, I discovered and reported that one of Android’s lesser-known original co-founders had rejoined the company with the title of of “CTO, Android tablets.”
• At the same time, word broke that Google was giving up on laptops, in a dizzying reversal from its two-years-earlier about-face.
• And sure enough, in 2023, the flip-flop finished and Google revealed it was back in the tablet game with the Pixel Tablet and its bold but never fully realized ideas about reinventing the Android tablet as a whole new type of line-blurring device.
  • Initially, the Pixel Tablet was meant to be a smart-home control panel that you also used as a lean-back-style, more passive-use tablet. The problem is that while the device was — and still is! — an excellent tablet, the smart-home side of the experience felt weirdly half-baked and not especially exceptional.
• Soon, the Pixel Tablet narrative shifted, and it looked like Google was gearing up to reinvent the device as more of a computer-replacing desktop system in its next iteration — with a wild new Android desktop mode at its core and, according to reports, native keyboard and stylus accessories to flesh out that picture.
• But then the second-gen Pixel Tablet was reportedly cancelled before it ever even saw the light of day.

And that — insert massively exaggerated deep breath here… — brings us to today.

[Psst: Got a Pixel? Any Pixel? Check out my free Pixel Academy e-course to discover all sorts of advanced intelligence lurking within your phone and/or tablet!]

Your guess is as good as mine as to if Google will ever put out its own tablet again and how many more about-faces we might be facing, but for now, what we have is that aforementioned pile of almosts, what ifs, and coulda-beens. And the latest of ’em is the productivity-centric future the Pixel Tablet almost brought us but never quite had the opportunity to deliver.

And that’s where things get freshly interesting:

1. The key software piece of that puzzle — the Android desktop mode — is, in fact, still being actively developed. It’s now a part of the latest Android 16 quarterly update beta, with the main purpose of letting you plug an Android phone into a monitor and then use it like a computer later this year.
2. As part of that development, the feature is now available on the original Pixel Tablet, with that beta Android version installed and the appropriate developer-level option enabled.
3. And, thanks to the wild luck and generous sharing of a member of my Intelligence Insider uber-geek community, I got my grubby hands on what very much appears to be the never-released Google Pixel Tablet Pen — a.k.a. the stylus we never saw as a part of the Pixel Tablet’s unrealized future.

So without further ado, here it is:

srcset="https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?quality=50&strip=all 1600w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=300%2C183&quality=50&strip=all 300w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=768%2C468&quality=50&strip=all 768w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=1024%2C623&quality=50&strip=all 1024w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=1536%2C935&quality=50&strip=all 1536w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=1145%2C697&quality=50&strip=all 1145w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=276%2C168&quality=50&strip=all 276w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=138%2C84&quality=50&strip=all 138w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=789%2C480&quality=50&strip=all 789w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=591%2C360&quality=50&strip=all 591w, https://b2b-contenthub.com/wp-content/uploads/2025/06/01-google-pixel-tablet-pen-stylus.jpg?resize=411%2C250&quality=50&strip=all 411w" width="1024" height="623" sizes="(max-width: 1024px) 100vw, 1024px">What by all counts is the unreleased Google Pixel Tablet Pen, in the author’s suspiciously sweaty paw.

JR Raphael, Foundry

The Pen has a clear “Designed by Google” logo on its flat edge, along with the address of Google’s Mountain View campus. It also sports the code “GM0KF,” which — drumroll, please… — is the exact same code noted in a leak about the stylus’s existence last December.

A code on the stylus’s side says “GM0KF,” which matches the code on earlier materials about the product.

JR Raphael, Foundry

The Pen’s tip has a shiny silver metal button with a Google “G” logo printed atop it.

A familiar “G” logo adorns the stylus’s top.

JR Raphael, Foundry

And, yes, it is a dead ringer for the product pictured in that leak. We’re looking at the same exact thing.

The stylus looks exactly like what’s pictured in previously leaked Pixel Tablet Pen materials.

JR Raphael, Foundry

(I’ve reached out to Google several times over the past several days to see if it could provide any context or comment at all about the product, its existence, and if or when it might ever actually be released. As of this writing, the company has yet to offer any information.)

I charged the stylus via the built-in USB-C port, and it immediately started working on my Pixel Tablet. When I hold the Pen’s tip just above the Pixel Tablet’s screen, selectable elements beneath it respond and pop a bit to indicate they’re pressable. If it’s a text field — like the search box on the home screen — a cursor icon appears, and touching the Pen to the box pulls up a pop-up about how to use the stylus to write and have words automatically converted into text as well as how to perform a variety of editing operations entirely with the stylus.

A demo window explains how the Pixel Tablet Pen works in terms of writing and text editing.

JR Raphael, Foundry

Once that demo window is closed, I can just write anywhere on the screen, anytime. Once I bring the Pen close to the Pixel Tablet’s display, that same cursor icon appears, and the entire screen essentially turns into an open surface for input.

You can write anywhere on the Pixel Tablet’s screen and have your words turned into text.

JR Raphael, Foundry

The writing-to-text conversion works quite well, even with my drunken-toddler-level chicken-scratch handwriting. The Pen performs great on surfaces meant for freestyle writing, too, like with the drawing feature in Google Keep. Its input is smooth and consistent, and it’s incredibly easy to use.

The Android Google Keep app is especially well-suited to input with the Pixel Tablet Pen.

JR Raphael, Foundry

Those unofficial reports from a while ago showed an animation indicating that pressing the Pen’s button would pull up a “quick note-taking app” of some sort sort, but that doesn’t seem to work for me. The button doesn’t do anything at all, as far as I can tell — which probably isn’t surprising, since any such function would presumably require a missing software update in order to work.

Beyond that, there isn’t a heck of a lot remarkable about the hardware itself. The Pen has a soft-touch finish and feels light and comfy to hold. Oh, and it even sticks magnetically to a specific spot on the back side of the tablet itself as well as the official Google Pixel Tablet case — which certainly seems like a deliberate touch.

The stylus sticks to the back of the Pixel Tablet as well as its case in a deliberate-seeming position.

JR Raphael, Foundry

Android’s still under-development desktop mode works nicely with the Pen to create a more computer-like experience, meanwhile — especially if you also hook up a keyboard accessory of some sort. The software isn’t quite there yet, though, and is certainly nowhere near the level of true desktop-caliber productivity you get with a Chromebook, in large part because of the ways the Chrome Android app differs from the native desktop version.

But Google seems determined to close that gap, so we’ll see how things progress over time. That mission, however, appears to be more about bringing Android into the desktop domain than bringing the desktop domain into Android — for the moment, at least, though as we’ve seen so many times before, you never know how Google might change its mind in the future.

For now, this is mostly just a glimpse at another Android tablet almost — as far as the Pixel Tablet and the Pen are concerned. It’s an eye-opening look at a future we’ll probably never experience, in this specific scenario. And it’s the latest in a long, ever-expanding line of Android tablet coulda-beens.

Don’t let yourself miss an ounce of Pixel magic. Start my free Pixel Academy e-course and discover tons of hidden features and time-saving tricks for whatever Googley gadget you’re carrying!

Enterprise users of leading large language models are at risk of making private information public, according to a new study on the data collection and sharing practices of organizations such as Meta, Google, and Microsoft that reveals they are collecting sensitive data and sharing it with unknown third parties.

In fact, businesses may face even greater risks than the multitude of individuals who use the various LLMs, according to the findings from Incogni, a personal data removal services and data privacy company.

“Employees frequently use generative AI tools to help draft internal reports or communications, not realizing that this can result in proprietary data becoming part of the model’s training dataset,” the company said. “This lack of safeguards not only exposes individuals to unwanted data sharing, but could also lead to sensitive business data being reused in future interactions with other users, creating privacy, compliance, and competitive risks.”

Ron Zayas, the CEO of Incogni’s business and government division Ironwall, said, “the analogy would be that we spend a lot of time as businesses making sure that our emails are secure, making sure that our machines lock themselves down after a certain period of time, of following SOC 2 protocols, all these things to protect information.” But now, he said, the concern is that “we’ve opened the door, and we have employees feeding information to engines that will process that and use it [perhaps in responses to competitors or foreign governments].”

To evaluate the LLMs, Incogni developed a set of 11 criteria that allowed it to assess the privacy risk in each, and compiled the results to determine each program’s privacy ranking in the areas of training, transparency, and data collection and sharing. From these, it also derived an overall rating.

Key findings in Incogni’s study revealed that:

• Le Chat by Mistral AI is the “least privacy invasive platform, with ChatGPT and Grok following closely behind. These platforms performed the best when it comes to how transparent they are on how they use and collect data, and how easy it is to opt out of having personal data used to train underlying models.”
• LLM platforms developed by the biggest tech companies turned out to be the most privacy-invasive, the report said, with Meta AI (Meta) being the worst, followed by Gemini (Google) and Copilot (Microsoft).
• Gemini, DeepSeek, Pi AI, and Meta AI don’t seem to allow users to opt out of having prompts used to train the models.
• ChatGPT turned out to be the most transparent about whether prompts will be used for model training, and it had a clear privacy policy.
• Grok (xAI) may share photos provided by users with third parties.
• Meta.ai “shares names, email addresses and phone numbers with external entities, including research partners and corporate group members.”

What not to tell AI

Justin St-Maurice, technical counselor at Info-Tech Research Group, said that from a corporate perspective, “training your staff on what not to put into tools like ChatGPT, Gemini, or Meta’s AI is critical.”

He added, “just as people are taught not to post private or sensitive information on social media, they need similar awareness when using generative AI tools. These platforms should be treated as public, not private. Putting personally identifiable information (PII) or proprietary company data into these systems is no different than publishing it on a blog. If you wouldn’t post it on LinkedIn or Twitter, don’t type it into ChatGPT. The good news? You can do a lot with these tools without needing to expose sensitive data.”

According to St-Maurice, “if you’re worried about Meta or Google sharing your data, you should reconsider your overall platform choices; this isn’t really about how LLMs process your data, but how these large corporations handle your data more generally.”

Privacy concerns are important, he said, “but it doesn’t mean organizations should avoid large language models altogether. If you’re hosting models yourself, on-prem or through secure cloud services like Amazon Bedrock, you can ensure that no data is retained by the model.”

St-Maurice pointed out that, in these scenarios, “the LLM functions strictly as a processor, like your laptop’s CPU. It doesn’t ‘remember’ anything you don’t store and pass back into it yourself. Build your systems so that the LLM does the thinking, while you retain control over memory, data storage, and user history. You don’t need OpenAI or Google to unlock the value of LLMs; host your own internal models, and cut out the risk of third-party data exposure entirely.”

What people don’t understand, added Ironwall’s Zayas, “is that all this information is not only being sucked in, it’s being repurposed, it’s being reused. It’s being publicized out there, and it’s going to be used against you.”

Google confirmed that Imagen 4, which is the company's state-of-the-art text-to-image, is rolling out for free, but only on AI Studio. [...]

AI startup Anthorpic is planning to add a memory feature to Claude in a bid to take on ChatGPT, which has an advanced memory feature. [...]

Google Cloud has donated its Agent2Agent (A2A) protocol to the Linux Foundation, which has now announced a new community-driven project called the Agent2Agent Project. [...]