Kategorie

Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. "Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

French AI company Mistral has released several updates to its generative AI assistant Le Chat and made it available on Android and iOS. Mistral describes the tool as a comprehensive genAI assistant for both life and work that can be used to access the latest news, plan daily tasks, keep track of projects, upload and summarize documents, and more.

Le Chat is accessed through a chat-like user interface and, according to Mistral, has the fastest inference model in the world. It is also reported to be significantly better at generating images than OpenAI ChatGPT. But Le Chat does not yet have a voice mode.

The AI assistant is available in both a free version and a new paid version that costs $15.49 per month. The paid subscription provides access to the company’s latest AI model, higher user limits, and the ability to opt out of sharing data with Mistral.

Enterprise users now have the option to deploy Le Chat in their own environment with custom models and a customized user interface. That is not yet possible with, for example, ChatGPT Enterprise or Claude Enterprise.

In November, Mistral rolled out a tool to automatically delete offending content.

Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company's Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. [...]

Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. [...]

Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. [...]

In its limited wisdom, the deeply unpopular UK government has decided to break privacy for the entire world, slamming Apple with a top secret order that demands blanket access to personal data. Apple must create a “back door” to enable surveillance, according to The Washington Post. It’s a deeply dangerous, unaccountable, draconian demand that threatens privacy, free expression, commerce, and will ultimately make no one safe. 

What makes this even more insidious is the secrecy around the application of the law. Not only is Apple unable to either confirm or deny that it has been told to create this back door, but the UK Home Office will not do so either. Making this worse, while Apple can appeal the demand, it can only do so in a secret court and must deliver the demanded access even before that appeal is heard.

In other words, the government is demanding access to everybody’s encrypted iCloud backups, you don’t get told the government is doing it, there’s no right of appeal against it and, one more thing — it applies internationally. This would effectively give UK spies access to every iCloud backup that exists globally.

Apple might suspend some UK services

It is thought that Apple could withdraw some of its services from the UK market as a result, as it warned it might when the law was first articulated in 2023.  At that time, it called the measure a “serious, direct threat” to security and privacy. It also warned that the global nature of the regulation meant the company could not obey, even if it wanted to, because doing so would force the firm to break other rules, such as those surrounding data privacy.

“End-to-end encryption is a critical capability that protects the privacy of journalists, human rights activists, and diplomats. It also helps everyday citizens defend themselves from surveillance, identity theft, fraud, and data breaches,” the company said.

Even if Apple does withdraw some of its services from the UK, that may not be enough. That’s because the law demands global access, which means UK security agencies can, with few safeguards, demand access to data from anyone. The Post mentioned Advanced Data Protection on iCloud as one service Apple might stop offering to the market, but the regulation seems to imply that if you are a US citizen, the UK (for some insane reason) can still demand access to your encrypted iCloud data.

Sheer and utter folly

I can’t articulate strongly enough how insanely foolish this is; even the FBI agrees encryption is a good thing.

As I’ve argued forever, and as state-sponsored surveillance attacks such as those by the NSO Group should prove, there really is no such thing as a secure back door. Once any such opening exists, it will proliferate. Apple will be forced to share these keys with governments on a global basis, including less trustworthy or unstable regimes, or those willing to support privatized surveillance-as-a-service firms. 

That means it is only a matter of time before all your information becomes an open book to rogue governments, state-sponsored attackers, criminals, and anyone else with a desire to profit from your digital data. 

That’s a threat to you, to free speech and democracy, and also a massive attack against the privacy and security essential to maintain digital commerce. Far from making people safer, the UK demand threatens everyone. More to the point, if the deep state is smashing down iCloud’s doors, it will be smashing down digital doorways everywhere. “Breaking encryption for one breaks encryption for all,” warns Privacy International.

Draconian, unprecedented, unaccountable, dangerous

Needless to say, those who understand the importance of privacy, encryption, and the internet, are furious at the UK government’s demand. 

Rebecca Vincent, the interim director of privacy and civil liberties campaign group Big Brother Watch, said: “We are extremely troubled by reports that the UK government has ordered Apple to create a backdoor that would effectively break encryption for millions of users — an unprecedented attack on privacy rights that has no place in any democracy. 

“Big Brother Watch has been ringing alarm bells about the possibility of precisely this scenario since the adoption of the Investigatory Powers Bill in 2016. We all want the government to be able to effectively tackle crime and terrorism, but breaking encryption will not make us safer. Instead, it will erode the fundamental rights and civil liberties of the entire population — and it will not stop with Apple.

“We urge the UK government to immediately rescind this draconian order and cease attempts to employ mass surveillance in lieu of the targeted powers already at their disposal.”

“In doing this, the government [is] attempting to undermine the security of millions of users, which would expose them to higher risks of cybercrime,” said James Baker, platform power program Manager at Open Rights Group. “They are failing in their primary duty to protect British citizens. The government want[s] to be able to access anything and everything, anywhere, any time. Their ambition to undermine basic security is frightening, unaccountable and would make everyone less safe. WhatsApp and other services will be next in their sights.

“They seek to do this in secret, with minimal accountability, and potentially global impacts,” he said. “It is straightforward bullying.”

Index on Censorship warned: “Our message to the UK government: please don’t trade in our privacy under the misguided belief it’ll tackle crime. Encryption is essential to privacy and the right to privacy and free expression go hand-in-hand. They should be protected not eroded.”

“There are plenty of other, better ways to catch those involved in criminal activity than this,” wrote Jemima Steinfeld, CEO of Index on Censorship. “All this will do is make the average person in the UK much less safe online and give a green light to autocratic states to follow-suit.”

This must be opposed 

I’m horrified and appalled at the move. I consider it a shameful threat to all forms of digital civil liberty and warn that it will create far more harm than it will resolve. Ultimately, privacy is a human right, not a feature, and the removal of such rights should at least be a matter of public and democratic debate, which it has not been. As it stands, this UK overreach should be opposed not only by civil rights advocates, but by anyone else who uses — or provides — online services of any kind, and certainly by any nation that does protect privacy among its citizens.

The UK must think again or become a digital pariah on the world stage. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, Mastodon, and MeWe. 

An attempt to block a phishing URL in Cloudflare's R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. [...]

A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user andRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. [...]

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could [email protected]

Windows 11's January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings. [...]

Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. [...]

The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution.  This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks: [email protected]

Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NETRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Back in the 1990s, Windows power users often availed themselves of a set of small, free software tools from Microsoft collectively known as “PowerToys.” (Read about their history at Wikipedia.) Microsoft abandoned these mini-utilities during the Windows Vista, 7, and 8 years but reintroduced them in May 2019 as an open-source project on GitHub.

In both incarnations, these tools have always sought to help out with everyday tasks, such as resizing images; creating easy-to-use Windows desktop layouts; running programs; or looking up keyboard shortcuts. Handy stuff!

There’s a lot more going on in the current crop of PowerToys than many readers might know about, so it’s a good idea to survey what’s inside that toybox. While some of the original ’90s PowerToys have been re-created and updated for Windows 10 and 11, many others are brand new. Recently, the PowerToys team has even started adding elements of the venerable Sysinternals toolkit (e.g., ZoomIt) into the mix.

Here’s an introduction to the two-dozen-plus PowerToys available today and how to take advantage of these highly useful, compact, and capable tools.

In this article:

• Obtaining and installing PowerToys
• Using PowerToys
• Meet the Windows PowerToys
• What’s coming for PowerToys

Obtaining and installing PowerToys

Unlike the ’90s tools, which had to be downloaded and installed individually, there’s now a single PowerToys app that gives users access to all available PowerToys tools in one go. When this app was introduced in 2019, it was available only through GitHub.

It’s still available that way: visit the PowerToys GitHub page, click the Latest release icon at lower right, then download and install the .exe that matches your target PC — x64 or ARM64, per-user or machine-wide. (I recommend machine-wide because it will work for all users on a given PC.)

But a GitHub visit is no longer necessary. Instead you can get the PowerToys app from the Microsoft Store (and take advantage of its auto-update capabilities).

Or you can use the built-in Windows package manager, WinGet, to install (and then update) it at the command line if you prefer. To install the latest version, open an administrative Windows Terminal session (either PowerShell or Command Prompt will work) and type:

Winget install PowerToys

Then, to update PowerToys automatically or directly, type:

Winget upgrade –all –include-unknown #updates all incl PowerToys

Winget upgrade PowerToys #only updates PowerToys

For more information on installing PowerToys, visit the “Installing PowerToys” page at Microsoft Learn.

Once you’ve got PowerToys installed on a PC, you can open the app by searching on PowerToys in the Windows search box or typing PowerToys into the Run box. You’re good to go.

Using PowerToys

By default, PowerToys is a startup item, so it fires off once the Windows desktop appears after boot-up. It becomes part of the Windows runtime that way, and makes its tools available using their keyboard shortcuts any time you need them.

To access PowerToys settings, tools, and info, click its icon in the notification area at the right-hand side of the Windows 10 or 11 taskbar. This brings up a Shortcuts window with access to various PowerToys, and some key buttons, as shown in Figure 1.

Figure 1: Click on the PowerToys icon in the taskbar’s notifications area to pop up this menu.

Ed Tittel / Foundry

What you see in this Shortcuts menu is an abbreviated list of PowerToys tools. If you click More, you can access All apps with a scrolling control at the far right.

Look at the buttons at the lower right in Figure 1. The page icon (left) takes you to the Microsoft Learn pages for PowerToys where the whole shebang is described, documented, and depicted. The debug icon (middle) creates a bug report file from PowerToys and deposits it on your desktop. You’re supposed to visit the Issues page at the PowerToys GitHub home, and may use that information as part of a “New issue” filing if you find that necessary.

The real action is from the rightmost icon, which shows the familiar Settings gear. As you might guess, this takes you to PowerToys Settings, where the Dashboard pane (shown in Figure 2) appears by default.

Figure 2: The PowerToys Dashboard presents toggles for all PowerToys and shows their current state. (Partial image: there are too many to show at once!)

Ed Tittel / Foundry

This Dashboard is helpful in showing you the status (on or off) for all PowerToys. Note that the PowerToys are organized into five categories, which appear at the left in Figure 2:

• System Tools: Various controls over OS appearance and desktop or app window contents (includes Advanced Paste, Awake, Color Picker, PowerToys Run, Screen Ruler, Shortcut Guide, Text Extractor, and ZoomIt).
• Windowing & Layouts: Tools to control how windows on the desktop interact, stack, and get arranged (includes Always On Top, Crop and Lock, FancyZones, and Workspaces).
• Input / Output: Tools for mouse and keyboard management and control (includes Keyboard Manager, Mouse utilities, Mouse Without Borders, and Quick Accent).
• File Management: A plethora of File Explorer add-ins (context menus, usually) and file controls (includes File Explorer add-ons, File Locksmith, Image Resizer, New+, Peek, and PowerRename).
• Advanced: A grab-bag of tools for command line, networking, and registry access aimed at savvy power users (includes Command Not Found, Environment Variables, Hosts File Editor, and Registry Preview).

The “General” item near the top of that left-hand list is also worth getting to know; it’s where you’ll find global info about and general settings for PowerToys (partially shown in Figure 3).

Figure 3: The General settings pane provides version info, an update button, and other PowerToys controls.

Ed Tittel / Foundry

This is the pane where you can see that PowerToys will “Run at startup” by default. You can also guide how PowerToys behaves when run in administrator mode, what it looks and acts like, adjust backup and restore settings, and enable or disable use of experimental features. (The PowerToys team, under the able direction of team lead Clint Rutkas, issues regular previews with experimental or planned features.)

Meet the Windows PowerToys

The initial set of eight PowerToys released in 2019 has now more than tripled, with new tools rolling out steadily. As I wrote this story, the total count was 26 across the categories mentioned earlier. (In the list that follows, I present the PowerToys in alphabetical order, not by category.)

Inside PowerToys, you’ll find a lot to learn, like, play with, and put to good use.

Advanced Paste: Lets you manipulate the format for clipboard content. You can paste whatever you’ve cut as plain text, markdown, or .json using the tool directly, or more simply with direct keystroke sequences. (By default, Win key + Shift + V opens the Advanced Paste tool, and Win key + Ctrl +Alt + V pastes as plain text.) You’ll find additional clipboard controls and key combinations (paste as file, as .txt file, as .png file, and as .html file) as well, as shown in Figure 4. There’s even an AI-based function, but it requires users to supply their own OpenAI key to put it to work.

Figure 4: The Advanced Paste PowerToy includes AI options, clipboard controls, and various key combos for quick use.

Ed Tittel / Foundry

Always On Top: Keeps an open window pinned on the top display layer so that it’s always visible. Once enabled, its shortcut key combo is Win key + Ctrl + T. It plays a brief sound as it pins any window and shows a thick blue border around pinned windows for easy recognition — all configurable in the settings. You can even create an exclusion list to prevent certain apps from responding to this tool. Always on Top works best when you have ample screen real estate; I use it mostly on multi-monitor setups.

Awake: Keeps a PC awake independent of its power and sleep settings. It’s primarily designed to enable completion of long-running tasks that might otherwise be interrupted or paused by sleep kicking in or the display(s) turning off. Figure 5 shows the options available to control how long the PC stays awake.

Figure 5: Awake lets you control wake behavior and keep the display on as well.

Ed Tittel / Foundry

Color Picker: A small widget that lets users obtain codes for colors anywhere in the visible display area(s) in Windows 10 or 11 (HEX, RGB, HSL, CMYK, etc.). Once it’s enabled, press Win key + Shift + C to activate Color Picker, then select a color on your screen. Color Picker copies the color’s code in the format you’ve set (HEX, RGB, HSL, CMYK, etc.) to the clipboard so you can easily paste it into a graphics program, HTML markup, or anyplace else you might need such a color code.

Command Not Found (CNF): A PowerShell (PS) module that snags the PS error code for an unrecognized command, then looks up and offers to install plausible WinGet packages if they’re available. Behind the scenes, this adds an item to the Windows Terminal profile and makes sure PS 7.4 (or higher) is running and that the WinGet Client PowerShell module is installed. The net result is depicted in Figure 6. (Visit CNF’s settings for more info.)

Figure 6: After the error message (red) appears, CNF takes over to suggest possible vim installs.

Ed Tittel / Foundry

Crop and Lock: Lets you create a smaller window in which to display an application (called Reparent mode and triggered by the keyboard shortcut Win key + Ctrl + Shift + R) or show a desktop thumbnail (Thumbnail mode, with shortcut key combo Win key + Ctrl + Shift + T). Either way, position the cursor inside the app window you wish to crop and lock, enter the key combo, and a crosshair (+) cursor will appear. Use that to crop the app window, and there you go (opens a new, smaller-sized window).

Environment Variables: Provides access to a standalone app that lets you see, create, edit, or remove environment variables that Windows uses to control its behavior and to identify and access system resources (e.g., Path, OneDrive, OS, and so forth). The controls are dead simple, and the app provides standard user or administrative access to Profiles, Default, System, and Applied variables in the Windows environment, as shown in Figure 7. It’s much handier than the old Control Panel item, which restricts window size severely.

Figure 7: The Environment Variables app lets you create, edit, and remove variables and profiles in Windows.

Ed Tittel / Foundry

FancyZones: Like Windows’ Snap functionality on steroids, this window manager tool lets you create windows layouts for multiple usage scenarios and multitasking between and among them. Shortcut key combo: Win key + `(grave accent or backtick; it’s on the same key as ~ in US QWERTY layout). See Figure 8 for a glimpse of FancyZones’ easy-to-use controls.

Figure 8: FancyZones makes it easy to set up and use complex window arrangements.

Ed Tittel / Foundry

File Explorer add-ons: Originally released as FE Preview, this PowerToy provides toggles to show miniature SVG files on the File Explorer preview pane, or within thumbnails. This tool also enables previews or thumbnails for Markdown (.md, .mdown, .mkdn, …) files, source code files (.txt, .cpp, .py, .json, .xml, …), geometric code, Portable Document Format (.pdf), and Quite OK image files (.qoi).

File Locksmith: Checks if a file or folder (and sub-contents) is in use and, if so, which processes are using it. To use it, open File Explorer, then hold down the Shift key, right-click a file or folder, and choose Unlock with File Locksmith from the pop-up menu. As shown in Figure 9, a sub-window appears listing the tasks (if any) using the file. If you want to stop the process from running, click End task.

Figure 9: File Locksmith lets you see the process(es) using a file — in this case, the Chrome browser.

Ed Tittel / Foundry

Hosts File Editor: In a typical TCP/IP networking environment, a local file named Hosts predefines domain names and IP addresses to give the IP host/address resolution process a jump start. Indeed, Windows checks this file first before it uses the Domain Name Service (DNS), to turn human-readable domain names (such as Microsoft.com) into machine-usable IP addresses (such as 20.70.246.20, among many others).

The Hosts File Editor PowerToy launches a standalone app that provides guided access to view and edit the Hosts file in Windows. (Be careful! As the app warns, you can bollix up internet access editing this file incorrectly.) For a good overview of the pros, cons, and best uses for a customized hosts file in Windows, see this 2020 LoginRadius blog post “Benefits and usages of Hosts File.”

Image Resizer: Provides drag-and-drop or right-click context menu access (“Resize with Image Resizer”) to resize graphics files, alter graphics file formats, or rename them as desired. This tool not only lets you define your own dimensions for small, medium, large, and phone images, you can add new named image types for more customized captures as well. Figure 10 shows the Image Resizer pop-up control when its entry is selected from the right-click menu.

Figure 10: Image Resizer’s pop-up applet makes it quick and easy to resize image files.

Ed Tittel / Foundry

Keyboard Manager: Provides a toggle that lets users remap keyboard keys to other keys or shortcuts, or remap shortcuts to other shortcuts or keys. Once turned on, you can remap keys on your keyboard, or you can remap existing shortcuts into different ones. To really understand what this tool can do (and why it can sometimes be a real boon), browse the Microsoft Learn article “Keyboard Manager utility.”

Mouse utilities: A collection of mouse tools that includes Find My Mouse (press Ctrl twice fairly quickly), Mouse Highlighter (Win key + H), Mouse Jump (disabled by default, Win key + Shift + D), and Mouse Pointer Crosshairs (disabled by default, Win key + Alt + P). Each comes with an on/off toggle, plus various simple controls. Try them out to see how they work and look. Of all of them, I use Find My Mouse most often: double-click Ctrl and a white circle pops up around the mouse.

Mouse Without Borders (MWB): I remember Mouse Without Borders as an old “Microsoft Garage” project. (Wikipedia says it made its public debut in September 2011.) Simply put, MWB lets you use a single mouse to track its cursor across the screens of multiple Windows devices configured to interact and communicate with one another. Thus, unlike most other PowerToys, MWB requires initial setup and configuration.

First, it must be enabled (it’s off by default). Then a shared key must be generated and used to get the devices talking to each other, after which a layout can be arranged. There are all kinds of controls that come into play: a dozen for behavior, five keyboard shortcuts, and a smattering of advanced settings and troubleshooting tools. Figure 11 shows two of my laptops (P16 and X380, from left to right) set up to permit the cursor to track between them.

Figure 11: MWB lets you arrange systems (two laptops in this case) in line to track the cursor across them.

Ed Tittel / Foundry

New+: Lets you create files and folders from your own personalized template set. You can use it to set up text, Office, and other files with predefined info. For instance, you could create a file with the address block, date placeholder, and recipient placeholder for a business letter; another with layouts and column heads for invoice spreadsheets; and others for commonly needed files for everyday use. The New+ settings let you change the default template location and hide filename extensions and starting characters.

Peek: Another File Explorer extension that provides quick, transient access to file previews. Highlight a file, press Ctrl + spacebar, and a preview window opens. This works especially well for screencaps; as demonstrated in Figure 12, it’s easy to see details captured in a screenshot without actually opening the image file. (Notice the Peek icon up top, a magnifying glass on a file folder.) Peek has very simple controls, too.

Figure 12: Highlight a file, press Ctrl + spacebar, and get the preview.

Ed Tittel / Foundry

PowerRename: Provides a context menu entry (Windows Shell extension) for advanced bulk file renaming in File Explorer using search and replace or regular expression syntax (regex). Regex is an extremely powerful technique, and it’s a good idea to have some knowledge of how it works before you use PowerRename to mess around with real, live files on your PC. Microsoft Learn has a nice regex tutorial for Visual Studio that covers the basics of characters, operators, constructs, and patterns.

Figure 13 shows me renaming some of the image files for this very story: it’s a useful tool.

Figure 13: I highlighted four filenames and Shift-clicked to open this PowerRename window. It’s set up to replace “pt25” with “PowToy25.”

Ed Tittel / Foundry

PowerToys Run: A quick pop-up launcher that works like the Run command window. Shortcut key combo: Alt + spacebar. Note that these keys are adjacent on US QWERTY keyboards for super-quick access and use. It’s faster and easier to access than the Run box, and its search function is likewise lightning fast. Click any item in the search results to launch and go.

Figure 14 shows a generic PowerToys Run box that puts its capabilities on display: run executables; calculate simple equations; search previous inputs, files, folders and programs; and navigate the Registry. The better you know it, the better you’ll like it!

Figure 14: Press Alt + spacebar to get this nifty box offering a variety of instant actions.

Ed Tittel / Foundry

Quick Accent: Longtime windows users know they can use all kinds of Esc and Alt key combos to emit odd and interesting characters from Windows keyboards. Quick Accent provides another way to access accents, fractions, diacritical marks, and other characters using a more visual approach.

As you can see in Figure 15, holding down the 1 key and hitting the left arrow puts lots of 1s down before the accent bar pops up above, with various sub- and superscript options plus fractions with a 1 numerator. Interesting!

Figure 15: The Quick Accent bar appears above the Notepad window: that’s where you pick the character you want.

Ed Tittel / Foundry

This one takes some playing with to get used to but can then be quite handy. When you don’t need the Quick Accent toolbar anymore, you must disable this PowerToy to make it vanish.

Registry Preview: Provides a clean, simple look at the contents of any Windows Registry file. You can launch this app from PowerToys Settings > Registry Preview, or else hold down the Shift key when you click on a .reg file in File Explorer, then select Preview from the resulting pop-up menu. Those who occasionally (or regularly) work on the Registry directly will find this a pleasant, lightweight alternative to RegEdit.exe.

Screen Ruler: Provides a simple, visual way to measure pixels on a Windows display. It also includes horizontal and vertical measurement capability; offers continuous measuring; and provides color, color edge, and edge detection controls (see PowerToys Settings > Screen Ruler for all the details). Its shortcut key combo is Win key + Shift + M.

Figure 16 shows the ruler at work, showing the pixel count between two desktop background elements. As with Quick Accent, you must disable Screen Ruler to turn off the top center ruler toolbar when you don’t wish to see or use it.

Figure 16: A faint red line labeled “345” shows the distance in pixels from the circle to the logo.

Ed Tittel / Foundry

Shortcut Guide: A context-sensitive listing of keyboard shortcuts that shows up in Windows 10 or 11 when shortcut key combo Win key + Shift + / (right-slash) is pressed. If opened on the desktop (as in Figure 17), it shows Windows shortcuts. Opened inside any application, it shows that app’s shortcuts instead. Hit Esc to close the guide. One of my personal favorites, this tool helps me remember more shortcuts than my poor brain can hold.

Figure 17: Combined with the Windows key, these are the basic Windows shortcuts, neatly laid out in Shortcut Guide.

Ed Tittel / Foundry

Text Extractor: Copies text from any portion of the Windows display, including inside images or videos. Microsoft recommends using the relatively new “Text actions” capability inside the Snipping Tool instead of this tool. Indeed, Text Extractor is disabled by default. But when enabled, it responds to the shortcut key combo Win key + Shift + T.

Once you define a rectangular region on screen, Text Extractor parses all text it finds into the clipboard. You can then paste that text into an editor or text input of your choice. I used it to grab the end of the Lenovo logo on my desktop, which you can see pasted into Notepad in Figure 18.

Figure 18: When I trace a rectangle around “novo” (white text on red background), Text Extractor pastes it into Notepad.

Ed Tittel / Foundry

Workspaces: A tool for grouping a set of applications together, with positioning control and unique configuration settings. The shortcut to launch this tool, if enabled, is Win key + Ctrl  + ` (grave accent or backtick). Pressing that shortcut opens the Workspaces editor and lets you choose from predefined layouts (called Templates) or create your own unique layout (called Custom).

You can see a custom workspace in Figure 19, which shows Chrome at left, PowerToys above and Edge below in the center, and Copilot to the right.

Figure 19: Workspaces makes it easy to set up and switch among common working scenarios.

Ed Tittel / Foundry

Workspaces is helpful when you run specific work scenarios and need groups of applications to make them fly. (See “The ultimate Windows app launcher” for more info.) Works on both single and multiple monitor setups.

ZoomIt: A longtime favorite among Sysinternals users, PowerToys has brought this nifty screen zoom, annotation, and recording tool under the PowerToys umbrella. It’s a great addition for those who’ve never used it; it’s even more convenient for longtime Sysinternals fans and users (like yours truly, who had the pleasure of writing for Winternals in Austin in the 1990s). The best way to dig into ZoomIt is to read the Microsoft Learn article “ZoomIt utility,” which includes an animated demo that shows you exactly how it works.

This concludes the overview of the current PowerToys lineup as of early February 2025. For more about working with PowerToys, see “10 PowerToys you should use on Windows.”

In the next section, you’ll learn a bit about what the PowerToys team is thinking about and working on, by way of possible new PowerToys.

What’s coming for PowerToys

If you visit the PowerToys roadmap, you’ll see information about what the Microsoft development team currently has in its sights. (Shortcut Guide v2 gets my vote.) But because PowerToys is an open-source effort and takes input from countless volunteers who contribute ideas and code, this doesn’t cover everything that might show up in the toybox.

Given those provisos and qualifications, here’s a short-ish list of what’s up with possible enhancements or new PowerToys:

• The in-house team is always working on the PowerToys installer and UI bits and pieces (including the taskbar icon, flyout menu, and more). Right now if you look back at Figure 1 you’ll see that the PowerToys that function as apps (e.g. Color Picker, Environment Variables, FancyZones, Hosts File Editor, PowerToys Run, Text Extractor, Registry Preview, Screen Ruler, Shortcut Guide, and Workspaces) all appear as icons on that flyout menu. As these items come and go, this lineup will change to match.
• Each new PowerToys release comes with release notes that include a “What’s New” section. This is a great way to find (and see) what kinds of things are popping up inside the toybox.
• PowerToys works well with the WinGet package manager and includes its own update button on the “General” pane in PowerToys Settings. It provides notifications when updates are ready and makes it easy to update. Personally, I tend to catch updates through WinGet because I run it on my Windows systems every other day.
• In online forums recently, PowerToys team lead Clint Rutkas has teased adding transcoding capabilities for audio and video files within the Advanced Paste PowerToy.
• Given that the Sysinternals tool ZoomIt is now integrated into PowerToys, one has to ponder the possibility that others in that collection may make their way into the toybox, too. Learn more about the outstanding Sysinternals tool set at its Microsoft home page.

Don’t you need some PowerToys?

As somebody who’s used some of these wonderful programs and extensions since the late 1990s, my own opinion on using PowerToys is an emphatic “Yes! May I have another?” But you’ll have to try them out for yourself and see how you like them if you’re not using them already. If you are, hopefully you’ve seen something new or intriguing here that you’ll want to try out. Enjoy!

This story was originally launched in October 2020 and updated in February 2025.

India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]

A new Gartner survey of more than 200 C-level executives found 56% are “extremely likely” to quit their current jobs over the next two years — and 27% plan to exit within the next six months. The potential for a mass exodus of executives appears to be the result of burnout, renewed plans to retire and concerns over mental health as the business world struggles with new technologies and challenges.

Artificial intelligence (AI), for example, has upended hiring plans as companies seek to do more with less by depending on AI agents to replace entry-level worker tasks while enabling others to do more with the same resources.

According to Gartner, companies with executives averaging five or more years of tenure outperformed those with less-experienced teams in terms of revenue, customer experience, and other key metrics. High executive turnover can also hamper organizational growth, as younger teams tend to deliver lower performance. In addition, experienced executives are more likely to leave within two years compared to newer hires.

The survey found that many C-suite leaders report an increase in workload compared to two years ago:

• 67% agreed they are asked to do more in their role than two years ago
• 58% agreed their organization relies more heavily on their function/business unit
• 44% agreed they are more stressed by their work responsibilities 

On top of that, just 23% of CxOs surveyed reported their HR leaders are effective at managing tension between C-suite members.

Chief HR Officers (CHROs) can build trust with the CEO by ensuring executives understand a CEO’s priorities and engage in open communication, according to Gartner. Sharing what works in building CEO trust with peers can accelerate trust across the C-suite.

As “champions of mental health,” CHROs should help executives identify work stressors, improve work-life balance, and model well-being practices. By openly discussing their own well-being, CHROs can reduce stigma and encourage healthier conversations, according to Alexander Kirss, a Gartner senior principal analyst.

“Many executives are also considering a new role due to a desire for more growth opportunities or anticipate being recruited by a competitor,” Kirss said. “What is important is for CEOs and CHROs to diagnose what the primary sources of executive concern are at their organization so they can develop a targeted executive retention strategy.”

Staffing firm ManpowerGroup’s recent Global Talent Barometer highlighted a workforce in flux: 60% of employees are considering job changes within the next six months. Perhaps more tellingly, 41% of workers feel their current organizations lack sufficient opportunities for career advancement.

Upwork

For the tech workforce, a ‘historic reshaping’

Kye Mitchell, president of tech workforce staffing firm Experis US, said the tech industry is undergoing “a historic reshaping of the entire technology workforce” even as 51% of IT employers plan to hire this quarter. “What’s particularly interesting is how the convergence of economic caution and AI acceleration is creating distinct hiring trajectories in the market,” she said.

Even as tech unemployment has hit new lows recently, organizations are being more picky in hiring because traditional academic credential often no longer fill tech needs. “As formal education and training in AI skills still lag, it results in a shortage of AI talent that can effectively manage these technologies and demands,” said Kelly Stratman, Ernst & Young’s global ecosystem relationships enablement leader. “The AI talent shortage is most prominent among highly technical roles like data scientists/analysts, machine learning engineers, and software developers.”

The latest survey from staffing firm ManpowerGroup found that 25% of CIOs struggle to recruit and retain skilled talent. While 21% of companies are reducing hiring due to economic factors, 22% are ramping up recruitment to leverage the ongoing AI boom.

When considering new hires, 80% of corporate executives prioritize skills over degrees, with half planning to increase freelance hiring this year, according to a new study from freelancing platform Upwork. The study, released this week, showed “unprecedented growth” in specialized AI skills, which have surged 220% year-over-year. Another problem, however, is the skills needed to keep up with AI’s advances are constantly changing.

“What we’re witnessing isn’t just a talent shortage – it’s a fundamental transformation in how technology roles are structured,” Mitchell said.

Forward-thinking organizations are creating hybrid roles that combine AI skills with business strategy, reimagining technology careers for the AI era, according to Mitchell; 92% of organizations are redesigning technical roles to include AI skills and strategic thinking. Meanwhile, 81% of CIOs are adjusting hiring strategies, focusing on cloud computing and sustainability.

“We’re entering an era where the traditional career ladder in tech has become a career web,” Mitchell said. “The most successful organizations will be those that can offer their technology talent not just competitive compensation, but the opportunity to work at the intersection of AI innovation and business strategy. The challenge isn’t just hiring — it’s creating an environment where top tech talent can continually evolve their skills and impact.”