Kategorie

Microsoft has confirmed a new issue causing newly introduced Windows security warnings to display incorrectly when opening Remote Desktop (.rdp) files. [...]

After addressing a widespread outage that affected Outlook.com users worldwide on Monday, Microsoft has asked iPhone users to re-enter their credentials to regain access to their Outlook and Hotmail accounts via the default Mail app. [...]

A Chinese national accused of being a member of the Silk Typhoon hacking group has been extradited to the U.S. from Italy.  Xu Zewei, 34, was arrested in July 2025 by Italian authorities for his alleged links to the Chinese state-sponsored threat group and for orchestrating cyber attacks against American organizations and government agencies between February 2020 and June 2021, including Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfort. Agent ID Administrator is a privileged built-in role introduced by Microsoft as part of its agent identity platform to handle all aspects of an AI agent's identity lifecycle operations in a Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft on Monday revised its advisory for a now-patched, high-severity security flaw impacting Windows Shell to acknowledge that it has been actively exploited in the wild. The vulnerability in question is CVE-2026-32202 (CVSS score: 4.3), a spoofing vulnerability that could allow an attacker to access sensitive information. It was addressed as part of its Patch Tuesday update for this Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft and OpenAI on Monday again revised their agreement, softening their exclusivity and revenue-sharing conditions in the process. These changes underscore how critical it is for enterprises to work with as many AI vendors as practical, given the leapfrogging performance stats as well as the constantly shifting alliances.

Both OpenAI and Microsoft issued their own statements, which were essentially identical, about the contractual changes. 

Microsoft’s statement said that the company still derives some benefits from its alliance with OpenAI. “Microsoft remains OpenAI’s primary cloud partner and OpenAI products will ship first on Azure, unless Microsoft cannot and chooses not to support the necessary capabilities,” it said.

But, the company noted, the earlier exclusivity is now gone. “OpenAI can now serve all its products to customers across any cloud provider. Microsoft will continue to have a license to OpenAI IP for models and products through 2032. Microsoft’s license will now be non-exclusive.”

In addition, the company’s role as a major investor in OpenAI is driving a different revenue relationship, it said: “Microsoft will no longer pay a revenue share to OpenAI. Revenue share payments from OpenAI to Microsoft continue through 2030, independent of OpenAI’s technology progress, at the same percentage but subject to a total cap. ”

AGI clause removed

One key component within earlier versions of the Microsoft-OpenAI deal was the change in the relationship if OpenAI ever achieved artificial general intelligence (AGI), a term that eludes a concrete definition but generally refers to AI that equals or exceeds human capabilities. 

Although it was not directly referenced in the statement from either vendor, multiple media reports said that AGI references have now been removed from the revised agreement. 

Market changes

Analysts and consultants generally agreed that this altered agreement will reinforce, and should extend, the current enterprise IT trend of hedging bets by striking arrangements with a variety of AI providers, including the major hyperscalers. Beyond future-proofing enterprises’ AI efforts, some of those agreements are for practical issues, such as the need to work with global AI firms specializing in different languages that the enterprise needs.

Thomas Randall, research director at Info-Tech Research Group, explained that the market has changed since the original agreement was struck. “The era of exclusive frontier model access as a strategic differentiator is coming to an end,” he pointed out. “The Microsoft-OpenAI agreement in 2023 was meaningful because access to GPT4 was scarce. But that scarcity no longer applies because the competitive differences between frontier models have reduced substantially since then.”

The amended Microsoft-OpenAI agreement “is more of a formal acknowledgment that model access is no longer a strict advantage,” he said. “The immediate practical change for IT from this agreement, especially for shops that were reluctant to deepen an Azure commitment, is that they now have a clearer path to accessing OpenAI models through other hyperscalers.”

Randall argued that this translates into a rebalancing of where enterprise IT should focus its AI efforts, especially in terms of differentiation.

“If model access is commoditizing at the infrastructure layer, then strategic questions must focus on quality and governance of proprietary data, the depth and sophistication of agentic workflow integration, and organizational capability to deploy AI at scale,” he said.

“Consequently, the vendors who control the orchestration and application layers [such as] the agent frameworks, the data connectors, the governance tooling, and workflow integration, will be best positioned to capture enterprise value. The competitive ground has shifted from attaining model access to how vendors deeply and reliably embed AI into enterprise workflows.”

Alastair Woolcock, VP analyst at Gartner, agreed that this contractual change from two key market leaders is an inevitable reaction to a vastly changing AI marketplace. “The first great AI shadow investment is being rewritten for a multipolar AI Cold War,” he said. 

“Frontier AI has become too capital-intensive and infrastructure-constrained for one-cloud exclusivity to survive. For Microsoft, this is a controlled concession. The investor story moves from ‘Microsoft owns the OpenAI channel’ to ‘Microsoft controls the enterprise AI operating layer’ through Copilot, Azure, security, workflow integration, data gravity and AI operations,” Woolcock said.

“For OpenAI, this is a liberation event,” he noted. “Its biggest constraint is no longer demand. It is compute, capital and distribution. OpenAI cannot become the global AI platform if one partner controls the pipes.”

He added that, for enterprise IT executives, “this means more choice, but not necessarily less dependency. Lock-in moves up the stack, from cloud infrastructure to AI ecosystem alignment, agent orchestration, workflow control and data governance. This is consequential, not because the partnership is weakening, but because it shows the next phase of AI competition will be fought through flexible alliances, compute access, silicon, power and enterprise distribution, not traditional ownership.”

Planning assumptions altered

Tony Olvet, group VP with IDC, said this contractual change “is unlikely to affect most near‑term Microsoft or OpenAI deployments, but it does change planning assumptions. CIOs and CTOs should expect more choice in where OpenAI capabilities appear, greater commercial leverage and increased need to govern AI across multiple channels. This has strategic implications: enterprises should continue to rely on strong partners while designing AI architectures, contracts, and governance frameworks that can shift across clouds, models and vendors as the market evolves.”

Most consultants stressed the vanishing exclusivity for almost all of the key AI players, something that may not be a bad thing for IT.

A key background factor at play here is the timeline. It can take an enterprise an extended period to fully deploy capabilities across its global environment.

Noah Kenney, principal consultant for Digital 520, noted, “standing up OpenAI workloads on AWS, Google Cloud, or Oracle will take time. Reference architectures, identity and data integrations, compliance reviews, and procurement cycles do not move at the speed of a press release. Enterprises that have spent years optimizing on Azure will not migrate overnight, nor should they.”

But, he said. “for the substantial population of companies that are not Microsoft shops, that have actively avoided Azure, or that operate in multi-cloud by policy, this is the first time OpenAI has been a realistic first-class option on their preferred infrastructure. That is a meaningful shift in the addressable market, even if the operational reality lags by quarters.”

Given the constantly changing relationships within AI, not to mention multiple AI firms preparing to try to become publicly traded, reality is likely to look very different at the end of an enterprise AI rollout than it did at the beginning, so they need options. 

“Until today, choosing OpenAI effectively meant choosing Azure, and choosing Azure gave you privileged access to OpenAI. That tight coupling shaped procurement decisions, reference architectures, and multi-year cloud commitments at thousands of enterprises. It is no longer true,” Kenny said.

“What changes for [enterprise IT executives] is the structural assumption underneath their AI roadmap,” he noted. “OpenAI can now ship its products across any cloud and Microsoft now has a non-exclusive license to OpenAI’s IP through 2032, which means Microsoft is also free to lean harder into its own models, into Anthropic, and into whatever else the market produces. Both sides just bought themselves optionality and that optionality flows downstream to the customer.”

He added, “the companies that benefit are the ones who treat model providers, cloud providers, and inference infrastructure as three separate procurement decisions with three separate exit ramps.”

Vendor lock-in ‘relocating’

Sanchit Vir Gogia, chief analyst at Greyhound Research, said that the kneejerk reaction to the contract changes is that enterprise IT will now have more options and more flexibility. But Gogia said that dependence is not being reduced as much as it is being moved. 

“Lock-in is not going away. It is relocating. At the model level, substitution is becoming easier. Not trivial, but certainly more feasible than before. At the orchestration level, however, substitution remains difficult,” Gogia said. “Once your workflows, controls, identity layers, and governance structures are built around a particular system, changing that system is not a small task. That is where dependency sits. Quietly. Persistently. And often unnoticed until it begins to constrain you.”

There are still differences between providers, and those differences matter in certain contexts, he said. “But the gap is narrowing in ways that are meaningful for enterprise use. Increasingly, the question is not which model is best in isolation. The question is how that model is used, governed, and embedded into the organization. That is a very different question,” Gogia said.

And, he pointed out, it leads you to a very different place, “because once you ask that question, you are no longer looking at models. You are looking at orchestration. You are looking at identity. You are looking at governance, compliance, integration, workflow. You are looking at the layer that sits above the model and quietly determines how everything actually works. That layer is where the real dependency forms.”

Microsoft understands this, he noted. “You can see it in how it is positioning itself. It is no longer behaving like a gateway to a single provider. It is building something broader: A layer where multiple models can coexist, where those models can be managed, governed, and embedded into enterprise systems in a consistent way.

That is not accidental,” Gogia said. “That is a deliberate move towards control at a higher level. And importantly, it is also a hedge. A very clear one. Because it reduces reliance on any single partner, including OpenAI.”

Online trading platform Robinhood's account creation process was exploited by threat actors to inject phishing messages into legitimate emails, tricking users into believing their accounts had suspicious activity. [...]

A new wave of the Glassworm campaign is targeting the OpenVSX ecosystem with 73 "sleeper" extensions that turn malicious after an update. [...]

Open source software with more than 1 million monthly downloads was compromised after a threat actor exploited a vulnerability in the developers’ account workflow that gave access to its signing keys and other sensitive information.

On Friday, unknown attackers exploited the vulnerability to push a new version of element-data, a command-line interface that helps users monitor performance and anomalies in machine-learning systems. When run, the malicious package scoured systems for sensitive data, including user profiles, warehouse credentials, cloud provider keys, API tokens, and SSH keys, developers said. The malicious version was tagged as 0.23.3 and was published to the developers’ Python Package Index and Docker image accounts. It was removed about 12 hours later, on Saturday. Elementary Cloud, the Elementary dbt package, and all other CLI versions weren't affected.

Assume compromise

“Users who installed 0.23.3, or who pulled and ran the affected Docker image, should assume that any credentials accessible to the environment where it ran may have been exposed,” the developers wrote.

Read full article

Comments

Canadian authorities have arrested three men for operating an "SMS blaster" device that pretends to be a cellular tower to send phishing texts to nearby phones. [...]

A Chinese national accused of carrying out cyberespionage operations for China's intelligence services has been extradited from Italy to the United States to face criminal charges. [...]

The U.S. Federal Trade Commission (FTC) warned of a massive increase in losses from social media scams since 2020, exceeding $2.1 billion in 2025. [...]

An attacker pushed a malicious version of the popular elementary-data package Python Package Index (PyPI) to steal sensitive developer data and cryptocurrency wallets. [...]

The ShinyHunters extortion group stole the personal information of 5.5 million individuals after breaching the systems of home security giant ADT earlier this month, according to data breach notification service Have I Been Pwned. [...]

It looks very much as if Apple’s former designer Jony Ive will compete against the company his friend Steve Jobs created as he works with OpenAI on a device that seems to be some form of competitor for the iPhone.

In a post on X, TF International Securities analyst Ming-Chi Kuo claims OpenAI is working with Qualcomm and MediaTek to build SoCs for smartphones. These chips will be built to deliver faster AI performance. Kuo claims the plan is to achieve mass production by 2028 with the hardware specifications for these devices set to be finalized by early 2027. 

You could argue that as well as working with Apple’s former design lead, OpenAI is also taking a leaf out of the company’s processor playbook with this strategy. That’s because just as Apple works with TSMC on chip design, OpenAI intends to work with Qualcomm and MediaTek, which may help it achieve competitive processors far more quickly than it would take if building these things from scratch.

Apple faces a new competitor

What’s interesting about this is the release schedule as it suggests mass production of the new device may commence as soon as 2028, one year after the iPhone’s twentieth anniversary. We know that Apple will not sit on its iPhone laurels in the coming years and already expect the company to introduce a new folding device as well as a potential new high-end device.

We also think that Apple will be shipping devices with very fast, very power-efficient 1.4nm processors by the time the purported OpenAI product appears. It’s open to question if OpenAI’s new partnership will be able to develop AI processors for smartphones that compare to those Apple will have available by then, given its advantages in the space today, but neither company can afford to be complacent in this arena.

Why is it so important? 

Because of the nature of AI. 

It’s all about AI agents

While today’s leading AI services tend to rely on cloud-based models, tomorrow’s services will be far more independent and far more likely to run securely on edge devices.

AI agents, for example, may call on server-based intelligence to accomplish some tasks, but there will be an increasing tendency to maintain data privacy within the transaction. Agents will call on servers to provide only the computational assistance they require, handling other tasks natively on device. This will be agentic edge intelligence, which is what I anticipate Apple will discuss at WWDC 2026 in a couple of months.

Kuo says AI agents will replace apps on devices, and that’s going to require both on-device edge intelligence and cloud AI integration. To deliver that, OpenAI will need to emulate Apple’s famed ‘whole widget’ approach by controlling both hardware and software.

The analyst predicts that part of the go-to-market plan for the new Apple competitor involves subscriptions and development of a third-party AI agent ecosystem. It’s a model in which you don’t purchase apps but do invest in utility. This will also likely be part of Apple’s message to developers in the coming years — though rather than leaning into OpenAI, it will draw on some of the on-device AI models it is building with help from Google Gemini.

What comes next?

Apple is no stranger to existential struggle. The story of its resurrection after the return of Steve Jobs is legendary, but the company has faced its share of other threats since then. Who else recalls the great smartphone design wars, the entire netbook category, or Windows Mobile, for example?

Apple’s new challenge is just the latest chapter in its book, and the most likely outcome I can imagine sees OpenAI grabbing most of its market share from Android, rather than iOS — particularly as Android device manufacturers search for excuses to offer devices at higher price points in the face of stiff component costs and Apple’s aggressive move into the mid-range market. It is also fair to think that component costs may yet delay elements of OpenAI’s plan, particularly as Apple seems to be paying top dollar to secure supply.

All in all, we are entering interesting times as Apple’s newly promoted CEO, John Ternus, takes command — and his insight and experience in hardware development and design seems even more well-timed in the face of the news from OpenAI.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

On Thursday, April 30 at 2:00 PM ET, BleepingComputer will host a live webinar with threat intelligence company Flare and threat intelligence researcher Tammy Harper, exploring how security teams can identify early warning signs of attacks before they escalate into incidents. [...]

Checkmarx has disclosed that its ongoing investigation tied to the supply chain security incident has revealed that a cybercriminal group published data related to the company on the dark web. "Based on current evidence, we believe this data originated from Checkmarx's GitHub repository, and that access to that repository was facilitated through the initial supply chain attack of March 23, 2026,Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Medical device giant Medtronic disclosed last week that hackers breached its network and accessed data in "certain corporate IT systems." [...]

Most information security best practices are built on a single, comfortable assumption: that the "root" gate is locked and only the administrator holds the key. We assume that unless we explicitly hand over credentials, the core of the system is off-limits.

Everything is dumb again. This week feels broken in a very familiar way. Old tricks are back. New tools are doing shady crap. Supply chains got hit. Fake help desks worked. Weird research showed how easy some attacks still are. Most of it feels like stuff we should have fixed years ago. Bad extensions. Stolen creds. Remote tools are getting abused. Malware hides in places people trust. Same Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]