Kategorie

In the first quarter of 2026, 65.6 million PCs were sold worldwide, according to data released this week by IDC. That represents a 2.5% increase compared to the same quarter a year ago. The research firm attributed the increase to customers moving to buy PCs now ahead of expected significant price hikes.

The fact that computer sales are rising despite the uncertain global situation and a worldwide shortage of RAM is seen as a positive sign, but the industry faces uncertainty in the months ahead.

“The conflict in the Middle East has introduced a new layer of volatility to the fragile computer market, which is weighing on global logistics with a double-edged sword of rising energy and transportation costs,” Isaac Ngatia, senior research analyst, IDC Devices Research, said in a statement.

As usual, Lenovo, HP, and Dell were the top PC sellers, followed by Apple and Asus. The latter accounted for the largest increase — specifically, up 17.1%.

While much of the discussion on AI security centers around protecting ‘shadow’ AI and GenAI consumption, there's a wide-open window nobody's guarding: AI browser extensions.  A new report from LayerX exposes just how deep this blind spot goes, and why AI extensions may be the most dangerous AI threat surface in your network that isn't on anyone's [email protected]

Google says Gmail end-to-end encryption (E2EE) is now available on all Android and iOS devices, allowing enterprise users to read and compose emails without additional tools. [...]

Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta. The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release. "This project represents a significant Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

A critical security vulnerability in Marimo, an open-source Python notebook for data science and analysis, has been exploited within 10 hours of public disclosure, according to findings from Sysdig. The vulnerability in question is CVE-2026-39987 (CVSS score: 9.3), a pre-authenticated remote code execution vulnerability impacting all versions of Marimo prior to and including Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

I don’t know about you, but I spend a lot of time offline. And not by choice. That’s why I love new tools that work offline like the great one Google just launched. 

I know, I’m an outlier. As a full-time digital nomad who travels constantly, I have unusual connectivity problems. Right now, I’m living on a farm in Tuscany. It’s amazing. I love it. But for two days recently, the connectivity got so bad I could barely work. There was little I could do except drink Chianti and gaze at the rolling green hills. (On Easter Sunday and the day after — a local day off — everybody was at home stressing their internet connections, which made connectivity close to impossible.)

I often find myself in this position. My wife and I tend to favor old houses in old neighborhoods, usually in Europe or Latin America, and the connectivity can be bad to nonexistent. 

I lose connections while driving, while in or near very old stone buildings, while flying in airplanes, and while driving through remote areas. 

But even for people who don’t travel and move around like I do, being offline can also be a choice. It’s much more secure to disconnect, especially in public spaces like coffeeshops and airports and when using one of the many untrustworthy cloud-centric companies. Sometimes you need desperately to save battery life. Sometimes it can feel healthy psychologically to know you’re offline. 

Tools can and should work better offline. I have an expensive iPhone that would have been considered a supercomputer just 10 years ago. A modern smartphone is powerful enough to do a lot of the work that’s currently performed in the cloud. 

Cloud computing is necessary for chatbots like ChatGPT, Perplexity, Claude and Gemini because all-purpose AI models require hundreds of billions of parameters, massive amounts of RAM, and huge amounts of electricity to be ready to do anything and everything very quickly. Forcing these workloads onto a mobile device fundamentally caps the intelligence and capability of general-purpose AI. But breaking down individual tasks (like transcription) doesn’t require massive data centers. 

The biggest problems for me are two of the tools I use most: MyMind and Lex. 

I wrote about MyMind in August. It’s a lifelogging, bookmarking, remember-everything tool that makes it very fast at recalling information. It uses AI to auto-tag and takes the work out of both saving and recalling information. 

Unfortunately, without a connection, I lose MyMind. It simply has no offline capability. So when I’m disconnected and want to save or recall something, I can’t. The more I rely on this prosthetic memory tool, the more being offline gives me amnesia. This is my biggest complaint about MyMind. 

I’ve also told you about Lex. Lex is essentially a word processor with built-in AI tools designed not to write for you (and make you worse at writing), but instead to point things out and advise you in ways that make your writing better. 

Lex also doesn’t work offline. Which is a shame, because its major alternatives like Google Docs and Apple Pages do. You can simply use them offline, and later when you get a connection they sync to the cloud. Lex’s lack of offline support is the main reason I often think about cancelling my subscription and going back to Pages. (Note that I use a Bluetooth keyboard with my phone to do real writing of columns, newsletters, blog posts and even books.)

Both MyMind and Lex use AI and I expect that in the very near future we’ll see a shift away from all-purpose chatbots to smaller, special-purpose AI-based tools like these running on the edge or on our phones. 

One great example of this shift is a new tool from Google called AI Edge Eloquent. 

Talk to the handheld

Google launched its free, iOS-only, English-only offline dictation app on Monday. While dictation doesn’t sound very interesting, Google has built in several features that make it really great. 

Firstly, it uses AI, with Gemma-based speech recognition models running locally on the phone. It doesn’t just capture what you say, but what you meant to say. Which is to say that it ignores your ums and ahs and repetitions, capturing only the clean words you intended. (If you toggle on cloud processing, it works even better.) It’s very good at adding punctuation automatically. 

When you’re done talking, the app automatically loads the clean text to the clipboard. That means you can talk to the app, then just switch over to your word processor, social media app, email app or other app and simply paste in the results. 

The app can re-write your transcripts using one of four default style options: 

1. Key points (condenses speech into a bulleted list)
2. Formal (shifts the text into a professional tone)
3. Short (summarizes the message)
4. Long (expands on the initial text)

(For most writing, I don’t recommend these kinds of stylistic shortcuts; I recommend communicating in your own style.) 

After you dictate something, you can press a stop button or a pause button. This is a great pair of choices because if you’re working on a longer piece, the pause button lets you gather your thoughts, do a bit of research, then resume, ending up with the whole screed in the clipboard. 

The most surprising feature is that it can learn custom words. For example, it learns from your edits, from the manual addition of words or — wait for it — from your Gmail conversation history (a button asks your permission, and you need to choose to explicitly log in to Gmail). The Gmail option brings in not only jargon, but also names, brand names you’ve talked about, abbreviations, foreign words, place names, and others. 

And, finally, the app prominently displays “usage stats,” including how many words, how many words per minute, average dictation speed, total number of words dictated, and the total number of “polishing edits” made by the app. 

AI Edge Eloquent sherlocks Wispr Flow and Willow, which each cost $15 per month. It also sherlocks SuperWhisper, priced at $85 per year. (In Silicon Valley parlance, “sherlocking” is when a major company copies a major feature of a competitor’s product, thereby rendering the competitor’s product obsolete.)

In short, AI Edge Eloquent is kind of perfect and extremely useful for anyone who wants to dictate anything. 

The slow rise of offline AI

I’m seeing a few other tools emerge that are based on the idea that AI should be on the edge and offline. 

One interesting new tool released this week is called WarClaw from a Bellevue, WA-based startup called Edgerunner AI. The company calls the tool a “digital adjutant” (an adjutant is a military officer who serves as an assistant to a military commander). 

The company claims WarClaw was built by former soldiers for use by active-duty military personnel. It’s a secure operating layer built on top of OpenClaw, according to the company. (I talked about OpenClaw earlier this year, as did my colleague Steven Vaughan-Nichols, who explained about how incredibly insecure OpenClaw is. 

The software is designed to work during combat in what they call DDIL settings (Denied, Disconnected, Intermittent, and Low bandwidth).

WarClaw runs on a disconnected mobile device and was trained on specific military data. It automates mission planning, scheduling, and the analyzing of information. Surprisingly, it can directly control office tools like Microsoft Word, PowerPoint, Excel, Slack, web browsers, and email. 

The company has already won contracts to supply WarClaw to three US military branches. 

While WarClaw is for soldiers, I think business people could benefit from such a tool. For example, it would be great to have an offline assistant while traveling on business to data-insecure places (like China) and environments (like airports). 

I’d love to see nearly all the AI jobs currently requiring a connection to be turned into an app that runs locally, disconnected on the phone. Beyond the obvious convenience, that also represents a big opportunity for Google and Apple: they can match their AI tools to increasingly powerful smartphones, which gives phone buyers a powerful reason to upgrade their hardware more frequently. 

AI disclosure: I don’t use AI for writing. The words you see here are mine. I do use a variety of AI tools via Kagi Assistant (disclosure: my son works at Kagi) — backed up by both Kagi Search, Google Search, as well as phone calls to research and fact-check. I use a word processing application called Lex, which has AI tools, and after writing use Lex’s grammar checking tools to find typos and errors and suggest word changes. Here’s why I disclose my AI use and encourage you to do the same.

Why bother paying for your own generative AI (genAI) tokens when you can have the computations done for free using a competitor’s AI-powered customer service bot? That question is at the heart of a CIO.com report that explores the trend and various ways to block it.

It’s possible the best response to this kind of computational chicanery is to ignore the thieves and stay focused on delivering the best service for customers — hopefully boosting revenue by doing so. 

The CIO.com story offers a detailed look at how to combat the problem  — options that include limiting the number of tokens that can be used for a single answer and layering on AI to validate that questions are legitimate. 

But all the proposed approaches have major downsides. For one, the frequency of these inappropriate “queries” might be limited — and the costs of tokens used to handle them might not break the bank. 

My argument — to ignore the issue — includes both good and bad facets. On the positive side, genAI-based chatbots, when properly deployed, have the potential to be more efficient than human customer service people, and far better.

Specifically, genAI tools can handle highly-complex queries. Consider Amazon. With its various partner programs, it has an astoundingly large number of products in a massive number of categories. No human could have deep understanding of all of those SKUs and certainly wouldn’t be able to answer technical or detailed questions about them. GenAI, properly trained, can.

Or consider a customer who chats with a high-end restaurant bot, saying: “We have a reservation for 12 at your restaurant tomorrow night. The problem is that seven of those people have dietary issues, including one vegan, one who is strictly kosher, one gluten-free and several others who have rare allergies to specific ingredients. I am pasting a detailed description of the dietary issues for all 12 people. Can you review the full ingredients for all of your menu items and recommend to us several entrees, side orders, soups, salads and desserts that would accommodate all of our guests? That way, we don’t have to pepper the waitstaff with questions such as ‘Is the sugar you use vegan?’ or ‘Have you segregated the cookware for strict kosher?’”

GenAI is especially well suited to handle that kind of question and an accurate answer might win customers for life (though it might use up a large number of tokens). But if it buys the loyalty of new customers, that’s a powerful win.

That said, there remains a serious concern. I have argued that AI can be a powerful tool, but its hallucinations make it a bad choice for direct customer interactions. It’s the same reason I don’t back enterprise use of autonomous agents. Agents are great, but they are not nearly ready to function autonomously. 

For some companies, “GenAI can sometimes make things up and do so in a highly confident manner” is going to remain a deal killer. And it’s not like there’s a reasonable chance hallucinations will be eliminated anytime soon. (Indeed, the more sophisticated these models get, the more they hallucinate. Lovely.)

But if a company can set the hallucination issue side for now  — I know. It’s like that line, “Aside from that, Mrs. Lincoln, how was the play?” — genAI customer service chatbots have serious potential. And if a few stray coding and recipe requests rob you of some tokens while gaining you new customers, it’s a trade-off worth considering. 

Unknown threat actors have hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla to push a poisoned version containing a backdoor. The incident impacts Smart Slider 3 Pro version 3.5.1.35 for WordPress, per WordPress security company Patchstack. Smart Slider 3 is a popular WordPress slider plugin with more than 800,000 active installations across its free and Pro Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Microsoft 365 (and Office 365) subscribers get more frequent software updates than those who have purchased Office without a subscription, which means subscribers have access to the latest features, security patches, and bug fixes. But it can be hard to keep track of the changes in each update and know when they’re available. We’re doing this for you, so you don’t have to.

Following are summaries of the updates to Microsoft 365/Office 365 for Windows over the past year, with the latest releases shown first. We’ll add info about new updates as they’re rolled out.

Note: This story covers updates released to the Current Channel for Microsoft 365/Office 365 subscriptions. If you’re a member of Microsoft’s Office Insider preview program or want to get a sneak peek at upcoming features, see the Microsoft 365 Insider blog.

Version 2603 (Build 19822.20168)

Release date: April 9, 2026

This build fixes several bugs, including one in Outlook in which users could not close the Copilot chat pane using a keyboard. Users can now close the pane by navigating to the Close button using a keyboard or by using the assigned keyboard shortcut.

Get more info about Version 2603 (Build 19822.20168).

Version 2603 (Build 19822.20142)

Release date: March 31, 2026

This build includes “various fixes to functionality and performance,” according to Microsoft.

Get more info about Version 2603 (Build 19822.20142).

Version 2603 (Build 19822.20114)

Release date: March 24, 2026

This build fixes a single bug in which PowerPoint sometimes closed unexpectedly when opening a newly created empty file from the OneDrive folder.

Get more info about Version 2603 (Build 19822.20114).

Version 2602 (Build 19725.20190)

Release date: March 18, 2026

This build fixes an Outlook bug in which updating a single instance of a recurring meeting in a Microsoft 365 group calendar updated the entire series.

Get more info about Version 2602 (Build 19725.20190).

Version 2602 (Build 19725.20172)

Release date: March 10, 2026

This build introduces agent mode in Word, which adds a conversational chat experience that helps create, edit, and refine document content as you work. In addition, the build fixes a bug that impacted the rendering of extended characters in calendar items, causing certain characters to appear as question marks.

The build also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2602 (Build 19725.20172).

Version 2602 (Build 19725.20152)

Release date: March 3, 2026

This build fixes a bug in which closing a document sometimes remained in progress indefinitely after the Office app resumed from sleep or hibernation.

Get more info about Version 2602 (Build 19725.20152).

Version 2602 (Build 19725.20126)

Release date: February 24, 2025

This build fixes several bugs, including one that caused OneNote to close unexpectedly upon startup.

Get more info about Version 2602 (Build 19725.20126).

Version 2601 (Build 19628.20214)

Release date: February 17, 2025

This build includes, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2601 (Build 19628.20214).

Version 2601 (Build 19628.20204)

Release date: February 10, 2026

This build fixes a bug that sometimes prevented users from opening emails with the Encrypt Only label in Outlook.

It also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2601 (Build 19628.20204).

Version 2601 (Build 19628.20166)

Release date: February 3, 2026

This build includes, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2601 (Build 19628.20166).

Version 2601 (Build 19628.20150)

Release date: January 27, 2025

In this build, OneNote applies your chosen proofing language more consistently, so you don’t have to reset it for every paragraph when writing in multiple languages. In addition, the build fixes several bugs, including one that caused Office applications to become unresponsive when profile card-related activities were performed.

Get more info about Version 2601 (Build 19628.20150).

Version 2512 (Build 19530.20184)

Release date: January 21, 2025

This build includes, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2512 (Build 19530.20184).

Version 2512 (Build 19530.20144)

Release date: January 13, 2026

This build fixes a number of bugs, including one that caused Excel, PowerPoint, and Word to become unresponsive when profile card-related activities were performed.

It also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2512 (Build 19530.20144).

Version 2512 (Build 19530.20138)

Release date: January 8, 2025

This build offers, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2512 (Build 19530.20138).

Version 2511 (Build 19426.20218)

Release date: December 16, 2025

This build offers, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2511 (Build 19426.20218).

Version 2511 (Build 19426.20186)

Release date: December 9, 2025

This Patch Tuesday build offers, in Microsoft’s words, “Various fixes to functionality and performance.” The build also has a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2511 (Build 19426.20186).

Version 2511 (Build 19426.20170)

Release date: December 3, 2025

This build includes, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2511 (Build 19426.20170).

Version 2510 (Build 19328.20244)

Release date: November 20, 2025

This build fixes a bug in Outlook that caused users to see “Contacting the server for information” repeatedly when loading some emails.

Get more info about Version 2510 (Build 19328.20244).

Version 2510 (Build 19328.20232)

Release date: November 18, 2025

This build includes, in the words of Microsoft, “various fixes to functionality and performance.”

Get more info about Version 2510 (Build 19328.20232).

Version 2510 (Build 19328.20190)

Release date: November 11, 2025

This Patch Tuesday build fixes a bug in Outlook that caused some recipients to be unable to access OneDrive links shared with them via email. The build also has a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2510 (Build 19328.20190).

Version 2510 (Build 19328.20178)

Release date: November 4, 2025

This build fixes a single bug, in which @mention searches produced no results in Office apps.

Get more info about Version 2510 (Build 19328.20178).

Version 2510 (Build 19328.20158)

Release date: October 30, 2025

This build introduces a new Get Data dialog in Windows that simplifies finding and using external data, and adds Analyze Data to the Data tab.

The build also fixed an bug in Outlook that prevented users from downloading web add-ins in some virtualized environments.

Get more info about Version 2510 (Build 19328.20158).

Version 2509 (Build 19231.20216)

Release date: October 21, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2509 (Build 19231.20216).

Version 2509 (Build 19231.20194)

Release date: October 14, 2025

This build has a variety of security updates (see details), along with various fixes to functionality and performance.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2509 (Build 19231.20194).

Version 2509 (Build 19231.20172)

Release date: October 7, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2509 (Build 19231.20172).

Version 2509 (Build 19231.20156)

Release date: October 1, 2025

This build fixes two bugs, one in Excel in which ribbon controls were not rendered when rejoining Office sessions in a virtual machine, Azure Virtual Desktop, or remote desktop environment, and another that caused Outlook to terminate unexpectedly when starting.

Get more info about Version 2509 (Build 19231.20156).

Version 2508 (Build 19127.20264)

Release date: September 23, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2508 (Build 19127.20264).

Version 2508 (Build 19127.20240)

Release date: September 16, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2508 (Build 19127.20240).

Version 2508 (Build 19127.20222)

Release date: September 9, 2025

This build has multiple security updates (see details), along with various fixes to functionality and performance.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2508 (Build 19127.20222).

Version 2508 (Build 19127.20192)

Release date: September 3, 2025

This build fixes a bug in which some Outlook add-ins were getting “Office.auth.getAccessToken is not a function” errors.

Get more info about Version 2508 (Build 19127.20192).

Version 2508 (Build 19127.20154)

Release date: August 26, 2025

This build fixes a bug that caused Outlook to terminate unexpectedly when sending a meeting invite with an encryption label. It also adds support for pixelated rendering of embedded images in SVG assets for the entire Office suite.

Get more info about Version 2508 (Build 19127.20154).

Version 2507 (Build 19029.20208)

Release date: August 19, 2025

This build fixes a variety of bugs.

Get more info about Version 2507 (Build 19029.20208).

Version 2507 (Build 19029.20184)

Release date: August 12, 2025

This build fixes a bug which required users to restart Outlook to open a .msg file after initially accessing it once. The build also includes a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2507 (Build 19029.20184).

Version 2507 (Build 19029.20156)

Release date: August 5, 2025

This build fixes a single bug, in which users had to restart Outlook to open a .msg file after initially accessing it once.

Get more info about Version 2507 (Build 19029.20156).

Version 2507 (Build 19029.20136)

Release date: July 30, 2025

This build fixes a wide variety of bugs, including in which Outlook closed unexpectedly shortly after launch, and another in Word in which the word count sometimes displayed incorrectly.

Get more info about Version 2507 (Build 19029.20136).

Version 2506 (Build 18925.20184)

Release date: July 22, 2025

This build fixes two bugs, one that caused the Copilot Command Center to continue to be visible after disabling the Copilot user interface, and another in which when creating handouts in PowerPoint, certain characters (full-width numbers) couldn’t be properly transferred to the handout.

Get more info about Version 2506 (Build 18925.20184).

Version 2506 (Build 18925.20168)

Release date: July 15, 2025

This build fixes two bugs, one that caused Visio 32-bit to close unexpectedly when using the Drawing control, particularly in setups involving COM components or .NET integrations, and another in Word in which copying and pasting content between documents sometimes changed the applied style unexpectedly.

Get more info about Version 2506 (Build 18925.20168).

Version 2506 (Build 18925.20158)

Release date: July 8, 2025

This Patch Tuesday build fixes several bugs in Outlook, PowerPoint, Word, and the whole Office suite, including one that caused the Copilot icon to unexpectedly display in Outlook when Copilot had been disabled by the admin in government cloud.

The release also includes a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2506 (Build 18925.20158).

Version 2506 (Build 18827.20176)

Release date: July 1, 2025

This build fixes a wide variety of bugs, including one in Word in which print preview sometimes stopped working when printing long emails.

Get more info about Version 2506 (Build 18827.20176).

Version 2505 (Build 18827.20176)

Release date: June 26, 2025

This build introduces several new features, including one in Excel in which the PivotTables dialog box interface has been replaced by a redesigned panel, making it easier to view all of your options and simpler to change your data selection before inserting a recommended PivotTable.

Get more info about Version 2505 (Build 18827.20176).

Version 2505 (Build 18827.20164)

Release date: June 17, 2025

This build fixes a bug that caused the “Try the new Outlook” toggle to be enabled when working in Classic Outlook side by side with the new Outlook.

Get more info about Version 2505 (Build 18827.20164).

Version 2505 (Build 18827.20150)

Release date: June 10, 2025

This build fixes several bugs, including one for the entire Office suite in which a Save As attempt on an existing file didn’t complete successfully, and subsequent attempts continued to encounter issues when trying to save to a file that no longer existed.

This Patch Tuesday release also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about  Version 2505 (Build 18827.20150).

Version 2505 (Build 18827.20140)

Release date: June 3, 2025

This build offers a variety of bug and performance fixes.

Read about Version 2505 (Build 18827.20140).

Version 2504 (Build 18730.20186)

Release date: May 20, 2025

This build introduces a new PowerPoint feature: Notification emails for mentions, tasks, comments, and replies will now contain context previews even when the source document is encrypted, and the email will inherit the document’s security policies.

Get more info about Version 2504 (Build 18730.20186).

Version 2504 (Build 18730.20168)

Release date: May 13, 2025

This build fixes a bug in which users were seeing high CPU usage when typing in Outlook. It also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2504 (Build 18730.20168).

Version 2504 (Build 18730.20142)

Release date: May 6, 2025

This build includes various bug and performance fixes.

Get more info about Version 2504 (Build 18730.20142).

Version 2504 (Build 18730.20122)

Release date: April 29, 2025

This build fixes a wide variety of bugs, including one in which PowerPoint was unable to open a file from a network mapped drive from File Explore, another in which Word closed unexpectedly when opening .doc files, and another for the entire Office suite in which large 3D files couldn’t be inserted.

Get more info about Version 2504 (Build 18730.20122).

Version 2503 (Build 18623.20208)

Release date: April 17, 2025

This build fixes a bug that could cause Excel to stop responding.

Get more info about Version 2503 (Build 18623.20208).

Version 2503 (Build 18623.20178)

Release date: April 8, 2025

This build fixes a single bug in Word in which users may have encountered an issue with saving, seeing the message “saving…” in the title bar. It  also includes a variety of security updates. Go here for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2503 (Build 18623.20178).

Version 2503 (Build 18623.20156)

Release date: April 2, 2025

This build lets you use Dark Mode in Excel, which darkens your entire sheet, including cells, and may reduce eye strain. It also fixes several bugs, including one in Word in which opening specific files that contain many tracked changes and comments resulted in poor performance, and one in PowerPoint in which the app was not displaying the icon for an inserted PDF object.

Get more info about Version 2503 (Build 18623.20156).

Version 2502 (Build 18526.20168)

Release date: March 11, 2025

This build fixes several bugs, including one in which some Word files with numerous tracked changes and comments were slow. It also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2502 (Build 18526.20168).

Version 2502 (Build 18526.20144)

Release date: March 5, 2025

This build fixes a wide variety of bugs, including one in Word in which the default font size may not be 12pt as expected, and another in which PowerPoint automatically closed when the system went into hibernate or sleep mode.

Get more info about Version 2502 (Build 18526.20144).

Version 2501 (Build 18429.20158)

Release date: February 11, 2025

This build removes the option to display Track Changes balloons in left margin in Word. It also includes a variety of security updates. See “Release notes for Microsoft Office security updates” for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2501 (Build 18429.20158).

A new Lua-based malware, called LucidRook, is being used in spear-phishing campaigns targeting non-governmental organizations and universities in Taiwan. [...]

Threat actors using a previously undocumented phishing-as-a-service (PhaaS) platform called "VENOM" are targeting credentials of C-suite executives across multiple industries. [...]

Dutch healthcare software vendor ChipSoft has been impacted by a ransomware attack that forced the company to take offline its website and digital services for patients and healthcare providers. [...]

Amid customer dissatisfaction around Broadcom's VMware takeover, rivals have been trying to lure customers from the leading virtualization firm. One of VMware's biggest competitors, Nutanix, claims to have swiped tens of thousands of VMware customers.

Speaking at a press briefing at Nutanix’s .NEXT conference in Chicago this week, Nutanix CEO Rajiv Ramaswami said that “about 30,000 customers” have migrated from VMware to the rival platform, pointing to customer disapproval over Broadcom’s VMware strategy, SDxCentral, a London-based IT publication, reported today.

“I think there's no doubt that the customer sentiment continues to be negative about Broadcom,” Ramaswami said, per SDxCentral.

Read full article

Comments

Google has rolled out Device Bound Session Credentials (DBSC) protection in Chrome 146 for Windows, designed to block info-stealing malware from harvesting session cookies. [...]

Details have emerged about a now-patched security vulnerability in a widely used third-party Android software development kit (SDK) called EngageLab SDK that could have put millions of cryptocurrency wallet users at risk. "This flaw allows apps on the same device to bypass Android security sandbox and gain unauthorized access to private data," the Microsoft Defender Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Posted by Ben Ackerman, Chrome team, Daniel Rubery, Chrome team and Guillaume Ehinger, Google Account Security team

Following our April 2024 announcement, Device Bound Session Credentials (DBSC) is now entering public availability for Windows users on Chrome 146, and expanding to macOS in an upcoming Chrome release. This project represents a significant step forward in our ongoing efforts to combat session theft, which remains a prevalent threat in the modern security landscape.

Session theft typically occurs when a user inadvertently downloads malware onto their device. Once active, the malware can silently extract existing session cookies from the browser or wait for the user to log in to new accounts, before exfiltrating these tokens to an attacker-controlled server. Infostealer malware families, such as LummaC2, have become increasingly sophisticated at harvesting these credentials. Because cookies often have extended lifetimes, attackers can use them to gain unauthorized access to a user’s accounts without ever needing their passwords; this access is then often bundled, traded, or sold among threat actors.

Crucially, once sophisticated malware has gained access to a machine, it can read the local files and memory where browsers store authentication cookies. As a result, there is no reliable way to prevent cookie exfiltration using software alone on any operating system. Historically, mitigating session theft relied on detecting the stolen credentials after the fact using a complex set of abuse heuristics – a reactive approach that persistent attackers could often circumvent. DBSC fundamentally changes the web's capability to defend against this threat by shifting the paradigm from reactive detection to proactive prevention, ensuring that successfully exfiltrated cookies cannot be used to access users’ accounts.

How DBSC Works

DBSC protects against session theft by cryptographically binding authentication sessions to a specific device. It does this using hardware-backed security modules, such as the Trusted Platform Module (TPM) on Windows and the Secure Enclave on macOS, to generate a unique public/private key pair that cannot be exported from the machine. The issuance of new short-lived session cookies is contingent upon Chrome proving possession of the corresponding private key to the server. Because attackers cannot steal this key, any exfiltrated cookies quickly expire and become useless to those attackers. This design allows large and small websites to upgrade to secure, hardware-bound sessions by adding dedicated registration and refresh endpoints to their backends, while maintaining complete compatibility with their existing front-end. The browser handles the complex cryptography and cookie rotation in the background, allowing the web app to continue using standard cookies for access just as it always has.

Google rolled out an early version of this protocol over the last year. For sessions protected by DBSC, we have observed a significant reduction in session theft since its launch.

An overview of the DBSC protocol showing the interaction between the browser and server.

Private by design

A core tenet of the DBSC architecture is the preservation of user privacy. Each session is backed by a distinct key, preventing websites from using these credentials to correlate a user's activity across different sessions or sites on the same device. Furthermore, the protocol is designed to be lean: it does not leak device identifiers or attestation data to the server beyond the per-session public key required to certify proof of possession. This minimal information exchange ensures DBSC helps secure sessions without enabling cross-site tracking or acting as a device fingerprinting mechanism.

Engagement with the ecosystem

DBSC was designed from the beginning to be an open web standard through the W3C process and adoption by the Web Application Security Working Group. Through this process we partnered with Microsoft to design the standard to ensure it works for the web and got input from many in the industry that are responsible for web security.

Additionally, over the past year, we have also conducted two Origin Trials to ensure DBSC effectively serves the requirements of the broader web community. Many web platforms, including Okta, actively participated in these trials and their own testing and provided essential feedback to ensure the protocol effectively addresses their diverse needs.

If you are a web developer and are looking for a way to secure your users against session theft, refer to our developer guide for implementation details. Additionally, all the details about DBSC can be found on the spec and the corresponding github. Feel free to use the issues page to report bugs or provide feature requests.

Future improvements

As we continue to evolve the DBSC standard, future iterations will focus on increasing support across diverse ecosystems and introducing advanced capabilities tailored for complex enterprise environments. Key areas of ongoing development include:

• Securing Federated Identity: In modern enterprise environments, Single Sign-On (SSO) is ubiquitous. We are expanding the DBSC protocol to support cross-origin bindings, ensuring that a relying party (RP) session remains continuously bound to the same original device key used by the Identity Provider (IdP). This guarantees that the high-assurance security of the initial device binding is maintained throughout the entire federated login process, creating an unbroken chain of trust.
• Advanced Registration Capabilities: While DBSC provides robust protection for established cookies, some environments require an even stronger foundation when the session is first created. We are developing mechanisms to bind DBSC sessions to pre-existing, trusted key material rather than generating a new key at sign-in. This advanced capability enables websites to integrate complementary technologies, such as mTLS certificates or hardware security keys, creating a highly secure registration environment.
• Broader Device Support: We are also actively exploring the potential addition of software-based keys to extend protections to devices without dedicated secure hardware.

Ahem: My fellow Android-appreciating organisms — I’ve got a confession.

After the better part of two decades of personally using Google’s Chrome browser on both Android and every desktop computer I own, I’ve made the leap into the arms of a shiny new web-weaving seductress. Her name is Vivaldi.

Yes, it feels like a mildly geeky version of virtual adultery (especially with an exotic-sounding name like that). But I’ve long been a proponent of embracing whatever apps and services best serve your individual needs at any given moment and avoiding being beholden to any one company — no matter who that company may be. And now, after all these years, it’s become clear that Chrome is no longer the best web-wading companion for me.

Now, don’t get me wrong: Chrome is completely fine. It’s got plenty of positives, and I’ve certainly got no major beefs with it. I think that’s why it’s been so easy to stick with all this time, for so many of us — ’cause it gets the job done, and it’s familiar. There’s something to be said for that.

But as a person who’s always curious about new technology, constantly striving to optimize my digital environments, and endlessly working to make ’em all as efficient as humanly possible, I came to realize that “fine” wasn’t as good as it’d get anymore. And, lemme tell ya: Particularly if you’re a productivity-minded browser power-goober like me, stickin’ with Chrome largely just because it’s what you use and know is causing you to miss out on some incredibly interesting and advantageous upgrades.

And you know what? You aren’t alone. In fact, the vast majority of monitor-staring mammals work exclusively within the confines of Chrome. (The browser commands somewhere around three-quarters of the worldwide desktop computer browser market as of early 2026, according to some recent estimates.)

Again: It’s easy to understand why. Heck, I was one of those numbers myself — up until just a matter of months ago. I’d tried pretty much every other browser out there at some point, and I just hadn’t found anything meaningfully different and better enough for my needs to make it worth the hassle of switching over and dealing with all that adjustment.

Until now. 

And my goodness, it wasn’t an easy change to make.

[Get level-headed knowledge in your inbox with my free Android Intelligence newsletter. Three new things to try every Friday — and my Android Notification Power-Pack as a special welcome bonus.]

My Chrome to Vivaldi adapting adventure

I’ve got an entire separate article about what ultimately won me over with Vivaldi and which exact features I’m finding to be invaluable within it. I’d highly recommend giving it a read.

Here, I want to focus specifically on how I managed to overcome the hurdle of such a challenging change — and it isn’t about anything technical with the transition, either. In fact, Vivaldi makes it almost shockingly easy to move your data over from Chrome and import all your basic settings and history.

What I found, though, was two-fold:

1. On the Android front, moving into the Vivaldi app was actually quite painless. I started out by using it here and there, as a supplement to the standard Android Chrome browser, and quickly realized how much I enjoyed and appreciated its experience and the added niceties it gave me — including seemingly endless customization over every last element of the browser interface and a whole slew of on-demand privacy and web-clutter-cutting options. It wasn’t long before I changed my Android browser default and was using it full-time.

Vivaldi’s Android browser is powerful, pleasant to use, and incredibly customizable.

JR Raphael, Foundry

2. On the desktop front, the change presented far more friction. In fact, I’ve been using the Vivaldi Android app for months now — since sometime in the fall of 2025 — and it wasn’t until early this year that I made the leap over to Vivaldi on my workday Windows computer, too.

What changed was that I finally put my finger on the problem.

If there’s one real hurdle with Vivaldi — and one thing that kept me, personally, from fully moving into its desktop version for so long — it’s that it really can be overwhelming to adapt and get accustomed to all the new interfaces and elements it gives you, especially within the feature-rich desktop domain and with an environment so central to everything we do these days.

As I noted in my in-depth Vivaldi exploration, with as much time as most of us spend in our browsers on computers at this point, the browser essentially is our desktop — and our virtual office, too. And leaving the comfort of familiarity behind for something so unknown and unfamiliar is a daunting prospect.

Vivaldi, in particular, is quite different from Chrome on a computer at first exposure. And it has a lot of new options, features, and possibilities to ponder.

The options and features within the Vivaldi desktop browser are both amazing and — especially at first — overwhelming.

JR Raphael, Foundry

With that in mind, let me tell you what worked for me:

• First, I took advantage of Vivaldi’s immense customization potential and scaled back some of the more jarring differences. For me, that meant eliminating the on-by-default left-of-screen vertical tab bar — which was just too different of an interface for me at first, especially amidst everything else I was adjusting to — and also changing the “Tab Cycling” setting to “Cycle in Tab Order” and the “New Tab Position” setting to “After Related Tabs,” which were two subtle-seeming returns to the standard Chrome behavior that really kept throwing me off in their different-by-default implementations.
• Second, I forced myself to ignore most of the new Vivaldi features — all that good stuff I go over in that other article! — and focus on just one new feature or element at a time, for at least a few days each. There is a lot to take in with this program, and if you try to ingest all of it at once, it’s bound to overwhelm you and lead to a retreat. But if you explore one new piece of the puzzle at a time, really see how you feel about it and get in the habit of using it (or, alternatively, disabling it — if it just isn’t for you), it’s a much more manageable and enjoyable transition.
• Third, after that initial targeted series of adjustments, I mostly ignored the mountain of Vivaldi settings for a while. There’s just too much there to reasonably process at the get-go. I’m still peeking in periodically and finding something new and realizing I can customize it in a way that suits my working style better (and then sometimes realizing that a similar option also exists that I hadn’t yet tapped into on Android). Doing it all at once before you even have a feel for the browser just isn’t reasonable.

Last but not least, remember — particularly for desktop purposes — that Vivaldi is based on the same Chromium foundation as Google’s Chrome browser. That means you can use the standard Chrome Web Store to find and install extensions as needed and bring over the same tools you’ve always had in your browser setup. That, too, helps a lot with making yourself comfortable and creating an optimal environment that works for your needs (though I always recommend eliminating any extensions you aren’t actively using, and a browser change is a perfect time to perform an audit and get rid of any dead weight).

If you follow this approach and take the time to wrap your head around everything Vivaldi offers, the transition doesn’t have to be difficult. And — who knows? — you might find yourself feeling the same sense of excitement I have over a guilt-free virtual dalliance where the only lasting impact is your own happiness and efficiency.

Check out my free Android Intelligence newsletter for even more thoughtful knowledge — including three new things to try each Friday and a trio of useful Android notification tools to get you going.

A previously undocumented threat cluster dubbed UAT-10362 has been attributed to spear-phishing campaigns targeting Taiwanese non-governmental organizations (NGOs) and suspected universities to deploy a new Lua-based malware called LucidRook. "LucidRook is a sophisticated stager that embeds a Lua interpreter and Rust-compiled libraries within a dynamic-link library (DLL) to download and Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Hackers hijacked the update system for the Smart Slider 3 Pro plugin for WordPress and Joomla, and pushed a malicious version with multiple backdoors. [...]

With its powerful M5 chip, the latest iteration of the world’s most popular laptop keeps everything that made the MacBook Air compelling in the first place, while meaningfully boosting performance across the board. Beyond the faster processor, there’s also much quicker SSD storage and better memory bandwidth, all of which combine to make this a highly capable Mac.

In practical terms, the powerful M5 chip allows these Macs to better handle demanding data workloads than earlier models, making it an ideal machine for many creative and professional users. You also get 512GB of storage as standard (with as much as 4TB available as an option) and at least 16GB of RAM.

Big improvements to Apple’s most popular laptop

To some extent, of course, the MacBook Air has been left in the shadows by the all-new MacBook Neo. The latter costs much less, is quite capable of handling most tasks, and is a great fit for general purpose use, though the M5 Air can do all of that faster, because it is built to be a more efficient machine. Compared to the M4-powered model you can see these improvements:

• With 10CPU cores and either 8 or 10 GPU cores, the M5 chip has a 15% faster CPU and 30% faster GPU.
• It also has neural accelerators in each core, which makes the M5 MacBook Air very capable for AI-specific tasks or 3D rendering.
• The memory bandwidth hits 153GBps. (The M4 model gave us 120GBps.)
• SSD read/write speed are up to twice as fast as the M4, which you’ll feel when doing things with big files, such as when flinging video or imaging assets through apps or working/developing with on-device AI models.

The price has increased by $100 to start at $1,099, though you get twice the built-in storage to help soften the blow.

Benchmark performance

Let’s look at some of the benchmark scores I saw using Geekbench 6 with the Apple-loaned 15.3-in. MacBook Air I tested:

• Single-core: 4,103.
• Multi-core: 17,089.

For comparison, here are benchmarks for the previous generations:

• M1 MacBook Air: 2,346 single-core; 8,356 multi-core.
• M2 MacBook Air: 2,588 single-core; 9,691, multi-core. 
• M3 MacBook Air: 3,065 single-core; 11,959 multi-core.
• M4 MacBook Air: 3,833 single-core; 14,871 multi-core. 
• M5 MacBook Air: 4,103 single-core; 17,098 multi-core.
• MacBook Neo: 3,608 single-core; 9,346 multi-core.

Illustrating the extent to which the move to Apple Silicon has opened up new opportunities for Macs, the M5 MacBook Air delivers the kind of performance we once got from M3 Pro/Max MacBook Pros that shipped just over two years ago.

Apple The bigger picture

To some extent, what’s coming next doesn’t mean much when planning what to get today, but the takeaway must be that MacBook Air has plenty of power under its hood for the future.  When you choose one, you aren’t just getting the processor — you’re also getting a range of other internal improvements designed to optimize the benefits it brings.

These improvements must certainly have been the North Star to engineers when they built this Mac, which also benefits from those new neural accelerators across all its cores. Even compared to the year-old M4 MacBook Air, these systems represent a big upgrade. 

Of course, when you grab a laptop, the big thing you need is battery life. While your results will vary, the promised 18 hours of use on battery will get you through your day, every day. So will the display, which in this case is a 15.3-in. Liquid Retina P3 display with support for 1 billion colors, True Tone, and 500 nits of brightness. 

When it comes to audio output and the built-in web conferencing cameras in these Macs, nothing much has changed fromlast year’s M4 models. The song remains the same when it comes to design: you get that beautiful aluminum chassis, new colors (Sky Blue, Midnight, Starlight, and Silver), with pretty much everything we already love about these Macs the same. Connectivity relies on an Apple N1 wireless chip for Wi-Fi 7 and Bluetooth 6. You also get two USB-C/Thunderbolt ports, MagSafe charging and the ability of driving up to two external displays in addition to that Liquid retina screen. That’s very useful for on-the-go pros who want to use a larger display most of the time but need the convenience of a portable now and then. 

Apple What about MacBook Neo?

Some feel the arrival of the MacBook Neo will cannibalize MacBook Air sales. There’s some truth in that. And while the Neo can and will handle almost anything a regular user might want to throw at it, the M5 Air is much more capable by design. While the Neo has a 6-core CPU, the Air has up to 10; the Neo gets 5 GPU cores, the Air gets 10; Neo has a maximum 8GB memory, while the Air ships with at least 16GB — and the memory interconnect is much faster too. It means these systems are great for anyone who wants to accomplish more demanding tasks, but can’t quite justify purchasing a MacBook Pro. 

No doubt, most people will be happy with any one of these Macs most of the time. But when you need to hit a deadline or regularly tackle more demanding tasks, you’ll probably lean toward the Air, or something better. Most business users will do just that, even though more companies will be eyeing Macs thanks to the affordable Neo, which will be suitable for a whole collection of new use cases that couldn’t justify investment in Air.

Buying advice

In reviewing Apple’s latest trio of Macs, I must confess — like so many people — that I really have lost a little bit of my heart to the MacBook Neo. But I do need a bit more power for what I do. That work doesn’t involve data-wrangling, video compositing, AI model design or any high-end graphics work, so while I might want a MacBook Pro, I really only need a MacBook Air. And this iteration offers all the power and performance I’d expect from a Mac I expect to use it for the next few years.

It’s a solid improvement to the most popular consumer notebook on the planet, remains a viable upgrade for MacBook Neo users and continues to serve as an alluring gateway to inch us toward the MacBook Pro. 

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.