Kategorie

​Microsoft is investigating a known OneDrive issue that is causing searches to appear blank for some users or return no results even when searching for files they know they've already uploaded. [...]

Cloudflare says it mitigated a record-breaking distributed denial of service (DDoS) attack in May 2025 that peaked at 7.3 Tbps, targeting a hosting provider. [...]

On Friday, American insurance giant Aflac disclosed that its systems were breached in a broader campaign targeting insurance companies across the United States by attackers who may have stolen personal and health information. [...]

Self-service password resets (SSPR) reduce helpdesk strain—but without strong security, they can open the door to attackers. Learn why phishing-resistant MFA, context-aware verification, and risk-based detection are critical to secure SSPR implementation. [...]

Contactless payments such as Apple Pay and sustainability in inventory control are going to get much easier with an upcoming update to the Near Field Communications (NFC) standard that will make devices connect more swiftly and support the Digital Product Passport (NDPP) specification.

The first problems the new standard solves are range and reliability. At present, standard NFC supports a range of up to 0.2 inches and the connections aren’t always robust. What that means to most of us is the need to wriggle your iPhone or Apple Watch around a little to gain connection to the payment terminal. The improved NFC increases that range to to about 3/4 of an inch for all devices and makes the connection a little more resilient; the standard is also a little faster, which means once you authorize a payment it will take place faster than it already does.

Faster connections, easier payments, and more

That range and reliability improvements aren’t just for mobile payments, of course. If you use your iPhone as a car key or have mobile transit cards in your Apple Wallet, you should get a much better experience when opening doors or catching public transit. The NFC update also comes as Apple prepares to introduce expanded support for digital IDs and in-store payments with iOS 16. The latter is interesting because while the NFC Forum didn’t say anything about it, the update does support more complex transactions over NFC — that should make it easier to use supermarket loyalty cards at the same time as Apple Pay in a single tap. The Forum calls these, “multi-purpose tap use cases where a single tap unlocks multiple functions.”

NFC Release 15 is also expected to advance new and exciting use cases, such as using your mobile phone as a payment terminal, championing sustainability and optimizing NFC use across a variety of sectors, including automotive, transit and access control. There is also support for a new feature that has been designed to meet emerging sustainability regulations: NFC Digital Product Passport (NDPP)

What is NDPP and is it safe?

Aimed at manufacturers, NDPP is a framework to allow a single NFC tag embedded in a product to store and transmit both standard and extended Digital Product Passport (DPP) data using NFC. That data includes information such as a product’s composition, origin, environmental, lifestyle, and recycling details. Most hardware manufacturers will need to begin capturing this kind of information under an incoming EU law known as the Ecodesign for Sustainable Products Regulation (ESPR). The information is meant to be made available to customers, business users and recyclers and designed to boost transparency and sustainability. It will be interesting, for example, to use DPP inside future iPhones to determine where the device and its components originate – and it might be fun to explore refurbished devices to see whether components installed to return them to use have been used in different devices previously. 

That said, this kind of unique device information does sound like the kind of data that could be abused for device fingerprinting and user tracking; is there a risk of this?

Age of consent

I contacted Mike McCamon, the organization’s executive director, for more background on NDPP. I was particularly curious about the NDPP specification — could it be abused for digital device fingerprinting? That’s unlikely, said McCarmon, in part because of the nature of NFC design, which has been developed from day one to require active consent from the user.

“Security and privacy are foundational aspects of our work at the NFC Forum,” he said. “The NFC Digital Product Passport (NDPP) Specification can be thought more of a container of content than being fully descriptive of what content is included.” The support should extend use of NFC in different ways, such as in supply chain management, inventory control, or effective recycling strategies, all of which may benefit from the kind of information NDPP provides.

“And of course, even with our new extended range…, NFC Forum-capable products must be in the closest of proximity to be read. This is in addition to most NFC functionality today on mobile devices and wearables, which is only accessible following a direct user action – like a double-tap for instance. For these and the reasons above, we believe NFC Forum standards will provide the most capable, intuitive, and secure data carrier of DPP data for the market.”

For the rest of us

Millions of people use NFC every day for payments, car and hotel rooms, or even travel. That means the new NFC standard will deliver measurable benefits to consumers because it should work better than it does now. And for enterprises, the extended support for Multi-Purpose Taps should make for a variety of product and service development possibilities, particularly as Apple opens up access to NFC on its devices.

The NFC Release 15 is currently available to high-level NFC Forum member companies, including Apple, Google, Sony, and Huawei, who can now implement the improvements in their own products in advance of a public release as new iPhones appear in fall.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Microsoft has announced plans to periodically remove legacy drivers from the Windows Update catalog to mitigate security and compatibility risks. [...]

In a move that could redefine the boundaries between generative AI (genAI) and intellectual property, Disney and Universal have joined forces to file a lawsuit against Midjourney, one of the world’s most popular AI image generators. 

You may think you’ve heard this story before — The New York Times‘ 2023 lawsuit against OpenAI and Microsoft and News Corp. vs. Perplexity — but this case is different. For one thing, this is the first time major Hollywood studios with far more cash to prosecute the case have directly targeted a genAI company for copyright infringement. For another, Disney and Universal are both big AI users.

Disney and Universal allege that Midjourney’s platform is a “bottomless pit of plagiarism.” With Midjourney, all a subscriber need do to create unauthorized images of iconic characters such as Darth Vader, Elsa, the Minions, Shrek, and many others is to type in a prompt.

Original ‘Iron Man’ image is on the left; genAI-created image is on the right. 

Disney/Universal lawsuit

Original image is on the left; genAI image is on the right. 

Disney/Univeral lawsuit

There’s no question anyone can do it. If you don’t feel like trying it yourself, just look at some of the images in the Disney/Universal lawsuit complaint (shown above).

Can you tell which ones are the original from Avengers: Infinity War and which were generated by Midjourney? I can’t, and I have a good eye for this kind of thing. GenAI image creation has come a long way since all you had to do was count the number of fingers. (The originals are on the left.)

This didn’t require some kind of fancy prompt. As researchers have found, all you had to do to generate them was name the character and use the keyword “screencap,” and you quickly received your fake image. Or you could simply ask for “master super villain” or “armored superhero.” 

“This is not a ‘close call’ under well-settled copyright law,” the lawsuit claims. 

Correct. It’s not close at all.

In the company’s defense — if you can call it that — Midjourney CEO David Holz is on record as saying his AI has been trained on  “just a big scrape of the Internet.” What about copyrights on these images? 

“There isn’t really a way to get a hundred million images and know where they’re coming from. It would be cool if images had metadata embedded in them about the copyright owner or something. But that’s not a thing; there’s not a registry. There’s no way to find a picture on the Internet, and then automatically trace it to an owner and then have any way of doing anything to authenticate it.”

I think when it comes to Disney, it’s pretty darn obvious who owns the images. I mean, this is Disney, the big bad wolf of copyright. After Walt Disney lost the copyright to his earlier character, Oswald the Lucky Rabbit, he made darn sure that, starting with Mickey Mouse in 1928, he’d lock down its intellectual property for as close to forever as he could.

Indeed, over the decades, Disney has been behind laws to increase copyright coverage from a maximum of 56 years in 1928 to 75 years with the Copyright Act of 1976, and then 95 years with the Sonny Bono Copyright Term Extension Act (CTEA) of 1998, better known as the “Mickey Mouse Protection Act.” 

Disney has also never been shy about suing anyone who’d dare come close to their copyrighted images.  For example, in 1989, Disney threatened legal action against three daycare centers in Hallandale, FL., for painting murals of Disney characters such as Mickey Mouse, Donald Duck, and Goofy on their walls. 

Why? Because it’s all about the Benjamins. 

Disney, and to a lesser extent Universal, live and die from monetizing their intellectual property (IP). Mind you, much of that IP is generated from the public domain. As the Center for the Study of the Public Domain noted: “The public domain is Disney’s bread and butter. Frozen was inspired by Hans Christian Andersen’s The Snow Queen. … Alice in Wonderland, Snow White, The Hunchback of Notre Dame, Sleeping Beauty, Cinderella, The Little Mermaid, and Pinocchio came from stories by Lewis Carroll, The Brothers Grimm, Victor Hugo, Charles Perrault, Hans Christian Anderson, and Carlo Collodi.”

What Disney did with the public domain, MidJourney, and the rest of the AI companies want to do with pretty much everything on the Internet. OpenAI CEO Sam Altman, for instance,  has consistently argued that training genAI on copyrighted data should be considered “fair use.” He’s not alone.

On the other side of the fence, Disney and Universal’s lawsuit is not just about damages, which the pair puts at $150,000 per infringed work, but about setting a precedent. They want to stop Midjourney’s image and soon-to-be-launched video generation services in their tracks.

At the same time, the film studios freely admit they’re already using genAI themselves. Disney CEO Bob Iger has said the technology is already making Disney’s operations more efficient and enhancing creativity. “AI might indeed be the most potent technology our company has ever encountered, particularly in its capacity to enhance and allow consumers to access, experience, and appreciate our entertainment.” He also, of course, stressed that, “Given the speed that it is developing, we’re taking precautions to make sure of three things: One, that our IP is being protected. That’s incredibly important.”

This lawsuit is more than a Hollywood squabble; it’s a watershed moment in the ongoing debate over genAI, copyright, and the future of creative work. Previous cases have challenged the boundaries of fair use and data scraping, but none have involved the entertainment industry’s biggest players.

It might seem like a slam dunk for the Hollywood powerhouses. The images speak for themselves. But, if there’s one thing I’ve learned in covering IP cases, it’s that you never know what a court will decide.

Besides, there’s a real wild card. Donald Trump’s AI Action Plan is still a work in progress. The AI companies are arguing that it should give them permission to use pretty much anything as grist for their large language models (LLMs), while the media companies want all the copyright protection they can get. 

Which way will Trump’s officials jump? We don’t know. But I have a bad feeling about where they’ll go.

You see, what we do know is that after the Copyright Office released a pre-publication version of its 108-page copyright and AI report, which strived to strike a middle ground  “by supporting both of these world-class industries that contribute so much to our economic and cultural advancement.” However, it added that while some generative AI probably constitutes a “transformative” use, the mass scraping of all data did not qualify as fair use.

The result? The Trump administration, while not commenting on the report, fired Shira Perlmutter, the head of the Copyright Office, the next day. She’s been replaced by an attorney with no IP experience. 

Oh, also, hidden away in Trump’s “One Big Beautiful Bill” is a statement that imposes a 10-year ban on the enforcement of any state or local laws or regulations that “limit, restrict, or otherwise regulate” AI  models, AI systems, or automated decision systems. If that becomes law, whatever is in Trump’s AI Action Plan is what we’ll have to live with for the next few years.

As an author, I can’t tell you how unhappy that prospect makes me. I expect Trump to side with the AI companies, which means I can look forward to competing with my own repurposed work from here on out. 

Further reading:

• AI vs. copyright
• Court tosses hallucinated citation from Anthropic’s defense in copyright infringement case
• Eleuther AI releases 8TB collection of licensed and open training data
  

>

Microsoft (Nasdaq:MSFT) has announced the preview of a new service, Windows 365 Reserve, which aims to provide enterprises with backups for PCs that are lost, stolen, or simply fail.

It offers a temporary pre-configured Cloud PC, accessible through a browser, that, Microsoft said, “looks and feels like a physical PC, and is accessible from any device, anywhere.”

The Reserve Cloud PC is managed through Microsoft Intune, and includes corporate applications, settings, and security policies, as well as Microsoft 365 apps (assuming the organization subscribes to M365) and OneDrive data sync.

The free preview will begin “soon”, the announcement said, and will run for up to 12 weeks.

There are restrictions, however. Preview participants must have a Windows E3 license, an Intune license, and Microsoft Entra ID P1 (formerly Azure Active Directory Premium Plan 1, or AADP1). Sovereign cloud customers are not supported, and participants must perform a few chores, including completing what the sign-up form calls “a set of admin and end user validation scenarios,” and then provide feedback on the experience.

Andrew Sharp, research director at Info-Tech Research Group, is impressed with the concept.

“In preview, the service claims it will allow an administrator to pre-stage a cloud PC, already loaded with the company’s policies, apps and security controls, so it can be handed to a stranded user in minutes,” he said. “Imagine your laptop dies at a client site. Helpdesk fires off a link, you open it in a browser or the Windows app, and you’re back at a familiar, compliant desktop before your coffee gets cold. At least that’s what they’re promising.” 

He likes the idea that Intune manages the virtual devices, so there’s no new control plane to learn, and he also sees potential for other use cases besides providing backups for PCs.

“Reserve could also be a low-friction way to dabble with virtual desktops with minimal commitment,” he noted. However, he does have reservations. “Microsoft’s value proposition is clear: quicker, safer recovery for lost, stolen, or broken devices,” he said. “At the end of the day, IT will still need an operational playbook. How does a user reach support when the primary device fails? Is a physical replacement shipped, or is Reserve the stopgap? Which applications and policies belong in the Reserve image? IT teams will need to sort out those workflows to make Windows 365 Reserve a practical resilience tool and not just another SKU.”

More Microsoft news and insights:

• Microsoft to cut thousands more jobs, mainly in sales
• Global Microsoft 365 outage disrupts Teams and Exchange services
• Microsoft is finally fixing app updates on Windows
• Microsoft adds enterprise search and ‘digital labor’ tools to M365 Copilot
• First-ever zero-click attack targets Microsoft 365 Copilot
  

>

>

Scale AI has been attempting to quell fears about its company sovereignty and data security after its ‘acqui-hiring’ by Meta, but customers appear to be defecting anyhow, and competitors are being rewarded with a slice of the limelight.

Meta is investing $14.3 billion in the data labeling and model evaluation startup, which gives the social media giant a 49% stake in the company, and is bringing Scale’s founder and former CEO Alexandr Wang onboard to work on AI “superintelligence.”

Within days of the news of the deal, OpenAI said it would be phasing out its work with Scale, although not explicitly because of the Meta deal. For the last several months, the AI leader has been backing away from the relationship and opting for competitors like Mercor, reportedly because Scale doesn’t have the expertise it needs for its increasingly advanced models.

Others are also purportedly hitting the brakes on their relations with Scale, including xAI and Google, the latter over concerns that Meta could access information about its AI developments.

Scale’s interim CEO Jason Droege has pushed back, emphasizing in a blog post that the company will remain “unequivocally an independent company” and will not provide Meta with access to its internal systems.

Despite this assurance, an analyst understands industry concerns.

“Meta’s move signals a trend toward vertical integration and supplier lock: Owning the data annotation pipeline to secure control over the quality, provenance, and scalability of training data,” said Thomas Randall, AI lead at Info-Tech Research Group. “Moreover, OpenAI’s pullback shows how quickly partnerships in this space can shift based on alignment, data strategy, or concerns about competition.”

Rivals in the data labeling game

Data labeling is a critical step in AI development, as it involves tagging raw data to provide context for models so they can continue to learn and iterate.

The Meta-Scale deal underscores the importance of the capability, and, perhaps counterintuitively, has drawn much more attention to rival, potentially superior data labeling companies. This includes five-year-old startup Surge, which reportedly had more than $1 billion in revenues last year. Others in the growing space include Turing, Snorkel, Invisible, Toloka, CloudFactory, and Label Your Data.

However, Droege asserted that Scale is “one of the only providers capable of serving customers at volume” with the “largest network of experts training AI.” Going forward, the company will focus on building out its applications business units and will continue to be model-agnostic and human-driven, he said.

“The spike in competition from players like Surge, Turing, and Invisible gives enterprises more leverage, but also more responsibility,” said Info-Tech’s Randall. These vendors differ significantly when it comes to workforce models, automation levels, and quality controls, he noted. Enterprise leaders should evaluate providers not just on price or throughput, he advised, but on whether they offer robust annotation auditability, support for domain-specific edge cases, and alignment with ethical AI practices.

“The quality of labeled data is a leading indicator of model performance and a lagging indicator of strategic oversight,” said Randall. “The enterprises that succeed in AI won’t just be the ones with the best models, but the ones with the most intentional, resilient data ecosystems.”

Not just about selecting a labeling company

But the ultimate conversation around data labeling is a little more nuanced and complex, analysts note.

Hyoun Park, CEO and chief analyst with Amalgam Insights, pointed out that Scale has built its reputation on text and image labeling, and its ability to identify global talent. This is a “powerful fit” for Meta, as Facebook, Instagram, and its other applications and services have massive amounts of data that can be further tagged and indexed to support large language models (LLMs) and AI, based on Meta’s ownership of accounts and digital assets.

“Scale works well with social networks and other media-based websites with self-refreshing and original media creation that can be labeled and used to train models on an ongoing basis,” he noted.

For OpenAI, Google, Anthropic, and other LLM providers selling directly to businesses and large organizations, however, the competitive landscape is quickly shifting. It is no longer enough to simply take in and process general data; providers must be able to automate code and conduct higher-level tasks, said Park. When digging deeper into programming, healthcare, legal services, and other specialized fields, they need subject-matter expert data.

Enterprises must be able to contextualize their own internal data and jargon, and have the ability to trust their AI enough to allow it to take action, he said. This means that the AI needs to be trained well enough to understand the common sense ramifications of the requests it receives, and the data that it accesses.

“This training and contextualization ultimately requires specific expertise that is often coming from veteran employees and highly trained professionals, not just from outsourcing firms that can provide scale-up capabilities for specific areas of AI training,” said Park.

Randall agreed that enterprise leaders must treat their data labeling decisions as part of a broader AI governance and operational strategy, not just a technical outsourcing choice. He said his firm’s research on vendor management indicates that organizations should treat labeling vendors as they would treat cloud providers.

That is: “diversify, insist on explicit contractual firewalls around staff mobility and data reuse, and build contingency plans so an acquisition doesn’t strand your model pipeline or expose proprietary data,” he said.

More Scale AI news:

After AI setbacks, Meta turns to Scale AI and ‘superintelligence’ research

News broke today of a "mother of all breaches," sparking wide media coverage filled with warnings and fear-mongering. However, it appears to be a compilation of previously leaked credentials stolen by infostealers, exposed in data breaches, and via credential stuffing attacks. [...]

A new version of the Android malware "Godfather" creates isolated virtual environments on mobile devices to steal account data and transactions from legitimate banking apps. [...]

Cybercriminals no longer need zero-days to breach your systems—these days, they just log in. Join BleepingComputer, SC Media, and Specops Software's Darren Siegel on July 9 at 2:00 PM ET for a live webinar on how attackers are using stolen credentials to infiltrate networks and how you can stop them. [...]

ChatGPT's next big upgrade, or the new foundational model "GPT-5," is still being prepared for a release in the summer, but OpenAI won't share the specifics. [...]

The U.S. Department of Justice has seized more than $225 million in cryptocurrency linked to investment fraud and money laundering operations, the largest crypto seizure in the history of the U.S. Secret Service. [...]

GenAI, credential theft, third-party risks—Verizon's 2025 DBIR reveals what's putting your org at risk. Join DBIR author Alex Pinto & LayerX CEO Or Eshed as they break down this year's key insights and defense strategies. Don't miss the webinar—register now. [...]

Microsoft has announced new Windows 365 security defaults starting in the second half of 2025 and affecting newly provisioned and reprovisioned Cloud PCs. [...]

ChatGPT appears to be testing support for Gmail and Google Calendar integration. This will allow users to summarise emails and create events. [...]

OpenAI has ended its long-standing partnership with Scale AI, the company that powered some of the most complex data-labeling tasks behind frontier models such as GPT-4.

The split, confirmed by an OpenAI spokesperson to Bloomberg, comes on the heels of Meta’s $14.3 billion investment for a 49% stake in Scale, a move that industry analysts warn could redraw battle lines in the AI arms race.

It also secured Scale founder Alexandr Wang to lead Meta’s AI division, accelerating what Deepika Giri, AVP for BDA & AI Research, IDC Asia/Pacific described as a profound challenge to data neutrality in foundational AI layers. “The world is shifting toward vendor-neutral ecosystems,” Giri cautioned, where data security and open platforms are paramount. But with hyperscalers now commanding the core pipelines, that neutrality faces unprecedented pressure.

The high stakes of AI data and talent wars

Meta’s $29 billion valuation of Scale highlights its two-front war for both data infrastructure and elite talent. While the investment aims to shore up Llama 4’s competitiveness, the social giant is also offering unprecedented “seven-to-nine-figure” packages to lure top employees, including OpenAI staff reportedly targeted with $100 million offers, as CEO Sam Altman disclosed on the Uncapped podcast. Yet not all are swayed. A Menlo Ventures VC posted on X that many still choose OpenAI or Anthropic.

The fallout from OpenAI’s exit and Meta’s investment is poised to disrupt the data-labeling industry, projected to reach $29.2 billion by 2032. Jason Droege, Interim CEO, Scale, in a blog post, maintained that its data governance remains independent, stating, “nothing has changed about our commitment to protecting customer data.”

Those reassurances may already be falling short. OpenAI, Bloomberg reported, had already been quietly scaling back its use of Scale’s services for months, citing a need for more specialized data.

OpenAI’s exit redraws the AI data landscape

Scale, which began as a data-labeling pioneer built on a global contractor base in countries like India and Venezuela, reported $870 million in revenue for 2024. But with major clients like Google, which spent $150 million last year, its future is uncertain.

The CEO of Handshake, a Scale competitor, told Time that demand for his company’s services “tripled overnight” in the wake of the Meta deal. The exodus reflects a fear among Meta’s rivals that proprietary data and research roadmaps could leak to a competitor through Scale’s services.

This realignment also exposed blind spots in enterprise AI contracts. Most lack robust “change-of-control” clauses or vendor conflict safeguards, leaving companies exposed when partners align with rivals. As Ipsita Chakrabarty, an analyst at QKS Group, noted, many contracts still rely on static accuracy metrics that crumble against real-world data drift. The result, she warned, is that companies may end up “outsourcing intelligence but retaining liability for failures.”

Yet Scale’s value remains in its elite trainer network (historians, scientists, PhDs) handling specialized tasks costing reportedly “tens to hundreds of dollars” per unit. While Meta’s non-voting stake avoided automatic antitrust review, regulators may still investigate the blurred line between influence and control. For now, the full implications will take months to unfold, as regulatory reviews, vendor transitions, and internal audits continue to reshape the AI data supply chain.

The new realities of AI development

As companies such as Google rush to build in-house data labeling capabilities, the industry faces a choice to repeat the mistakes of the cloud consolidation era of 2010-2015 or take a more open route.

“The AI race is causing vendor fragmentation in the short term, but I expect consolidation in the long term,” said Anushree Verma, senior director analyst at Gartner. “Vendors will struggle to scale their implementations if they continue with a fragmented approach. As a result, the need for interoperable ecosystems—supported by hybrid cloud collaboration and integration—will drive consolidation in this space.”

This resonates with IDC’s suggestion for “vendor-neutral ecosystems where data security, regulatory compliance, and open platforms take center stage,” a philosophy now clashing with the industry’s walled-garden reality.

For CIOs, this moment demands more than procurement checklists. Successful AI adoption requires baking in “change management, decision traceability, and human-AI interaction design” from day one, QKS’ Chakrabarty.

The challenge now goes beyond compliance. It requires stress-testing AI ecosystems with the same urgency as applied to cloud and chip vulnerabilities. “The best approach,” according to IDC’s Giri, “is to evaluate capabilities independently and avoid deep integration across the stack, because a monolithic system may lack the flexibility to keep up with tomorrow’s needs.”

More OpenAI news:

• OpenAI’s new models can ‘think with pictures’
• OpenAI-Microsoft tensions escalate over control and contracts
• New tools from OpenAI help companies create their own AI agents
  

>

The DuckDuckGo web browser has expanded its built-in Scam Blocker tool to protect against a broader range of online scams, including fake e-commerce, cryptocurrency exchanges, and "scareware" sites. [...]

Satellite communications company Viasat is the latest victim of China's Salt Typhoon cyber-espionage group, which has previously hacked into the networks of multiple other telecom providers in the United States and worldwide. [...]