Agregátor RSS

Apple’s Worldwide Developer Conference (WWDC) takes place in just a few weeks. Everyone expects the company to explain its approach to AI deployment on its platforms. With that in mind, here’s what several months of speculation suggest Apple will announce, though the details remain to be disclosed.

Apple is investing billions of dollars in these plans; R&D spending reached 10.3% of revenue in the second quarter, up from 7.6% in Q1. Given Apple’s accelerating revenue, on a dollar basis this means the company’s R&D spend is up 34% from a year ago.

“We believe AI is a really important investment area for Apple, and we’re going to be doing that incrementally on top of what we normally invest in our product roadmap,” said Apple CFO Kevan Parekh during Apple’s latest fiscal call. (AI isn’t Apple’s only spending target, either.)

While the billions Apple is investing are dwarfed by the huge infrastructure investments made by pure AI players, Apple’s infrastructure already exists — in the form of 2.5 billion actively used devices, the vast majority of which can already run some AI models natively on device. So, how is Apple exploiting this deployment advantage?

BYO-AI

Only this week, Bloomberg once again confirmed Apple intends to permit its customers to select their choice of AI service on their device. You’ll be able to pick Gemini, ChatGPT, or Claude as your default supporting AI service. This means that while you might continue to use Apple Intelligence for most queries, you’ll also be able to use one of those server-based AI choices for more complex tasks. Y

ou will also be able to opt to use those services to provide all your AI needs, but not until iOS 27, which will be unveiled at WWDC. These services will be provided within a new Extension system, which I suspect will work with the apps those AI developers are already building for iPhones. That could lead to a new ‘App Store for AI’ approach, which the company may be able to monetize. So, you’ll be able to select between AI services for tasks such as text generation and editing and powering Siri.

Work with Gemini

While allowing users AI choice, Apple is also building out Apple Intelligence to be a competitive option. The company’s engineers have been working with Google Gemini to build their own Foundation Models for common tasks.

That work includes use of a customized version of Gemini to improve Siri’s conversational abilities and understanding of natural language as well as a degree of contextual intelligence. This should enable Siri to perform complex tasks across more than one app. “Apple Intelligence will continue to run on Apple devices and Private Cloud Compute, while maintaining Apple’s industry-leading privacy standards,” Apple and Google confirmed earlier this year.

Private by design

Apple is building privacy into these tools, meaning those Foundation Models and new Siri features will maintain user privacy by relying on Private Cloud Compute, Apple’s uniquely private infrastructure that lets you use powerful server-based AI to resolve complex tasks without eroding privacy. This is good for everyone, but particularly promising to enterprises seeking AI efficiency along with guaranteed data security. That provision of privacy should let Apple offer its services to businesses that might otherwise opt for sovereign or on-premises AI data services. A legal team might feel more confident to use AI to summarize confidential contracts on-device, for example, while a medical practitioner might be able to use AI to securely analyze patient notes. In many cases, IT will almost certainly gravitate towards Apple’s privacy posture.

The hardware thing

Apple Silicon, Unified Memory, the Neural Engine and so many additional hardware and software achievements available in Apple’s products mean the entire ecosystem is already resolutely AI ready. 

In an important statement, CEO Tim Cook recently explained how this all works together, and the extent to which Apple’s hardware advantage already translates into an experience advantage for AI users and developers:

“What truly sets Apple apart is how Apple Intelligence is woven into the core of our platforms, powered by Apple Silicon, and designed from the ground up to deliver intelligence that is fast, personal, and private. This is not AI as a standalone feature, but AI as an essential intuitive part of the experience across our devices. It builds on years of innovation, from the neural engine, to advanced on-device processing, enabling capabilities that are not only incredibly powerful but also respectful of user privacy.

“Increasingly, that same foundation is drawing developers and researchers to our products as powerful platforms for building and running agentic AI, thanks to the unique combination of performance, efficiency, and on-device capabilities. When you combine this level of integration with our relentless focus on the customer experience, it becomes clear why Apple platforms are the best place to experience AI.”

You don’t need an LLM to see which way the wind blows

In short, Apple’s platforms are already the best place to build AI and the best place to use AI. Apple has decided to lean into that advantage while adopting a multi-state approach to AI services; it recognizes the inevitable commoditization of those services, while also continuing to develop its own to compete with third parties. With Apple’s own ecosystem as the battleground, that approach means Apple wins, even if its AI services lose.

“With Apple Silicon and its powerful unified memory architecture, leading AI developers like Perplexity are choosing Mac as their preferred platform to build enterprise-grade AI assistants that power autonomous agents and boost workplace productivity,” Apple said.

Asymco’s Horace Dediu notes the significance of such a shift: “If foundation models are heading toward commodity status, then the strategic value shifts to whoever controls the integration layer and the user relationship,” he wrote. 

People, get ready

Expect to learn much more concerning Apple’s AI plans at WWDC in a few weeks. While Apple is doubtless still burning at the challenges it has encountered so far, like any marathon runner the company continues to race through those short-term pains. “We can’t wait to share what we’ve been working on, from AI advancements to exciting new software and developer tools. It’s going to be an incredible week,” Cook promised during Apple’s fiscal call.

We’ll all be watching.

You can follow me on social media! Join me on BlueSky,  LinkedIn, and Mastodon.

Garmin si většina lidí spojí hlavně s hodinkami, navigacemi a různou sportovní elektronikou. Jenže firma už v roce 2023 koupila americkou značku JL Audio, která patří mezi známá jména ve světě subwooferů, systémů pro auta a profesionálního ozvučení. A právě pod touto značkou nyní Garmin představil ...

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuff

Bad week. Turns out the easiest way to get hacked in 2026 is still the same old garbage: shady packages, fake apps, forgotten DNS junk, scam ads, and stolen logins getting dumped into Discord channels like it’s normal. Some of these attack chains don’t even feel sophisticated anymore. More like some tired guy with a Telegram account and too much free time. The worst part is how often this stuffRavie Lakshmananhttp://www.blogger.com/profile/[email protected]

Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]

Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do.  That distinction matters far more than many organizations realize. In the first hours of a security incident

Having an incident response retainer, or even a pre-approved external incident response firm, is not the same as being ready for an incident. A retainer means someone will answer the phone. Operational readiness determines whether that team can do meaningful work the moment they do.  That distinction matters far more than many organizations realize. In the first hours of a security [email protected]

Google letos zvýší investice do AI až na 185 miliard dolarů a brzdit nehodlá • . • Podle Googlu AI opustila testovací fázi a ve velkých firmách míří do ostrého provozu. • Nová vlna AI mění software rychleji, než čekali i samotní technologičtí lídři.

Fanoušci kosmonautiky pomalu uzavírají sázky, kdy si konečně odbude premiéru třetí generace rakety Starship. SpaceX se totiž kvůli technickým komplikacích v posledním půlroce dostalo do skluzu a odhadovaný termín prvního startu s motory Raptor 3 se tak neustále posouvá. Z března se stal duben, ...

A fake version for the Claude AI website offers a malicious Claude-Pro Relay download that pushes a previously undocumented backdoor for Windows named Beagle. [...]

During Q1 2026, the exploit kits leveraged by threat actors to target user systems expanded once again, incorporating new exploits for the Microsoft Office platform, as well as Windows and Linux operating systems.

In this report, we dive into the statistics on published vulnerabilities and exploits, as well as the known vulnerabilities leveraged by popular C2 frameworks throughout Q1 2026.

Statistics on registered vulnerabilities

This section provides statistical data on registered vulnerabilities. The data is sourced from cve.org.

We examine the number of registered CVEs for each month starting from January 2022. The total volume of vulnerabilities continues rising and, according to current reports, the use of AI agents for discovering security issues is expected to further reinforce this upward trend.

Total published vulnerabilities per month from 2022 through 2026 (download)

Next, we analyze the number of new critical vulnerabilities (CVSS > 8.9) over the same period.

Total critical vulnerabilities published per month from 2022 through 2026 (download)

The graph indicates that while the volume of critical vulnerabilities slightly decreased compared to previous years, an upward trend remained clearly visible. At present, we attribute this to the fact that the end of last year was marked by the disclosure of several severe vulnerabilities in web frameworks. The current growth is driven by high-profile issues like React2Shell, the release of exploit frameworks for mobile platforms, and the uncovering of secondary vulnerabilities during the remediation of previously discovered ones. We will be able to test this hypothesis in the next quarter; if correct, the second quarter will show a significant decline, similar to the pattern observed in the previous year.

Exploitation statistics

This section presents statistics on vulnerability exploitation for Q1 2026. The data draws on open sources and our telemetry.

Windows and Linux vulnerability exploitation

In Q1 2026, threat actor toolsets were updated with exploits for new, recently registered vulnerabilities. However, we first examine the list of veteran vulnerabilities that consistently account for the largest share of detections:

• CVE-2018-0802: a remote code execution (RCE) vulnerability in the Equation Editor component
• CVE-2017-11882: another RCE vulnerability also affecting Equation Editor
• CVE-2017-0199: a vulnerability in Microsoft Office and WordPad that allows an attacker to gain control over the system
• CVE-2023-38831: a vulnerability resulting from the improper handling of objects contained within an archive
• CVE-2025-6218: a vulnerability allowing the specification of relative paths to extract files into arbitrary directories, potentially leading to malicious command execution
• CVE-2025-8088: a directory traversal bypass vulnerability during file extraction utilizing NTFS Streams

Among the newcomers, we have observed exploits targeting the Microsoft Office platform and Windows OS components. Notably, these new vulnerabilities exploit logic flaws arising from the interaction between multiple systems, making them technically difficult to isolate within a specific file or library. A list of these vulnerabilities is provided below:

• CVE-2026-21509 and CVE-2026-21514: security feature bypass vulnerabilities: despite Protected View being enabled, a specially crafted file can still execute malicious code without the user’s knowledge. Malicious commands are executed on the victim’s system with the privileges of the user who opened the file.
• CVE-2026-21513: a vulnerability in the Internet Explorer MSHTML engine, which is used to open websites and render HTML markup. The vulnerability involves bypassing rules that restrict the execution of files from untrusted network sources. Interestingly, the data provider for this vulnerability was an LNK file.

These three vulnerabilities were utilized together in a single chain during attacks on Windows-based user systems. While this combination is noteworthy, we believe the widespread use of the entire chain as a unified exploit will likely decline due to its instability. We anticipate that these vulnerabilities will eventually be applied individually as initial entry vectors in phishing campaigns.

Below is the trend of exploit detections on user Windows systems starting from Q1 2025.

Dynamics of the number of Windows users encountering exploits, Q1 2025 – Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)

The vulnerabilities listed here can be leveraged to gain initial access to a vulnerable system and for privilege escalation. This underscores the critical importance of timely software updates.

On Linux devices, exploits for the following vulnerabilities were detected most frequently:

• CVE-2022-0847: a vulnerability known as Dirty Pipe, which enables privilege escalation and the hijacking of running applications
• CVE-2019-13272: a vulnerability caused by improper handling of privilege inheritance, which can be exploited to achieve privilege escalation
• CVE-2021-22555: a heap out-of-bounds write vulnerability in the Netfilter kernel subsystem
• CVE-2023-32233: a vulnerability in the Netfilter subsystem that allows for Use-After-Free conditions and privilege escalation through the improper processing of network requests

Dynamics of the number of Linux users encountering exploits, Q1 2025 – Q1 2026. The number of users who encountered exploits in Q1 2025 is taken as 100% (download)

In the first quarter of 2026, we observed a decrease in the number of detected exploits; however, the detection rates are on the rise relative to the same period last year. For the Linux operating system, the installation of security patches remains critical.

Most common published exploits

The distribution of published exploits by software type in Q1 2026 features an updated set of categories; once again, we see exploits targeting operating systems and Microsoft Office suites.

Distribution of published exploits by platform, Q1 2026 (download)

Vulnerability exploitation in APT attacks

We analyzed which vulnerabilities were utilized in APT attacks during Q1 2026. The ranking provided below includes data based on our telemetry, research, and open sources.

TOP 10 vulnerabilities exploited in APT attacks, Q1 2026 (download)

In Q1 2026, threat actors continued to utilize high-profile vulnerabilities registered in the previous year for APT attacks. The hypothesis we previously proposed has been confirmed: security flaws affecting web applications remain heavily exploited in real-world attacks. However, we are also observing a partial refresh of attacker toolsets. Specifically, during the first quarter of the year, APT campaigns leveraged recently discovered vulnerabilities in Microsoft Office products, edge networking device software, and remote access management systems. Although the most recent vulnerabilities are being exploited most heavily, their general characteristics continue to reinforce established trends regarding the categories of vulnerable software. Consequently, we strongly recommend applying the security patches provided by vendors.

C2 frameworks

In this section, we examine the most popular C2 frameworks used by threat actors and analyze the vulnerabilities targeted by the exploits that interacted with C2 agents in APT attacks.

The chart below shows the frequency of known C2 framework usage in attacks against users during Q1 2026, according to open sources.

TOP 10 C2 frameworks used by APTs to compromise user systems, Q1 2026 (download)

Metasploit has returned to the top of the list of the most common C2 frameworks, displacing Sliver, which now shares the second position with Havoc. These are followed by Covenant and Mythic, the latter of which previously saw greater popularity. After studying open sources and analyzing samples of malicious C2 agents that contained exploits, we determined that the following vulnerabilities were utilized in APT attacks involving the C2 frameworks mentioned above:

• CVE-2023-46604: an insecure deserialization vulnerability allowing for arbitrary code execution within the server process context if the Apache ActiveMQ service is running
• CVE-2024-12356 and CVE-2026-1731: command injection vulnerabilities in BeyondTrust software that allow an attacker to send malicious commands even without system authentication
• CVE-2023-36884: a vulnerability in the Windows Search component that enables command execution on the system, bypassing security mechanisms built into Microsoft Office applications
• CVE-2025-53770: an insecure deserialization vulnerability in Microsoft SharePoint that allows for unauthenticated command execution on the server
• CVE-2025-8088 and CVE-2025-6218: similar directory traversal vulnerabilities that allow files to be extracted from an archive to a predefined path, potentially without the archiving utility displaying any alerts to the user

The nature of the described vulnerabilities indicates that they were exploited to gain initial access to the system. Notably, the majority of these security issues are targeted to bypass authentication mechanisms. This is likely due to the fact that C2 agents are being detected effectively, prompting threat actors to reduce the probability of discovery by utilizing bypass exploits.

Notable vulnerabilities

This section highlights the most significant vulnerabilities published in Q1 2026 that have publicly available descriptions.

CVE-2026-21519: Desktop Window Manager vulnerability

At the core of this vulnerability is a Type Confusion flaw. By attempting to access a resource within the Desktop Window Manager subsystem, an attacker can achieve privilege escalation. A necessary condition for exploiting this issue is existing authorization on the system.

It is worth noting that the DWM subsystem has been under close scrutiny by threat actors for quite some time. Historically, the primary attack vector involves interacting with the NtDComposition* function set.

RegPwn (CVE-2026-21533): a system settings access control vulnerability

CVE-2026-21533 is essentially a logic vulnerability that enables privilege escalation. It stems from the improper handling of privileges within Remote Desktop Services (RDS) components. By modifying service parameters in the registry and replacing the configuration with a custom key, an attacker can elevate privileges to the SYSTEM level. This vulnerability is likely to remain a fixture in threat actor toolsets as a method for establishing persistence and gaining high-level privileges.

CVE-2026-21514: a Microsoft Office vulnerability

This vulnerability was discovered in the wild during attacks on user systems. Notably, an LNK file is used to initiate the exploitation process. CVE-2026-21514 is also a logic issue that allows for bypassing OLE technology restrictions on malicious code execution and the transmission of NetNTLM authentication requests when processing untrusted input.

Clawdbot (CVE-2026-25253): an OpenClaw vulnerability

This vulnerability in the AI agent leaks credentials (authentication tokens) when queried via the WebSocket protocol. It can lead to the compromise of the infrastructure where the agent is installed: researchers have confirmed the ability to access local system data and execute commands with elevated privileges. The danger of CVE-2026-25253 is further compounded by the fact that its exploitation has generated numerous attack scenarios, including the use of prompt injections and ClickFix techniques to install stealers on vulnerable systems.

CVE-2026-34070: LangChain framework vulnerability

LangChain is an open-source framework designed for building applications powered by large language models (LLMs). A directory traversal vulnerability allowed attackers to access arbitrary files within the infrastructure where the framework was deployed. The core of CVE-2026-34070 lies in the fact that certain functions within langchain_core/prompts/loading.py handled configuration files insecurely. This could potentially lead to the processing of files containing malicious data, which could be leveraged to execute commands and expose critical system information or other sensitive files.

CVE-2026-22812: an OpenCode vulnerability

CVE-2026-22812 is another vulnerability identified in AI-assisted coding software. By default, the OpenCode agent provided local access for launching authorized applications via an HTTP server that did not require authentication. Consequently, attackers could execute malicious commands on a vulnerable device with the privileges of the current user.

Conclusion and advice

We observe that the registration of vulnerabilities is steadily gaining momentum in Q1 2026, a trend driven by the widespread development of AI tools designed to identify security flaws across various software types. This trajectory is likely to result not only in a higher volume of registered vulnerabilities but also in an increase in exploit-driven attacks, further reinforcing the critical necessity of timely security patch deployment. Additionally, organizations must prioritize vulnerability management and implement effective defensive technologies to mitigate the risks associated with potential exploitation.

To ensure the rapid detection of threats involving exploit utilization and to prevent their escalation, it is essential to deploy a reliable security solution. Key features of such a tool include continuous infrastructure monitoring, proactive protection, and vulnerability prioritization based on real-world relevance. These mechanisms are integrated into Kaspersky Next, which also provides endpoint security and protection against cyberattacks of any complexity.

PWNED Welcome back to PWNED, the weekly column where we turn a white hot spotlight onto the cracks and crevices in company security and write about those who have let their guard down, often in the name of convenience, incompetence, or just plain laziness. Today’s tale of woe concerns the need to secure a network and the dangers of an insecure password. Our story comes courtesy of Roger Grimes, CISO advisor at security firm KnowBe4. He recounts a time when he had to get into a client’s network but didn’t have the credentials. Grimes was installing accounting software for a client and, as a result, needed to take the network down for a day. To make sure that he didn’t disturb any work, he decided to log into the system on a Saturday. Unfortunately, he was missing the admin password he needed to uninstall old software and add the new app. Since it was the weekend, no one was answering their work phones to give him the information he needed, and there was a good chance he would have to delay the upgrade until the following weekend. Grimes could have given up right there, but he had an idea. Why not try to figure out what the password was? The situation reminded him of a movie. “You know, the scene where the hacker is sitting at the terminal trying to log on, but the victim refuses to give up credentials. So the hacker starts typing random passwords out of thin air,” he said. “And wouldn’t you know it? They correctly guess the password at the last possible moment.” After trying numerous passwords, the advisor thought about a famous movie he had just watched: Citizen Kane. He decided to try “rosebud,” and voilà. (This vulture can identify with the Orson Welles focus, having just watched The Third Man this week.) It’s a good thing that it was Grimes, a legit contractor, guessing passwords instead of some miscreant. Picking a password from a movie plotline is a bad idea and, in this case, made even worse by the lack of numbers, capital letters, or symbols in the password. If you’re picking out a password, you might be better off generating a strong password that’s a string of random numbers and letters and then having it remembered by a password manager. Then, for the password manager itself, consider a passphrase that contains capital letters, symbols, and numbers such as “Shoe-Please6-Wrapped-Carbon-Wear” so you can try to remember it. You might also use a passphrase for your admin password – you can generate a random one using Keeper’s Passphrase Generator. Have a story about someone leaving a gaping hole in their network? Share it with us at [email protected]. Anonymity available upon request. ®

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky 

Cybersecurity researchers have discovered three packages on the Python Package Index (PyPI) repository that are designed to stealthily deliver a previously unknown malware family called ZiChatBot on Windows and Linux systems. "While these wheel packages do implement the features described on their PyPI web pages, their true purpose is to covertly deliver malicious files," Kaspersky Ravie Lakshmananhttp://www.blogger.com/profile/[email protected]

Hlavním problémem 16pin napájecího rozhraní je nerovnoměrný kontakt, v jehož důsledku se mohou být některé piny a kabely přehřívat, což vede k tavení, deformaci až doutnání. Asus přinesl řešení, ale…

Digitální svět přinesl pohodlí, které si dnes už ani neuvědomujeme. Platby probíhají během vteřin a převody vyřídíme na pár kliků. Zároveň ale roste i počet kyberútoků.

Exasoft po 22 letech na trhu končí, firma míří do insolvence. • Dříve měla miliardový obrat a prodejny po celé republice. • Nyní udržovala jen karvinskou prodejnu a spoléhala se na e-shop.

Garmin Fénix 8 Pro zlevnil na 21 990 Kč, základní Fénix 8 na 17 990 Kč. • Špičkové hodinky mají všechny myslitelné sportovní funkce a hodí se i pro potápění. • Model Pro má navíc jasnější displej, LTE a satelitní připojení.

Microsoft 365 (and Office 365) subscribers get more frequent software updates than those who have purchased Office without a subscription, which means subscribers have access to the latest features, security patches, and bug fixes. But it can be hard to keep track of the changes in each update and know when they’re available. We’re doing this for you, so you don’t have to.

Following are summaries of the updates to Microsoft 365/Office 365 for Windows over the past year, with the latest releases shown first. We’ll add info about new updates as they’re rolled out.

Note: This story covers updates released to the Current Channel for Microsoft 365/Office 365 subscriptions. If you’re a member of Microsoft’s Office Insider preview program or want to get a sneak peek at upcoming features, see the Microsoft 365 Insider blog.

Version 2604 (Build 19929.20136)

Release date: May 5, 2026

This build fixes a bug in which Outlook closed unexpectedly after replying to a mail item with labels.

Get more info about  Version 2604 (Build 19929.20136).

Version 2604 (Build 19929.20106)

Release date: April 29, 2026

This build includes “various fixes to functionality and performance,” according to Microsoft.

Get more info about Version 2604 (Build 19929.20106).

Version 2604 (Build 19929.20090)

Release date: April 21, 2026

This build includes “various fixes to functionality and performance,” according to Microsoft.

Get more info about Version 2604 (Build 19929.20090).

Version 2603 (Build 19822.20182)

Release date: April 14, 2026

In this build, Copilot can now edit your PowerPoint documents. Copilot can start a new presentation or build on an existing one, generate slides, update content, improve layouts, and polish design, while preserving formatting, structure, and branding. 

The build also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2603 (Build 19822.20182).

Version 2603 (Build 19822.20168)

Release date: April 9, 2026

This build fixes several bugs, including one in Outlook in which users could not close the Copilot chat pane using a keyboard. Users can now close the pane by navigating to the Close button using a keyboard or by using the assigned keyboard shortcut.

Get more info about Version 2603 (Build 19822.20168).

Version 2603 (Build 19822.20142)

Release date: March 31, 2026

This build includes “various fixes to functionality and performance,” according to Microsoft.

Get more info about Version 2603 (Build 19822.20142).

Version 2603 (Build 19822.20114)

Release date: March 24, 2026

This build fixes a single bug in which PowerPoint sometimes closed unexpectedly when opening a newly created empty file from the OneDrive folder.

Get more info about Version 2603 (Build 19822.20114).

Version 2602 (Build 19725.20190)

Release date: March 18, 2026

This build fixes an Outlook bug in which updating a single instance of a recurring meeting in a Microsoft 365 group calendar updated the entire series.

Get more info about Version 2602 (Build 19725.20190).

Version 2602 (Build 19725.20172)

Release date: March 10, 2026

This build introduces agent mode in Word, which adds a conversational chat experience that helps create, edit, and refine document content as you work. In addition, the build fixes a bug that impacted the rendering of extended characters in calendar items, causing certain characters to appear as question marks.

The build also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2602 (Build 19725.20172).

Version 2602 (Build 19725.20152)

Release date: March 3, 2026

This build fixes a bug in which closing a document sometimes remained in progress indefinitely after the Office app resumed from sleep or hibernation.

Get more info about Version 2602 (Build 19725.20152).

Version 2602 (Build 19725.20126)

Release date: February 24, 2025

This build fixes several bugs, including one that caused OneNote to close unexpectedly upon startup.

Get more info about Version 2602 (Build 19725.20126).

Version 2601 (Build 19628.20214)

Release date: February 17, 2025

This build includes, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2601 (Build 19628.20214).

Version 2601 (Build 19628.20204)

Release date: February 10, 2026

This build fixes a bug that sometimes prevented users from opening emails with the Encrypt Only label in Outlook.

It also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2601 (Build 19628.20204).

Version 2601 (Build 19628.20166)

Release date: February 3, 2026

This build includes, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2601 (Build 19628.20166).

Version 2601 (Build 19628.20150)

Release date: January 27, 2025

In this build, OneNote applies your chosen proofing language more consistently, so you don’t have to reset it for every paragraph when writing in multiple languages. In addition, the build fixes several bugs, including one that caused Office applications to become unresponsive when profile card-related activities were performed.

Get more info about Version 2601 (Build 19628.20150).

Version 2512 (Build 19530.20184)

Release date: January 21, 2025

This build includes, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2512 (Build 19530.20184).

Version 2512 (Build 19530.20144)

Release date: January 13, 2026

This build fixes a number of bugs, including one that caused Excel, PowerPoint, and Word to become unresponsive when profile card-related activities were performed.

It also plugs a number of security holes. For details, see Release notes for Microsoft Office security updates.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2512 (Build 19530.20144).

Version 2512 (Build 19530.20138)

Release date: January 8, 2025

This build offers, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2512 (Build 19530.20138).

Version 2511 (Build 19426.20218)

Release date: December 16, 2025

This build offers, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2511 (Build 19426.20218).

Version 2511 (Build 19426.20186)

Release date: December 9, 2025

This Patch Tuesday build offers, in Microsoft’s words, “Various fixes to functionality and performance.” The build also has a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2511 (Build 19426.20186).

Version 2511 (Build 19426.20170)

Release date: December 3, 2025

This build includes, in Microsoft’s words, “Various fixes to functionality and performance.”

Get more info about Version 2511 (Build 19426.20170).

Version 2510 (Build 19328.20244)

Release date: November 20, 2025

This build fixes a bug in Outlook that caused users to see “Contacting the server for information” repeatedly when loading some emails.

Get more info about Version 2510 (Build 19328.20244).

Version 2510 (Build 19328.20232)

Release date: November 18, 2025

This build includes, in the words of Microsoft, “various fixes to functionality and performance.”

Get more info about Version 2510 (Build 19328.20232).

Version 2510 (Build 19328.20190)

Release date: November 11, 2025

This Patch Tuesday build fixes a bug in Outlook that caused some recipients to be unable to access OneDrive links shared with them via email. The build also has a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2510 (Build 19328.20190).

Version 2510 (Build 19328.20178)

Release date: November 4, 2025

This build fixes a single bug, in which @mention searches produced no results in Office apps.

Get more info about Version 2510 (Build 19328.20178).

Version 2510 (Build 19328.20158)

Release date: October 30, 2025

This build introduces a new Get Data dialog in Windows that simplifies finding and using external data, and adds Analyze Data to the Data tab.

The build also fixed an bug in Outlook that prevented users from downloading web add-ins in some virtualized environments.

Get more info about Version 2510 (Build 19328.20158).

Version 2509 (Build 19231.20216)

Release date: October 21, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2509 (Build 19231.20216).

Version 2509 (Build 19231.20194)

Release date: October 14, 2025

This build has a variety of security updates (see details), along with various fixes to functionality and performance.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2509 (Build 19231.20194).

Version 2509 (Build 19231.20172)

Release date: October 7, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2509 (Build 19231.20172).

Version 2509 (Build 19231.20156)

Release date: October 1, 2025

This build fixes two bugs, one in Excel in which ribbon controls were not rendered when rejoining Office sessions in a virtual machine, Azure Virtual Desktop, or remote desktop environment, and another that caused Outlook to terminate unexpectedly when starting.

Get more info about Version 2509 (Build 19231.20156).

Version 2508 (Build 19127.20264)

Release date: September 23, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2508 (Build 19127.20264).

Version 2508 (Build 19127.20240)

Release date: September 16, 2025

This build has, in Microsoft’s words, “various fixes to functionality and performance.”

Get more info about Version 2508 (Build 19127.20240).

Version 2508 (Build 19127.20222)

Release date: September 9, 2025

This build has multiple security updates (see details), along with various fixes to functionality and performance.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2508 (Build 19127.20222).

Version 2508 (Build 19127.20192)

Release date: September 3, 2025

This build fixes a bug in which some Outlook add-ins were getting “Office.auth.getAccessToken is not a function” errors.

Get more info about Version 2508 (Build 19127.20192).

Version 2508 (Build 19127.20154)

Release date: August 26, 2025

This build fixes a bug that caused Outlook to terminate unexpectedly when sending a meeting invite with an encryption label. It also adds support for pixelated rendering of embedded images in SVG assets for the entire Office suite.

Get more info about Version 2508 (Build 19127.20154).

Version 2507 (Build 19029.20208)

Release date: August 19, 2025

This build fixes a variety of bugs.

Get more info about Version 2507 (Build 19029.20208).

Version 2507 (Build 19029.20184)

Release date: August 12, 2025

This build fixes a bug which required users to restart Outlook to open a .msg file after initially accessing it once. The build also includes a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2507 (Build 19029.20184).

Version 2507 (Build 19029.20156)

Release date: August 5, 2025

This build fixes a single bug, in which users had to restart Outlook to open a .msg file after initially accessing it once.

Get more info about Version 2507 (Build 19029.20156).

Version 2507 (Build 19029.20136)

Release date: July 30, 2025

This build fixes a wide variety of bugs, including in which Outlook closed unexpectedly shortly after launch, and another in Word in which the word count sometimes displayed incorrectly.

Get more info about Version 2507 (Build 19029.20136).

Version 2506 (Build 18925.20184)

Release date: July 22, 2025

This build fixes two bugs, one that caused the Copilot Command Center to continue to be visible after disabling the Copilot user interface, and another in which when creating handouts in PowerPoint, certain characters (full-width numbers) couldn’t be properly transferred to the handout.

Get more info about Version 2506 (Build 18925.20184).

Version 2506 (Build 18925.20168)

Release date: July 15, 2025

This build fixes two bugs, one that caused Visio 32-bit to close unexpectedly when using the Drawing control, particularly in setups involving COM components or .NET integrations, and another in Word in which copying and pasting content between documents sometimes changed the applied style unexpectedly.

Get more info about Version 2506 (Build 18925.20168).

Version 2506 (Build 18925.20158)

Release date: July 8, 2025

This Patch Tuesday build fixes several bugs in Outlook, PowerPoint, Word, and the whole Office suite, including one that caused the Copilot icon to unexpectedly display in Outlook when Copilot had been disabled by the admin in government cloud.

The release also includes a variety of security updates (see details).

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2506 (Build 18925.20158).

Version 2506 (Build 18827.20176)

Release date: July 1, 2025

This build fixes a wide variety of bugs, including one in Word in which print preview sometimes stopped working when printing long emails.

Get more info about Version 2506 (Build 18827.20176).

Version 2505 (Build 18827.20176)

Release date: June 26, 2025

This build introduces several new features, including one in Excel in which the PivotTables dialog box interface has been replaced by a redesigned panel, making it easier to view all of your options and simpler to change your data selection before inserting a recommended PivotTable.

Get more info about Version 2505 (Build 18827.20176).

Version 2505 (Build 18827.20164)

Release date: June 17, 2025

This build fixes a bug that caused the “Try the new Outlook” toggle to be enabled when working in Classic Outlook side by side with the new Outlook.

Get more info about Version 2505 (Build 18827.20164).

Version 2505 (Build 18827.20150)

Release date: June 10, 2025

This build fixes several bugs, including one for the entire Office suite in which a Save As attempt on an existing file didn’t complete successfully, and subsequent attempts continued to encounter issues when trying to save to a file that no longer existed.

This Patch Tuesday release also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about  Version 2505 (Build 18827.20150).

Version 2505 (Build 18827.20140)

Release date: June 3, 2025

This build offers a variety of bug and performance fixes.

Read about Version 2505 (Build 18827.20140).

Version 2504 (Build 18730.20186)

Release date: May 20, 2025

This build introduces a new PowerPoint feature: Notification emails for mentions, tasks, comments, and replies will now contain context previews even when the source document is encrypted, and the email will inherit the document’s security policies.

Get more info about Version 2504 (Build 18730.20186).

Version 2504 (Build 18730.20168)

Release date: May 13, 2025

This build fixes a bug in which users were seeing high CPU usage when typing in Outlook. It also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2504 (Build 18730.20168).

Version 2504 (Build 18730.20142)

Release date: May 6, 2025

This build includes various bug and performance fixes.

Get more info about Version 2504 (Build 18730.20142).

Version 2504 (Build 18730.20122)

Release date: April 29, 2025

This build fixes a wide variety of bugs, including one in which PowerPoint was unable to open a file from a network mapped drive from File Explore, another in which Word closed unexpectedly when opening .doc files, and another for the entire Office suite in which large 3D files couldn’t be inserted.

Get more info about Version 2504 (Build 18730.20122).

Version 2503 (Build 18623.20208)

Release date: April 17, 2025

This build fixes a bug that could cause Excel to stop responding.

Get more info about Version 2503 (Build 18623.20208).

Version 2503 (Build 18623.20178)

Release date: April 8, 2025

This build fixes a single bug in Word in which users may have encountered an issue with saving, seeing the message “saving…” in the title bar. It  also includes a variety of security updates. Go here for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2503 (Build 18623.20178).

Version 2503 (Build 18623.20156)

Release date: April 2, 2025

This build lets you use Dark Mode in Excel, which darkens your entire sheet, including cells, and may reduce eye strain. It also fixes several bugs, including one in Word in which opening specific files that contain many tracked changes and comments resulted in poor performance, and one in PowerPoint in which the app was not displaying the icon for an inserted PDF object.

Get more info about Version 2503 (Build 18623.20156).

Version 2502 (Build 18526.20168)

Release date: March 11, 2025

This build fixes several bugs, including one in which some Word files with numerous tracked changes and comments were slow. It also includes a variety of security updates: see details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2502 (Build 18526.20168).

Version 2502 (Build 18526.20144)

Release date: March 5, 2025

This build fixes a wide variety of bugs, including one in Word in which the default font size may not be 12pt as expected, and another in which PowerPoint automatically closed when the system went into hibernate or sleep mode.

Get more info about Version 2502 (Build 18526.20144).

Version 2501 (Build 18429.20158)

Release date: February 11, 2025

This build removes the option to display Track Changes balloons in left margin in Word. It also includes a variety of security updates. See “Release notes for Microsoft Office security updates” for details.

What IT needs to know: Because this is a security update, it should be applied relatively soon. Over the next few weeks, check for reports about problematic issues, and if all seems well, apply the update.

Get more info about Version 2501 (Build 18429.20158).