How the 54-storey tower (centre) would look when built Architect Patel Taylor has unveiled images of what one of London’s tallest residential towers in Canary Wharf would look like. The 54-storey 77 Marsh Wall scheme is being developed by Areli Developments on behalf of British Airways Pension Trustees and would contain around 820 homes above a mixed-use podium which will include retail, restaurant and café space. It would be Canary Wharf’s third tallest tower if built, behind the 235m One Canada Square and 233m Landmark Pinnacle. The scheme would require the demolition of the site’s existing building, a 17-storey office block built in the early 1990s known as Sierra Quebec Bravo. The 77 Marsh Wall scheme would include restaurants and retail at ground floor level Areli said the existing building offers “very little in the way of benefits to the community” and that it wanted to maximise the “unique and exciting” potential of the waterfront site with new public spaces, shops and restaurants. The podium would contain around 4,000sq m of retail, leisure and workspace along with a cinema and cycle parking under early plans aired in a public consultation. Green space is also included in the plans which saw two public consultation events held last month. Homes in the tower above the podium would be of a mix of tenures including shared ownership, build to rent, social rent, apart-hotel and co-living. The site’s existing 17-storey office block would be demolished An environmental impact assessment scoping report has been drawn up by consultant Trium for to Tower Hamlets council with a planning application expected to be submitted later this summer. Other firms currently on the project team include planning consultant DP9 and communications firm Kanda Consulting.

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

This week's news recap is here with a lot of news and announcements from the Build 2025 developer conference, a bunch of new Windows 11 preview builds, fresh features for inbox Windows 11 apps, more Xbox games for PlayStation 5, and other stories. Quick links: Here, we talk about everything happening around Microsoft's latest operating system in the Stable channel and preview builds: new features, removed features, controversies, bugs, interesting findings, and more. And, of course, you may find a word or two about older versions. Build 2025, Microsoft's annual developer conference, took place this week. There, the company announced some interesting stuff for Windows 11. While it was primarily aimed at developers, regular users will also find some of the upcoming changes useful and interesting. The Settings app, for one, is getting the new Advanced page for the Settings app (now available in the latest preview build). There is also a new command-like editor called Edit, WinGet Configuration for quick dev environment deployments, and more. Developers and users will also be glad to learn about the Microsoft Store improvements, which include the "last updated" date for apps, free registration for individual developers, better Health Reports in the Partner Center, direct Win32 updates, and more. Microsoft is also improving Administrator protection in Windows 11, adding quantum encryption to Windows builds, and bringing Model Context Protocol support to its operating system. Moving from announcements to releases, Microsoft pushed KB5061768 to Windows 10 users to address BitLocker recovery loops on certain Intel-based systems. The update is available in the Microsoft Update Catalog only (not obtainable via Windows Update). Now, here is some interesting Windows trivia. A Microsoft engineer published a blog post explaining how Windows cleverly guesses it despitenot knowing how fast your processor actually is. Another engineer showed how bad code in apps can lead to Windows system slowdown. Also, here is a remastered version of the original Windows 95 wallpaper, in case you want some high-resolution nostalgia on your 4K monitor, and an interesting discussion about which Windows version is the best for old PCs (not Windows 11). Here is what Microsoft released for Windows Insiders this week: Builds Canary Channel Build 27863 The Canary Channel received a relatively small build with post-quantum cryptography support and a few bug fixes. Dev Channel Build 26200.5603 (KB5058488) A pretty big release with new stuff like the announced AI actions in File Explorer, the Advanced Settings page, redesigned Windows Widgets, an improved energy saver, the ability to compress images before sharing them, and plenty more. Beta Channel Build 26120.4151 (KB5058486) This build is identical to 26200.5603 from the Dev Channel. Build 26120.4151 (KB5058515) In this build, Microsoft introduced new capabilities for Click to Do, some widget improvements, lock screen widget customization, more app recommendations across the operating system, and various fixes. Release Preview Channel Build 26100.4188 (KB5058499) This preview of the upcoming non-security update delivers more AI-powered capabilities to compatible Copilot+ PCs, HDR improvements, new Copilot features, and various fixes for audio, USB, MMC, input, and more. Plenty of new features in this week's builds are rolling out gradually, including AI Actions for File Explorer. However, as usual, you can enable them with a simple third-party tool. Check out this article to learn how to force-enable AI Actions in File Explorer. Some hidden stuff for Windows 11 was also discovered this week. For one, it looks like Windows 11 will soon have its own variant of Handoff from macOS. During a Build session, Microsoft showcased how users can transfer their workflow from a mobile device and continue where they left off on Windows 11. Nothing has been publicly announced, though. Second, Microsoft is working on the ability to save screen recordings as GIFs in Snipping Tool. What is not hidden are the new features for Paint, Snipping Tool, and Notepad, which Microsoft announced earlier this month at its Surface event. Those features are now rolling out to Windows Insiders in the Dev and Canary Channels. This section covers software, firmware, and other notable updates (released and coming soon) delivering new features, security fixes, improvements, patches, and more from Microsoft and third parties. At Build 2025, Microsoft announced many updates. Starting with open-source, GitHub Copilot in Visual Studio Code and Windows Subsystem for Linux are now open-source, which means everyone can build their own projects based on them and contribute to the development. Recently, Microsoft sent an email asking for feedback on a new set of Office icons. While a public announcement has not been made yet, someone on Reddit took the matter into their own hands and made the icon pack themselves. Behold, a pack of high-quality Office icons that you can download right now. Speaking of Office, Microsoft introduced its presentation customization tool for PowerPoint to Mac users. This accessibility feature helps create a logical reading flow for elements in your slide and improves other aspects that make it easier for viewers to make sense when viewing and reading your slides. This week brought plenty of browser updates. Microsoft, for one, is making Google Chrome a bit safer by bringing Edge's automatic privilege de-elevation mechanism to the most popular browser in the world. Microsoft Edge received this feature six years ago, and now, it is finally making it to Chrome. Microsoft also released two updates: one for Edge Stable and one for Edge Beta. These updates introduced more Copilot for the new tab page and fixed a bunch of bugs. At Build 2025, Microsoft announced several updates to its browser, including free content filtering on Edge for Business, PDF translation, summaries, and take automation. The company also proposed a new AI API web standard to help developers integrate AI functionality into their web apps. Vivaldi received a new feature update under version 7.4. While it is not the biggest release, it introduced some neat improvements, such as better keyboard shortcut controls and enhancements to the address bar. Here are other updates and releases you may find interesting: Here are the latest drivers and firmware updates released this week: Nvidia 576.52 WHQL with the RTX 5060 support and bug fixes. Also, Nvidia released a firmware update for the RTX 5060 and 5060 Ti to fix black screens during reboots on systems with old motherboards. Here is the hardware and software we reviewed this week This week, Robbie Khan reviewed the Sharge ICEMAG 2, an interesting Qi2 wireless power bank with active cooling to keep temperatures low when charging your device wirelessly. It has a unique design and solid build quality, but some of its quirks lowered the final score. Learn about upcoming game releases, Xbox rumors, new hardware, software updates, freebies, deals, discounts, and more. PlayStation is getting another slice of the Xbox pie. Ninja Theory announced that Senua's Saga: Hellblade II is coming to PlayStation 5 later this year. No exact dates have been shared yet, though. Valve released an update for SteamOS. Version 3.7.8 arrived in the Stable Channel with a few important changes, such as support for other AMD-based handhelds, a battery limiter for the Steam Deck, and multiple bug fixes. Nvidia is running a Summer Sale, during which you can purchase six months of the GeForce NOW Performance plan with a 40% discount for just $29.99. In addition, the company added support for more games, including the enhanced edition of the STALKER trilogy, Survive the Fall, Blades of Fire, Monster Train 2, and more. Speaking of GeForce NOW, it is now available in the updated Xbox app on PC. The app can now prompt you to select the preferred streaming service: Xbox Cloud Gaming or GeForce NOW. Other changes in the May 2025 update include improved widgets for the GameBar and more. Xbox Game Pass now has more games. Microsoft announced the latest additions to the catalog, which include Moster Train 2, Creatures of Ava, S.T.A.L.K.E.R. 2, Symphonia, Spray Paint Simulator, and more. Deals and freebies This week's Weekend PC Game Deals is full of Warhammer specials, Witcher anniversary discounts, and three freebies from the Epic Games Store, which include the just-released Deliver At All Costs. Other gaming news includes the following: Every week, we cover many deals on different hardware and software. The following discounts are still available, so check them out. You might find something you want or need. Samsung Q-Series Soundbar HW-Q900F - $1,097.99 | Skullcandy Crusher ANC 2 Wireless - $128.99 | 44% off Sonos Move 2 - $336 | 25% off Samsung Q990F Soundbar - $1,597.99 | 20% off This link will take you to other issues of the Microsoft Weekly series. You can also support Neowin by registering a free member account or subscribing for extra member benefits, along with an ad-free tier option. Microsoft Weekly image background by Engin_Akyurt on Pixabay

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Windows 11 gets post-quantum cryptography and various fixes in build 27863 Taras Buria Neowin @TarasBuria · May 23, 2025 13:40 EDT Microsoft is rolling out a new Windows 11 preview build in the Canary Channel. Build 27863 is not the biggest one, and there are not that many updates. However, it contains some important changes, like post-quantum cryptography, which Microsoft announced at its annual Build conference earlier this week. Windows 11 now supports the post-quantum signature algorithm ML-DSA in the NCrypt and BCrypt cryptography API surfaces, as well as the Crypt32 certificate APIs. Other changes in Windows 11 build 27863 include three fixes. One resolves error 0xc0370106 upon Windows Sandbox launch that occurred in the previous Canary build. Another fix patches the bug with core Windows surfaces not being able to load in safe mode. Those include File Explorer, Start menu, and other elements. Finally, build 27863 fixes problems with the msftedit.dll library, which was causing apps like Sticky Notes and Dxdiag to crash on systems with certain locales, such as Hebrew or Arabic. Known issues include the following: Improtant Note for Copilot+ PCs: If you are joining the Canary Channel on a new Copilot+ PC from the Dev Channel, Release Preview Channel or retail, you will lose Windows Hello pin and biometrics to sign into your PC with error 0xd0000225 and error message “Something went wrong, and your PIN isn’t available”. You should be able to re-create your PIN by clicking “Set up my PIN”. You may see an Administrative Templates error message when opening Group Policy Editor. If you click OK you should be able to proceed as normal. One of the causes of this is fixed with this flight – there’s a second fix we’re working on which will be included in an upcoming flight. We’re investigating an issue where the taskbar is unexpectedly not showing acrylic material after upgrading to this build. We’re working on the fix for an issue where audio devices with high sampling (like 192Hz) and multiple channels aren’t producing sound after upgrading to this build. Thanks Insiders that provided detailed information in your feedback! [Input] Pen input may be non-responsive on some PCs that support pen for inking. [Task Manager] Search and other options such as filtering in Task Manager does not work. You can find the official announcement post here. Tags Report a problem with article Follow @NeowinFeed

Since last year, it has been possible to summarize texts and adjust the tone of your writing in Notepad, using Microsoft’s AI tool Copilot. In the latest beta version of Notepad (11.2504.46.0), it is also possible to create new texts from a text prompt. You can then edit the document until you are satisfied. Paint will also be equipped with new AI features, including the ability to create stickers that you can use in your documents. It will also be possible to isolate and edit individual elements, which can be useful if you want to reuse parts of your drawings. Finally, the Snipping Tool will have a new AI feature to make sure your screenshots are ‘perfect.’ The latest beta versions of these apps are available to Windows Insiders in the Canary and Dev Channels on Windows 11. More information about the AI news can be found on the official Windows Insider blog.

As of yesterday, Microsoft has begun rolling out a new update to Windows 11 Insiders on the Dev and Canary Channels. This update brings new AI features to Notepad, Paint, and the Snipping Tool. Notepad now has the ability to write text from scratch using generative AI, which is meant to aid you by quickly producing drafts based on your prompts and instructions. To use AI text generation, simply right-click anywhere in the document and select Write. Type in your instructions, then either click Keep Text or Discard on the results. You’ll need a Microsoft account and AI credits to use Write in Notepad. Meanwhile, Paint now has a new AI-generated sticker feature as well as an AI-assisted smart selection tool for isolating and editing elements in an image, and Snipping Tool has a new AI-powered “perfect screenshot” feature for capturing your screen without the need to crop or resize afterwards. Paint’s new AI features only work on Copilot+ PCs while Snipping Tool’s features work on all computers. All of this builds on Microsoft’s strategy to bring more AI experiences to Notepad, Paint, and other Windows apps.

Microsoft Build 2025 is almost at an end. Microsoft’s annual developer conference might be aimed at software engineers and cloud devs, but realistically, there’s plenty in there to dig into even if you don’t work as a programmer. Unsurprisingly, the theme throughout the conference this year (and for some years previous now) has been AI. In his opening keynote, Microsoft’s CEO Satya Nadella highlighted the importance of AI and the company’s plan of “building the open, agentic web at scale.” The idea is to hand over the reins to Copilot and let the AI agents take over repetitive, costly tasks. Here are some of the most important announcements from this year’s Microsoft Build. Recommended Videos Windows File Explorer gets an AI-powered boost By the sound of it, this is a tool we might all benefit from and not something strictly aimed at devs. Windows File Explorer will now receive something Microsoft refers to as “AI actions.” Available in Windows 11, AI actions (or shortcuts, if you will) will let you right-click on a file of your choosing and use AI to get things done easier. Some of the highlights here include the ability to get Copilot to summarize an Office document for you, right from the File Explorer menu. You can also erase unwanted objects from photos, again, thanks to AI, or blur or remove the background with Paint (via Copilot, that is). As reported by The Verge, there might be more coming than what Microsoft specifically spoke about; four new image-related AI actions are currently in the Dev Channel builds of Windows 11. This includes the ability to find similar images on the web with the help of Bing. GitHub gets an AI coding agent The big announcement here is that GitHub Copilot will now be available to all Copilot Enterprise and Copilot Pro+ users, but also that Copilot’s coding agent will save devs a lot of time — which could reduce the time it takes for new features to come out and be available to us all. Although many developers aren’t huge fans of the use of AI in their daily work, many others find the benefits in automating simpler tasks, which frees them up to work on more complex code. For the latter, Microsoft has just introduced a new coding agent, now available on GitHub. The agent was made to help programmers with one of the most annoying parts of their jobs — bug fixes. It’ll also take care of adding features and refactoring code. “GitHub continues to be the home for developers. […] We’re doubling down for developers building any applications. Trust, security, compliance, auditability, data residency are even more critical today. Open-source is at the core of GitHub, and we’re taking this next big step,” said Nadella. You can now translate PDFs directly in Edge If you deal with a lot of PDFs, you’ll love this one: You’ll soon be able to translate them directly in the Microsoft Edge browser. Simply clicking “translate” in the address bar will let you leverage AI to translate the entire document into one of over 70 languages supplied by Microsoft. This appears to only be a feature in Edge for Business, though. Right now, it’s rolling out to Windows Canary users and is said to be available next month. Microsoft 365 gets a major AI boost with new agents As reported by PCMag, the new update to Copilot is said to be huge. Microsoft CEO Satya Nadella himself referred to it as the biggest update since the launch of Teams — and whether you love it or not, it’s hard to deny that Teams turned out to be a pretty big thing worldwide. Copilot’s current arsenal of AI-powered goodies includes Chat, which is essentially Microsoft’s version of ChatGPT. Search lets Copilot dig through your files and help you find what you’re asking for. The results of both those tools can be summarized in Notebook. Of course, you can also generate images, PowerPoints, and videos with Create. Microsoft is now taking AI a few steps further by adding Agents. Agentic AI is a big topic these days, so it’s not a surprise to see Microsoft jumping on the bandwagon. Microsoft’s AI agents now include Researcher and Analyst. Researcher relies on deep reasoning to help you create comprehensive reports. Copilot’s Researcher will be able to search the web and your own files, giving it a solid overview of various sources. Analyst fills in the gaps by being able to analyze data, including massive spreadsheets, to help you analyze (well, duh) various data points and draw accurate comparisons. Although exciting, these new AI agents will be available to large enterprises. The company needs to be included in Microsoft’s Frontier program to benefit. Perhaps with time, Microsoft will bring AI agents to Copilot at large. AI, AI everywhere At this point, no one is surprised when an event such as Microsoft Build focuses solely on the use of AI. Many hoped to hear more about things like the Xbox handheld, but alas, that did not happen. A lot of the new features and improvements announced during Build weren’t consumer-centric, but I recommend watching the full video if you’re curious about what else is new. Remember to also check out our Best of Computex 2025 roundup to give you a better overview of the exciting tech that made a debut in the last week.

Scene at UKREiiF 2025 outside the Canary bar UKREiiF is getting bigger by the year, with more than 16,000 professionals attending the 2025 construction conference in Leeds this week during three days of sunny weather, networking, panel discussions and robust amounts of booze. It has grown so big over the past few years that it seems almost to have outgrown the city of Leeds itself. A running joke among attendees was the varying quality of accommodation people had managed to secure. All of the budget hotels in the city were fully booked months in advance of the conference, with many - including at least one member of Parliament - reduced to kipping in bed and breakfasts of a questionable nature. Many were forced to stay in nearby towns including York, Wakefield and Bradford and catch the train to the conference each morning. But these snags served as ice breakers for more important conversations at an event which has come at a key pivot point for the industry. With the government on the brink of launching its 10-year industrial strategy and its new towns programme, opportunity was in the air. Networking events between government departments and potential suppliers of all sectors were well attended, although many discussion panels focused on the question of how all of this work would be paid for. And hanging over the conference like a storm cloud were the mounting issues at the Building Safety Regulator which are continuing to cause expensive delays to high rise schemes across the country. While many attendees eyed a huge amount of potential work to fill up pipelines, it was clear the industry is still facing some systemic challenges which could threaten a much-needed recovery following a long period of turmoil. How will the issues at the Building Safety Regulator be fixed? You did not even have to go inside an event titled “Gateways and Growing Pains: Tackling the Building Safety Act” to see how much this issue is affecting construction at the moment. The packed out tent was overflowing into the space outside, with those inside stood like sardines to watch a panel discussion about what has been happening in the high rise residential sector over the past year.  Audience members shared their horror stories of schemes which have been waiting for the best part of a year to get gateway 2 approval from the regulator, which is needed to start construction. There was a palpable sense of anger in the crowd, one professional describing the hold-ups which had affected his scheme as a “disgrace”. Others highlighted the apparent inconsistency of the regulator’s work. One attendee told how two identical buildings had been submitted to the regulator in separate gateway 2 applications and assigned to two separate technical teams for approval. One application had received no follow up questions, while the other had been extensively interrogated. “The industry should hold its head in shame with regard to what happened at Grenfell, but post that, it’s just complete disarray,” he said. More than 16,000 professionals attended the 2025 event While many are currently focusing on delays at pre-construction, others raised the looming gateway 3 approvals which are needed before occupation. Pareto Projects director Kuli Bajwa said: “Gateway 2 is an issue, but when we get to gateway 3, we’re committed to this project, money’s been spent, debt’s been taken out and week on week it’s costing money. It just keeps wracking up, so we need to resolve that with the regulator asap.” >> See also: Homes England boss calls on government to fix ‘unacceptably slow’ gateway 2 approvals Caddick Construction managing director for Yorkshire and the North East Steve Ford added: “I think where it will probably get interesting and quite heated I guess is at the point where some of these schemes get rejected at gateway 3, and the finger pointing starts as to why it’s not got through gateway 3.” Simon Latson, head of living for the UK and Ireland at JLL, offered a potential solution. “We will be dealing with the regulator all the way through the construction process, and you would like to think that there is a collaborative process where you get early engagement and you can say ‘I’m 12 weeks out from completion, I’m going to start sending you all of my completion documents, my fire alarm certificate’, and say ‘thanks very much that’s the last thing on my list’. That’s probably wishful thinking but that’s got to be a practical solution, as early engagement as possible.” How is the government going to pay for its infrastructure strategy? Ministers are expected to outline the government’s ten-year infrastructure strategy next month, outlining ambitions not only for transport but social infrastructure including schools and healthcare. At an event titled “A Decade of National Renewal: What Will This Mean for our Regions, Towns and Cities?”, a panel of experts including London deputy mayor Jules Pipe highlighted how much of this new infrastructure is needed to enable the government to achieve its housing targets. But how will it be funded? Tom Wagner, cofounder of investment firm Knighthead Capital, which operates largely in the West Midlands with assets including Birmingham City FC, gave a frank assessment of the government’s policies on attracting private sector investment. “There have been a lot of policies in the UK that have forced capital allocators to go elsewhere,” he said, calling for lower taxes and less restrictions on private finance in order to stop investors fleeing to more amenable destinations overseas.  “What we’ve found in the UK is, as we’re seeking to tax those who can most afford it, that’s fine, but unless they’re chained here, they’ll just go somewhere else. That creates a bad dynamic because those people are the capital providers, and right now what we need is capital infusion to foster growth.” The main square at the centre of the conference Pipe offered a counterpoint, suggesting low taxes were not the only reason which determines where wealthy people live and highlighted the appeal of cities which had been made livable by good infrastructure. “There are people living in some very expensive cities but they live there because of the cosmopolitan culture and the parks and the general vibe, and that’s what we have to get right. And the key thing that leads to that is good transport, making it livable.” Pipe also criticised the penny-pinching tendencies of past governments on infrastructure investment, including on major transports schemes like Crossrail 2 which were mothballed due to a lack of funds and a perceived lack of value added. “All these things were fought in the trenches with the Treasury about ‘oh well there’s no cost benefit to this’. And where is the major transport like that where after ten years people are saying ‘no one’s using it, that was a really bad idea, it’s never opened up any new businesses or new homes’? It’s absolute nonsense. But that seems to be how we judge it,” he said. One solution could be funding through business rates, an approach used on the Northern Line Extension to Battersea Power Station. But the benefits of this have been largely overlooked, Pipe said. “One scheme every ten or twenty years is not good enough. We need to do this more frequently”. What is the latest on the government’s new towns programme? Where are the new towns going to be built? It was a question which everybody was asking during the conference, with rumours circulating around potential sites in Cambridge of Plymouth. The government is set to reveal the first 12 locations of 10,000 homes each in July, an announcement which will inevitably unleash an onslaught of NIMBY outcries from affected communities. A large crowd gathered for an “exclusive update” on the programme from Michael Lyons, chair of the New Towns Taskforce appointed by the government to recommend suitable sites, with many in attendance hoping for a big reveal on the first sites. They were disappointed, but Lyons did provide some interesting insights into the taskforce’s work. Despite a “rather hairbrained” timescale given to the team, which was only established last September, Lyons said it was at a “very advanced stage” in its deliberations after spending the past few months touring the country speaking to developers, landowners and residents in search of potential sites. >> See also: Don’t scrimp on quality standards for new towns, taskforce chair tells housebuilders “We stand at a crucial moment in the history of home building in this country,” he said. The government’s commitment to so many large-scale developments could herald a return to ambitious spatial planning, he said, with communities strategically located close to the most practical locations for the supply of new infrastructure needed for people to move in. A line of tents at the docks site, including the London Pavilion “Infrastructure constraints, whether it’s water or power, sewage or transport, must no longer be allowed to hold back growth, and we’ve been shocked as we looked around the country at the extent to which plans ready to be advanced are held back by those infrastructure problems,” he said. The first sites will be in places where much of this infrastructure is already in place, he said, allowing work to start immediately.  An emphasis on “identity and legibility” is also part of the criteria for the initial locations, with the government’s design and construction partners to be required to put placemaking at the heart of their schemes. “ We need to be confident that these can be distinctive places, and that the title of new town, whether it’s an urban extension or whether it’s even a reshaping of an existing urban area or a genuine greenfield site, that it genuinely can be seen and will be seen by its residents as a distinct community.” How do you manage a working public-private partnership? Successful public partnerships between the public sector and private housebuilders will be essential for the government to achieve its target to build 1.5 million homes by the end of this parliament in 2029. At an event hosted by Muse, a panel discussed where past partnerships have gone wrong and what lessons have been learned. Mark Bradbury, Thurrock council’s chief officer for strategic growth partnerships and special projects, spoke of the series of events which led to L&Q pulling out of the 2,800-home Purfleet-on-Thames scheme in Essex and its replacement by housing association Swan. “I think it was partly the complex nature of the procurement process that led to market conditions being quite different at the end of the process to the start,” he said. “Some of the original partners pulled out halfway through because their business model changed. I think the early conversations at Purfleet on Thames around the masterplan devised by Will Alsop, the potential for L&Q to be one of the partners, the potential for a development manager, the potential for some overseas investment, ended up with L&Q deciding it wasn’t for their business model going forwards. The money from the far east never materialised, so we ended up with somebody who didn’t have the track record, and there was nobody who had working capital.  “By then it was clear that the former partnership wasn’t right, so trying to persuade someone to join a partnership which wasn’t working was really difficult. So you’ve got to be really clear at the outset that this is a partnership which is going to work, you know where the working capital is coming from, and everybody’s got a track record.” Muse development director for residential Duncan Cumberland outlined a three-part “accelerated procurement process” which the developer has been looking at in order to avoid some of the setbacks which can hit large public private partnerships on housing schemes. The first part is developing a masterplan vision which has the support of community stakeholders, the second is outlining a “realistic and honest” business plan which accommodates viability challenges, and the third is working closely with public sector officials on a strong business case. A good partnership is almost like being in a marriage, Avison Young’s London co-managing director Kat Hanna added. “It’s hard to just walk away. We’re in it now, so we need to make it work, and perhaps being in a partnership can often be more revealing in tough times.”

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft rolls out big updates for Paint, Notepad, and Snipping Tool Taras Buria Neowin @TarasBuria · May 22, 2025 14:18 EDT Earlier this month, alongside the announcement of two new Surface devices, Microsoft revealed some upgrades for stock Windows 11 apps, namely Paint, Snipping Tool, and Notepad. The promised new features are now rolling out to Windows Insiders in the Dev and Canary Channels. Starting with Paint, version 11.2504.451.0 introduces Sticker Generator, a new AI-powered feature that generates stickers (duh). You can invoke it from the Copilot menu by selecting "Sticker Generator." Next, enter your prompt, and Paint will generate a set of stickers that you can instantly add to the canvas. Paint will also store your generated stickers for later use. Keep in mind that Sticker Generator is only available on Copilot+ PCs, and it requires signing in with a Microsoft Account. Another new feature in Paint is called Object Select. This is yet another AI thing that uses artificial intelligence to isolate and select individual objects on your canvas so that you can edit or remove them. Finally, Paint now has a new welcome experience that showcases the latest changes and various useful features. Snipping Tool has been updated to version 11.2504.38.0 with two new features: "Perfect Screenshot" and a color picker. Perfect Screenshots uses AI to detect shapes and objects and snap the selected area to them. As for the color picker, Snipping Tool can now grab color values in HEX, RGB, and HSL. Finally, Notepad. Version 11.2504.46.0 introduces text generation. You can select a portion of text, press Ctrl + Q and describe what changes you would like the AI to make. If you do not like this, Microsoft allows you to turn it off in settings. It is also worth noting that this feature requires a Microsoft Account with Copilot Pro or a Microsoft 365 subscription with AI credits. You can read more about these announcements in a blog post on the official Windows Blogs website. Tags Report a problem with article Follow @NeowinFeed

writing without writing In 3.5 years, Notepad.exe has gone from “barely maintained” to “it writes for you” AI features in Windows are gradually becoming more widespread and inescapable. Andrew Cunningham – May 22, 2025 6:46 pm | 0 Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more By late 2021, major updates for Windows' built-in Notepad text editor had been so rare for so long that a gentle redesign and a handful of new settings were rated as a major update. New updates have become much more common since then, but like the rest of Windows, recent additions have been overwhelmingly weighted in the direction of generative AI. In November, Microsoft began testing an update that allowed users to rewrite or summarize text in Notepad using generative AI. Another preview update today takes it one step further, allowing you to write AI-generated text from scratch with basic instructions (the feature is called Write, to differentiate it from the earlier Rewrite). Like Rewrite and Summarize, Write requires users to be signed into a Microsoft Account, because using it requires you to use your monthly allotment of Microsoft's AI credits. Per this support page, users without a paid Microsoft 365 subscription get 15 credits per month. Subscribers with Personal and Family subscriptions get 60 credits per month instead. Microsoft notes that all AI features in Notepad can be disabled in the app's settings, and obviously, they won't be available if you use a local account instead of a Microsoft Account. Microsoft is also releasing preview updates for Paint and Snipping Tool, two other bedrock Windows apps that hadn't seen much by way of major updates before the Windows 11 era. Paint's features are also mostly AI-related, including a "sticker generator" and an AI-powered smart select tool "to help you isolate and edit individual elements in your image." A new "welcome experience" screen that appears the first time you launch the app will walk you through the (again, mostly AI-related) new features Microsoft has added to Paint in the last couple of years. Snipping Tool gets two new features. One is a color picker that will let you see the hex, RGB, or HSL values of colors in a given screenshot. The other is a "perfect screenshot" option that will attempt to automatically crop app windows or other elements onscreen without requiring you to edit it manually after you capture it. The perfect screenshot feature appears to use local processing rather than cloud processing, because it requires a Copilot+ PC. This means using it doesn't require AI credits, but it will also only function on brand-new PCs with certain Qualcomm Snapdragon, Intel Core Ultra, or AMD Ryzen AI processors inside. These updates are rolling out to Windows Insiders in the Canary and Dev channels, which get new features faster than the Beta or Release Preview channels but are also less stable. Not all of these features will make it to the general public, but the ones that do should be released in the next few weeks or months. Andrew Cunningham Senior Technology Reporter Andrew Cunningham Senior Technology Reporter Andrew is a Senior Technology Reporter at Ars Technica, with a focus on consumer tech including computer hardware and in-depth reviews of operating systems like Windows and macOS. Andrew lives in Philadelphia and co-hosts a weekly book podcast called Overdue. 0 Comments