Microsoft Confirms $1.50 Windows Security Update Hotpatch Fee Starts July 1

When it comes to security updates, those that fix vulnerabilities in an operating system used by billions are high on the mandatory agenda. Which is why it has not been the greatest month for Microsoft, what with the online furor after a recent Windows security patch added a mysterious folder, without any explanation. Social media “experts” advised users to delete it, only for Microsoft to issue an advisory warning that would leave them open to attack. That update, and the installation of the inetpub folder, has now been shown to actually open the path to a different Windows hack attack. Now the whole Windows security update business has another contentious issue to deal with: charging a monthly subscription to receive no-reboot security “hotpatch” updates.

SAP zero-day vulnerability under widespread active exploitation

Threat hunters and security researchers have observed widespread exploitation of a zero-day vulnerability affecting SAP NetWeaver systems. The unrestricted file upload vulnerability — CVE-2025-31324 — has a base score of 10 on the CVSS scale and allows attackers to upload files directly to the system without authorization. The software defect, which affects the SAP Visual Composer component for SAP NetWeaver, was discovered and published by ReliaQuest on Tuesday. SAP issued an emergency patch for the vulnerability on Thursday, but the enterprise company’s security advisory is only available to SAP customers with login credentials. SAP did not immediately respond to a request for comment. 

Microsoft Defender XDR False Positive Leads to Massive Data Leak of 1,700+ Sensitive Documents

ANY.RUN research identified a large-scale data leak event triggered by a false positive in Microsoft Defender XDR. The security platform incorrectly flagged benign files as malicious, leading to their automatic submission to ANY.RUN’s public sandbox for analysis. As a result, over 1,700 sensitive documents were uploaded and indexed publicly. The leak, which involved corporate data from hundreds of companies, has raised alarm bells about the risks of misclassification in threat detection systems and the unintended consequences of user behavior in response to such errors.

EFF Leads Prominent Security Experts in Urging Trump Administration to Leave Chris Krebs Alone

The Trump Administration must cease its politically motivated investigation of former U.S. Cybersecurity and Infrastructure Security Agency Director Christopher Krebs, the Electronic Frontier Foundation (EFF) and dozens of prominent cybersecurity and election security experts urged in an open letter.  The letter – signed by preeminent names from academia, civil society, and the private sector – notes that security researchers play a vital role in protecting our democracy, securing our elections, and building, testing, and safeguarding government infrastructure. “By placing Krebs and SentinelOne in the crosshairs, the President is signaling that cybersecurity professionals whose findings do not align with his narrative risk having their businesses and livelihoods subjected to spurious and retaliatory targeting, the same bullying tactic he has recently used against law firms,” EFF’s letter said.

Infostealers Harvest Over 30,000 Australian Banking Credentials

The banking credentials of more than 30,000 Australians have been harvested by infostealers, according to Dvuln researchers. The pen-testing firm conducted an analysis of infostealer logs between 2021 and 2025, which identified the individual banking credentials for customers across four major Australian banks. For each of the banks, which Dvuln has not named, a steady increase in the number of stolen credentials was observed from 2021 to 2023, before a small decline in 2024.

China’s Alibaba and Baidu step up global competition with new reasoning-focused AI models

Alibaba’s new Qwen 3 is an enhanced version of its flagship AI model that introduces hybrid reasoning, designed to improve adaptability and efficiency for app and software developers. Alibaba and Baidu are intensifying the battle for leadership in China’s fast-evolving AI market, with both companies unveiling upgraded models focused on dynamic reasoning capabilities. On Tuesday, Alibaba launched Qwen 3, an enhanced version of its flagship AI model. The upgrade introduces hybrid reasoning, designed to improve adaptability and efficiency for app and software developers.