India's three largest IT services companies are facing their steepest growth slowdown in years as corporations curtail large technology projects amid global economic uncertainty and geopolitical challenges. From a report: Infosys, the country's second-largest IT services provider, on Thursday forecast revenue growth of just 0-3% for the fiscal year through March 2026, far below analysts' expectations of 6.3%. The guidance follows a quarter where net income fell 12% to $823 million, though this exceeded analyst estimates of $780 million. The disappointing outlook echoes similar concerns from rivals Tata Consultancy Services and Wipro, as US President Donald Trump's tariff policies add fresh headwinds to an industry already struggling with cautious client spending.

Microsoft has acknowledged that Classic Outlook can mysteriously transform into a system resource hog, causing CPU usage spikes between 30-50% and significantly increasing power consumption on both Windows 10 and 11 systems.

Users first reported the issue in November 2024, but Microsoft only confirmed the problem this week, offering little resolution beyond stating that "the Outlook Team is investigating this issue." The company's sole workaround involves forcing a switch to the Semi-Annual Channel update through registry edits -- an approach many enterprise environments will likely avoid. Microsoft hasn't announced a definitive end date for Classic Outlook, but the company continues pushing users toward its New Outlook client despite its incomplete feature set.

Google has announced that it will begin phasing out country code top-level domains (ccTLDs) such as google.ng and google.com.br, redirecting all traffic to google.com. The change comes after improvements in Google's localization capabilities rendered these separate domains unnecessary.

Since 2017, Google has provided identical local search experiences whether users visited country-specific domains or google.com. The transition will roll out gradually over the coming months, and users may need to re-establish search preferences during the migration.

CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program. From a report: "The CVE Program is invaluable to cyber community and a priority of CISA," the U.S. cybersecurity agency told BleepingComputer. "Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners' and stakeholders' patience."

The announcement follows a warning from MITRE Vice President Yosry Barsoum that government funding for the CVE and CWE programs was set to expire today, April 16, potentially leading to widespread disruption across the cybersecurity industry. "If a break in service were to occur, we anticipate multiple impacts to CVE, including deterioration of national vulnerability databases and advisories, tool vendors, incident response operations, and all manner of critical infrastructure," Barsoum said.

The CVE and CWE programs are at risk of shutdown as MITRE's DHS contract expires on April 16, 2025, with no confirmed renewal. Without continued funding, the ability to standardize, track, and respond to software vulnerabilities could collapse, leaving the cybersecurity community scrambling in a fragmented and dangerously opaque environment. Forbes reports: "Failure to renew MITRE's contract for the CVE program, seemingly set to expire on April 16, 2025, risks significant disruption," said Jason Soroko, Senior Fellow at Sectigo. "A service break would likely degrade national vulnerability databases and advisories. This lapse could negatively affect tool vendors, incident response operations, and critical infrastructure broadly. MITRE emphasizes its continued commitment but warns of these potential impacts if the contracting pathway is not maintained."

MITRE has indicated that historical CVE records will remain accessible via GitHub, but without continued funding, the operational side of the program -- including assignment of new CVEs -- will effectively go dark. That's not a minor inconvenience. It could upend how the global cybersecurity community identifies, communicates, and responds to new threats. [...] MITRE has said that discussions with the U.S. government are active and that it remains committed to the CVE mission. But with the expiration date looming, time is running short -- and the consequences of even a temporary gap are severe.

4chan was reportedly hacked Monday night, with rival imageboard Soyjack Party claiming responsibility and sharing screenshots suggesting deep access to 4chan's databases and admin tools. Ars Technica reports: Security researcher Kevin Beaumont described the hack as "a pretty comprehensive own" that included "SQL databases, source, and shell access." 404Media reports that the site used an outdated version of PHP that could have been used to gain access, including the phpMyAdmin tool, a common attack vector that is frequently patched for security vulnerabilities. Ars staffers pointed to the presence of long-deprecated and removed functions like mysql_real_escape_string in the screenshots as possible signs of an old, unpatched PHP version. In other words, there's a possibility that the hackers have gained pretty deep access to all of 4chan's data, including site source code and user data.

An anonymous reader shares a report: A silent update rolling out to virtually all Android devices will make your phone more secure, and all you have to do is not touch it for a few days. The new feature implements auto-restart of a locked device, which will keep your personal data more secure. It's coming as part of a Google Play Services update, though, so there's nothing you can do to speed along the process.

Google is preparing to release a new update to Play Services (v25.14), which brings a raft of tweaks and improvements to myriad system features. First spotted by 9to5Google, the update was officially released on April 14, but as with all Play Services updates, it could take a week or more to reach all devices. When 25.14 arrives, Android devices will see a few minor improvements, including prettier settings screens, improved connection with cars and watches, and content previews when using Quick Share.

An anonymous reader shares a report: Generative AI offers remarkable efficiency gains while presenting a profound challenge for the global IT services industry -- a sector concentrated in India and central to its export economy.

For decades, Indian technology firms thrived by deploying their engineering talent to serve primarily Western clients. Now they face a critical question. Will AI's productivity dividend translate into revenue growth? Or will fierce competition see these gains competed away through price reductions?

Industry soundings suggest the deflationary dynamic may already be taking hold. JPMorgan's conversations with executives, deal advisors and consultants across India's technology hubs reveal growing concern -- AI-driven efficiencies are fuelling pricing pressures. This threatens to constrain medium-term industry growth to a modest 4-5%, with little prospect of acceleration into fiscal year 2026. This emerging reality challenges the earlier narrative that AI would primarily unlock new revenue streams.

An anonymous reader quotes a report from TechCrunch: Car rental giant Hertz has begun notifying its customers of a data breach that included their personal information and driver's licenses. The rental company, which also owns the Dollar and Thrifty brands, said in notices on its website that the breach relates to a cyberattack on one of its vendors between October 2024 and December 2024. The stolen data varies by region, but largely includes Hertz customer names, dates of birth, contact information, driver's licenses, payment card information, and workers' compensation claims. Hertz said a smaller number of customers had their Social Security numbers taken in the breach, along with other government-issued identification numbers.

Notices on Hertz's websites disclosed the breach to customers in Australia, Canada, the European Union, New Zealand, and the United Kingdom. Hertz also disclosed the breach with several U.S. states, including California and Maine. Hertz said at least 3,400 customers in Maine were affected but did not list the total number of affected individuals, which is likely to be significantly higher. Emily Spencer, a spokesperson for Hertz, would not provide TechCrunch with a specific number of individuals affected by the breach but said it would be "inaccurate to say millions" of customers are affected. The company attributed the breach to a vendor, software maker Cleo, which last year was at the center of a mass-hacking campaign by a prolific Russia-linked ransomware gang.

Several crosswalk buttons in Palo Alto and nearby cities were hacked over the weekend to play deepfake-style satirical audio clips mimicking Elon Musk and Mark Zuckerberg. Authorities have disabled the altered systems, but the identity of the prankster remains unknown. SFGATE reports: Videos of the altered crosswalks began circulating on social media throughout Saturday and Sunday. [...] A city employee was the first to report an issue with one of the signals at University Avenue and High Street in downtown Palo Alto, Horrigan-Taylor told SFGATE via email. Officials later discovered that as many as 12 intersections in downtown Palo Alto had been affected.

"The impact is isolated," Horrigan-Taylor said. "Signal operations are otherwise unaffected, and motorists are reminded to always exercise caution around pedestrians." Officials told the outlet they've removed any devices that were tampered with and the compromised voice-over systems have since been disabled, with footage obtained by SFGATE showing several were covered in caution tape, blinking constantly and unpressable.

VMware has resumed offering a free hypervisor. News of the offering emerged in a throwaway line in the Release Notes for version 8.0 Update 3e of the Broadcom business unit's ESXi hypervisor. From a report: Just below the "What's New" section of that document is the statement: "Broadcom makes available the VMware vSphere Hypervisor version 8, an entry-level hypervisor. You can download it free of charge from the Broadcom Support portal."

VMware offered a free version of ESXi for years, and it was beloved by home lab operators and vAdmins who needed something to tinker with. But in February 2024, VMware discontinued it on grounds that it was dropping perpetual licenses and moving to subscriptions.

10 years ago "certificate authorities normally issued certificate lifetimes lasting a year or more," remembers a new blog post Thursday by the EFF's engineering director. So in 2015 when the free cert authority Let's Encrypt first started issuing 90-day TLS certificates for websites, "it was considered a bold move, that helped push the ecosystem towards shorter certificate life times."

And then this January Let's Encrypt announced new six-day certificates...

This week saw a related announcement from the EFF engineering director. More than 31 million web sites maintain their HTTPS certificates using the EFF's Certbot tool (which automatically fetches free HTTPS certificates forever) — and Certbot is now supporting Let's Encrypt's six-day certificates. (It's accomplished through ACME profiles with dynamic renewal at 1/3rd of lifetime left or 1/2 of lifetime left, if the lifetime is shorter than 10 days): There is debate on how short these lifetimes should be, but with ACME profiles you can have the default or "classic" Let's Encrypt experience (90 days) or start actively using other profile types through Certbot with the --preferred-profile and --required-profile flags. For six day certificates, you can choose the "shortlived" profile.
Why shorter lifetimes are better (according to the EFF's engineering director):

• If a certificate's private key is compromised, that compromise can't last as long.

• With shorter life spans for the certificates, automation is encouraged. Which facilitates robust security of web servers.

• Certificate revocation is historically flaky. Lifetimes 10 days and under prevent the need to invoke the revocation process and deal with continued usage of a compromised key.

Slashdot reader king*jojo shared this article from The Register: A 23-year-old side-channel attack for spying on people's web browsing histories will get shut down in the forthcoming Chrome 136, released last Thursday to the Chrome beta channel. At least that's the hope.

The privacy attack, referred to as browser history sniffing, involves reading the color values of web links on a page to see if the linked pages have been visited previously... Web publishers and third parties capable of running scripts, have used this technique to present links on a web page to a visitor and then check how the visitor's browser set the color for those links on the rendered web page... The attack was mitigated about 15 years ago, though not effectively. Other ways to check link color information beyond the getComputedStyle method were developed... Chrome 136, due to see stable channel release on April 23, 2025, "is the first major browser to render these attacks obsolete," explained Kyra Seevers, Google software engineer in a blog post.

This is something of a turnabout for the Chrome team, which twice marked Chromium bug reports for the issue as "won't fix." David Baron, presently a Google software engineer who worked for Mozilla at the time, filed a Firefox bug report about the issue back on May 28, 2002... On March 9, 2010, Baron published a blog post outlining the issue and proposing some mitigations...

Microsoft is starting to gradually roll out a preview of Recall, its feature that captures screenshots of what you do on a Copilot Plus PC to find again later, to Windows Insiders. From a report: This new rollout could indicate that Microsoft is finally getting close to launching Recall more widely. Microsoft originally intended to launch Recall alongside Copilot Plus PCs last June, but the feature was delayed following concerns raised by security experts. The company then planned to launch it in October, but that got pushed as well so that the company could deliver "a secure and trusted experience."

WordPress.com has released an AI-powered site builder in early access that constructs complete websites with generated text, layouts, and images. The tool operates through a chatbot interface where users input specifications, resulting in a fully formed site that can be further refined through additional prompts.

While WordPress.com claims the builder creates "beautiful, functional websites in minutes," it currently cannot handle ecommerce sites or complex integrations. Users need a WordPress.com account for the free trial, but publishing requires a hosting plan starting at $18 monthly (less with annual subscriptions). The builder only works with new WordPress instances, not existing sites.

This launch comes as parent company Automattic recently cut 16% of its workforce and faces a lawsuit from hosting company WP Engine, which offers competing site-building tools.

Hackers intercepted about 103 bank regulators' emails for more than a year, gaining access to highly sensitive financial information, Bloomberg News reported Tuesday, citing two people familiar with the matter and a draft letter to Congress. From the report: The attackers were able to monitor employee emails at the Office of the Comptroller of the Currency after breaking into an administrator's account, said the people, asking not to be identified because the information isn't public. OCC on Feb. 12 confirmed that there had been unauthorized activity on its systems after a Microsoft security team the day before had notified OCC about unusual network behavior, according to the draft letter.

The OCC is an independent bureau of the Treasury Department that regulates and supervises all national banks, federal savings associations and the federal branches and agencies of foreign banks -- together holding trillions of dollars in assets. OCC on Tuesday notified Congress about the compromise, describing it as a "major information security incident."

"The analysis concluded that the highly sensitive bank information contained in the emails and attachments is likely to result in demonstrable harm to public confidence," OCC Chief Information Officer Kristen Baldwin wrote in the draft letter to Congress that was seen by Bloomberg News. While US government agencies and officials have long been the targets of state-sponsored espionage campaigns, multiple high-profile breaches have surfaced over the past year.

Micron has informed US customers it will implement surcharges on memory modules and solid-state drives starting Wednesday to offset President Trump's new tariffs, according to Reuters. While semiconductors received exemptions in Trump's recent trade action, memory storage products didn't escape the new duties.

Micron, which manufactures primarily in Asian countries including China and Taiwan, had previously signaled during a March earnings call that tariff costs would be passed to customers.

In Delhi's Nehru Place and Mumbai's Lamington Road, technicians are creating functional laptops from salvaged parts of multiple discarded devices. These "Frankenstein" machines sell for approximately $110 USD -- a fraction of the $800 price tag for new models. Technicians extract usable components -- motherboards, capacitors, screens, and batteries -- from e-waste sourced locally and from countries like Dubai and China.

"Most people don't care about having the latest model; they just want something that works and won't break the bank," a technician told Verge. This repair ecosystem operates within a larger battle against tech giants pushing planned obsolescence through proprietary designs and restricted parts access. Many technicians source components from Seelampur, India's largest e-waste hub processing 30,000 tonnes daily, though workers there handle toxic materials with minimal protection. "India has always had a repair culture," says Satish Sinha of Toxics Link, "but companies are pushing planned obsolescence, making repairs harder and forcing people to buy new devices."

AmiMoJo writes: The Shenzhen 8K UHD Video Industry Cooperation Alliance, a group made up of more than 50 Chinese companies, just released a new wired media communication standard called the General Purpose Media Interface or GPMI. This standard was developed to support 8K and reduce the number of cables required to stream data and power from one device to another. According to HKEPC, the GPMI cable comes in two flavors -- a Type-B that seems to have a proprietary connector and a Type-C that is compatible with the USB-C standard.

Because 8K has four times the number of pixels of 4K and 16 times more pixels than 1080p resolution, it means that GPMI is built to carry a lot more data than other current standards. There are other variables that can impact required bandwidth, of course, such as color depth and refresh rate. The GPMI Type-C connector is set to have a maximum bandwidth of 96 Gbps and deliver 240 watts of power. This is more than double the 40 Gbps data limit of USB4 and Thunderbolt 4, allowing you to transmit more data on the cable. However, it has the same power limit as that of the latest USB Type-C connector using the Extended Power Range (EPR) standard. GPMI Type-B beats all other cables, though, with its maximum bandwidth of 192 Gbps and power delivery of up to 480 watts.

A court has blocked a British government attempt to keep secret a legal case over its demand to access Apple user data. From a report: The UK Investigatory Powers Tribunal, a special court that handles cases related to government surveillance, said the authorities' efforts were a "fundamental interference with the principle of open justice" in a ruling issued on Monday. The development comes after it emerged in January that the British government had served Apple with a demand to circumvent encryption that the company uses to secure user data stored in its cloud services.

Apple challenged the request, while taking the unprecedented step of removing its advanced data protection feature for its British users. The government had sought to keep details about the demand -- and Apple's challenge of it -- from being publicly disclosed. Apple has regularly clashed with governments over encryption features that can make it difficult for law enforcement to access devices produced by the company. The world's most valuable company last year criticized UK surveillance powers as "unprecedented overreach" by the government.