Google has decided to continue supporting third-party cookies, instead proposing a new approach that allows users to opt-in to their Privacy Sandbox. This comes after criticism and regulatory pressure over privacy concerns and competition issues.

Google has announced that starting November 1, 2024, Chrome version 127 and higher will no longer trust new TLS server authentication certificates from Entrust and AffirmTrust.

Microsoft has now made the feature optional, meaning it will be off by default unless users choose to enable it. Additionally, the search index database, which holds the content from the screenshots, will be encrypted.

Microsoft says the NTLM protocols, which are still widely used today, are no longer under active development as of June and will be phased out in favor of more secure alternatives.

Passkeys are gaining widespread adoption as an alternative to traditional passwords for digital authentication. Major tech companies like Microsoft, Google, and Bitwarden have recently expanded support for passkeys.

1024-bit RSA keys have approximately 80 bits of strength, while the 2048-bit key has approximately 112 bits, making the latter four billion times longer to factor. Experts in the field consider 2048-bit keys safe until at least 2030.

Two tech advocacy groups are urging the FTC to investigate Google for allegedly failing to delete sensitive location data as promised, potentially violating privacy and putting individuals at risk.

LastPass, a popular password management solution, is now requiring customers to use complex master passwords with a minimum of 12 characters to enhance account security. Previously, users had the option to use weaker passwords.

The end of support for these older Windows versions is due to the reliance on an embedded version of Google Chrome that no longer functions on them, as well as the need for Windows feature and security updates only available on Windows 10 and above.

Multiple financially motivated hacking groups have been observed using the App Installer service as an entry point for ransomware attacks, leveraging signed malicious MSIX app packages distributed via Microsoft Teams and malicious search engine ads.