"A security researcher published a series of unpatched bugs in Microsoft products," reports TechCrunch, "along with code to exploit them." Microsoft's response to the researcher? "Threatening to take legal action and call the cops on them." On Wednesday, Microsoft published a blog post criticizing the researcher, who goes by the handle "Nightmare Eclipse," for publicly disclosing a series of bugs, including BlueHammer, RedSun, UnDefend, and YellowKey. The flaws affected products such as the Windows built-in antivirus engine Defender and the disk-encryption tool BitLocker. The core of Microsoft's complaints is that the researcher did not attempt to report the bugs so that the company could fix them. That would have been "responsible," as Microsoft's blog put it. The other side of the company's argument is that by publishing the details of the bugs and how to exploit them before they were patched, Nightmare Eclipse may have aided malicious hackers. Some of the vulnerabilities Nightmare Eclipse disclosed have since been used by hackers in real-world attacks, according to Microsoft, as well as the U.S. cybersecurity agency CISA. "Our Digital Crimes Unit will continue bringing cases against these actors and those that enable their criminal activity — coordinating as needed with law enforcement around the world," Microsoft wrote... In a series of blog posts published in the last couple of weeks — without providing many specific details — Nightmare Eclipse claimed to have been in contact with Microsoft, but the company allegedly mistreated them, including revoking access to their Microsoft Security Response Center account, the portal where researchers can report vulnerabilities to the tech giant. Nightmare Eclipse's implication was that they had no choice but to release the vulnerabilities publicly... The researchers published the bugs on open source repositories GitHub (owned by Microsoft) and GitLab. The researchers' accounts on those platforms have been banned... In response to this latest controversy with Nightmare Eclipse, countless researchers have shared their bad experiences reporting bugs to Microsoft. Thanks to long-time Slashdot reader Elektroschock for sharing the news.

Read more of this story at Slashdot.

Le retour des frères Wayans s'annonce déjà légendaire. À quelques jours de la sortie du très attendu nouveau Scary Movie, la production vient de lancer un site promotionnel interactif totalement déjanté. Le concept ? Vous tapez un ordre, et Ghostface s’exécute à l’écran. Les internautes s'en donnent déjà à cœur joie et débloquent des vannes cachées très bien senties.

Lancé le 25 mai 2026 en accès anticipé sur Steam, Paralives, le simulateur de vie du studio québécois Paralives Studio, est déjà un carton sur la plateforme. Rien ne semble pouvoir entacher la joie de l’équipe après sept longues années de développement. Rien… à moins qu’un étrange PNJ ne vienne hanter les joueuses et les joueurs.

Plus tôt cette semaine, Google a déployé une refonte de son moteur de recherche, mettant en avant l'IA et devant simplifier l’accès à l’information. Cependant, certains mots très simples semblent ne plus fonctionner comme des requêtes classiques.

Bandai Namco a présenté ses excuses concernant un bug qui touche les Tamagotchi qui meurent de vieillesse dans Tamagotchi Paradise, la nouvelle version du célèbre jeu.

An anonymous reader quotes a report from TechCrunch: A severe security vulnerability affecting almost every version of the Linux operating system has caught defenders off-guard and scrambling to patch after security researchers publicly released exploit code that allows attackers to take complete control of vulnerable systems. The U.S. government says the bug, dubbed "CopyFail," is now being exploited in the wild, meaning it's being actively used in malicious hacking campaigns. [...] Given the risk to the federal enterprise network, U.S. cybersecurity agency CISA has ordered all civilian federal agencies to patch any affected systems by May 15.

Read more of this story at Slashdot.

Hackers are actively exploiting a critical cPanel and WHM vulnerability, tracked as CVE-2026-41940, that allows remote attackers to bypass the login screen and gain full administrative access to affected web servers. Major hosts including Namecheap, HostGator, and KnownHost have taken mitigation steps or patched systems, but cPanel is urging all customers and web hosts to update immediately because the software is widely used across millions of websites. TechCrunch reports: cPanel and WHM are two software suites used for managing web servers that host websites, manage emails, and handle important configurations and databases needed to maintain an internet domain. The two suites have deep-access to the servers that they manage, allowing a malicious hacker potentially unrestricted access to data managed by the affected software. Given the ubiquity of the cPanel and WHM software across the web hosting industry, hackers could compromise potentially large numbers of websites that haven't patched the bug. Canada's national cybersecurity agency said in an advisory that the bug could be exploited to compromise websites on shared hosting servers, such as large web hosting companies. The agency said that "exploitation is highly probable" and that immediate action from cPanel customers, or their web hosts, is necessary to prevent malicious access. [...] One web hosting company says it found evidence that hackers have been abusing the vulnerability for months before the attempts were discovered.

Read more of this story at Slashdot.

D'après une découverte de 9to5mac, certains iPhone 17 et iPhone Air peuvent refuser de redémarrer si leur batterie est tombée à 0 %. L'écran reste noir même avec un câble USB-C branché. La solution est en réalité toute simple : il faut utiliser un chargeur sans-fil pendant plusieurs minutes.