Slashdot

News for nerds, stuff that matters

Scammers Are Abusing an Internal Microsoft Account to Send Spam Links

May 24th 2026, 15:34 by EditorDavid

"For months, scammers have been taking advantage of a loophole that allows them to send spammy emails from an internal Microsoft email address typically used for sending legitimate account alerts," TechCrunch reports: [The scammers] have been able to set up new Microsoft accounts as if they are new customers and use that access to send out emails purportedly from the tech giant, potentially tricking people into thinking these emails are genuine... Last week, I received several, similarly structured emails containing subject lines and web links to scammy sites from Microsoft across different email accounts. These crudely made emails were sent from msonlineservicesteam@microsoftonline.com, an email account that Microsoft uses to send important notifications to users, such as two-factor authentication codes and other critical alerts about their online account. Some of these emails' subject lines resembled official emails that would alert users to fraudulent transactions, while other emails claimed to have a private message waiting for the recipient at a web address mentioned in the email body. In a social post on Tuesday, anti-spam nonprofit The Spamhaus Project said it had also seen Microsoft's account notification email address being abused to send spam and that the activity dated back "several months." A PR representative told TechCrunch that Microsoft was "actively investigating" and "taking action against these phishing reports to help keep customers protected," with measures that include "removing accounts that violate our Terms of Use" and "further strengthening our detection and blocking mechanisms." TechCrunch suggests the issue may not be limited to Microsoft. "Other users commenting on social media say that other companies' email addresses are also being used to send out spam."

Read more of this story at Slashdot.

‍

Lenovo, Dell, and HP Financially Support Linux Vendor Firmware Service

May 24th 2026, 14:34 by EditorDavid

The It's FOSS blog has news about the Linux Vendor Firmware Service, which gives hardware vendors a secure portal to upload firmware updates "which can then be downloaded and installed by users through clients such as GNOME Software or fwupdmgr." (Originally developed in 2015 by GNOME maintainer Richard Hughes...) The issue, however, obviously, had been funding with the largest contributors being the usual suspects, Framework and Open Source Framework Foundation, at $10K a year. Recently, however, Lenovo and Dell joined suite as Premier sponsors, which is the highest tier at $100K a year each, making the project more sustainable and manageable. These companies contributing makes a lot of sense, considering they are two of the bigger computer companies which offer Linux by default in some cases, especially with Lenovo's ThinkPads being the Linux users' favorite for decades. And now... HP has followed suit as a Premier sponsor, also providing $100K a year, right alongside Dell and Lenovo... The question still remains, however, where are the other vendors? What are they waiting for... This major move by these three companies should not only be seen as a sign of relief and wider acceptance of the usage of Linux, but as a beacon for other vendors to follow, who ought to make their hardware more accessible to the open-source community.

Read more of this story at Slashdot.

‍

More Videogames Developers Consider Unionization - Some Spurred By Changes to Remote Work Policies

May 24th 2026, 11:34 by EditorDavid

Developers for several top videogames have joined unions under the Communication Workers of America — including Call of Duty, Fallout, Overwatch, Diablo and World of Warcraft. Last month workers on the online game Magic: The Gathering Arena team announced their own CWA union. The gaming news site Aftermath shares some interesting details: Owner Hasbro and Wizards of the Coast could have voluntarily agreed to the union, but instead the issue is going to an official vote with the National Labor Relations Board in June... [O]ne Arena developer shared on Bluesky that one of the reasons they were inspired to organize was because Wizards changed its remote work policy, requiring them to move across the country or to a more expensive state to remain employed. (Changes to remote work have been one of the big drivers of unionization and union action among video game developers.) If the union is successful, the company wouldn't be able to unilaterally change working conditions like remote work; it would have to negotiate with the union over the decision. There's no guarantee unionized employees would get what they want, but they'd have more of a say, and the opportunity to directly influence their work situation, than they would without a union.

Read more of this story at Slashdot.

‍

'Underminr' CDN Vulnerability Hides Malicious Traffic Behind Trusted Domains

May 24th 2026, 07:34 by EditorDavid

Slashdot reader wiredmikey writes: Threat actors are exploiting a vulnerability in shared content delivery network (CDN) infrastructure to hide connections to malicious domains. Researchers say the vulnerability could impact roughly 88 million domains and can bypass DNS filtering and protective DNS controls, potentially enabling stealthy command-and-control communications and other evasive attacks. Dubbed "Underminr," the exploit "presents the SNI and HTTP Host of a domain," writes SecurityWeek, "while forcing a request to the IP address of another tenant on the same shared edge." The mismatch, ADAMnetworks reports, has been exploited in attacks targeting large-scale hosting providers, including those that have implemented mitigations against domain fronting... Threat actors' increased reliance on AI is expected to lead to a surge in attacks. "Once Underminr becomes parametric information for AI-generated malware, we could expect to see it in every attack that needs to evade protective DNS as part of the attack chain," ADAMnetworks CEO David Redekop says.

Read more of this story at Slashdot.

‍