For years, I asked myself why Mozilla did not add a good content blocker to Firefox. It would be a great fit. An organization that values privacy, an open source browser that blocks most tracking out of the box.
However, for Mozilla, integrating a content blocker would also mean torpedoing its main revenue stream coming from Google.
Mozilla never made the step and others, including Brave, led by Mozilla’s ex-CEO, stepped in to fill that gap.
This changed recently
Mozilla did integrate Brave’s Rust-based adblock engine into its Firefox browser. More precisely, it is part of Firefox 149 and Mozilla describes it as a prototype rich content blocking feature.
It is not yet available as an option in the user-facing interface, let alone as something similar to the Shield feature of Brave. Still, users who run Firefox 149 can enable the content blocker and make use of it right away for testing.
Here is how that works:
Load about:config in the Firefox address bar.
Search for privacy.trackingprotection.content.protection.enabled
Set the value to True with a click on the toggle on its right.
Search for privacy.trackingprotection.content.protection.test_list_urls.
Paste https://easylist.to/easylist/easylist.txt|https://easylist.to/easylist/easyprivacy.txt as the value.
Restart Firefox
This enables two EasyLists, but you can add any other list that uses the same format. Separate lists with the character |.
Clearly, this is done for testing purposes. Mozilla would very likely add controls to the preferences or another user facing interface to make this easier to configure and use.
For now, it is a work in progress implementation, but one that shows that Mozilla could finally integrate what many users of its browser have wanted (or did not know they wanted) for a long time.
When Mozilla released Firefox 150 earlier this week, it revealed that it had fixed what looked like the usual number of security issues in the browser. However, what Mozilla did not tell at the time was that it had fixed a significant number of vulnerabilities.
A post on the official Mozilla blog reveals that engineers fixed 271 vulnerabilities in total, a significant number. However, this time, Mozilla’s engineers did not hunt for vulnerabilities using traditional means. Instead, the company used Anthropic’s Mythos AI to do so.
Mozilla writes:
As part of our continued collaboration with Anthropic, we had the opportunity to apply an early version of Claude Mythos Preview to Firefox. This week’s release of Firefox 150 includes fixes for 271 vulnerabilities identified during this initial evaluation.
So, what is Claude Mythos?
Claude Mythos is a powerful, unreleased frontier AI model developed by Anthropic. Announced in April 2026, it is famous—and highly controversial—for its unprecedented capabilities in cybersecurity, specifically its ability to autonomously hunt down and exploit software vulnerabilities.
This is not the first time that Mozilla used an AI from Anthropic for that purpose. Back in February 2026, it used Claude and discovered 22 “security-sensitive bugs”.
Mozilla says that this is great news for software developers and what it calls defenders, legitimate developers who need to secure their applications against a constant barrage of threats.
While the use of AI continues to be controversial, it is usually ethical and privacy concerns that are raised. Good uses for AI, like using it to discover vulnerabilities before the bad guys find them, is probably something that most might not find nearly as problematic.
I would not go as far and say that the days of the 0-day threats are numbered, as Mozilla does, but it looks as if it can help. Still, threat actors could also leverage AI tools for finding vulnerabilities.
When it comes to browsers, most Internet users expect them to be free. Many times, this means that the developer has found other means of generating revenue to keep the business running. This can mean selling default search engine slots, putting sponsored icons on the new tab page, or using user data for all kinds of things.
Paid browsers are rare and most of the time, they do not seem to work overly well. However, the idea of introducing a free and paid version of a browser is something that Internet users know from other apps and services.
So, Brave Software, maker of the Brave Browser, has introduced Brave Origin. This is a “minimalist version” of the browser that cuts all revenue-generating features and can be purchased by making a one-time payment. There is one exception to that: a Linux version of Brave Origin is available for free.
The features that Brave Origin does not support:
Leo
News
Playlist (currently iOS only)
Rewards (which also disables browser-based Brave Ads)
Speedreader
Stats like the daily usage ping, crash logs, and privacy-preserving product analytics (P3A)
Talk
Tor
VPN
Wallet (which also disables Web3 domains)
Wayback Machine
Web Discovery Project
Some of these were discussed controversially in the past, but others including Tor or the Wayback Machine, not so much.
Note: Brave Origin is available as a standalone deskop app or an upgrade. On mobile, the browser is only available as an upgrade. In other words, you can replace Brave with Brave Origin on all supported systems, but install it next to Brave only on desktop systems.
Once you have downloaded and installed the Brave Origin browser, you need to purchase it, unless you opted-in to use the free version on Linux. The price at the time of writing is $60.
Brave says that this is a one-time purchase that is good for up to 10 activations per license across devices.
Closing Words
Launching a paid version is an interesting approach to diversifying revenue. Users can support development of the browser by making this purchase and may also get some of the features removed from it that they do not use or find problematic. At its core, it is still Brave browser, built on Chromium, with a good integrated content blocker.
It probably won’t convince most critics of the browser, or its founder, but it is still an interesting experiment to look at, as it could be an option for other organizations as well.
Another one? That could be the reaction of veteran Windows users who read the headline. Microsoft confirmed another BitLocker related issue in Windows 11. This one may be caused by installing the most recent cumulative update for the operating system.
In the Known issues section of the update, Microsoft confirms that devices might boot into the BitLocker Recovery screen and not the desktop.
According to the description, the issue is caused by an “unrecommended BitLocker Group Policy configuration”. Only a “limited number of systems” are affected according to Microsoft. The company says that the issue affects only systems for which all of the following conditions are true:
BitLocker is enabled on the OS drive.
The Group Policy “Configure TPM platform validation profile for native UEFI firmware configurations” is configured, and PCR7 is included in the validation profile (or the equivalent registry key is set manually).
System Information (msinfo32.exe) reports Secure Boot State PCR7 Binding as “Not Possible”.
The Windows UEFI CA 2023 certificate is present in the device’s Secure Boot Signature Database (DB), making the device eligible for the 2023‑signed Windows Boot Manager to be made the default.
The device is not already running the 2023-signed Windows Boot Manager.
Devices that meet the conditions may boot into recovery mode after installing the KB508376 for Windows 11, versions 24H2 or 25H2.
A workaround is available to remove the Group Policy configuration before installing the update.
Open Group Policy Editor (gpedit.msc) or your Group Policy Management Console.
Navigate to: Computer Configuration > Administrative Templates > Windows Components > BitLocker Drive Encryption > Operating System Drives.
Set “Configure TPM platform validation profile for native UEFI firmware configurations” to “Not Configured“.
Run the following command on affected devices to propagate the policy change: gpupdate /force
Run the following command to suspend BitLocker (where BitLocker is enabled on the C: drive): manage-bde -protectors -disable C:
Run the following command to resume BitLocker (where BitLocker is enabled on the C: drive): manage-bde -protectors -enable C:
This updates the BitLocker bindings to use the Windows-selected default PCR profile.
Microsoft plans to release a permanent fix in the future to address this. Windows users who use a Microsoft Account can look up the recovery key for BitLocker online.
The writing was on the wall for some time. Meta-owned WhatsApp is rolling out a paid subscription service called WhatsApp Plus to a first batch of users of the messaging app.
For a price of 2.50 Euro per month (roughly 2.94 US Dollar), the price is not know for all regions), users get a range of extra features. WhatsApp reassures users that all core features remain free.
So, what do Plus users get? WABetaInfo has created a detailed post about the features that subscribers do get currently.
Send premium stickers – exclusive stickers that recipients also see, but can’t use.
Change your app’s theme – get 18 new colors options.
Choose a custom app icon – change the default icon of the app.
Pin extra chats – pin up to 20 chats.
Get premium ringtones – ten exclusive ringtones.
Upgrade your chat lists – enables options to update chats in bulk.
Interestingly enough, this does not change anything else. No removal of ads or improved usability features, which is often part of such a deal.
The main question is, how many users of WhatsApp will find this selection of exclusive features worth the price? Will be interesting to see how this evolves over time. Maybe Meta is planning to take a cue from Google’s playback by moving some features into the paid plan or introducing an ad-free experience.
Interact with AI right from the desktop. That is the main idea of Microsoft’s integration of Copilot in Windows and now also of the new Google App for Desktop.
Google released the app officially for Windows; other desktop systems are not supported right now. It is only available in English and works under Windows 10 and Windows 11. The app’s main slogan is “Ask anything with the Google app for desktop” and that is exactly what you get: direct access to the Gemini AI from the desktop.
Once installed, you may bring up the Gemini prompt with the shortcut Alt-Space. Clearly, this requires an active Internet connection as all the processing happens remotely on Google servers.
You may wonder why you’d consider using the app when all the AIs are just a browser-click away on the World Wide Web. Google has added screen sharing and Lens into the app. This means you can share part of the screen or the entire screen with the AI.
While that is also possible online, by taking a screenshot first, it is more convenient this way. The built-in search feature covers local files and files on Google Drive, according to the description. Google claims that the index that it uses for file searches is stored locally and not on Google servers.
The battle for desktop supremacy
Google is invading Microsoft’s “turf” with the release of Google’s new desktop tool. Up until now, Microsoft had little competition for its Copilot AI that it added to the operating system.
Both AI tools have several things in common, but there are also differences.
The Similarities
AI access: Generative AI that supports conversations, follow-ups and some extra features, like summarizing documents or drafting emails.
Keyboard-Shortcut: The Google App maps to the Alt + Space shortcut, while Windows Copilot may be summoned via Windows Key + C or the dedicated hardware Copilot key on newer keyboards. However, starting with Windows 11 version 24H2, Microsoft allows users to map the Copilot key to other applications.
Screen-Access: Both AI tools can get access to the desktop.
Unified Search: Both offer local and Internet search capabilities, especially for cloud-storage files.
Access: While Copilot used to be integrated deeply into Windows, it is now a standalone app just like Google’s app. This means that both apps can’t make changes to the system anymore.
The Differences
AI Models: Copilot or Gemini, that is the main difference between the two services.
Ecosystem: This one is obvious. The AIs are tied heavily to the Google or Microsoft ecosystem. For example, Google’s App can access Google Drive content while Microsoft’s app integrates with OneDrive and Microsoft 365.
Installation: Microsoft Copilot is built directly into Windows 11. Google’s app needs to be installed.
Closing Words
Google is making an offer to Windows users: here is our AI app, which you may use instead of Copilot. Users who already use Gemini may find that offer attractive enough to give it a try.
Windows users who prefer Copilot will stick to the AI, especially if Microsoft is introducing new useful functionality that Google can’t replicate with its desktop app.
As for those who do not use AI, they won’t use the Google App anyway. Since it is a manual install, there are no precautions to take.
When Microsoft introduced the two-tier context menu of Windows 11 it claimed that one reason for the change was to streamline the context menu of the operating system. This did not turn out too well, considering that users juggle between the new and the classic menu regularly since the release of Windows 11.
Apps may still add entries to the Windows context menu and since there is no central editor to manage all entries, it is either done through the app itself — if it offers such an option — or the Registry Editor.
Windows 11 Context Menu Manager is a free open source tool that offers another option. It focuses on items added by apps and not the Microsoft entries.
When you launch it, you see all context menu items in a list. The default scenario is to remove them for the user. You can also remove them machine-wide, but that requires running the app with elevated rights.
Each entry is listed with its name and some information. To be honest, this is not super useful, but it becomes useful when you expand the entry. There, you find information about file types.
To give you one example. The program listed two entries for Adobe Acrobat Reader. One was for PDF files, the other for any other file type that Acrobat Reader supported.
Even this advanced view is limited. The seven OneDrive entries did not reveal any information about their purpose when I expanded them. They were labeled command0, command1 and so on, and listed a wildcard under file and no directory.
With that in mind, you get an option to toggle the items off or on again. Other actions become available when you expand an item. There you find options to uninstall, open the file location, the settings of the app, or the Microsoft Store.
With those caveats, it is still a handy tool to hide certain items from the Windows 11 context menu, especially if the app does not provide options to do so in its preferences. (via Deskmodder)
If March 2026 was a marathon of infrastructure updates, April is a massive avalanche of patches.
Microsoft’s fourth Patch Tuesday of 2026 has arrived, addressing a massive 165 vulnerabilities in total. The sheer volume demands attention. It contains two 0-day vulnerabilities — one of which is actively exploited in the wild — and eight critical flaws affecting a wide range of products, including Office, SharePoint, Microsoft Defender, and Azure.
Here is the breakdown of what you need to know, what to patch first, and what might break.
The April 2026 Patch Day overview
Executive Summary
Release Date: April 14, 2026
Total Vulnerabilities: 165
Critical Vulnerabilities: 8
Zero-Days: 2 (SharePoint [Actively Exploited], Microsoft Defender [Publicly Disclosed])
Key Action Item: Administrators must prioritize patching internet-facing SharePoint servers due to the actively exploited spoofing zero-day. Simultaneously, network infrastructure and Active Directory components need immediate updates to mitigate several highly critical Remote Code Execution vulnerabilities.
Important Patches
CVE-2026-32201 — Microsoft Office SharePoint Spoofing Vulnerability
CVE-2026-33825 — Microsoft Defender Elevation of Privilege Vulnerability
CVE-2026-33824 — Windows Internet Key Exchange (IKE) Extension Remote Code Execution Vulnerability
CVE-2026-33827 — Windows TCP/IP Remote Code Execution Vulnerability
CVE-2026-33826 — Windows Active Directory Remote Code Execution Vulnerability
Security updates addressing OS-level RCEs in TCP/IP, IKE, and Active Directory components. Also resolves numerous Elevation of Privilege (EoP) flaws across Windows Kernel, Boot Loader, and BitLocker.
Microsoft SharePoint Server
Patches for SharePoint 2016, 2019, and Subscription Edition to address the actively exploited CVE-2026-32201 spoofing flaw.
Microsoft Office
Security updates addressing multiple Critical Use-After-Free and Untrusted Pointer Dereference vulnerabilities resulting in local code execution
Deep Dive: The Critical Vulnerabilities
Microsoft confirmed that it patched two 0-day vulnerabilities this Patch Day and several critical remote code execution flaws.
This actively exploited zero-day allows an unauthorized attacker to perform spoofing over a network due to improper input validation in Microsoft Office SharePoint. An attacker who successfully exploits this can view sensitive information and make changes to disclosed information.
CVE-2026-33825 (Microsoft Defender Elevation of Privilege Vulnerability)
A publicly disclosed zero-day flaw in Microsoft Defender that allows privilege escalation to SYSTEM privileges. Microsoft has addressed the flaw in the Microsoft Defender Antimalware Platform update version 4.18.26050.3011, which should be downloaded to (most) systems automatically.
CVE-2026-33824 (Windows Internet Key Exchange (IKE) Extension RCE)
A critical double-free vulnerability in the Windows IKE extension. An unauthenticated attacker can send specially crafted packets to a Windows machine with IKE version 2 enabled to potentially achieve remote code execution. If IKE is not in use, blocking inbound traffic on UDP ports 500 and 4500 acts as a mitigation.
A critical race condition vulnerability in Windows TCP/IP that can result in remote code execution. An unauthenticated actor can send specially crafted IPv6 packets to a Windows node where IPSec is enabled to potentially achieve RCE.
CVE-2026-33826 (Windows Active Directory Remote Code Execution)
A critical improper input validation flaw in Windows Active Directory. It allows an authenticated attacker to execute code over an adjacent network.
Firefox fans have long heralded the browser’s Multi-Account Containers feature as an exclusive that users of Chromium-based browsers did not have. Soon, Brave Brower users may also make use of a Containers feature, ending Firefox’s exclusivity.
Brave has begun rolling out native Container support as an experimental flag in its desktop browser as of April 2026. It allows users of the browser to isolate web sessions better and even get options to open multiple accounts of the same site in a single browser window without using clunky workarounds or third-party extensions.
The Core Concept: Session Isolation
At its core, the Containers feature creates isolated islands within a single browser window. Each container acts as a separate, sandboxed environment. Data, including cookies, local storage, or cached files, can’t be seen or accessed by tabs in another container or by the default container-less environment.
Since data is sandboxed, it is possible to sign-in to the same site in different containers in the same browser window using a single profile, or to open a site with an account and without one at the same time. Furthermore, since data is separate, tracking becomes less effective as the trackers can only see what is going on in a single container and not the entire browser.
Containers works with tab groups and all core features of the browser, including browser extensions.
The feature is available in Brave Nightly only at the time. You need to load brave://flags, search for Enable Containers, and toggle the feature to Enabled to start using it. A restart of the browser is required as usual before it becomes available.
Since this feature is in Nightly, it may have bugs and may not be as polished as the stable version that Brave Software plans to ship in a later version of the browser.
Say goodbye to the rigid weak week-timers that have long dictated your PC’s maintenance schedule. Microsoft is currently testing a significant overhaul to its update system in the latest Windows 11 Insider builds, replacing the clunky dropdown menu with a user-friendly calendar picker.
First spotted by researcher PhantomOfEarth, this new feature allows users to select a specific date to resume updates. A much needed improvement as it is giving Windows users granular control when they machines reboot and install updates for the operating system.
First look at changes coming to Windows 11's pause updates option!
The button/dropdown menu are being replaced with a button for a calendar view, which lets you choose a specific date to pause until (instead of 1 week, 2 weeks, etc. and having to manually resume early). pic.twitter.com/mv6yw76cNL
The Pause Updates feature of the Settings app is not the only option that Windows administrators have regarding updates, but it is the most visible.
Here is a quick overview of what is available:
1. The Standard Settings Method (Temporary)
The most common way is through the built-in settings, though it currently lacks the granular “pick a date” flexibility coming in the update.
How to do it: Go to Settings > Windows Update and look for Pause updates.
The Limitation: Currently, you can only choose from preset increments (1 week, 2 weeks, etc.) up to a maximum of 5 weeks. Once that time expires, you must install the pending updates before you can pause again.
2. Set as “Metered Connection” (Passive Pause)
Windows will not automatically download most updates if it thinks you are on a data-capped connection.
How to do it: Go to Settings > Network & internet > Wi-Fi (or Ethernet), select your network properties, and toggle Metered connection to “On.”
Effect: This delays large updates indefinitely, though critical security patches may still bypass this setting.
3. Disable the Windows Update Service (Semi-Permanent)
You can stop the background service that checks for updates entirely.
How to do it: Press Win + R, type services.msc, and find Windows Update. Right-click it, select Properties, set the “Startup type” to Disabled, and click Stop.
Note: Windows may eventually restart this service on its own during system maintenance.
4. Group Policy Editor (For Pro & Enterprise Users)
If you have a Pro or Enterprise version of Windows, you can use the Group Policy Editor for more control.
How to do it: Press Win + R, type gpedit.msc, and navigate to:Computer Configuration > Administrative Templates > Windows Components > Windows Update > Manage end user experience.
The Fix: Double-click Configure Automatic Updates and set it to Disabled. This stops the automatic check entirely until you turn it back on.
5. Registry Editor (The “Home” Edition Workaround)
Since Home users don’t have the Group Policy Editor, they can achieve the same result via the Registry.
How to do it: Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows.
The Fix: Create a new key called WindowsUpdate, then a sub-key named AU. Inside AU, create a DWORD (32-bit) value named NoAutoUpdate and set its value to 1.
6. Third-Party Tools
There are several lightweight, community-trusted tools designed specifically to “kill” Windows updates with one click, such as Windows Update Blocker (WUB) or WuMgr. These are popular for users who want to prevent updates without digging through system menus.
