Facebook has disclosed that roughly 5,000 third-party app developers were able to access personal details from accounts that had been inactive for more than 90 days, breaking the guidelines the company established after the Cambridge Analytica crisis in 2018. The company says it has fixed the issue and is adding new policies to its developer platform regarding third-party sharing and safeguarding of user data.

Microsoft has issued emergency updates for two vulnerabilities in the Windows Codecs Library that could give cybercriminals remote access. Typically the company issues fixes on the second Tuesday of every month, but these patches were released outside that cycle after a security researcher flagged them.

Nearly 133 million user records from 14 company databases have been posted for sale on a hacker forum, all containing usernames and hashed passwords. The compromised companies span various industries, including online gaming, fashion, sports streaming, finance and food delivery, and indications point to the Shiny Hunters group as the perpetrator.

Xerox appears to be one of the latest targets of Maze ransomware operators, who reportedly made off with 100 GB of the company's data. Xerox isn't commenting, but the hackers are threatening to publish the data if ransom demands are not met, and they have posted screenshots of some of the material.

The newly documented Mac ransomware EvilQuest, which has been renamed ThiefQuest, may be more destructive than was first thought, with spyware capabilities that could be used to search for passwords and financial data, run a powerful keylogger and stage subsequent attacks. The malware is being delivered via torrent sites bundled with brand-name software, researchers say.

E-commerce platform Magento 1 is no longer supported by Adobe, leaving the platform -- already a popular target for Magecart attacks -- vulnerable to further intrusions. Adobe is encouraging Magento site owners to upgrade to Magento 2.

The Cartesi Foundation has released the alpha version of its Descartes software development kit, enabling developers to build distributed apps using mainstream software and languages while still taking advantage of blockchain decentralization. The company has also launched a portal giving distributed app developers access to the Cartesi ecosystem and mainstream zero-knowledge libraries in Linux.

Microsoft has added numerous features to OneDrive, including a dark mode for the web version and an increase in the upload file size limit from 15 GB to 100 GB in both OneDrive and SharePoint. Other updates include an improved Teams sharing integration, family and group sharing options for both free and paid OneDrive subscriptions, and an Add to OneDrive button that will be available for preview this month.

VMware is buying Datrium to bolster its cloud-based site disaster recovery capabilities -- and proceed with its bigger hybrid cloud ambitions -- with Datrium's disaster-recovery-as-a-service options. Datrium's wide-ranging customer base includes clients in financial services, health care, government manufacturing and entertainment.

Identity theft protection is a fast-rising benefit provided by New Jersey bankers, a Bankers Cooperative Group survey has found. The group received completed surveys from 45 banking organizations.