Barbican, London
From Cuba to Mexico, from Hong Kong to Iraq, the Belgian artist has made 40 mesmerising films of kids at play, including three with guns up to no good in a war zone

Cries and laughter, clapping and calls and screams of delight fill the gallery. There are children everywhere on the multiple screens that fill the lower floor. Kids in Cuba careen round the streets of Havana on precarious trolleys fashioned from bits of wood and discarded junk. They rattle and slew on cobbles and jink round corners, under the amused and indulgent eyes of adults as they come hurtling past. The game is both exhilarating and frightening to watch, the young pilots and passengers inches away from hideous injury. Talk about health and safety.

Little girls on a London housing estate swipe at each other’s conkers in a game that’s been largely banished from British school playgrounds. Of course, there’s a lot more to the culture of conkers than whacking horse chestnuts on a bit of string. How careful you have to be – preparing the conker, drilling it and threading it on to a string. All games, like art, have their rules and conditions.

Throughout the 1970s, 80s and 90s, Mike Abrahams travelled the country photographing National Front marches, prison life and people’s everyday struggles

Painting of 98-year-old broadcaster, commissioned by Royal Society, goes on public display 2 July

Jonathan Yeo hopes he has communicated the sitter’s “wisdom and thoughtfulness” in his latest portrait, but also the “sort of childlike, infectious enthusiasm” that audiences know so well.

Yeo is talking about his new, strikingly green, portrait of Sir David Attenborough, a figure who has gone beyond being a national treasure to someone known globally, and someone people might listen to when it comes to the catastrophes facing the world.

Tee A Corinne took fearless shots of same-sex lovers in a 1980s Oregon commune – and published a notoriously intimate colouring book that became a minor classic. Has her time come at last?

In 1993, Tee A Corinne wrote that she was “close to being finished with sexual imagery”. Corinne was a prolific multimedia artist, activist, photographer and writer of erotica and autobiography. Much of her work involved what she called “labia imagery and … images of women making love with other women or with themselves”. After three decades of this, however, she was thinking about moving on. “I have thought this before but changed my mind,” she wrote. “Why? Because no one else was making the images I wanted to see.”

The images Corinne made, in part because nobody else was doing it, remain extraordinary, invigorating and quietly radical. Her Artist’s Statement: On Sexual Art is just one of many documents, posters, essays and letters gathered together by Charlotte Flint, editor of A Forest Fire Between Us, a new book collecting some of Corinne’s considerable body of work and the ephemera surrounding it.

Scorpions, grill racks, pigeons – if you want to know what these terms also mean, look up The Queer Arab Glossary, a playfully illustrated new compendium of words running from the affectionate to the derogatory

Do you know what yrabbī ḥamām means? It is one of 330 slang terms that Lebanese artist Marwan Kaabour has put in his debut book, The Queer Arab Glossary. Yrabbī ḥamām is a colloquial term that means “pigeon keeper”, with the word ḥamām (pigeon) a common euphemism for penis. It’s Kaabour’s favourite entry and, he says, ḥamām is used “in an endearing way, like in a way a mum and child would joke about”. The term can also refer to someone who engages in gay sex, and it is accompanied by an illustration by Palestinian graphic designer Haitham Haddad, showing a cheerful gay man with a moustache feeding pigeons depicted as flying penises.

The book provides a snapshot of the linguistic landscape of queerness in Arabic-speaking regions, with examples from Levantine, Iraqi, Gulf, Egyptian, Sudanese and Maghrebi dialects. “I am waging a battle on two fronts with this book,” says Kaabour, who is based in London. “The first is directed towards the authorities of my own people, those who claim that queerness is a western import. I am debunking that. I’m showing them how we have been a big part of Arab society since day one. The second is facing westwards, particularly to those who have rightwing politics, who say that Arabs are somehow innately homophobic or sexist.”

A new book pulls together glamorous portraits of film stars from the 1920s to the 60s who could draw an audience with their name alone

Stars turned out for the Vogue World event celebrating fashion and sports, at Place Vendôme in Paris, a month before the city hosts the Olympics

For generations the Gurung community in Taap, about 175km (110 miles) west of the capital, Kathmandu, and other villages in the districts of Lamjung and Kaski, have scoured the steep Himalayan cliffs for honey. The villagers say the proceeds, split among them, are drying up as the number of hives has declined over the past decade, although some also earn a living from growing crops of rice, corn, millet and wheat

Implementing Single Sign-On (SSO) into Small and Medium-sized Businesses (SMBs)

Improving User Experience and Support

Enlarge (credit: bennymarty | iStock Editorial / Getty Images Plus)

Adobe has promised to update its terms of service to make it "abundantly clear" that the company will "never" train generative AI on creators' content after days of customer backlash, with some saying they would cancel Adobe subscriptions over its vague terms.

Users got upset last week when an Adobe pop-up informed them of updates to terms of use that seemed to give Adobe broad permissions to access user content, take ownership of that content, or train AI on that content. The pop-up forced users to agree to these terms to access Adobe apps, disrupting access to creatives' projects unless they immediately accepted them.

For any users unwilling to accept, canceling annual plans could trigger fees amounting to 50 percent of their remaining subscription cost. Adobe justifies collecting these fees because a "yearly subscription comes with a significant discount."

Read 25 remaining paragraphs | Comments

If only Patch Tuesdays came around infrequently — like total solar eclipse rare — instead of just creeping up on us each month like The Man in the Moon. Although to be fair, it would be tough for Microsoft to eclipse the number of vulnerabilities fixed in this month’s patch batch — a record 147 flaws in Windows and related software.

Yes, you read that right. Microsoft today released updates to address 147 security holes in Windows, Office, Azure, .NET Framework, Visual Studio, SQL Server, DNS Server, Windows Defender, Bitlocker, and Windows Secure Boot.

“This is the largest release from Microsoft this year and the largest since at least 2017,” said Dustin Childs, from Trend Micro’s Zero Day Initiative (ZDI). “As far as I can tell, it’s the largest Patch Tuesday release from Microsoft of all time.”

Tempering the sheer volume of this month’s patches is the middling severity of many of the bugs. Only three of April’s vulnerabilities earned Microsoft’s most-dire “critical” rating, meaning they can be abused by malware or malcontents to take remote control over unpatched systems with no help from users.

Most of the flaws that Microsoft deems “more likely to be exploited” this month are marked as “important,” which usually involve bugs that require a bit more user interaction (social engineering) but which nevertheless can result in system security bypass, compromise, and the theft of critical assets.

Ben McCarthy, lead cyber security engineer at Immersive Labs called attention to CVE-2024-20670, an Outlook for Windows spoofing vulnerability described as being easy to exploit. It involves convincing a user to click on a malicious link in an email, which can then steal the user’s password hash and authenticate as the user in another Microsoft service.

Another interesting bug McCarthy pointed to is CVE-2024-29063, which involves hard-coded credentials in Azure’s search backend infrastructure that could be gleaned by taking advantage of Azure AI search.

“This along with many other AI attacks in recent news shows a potential new attack surface that we are just learning how to mitigate against,” McCarthy said. “Microsoft has updated their backend and notified any customers who have been affected by the credential leakage.”

CVE-2024-29988 is a weakness that allows attackers to bypass Windows SmartScreen, a technology Microsoft designed to provide additional protections for end users against phishing and malware attacks. Childs said one of ZDI’s researchers found this vulnerability being exploited in the wild, although Microsoft doesn’t currently list CVE-2024-29988 as being exploited.

“I would treat this as in the wild until Microsoft clarifies,” Childs said. “The bug itself acts much like CVE-2024-21412 – a [zero-day threat from February] that bypassed the Mark of the Web feature and allows malware to execute on a target system. Threat actors are sending exploits in a zipped file to evade EDR/NDR detection and then using this bug (and others) to bypass Mark of the Web.”

Update, 7:46 p.m. ET: A previous version of this story said there were no zero-day vulnerabilities fixed this month. BleepingComputer reports that Microsoft has since confirmed that there are actually two zero-days. One is the flaw Childs just mentioned (CVE-2024-21412), and the other is CVE-2024-26234, described as a “proxy driver spoofing” weakness.

Satnam Narang at Tenable notes that this month’s release includes fixes for two dozen flaws in Windows Secure Boot, the majority of which are considered “Exploitation Less Likely” according to Microsoft.

“However, the last time Microsoft patched a flaw in Windows Secure Boot in May 2023 had a notable impact as it was exploited in the wild and linked to the BlackLotus UEFI bootkit, which was sold on dark web forums for $5,000,” Narang said. “BlackLotus can bypass functionality called secure boot, which is designed to block malware from being able to load when booting up. While none of these Secure Boot vulnerabilities addressed this month were exploited in the wild, they serve as a reminder that flaws in Secure Boot persist, and we could see more malicious activity related to Secure Boot in the future.”

For links to individual security advisories indexed by severity, check out ZDI’s blog and the Patch Tuesday post from the SANS Internet Storm Center. Please consider backing up your data or your drive before updating, and drop a note in the comments here if you experience any issues applying these fixes.

Adobe today released nine patches tackling at least two dozen vulnerabilities in a range of software products, including Adobe After Effects, Photoshop, Commerce, InDesign, Experience Manager, Media Encoder, Bridge, Illustrator, and Adobe Animate.

KrebsOnSecurity needs to correct the record on a point mentioned at the end of March’s “Fat Patch Tuesday” post, which looked at new AI capabilities built into Adobe Acrobat that are turned on by default. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

“In practice, no document scanning or analysis occurs unless a user actively engages with the AI features by agreeing to the terms, opening a document, and selecting the AI Assistant or generative summary buttons for that specific document,” Adobe said earlier this month.