An anonymous reader quotes a report from BleepingComputer: U.S. cybersecurity company F5 disclosed that nation-state hackers breached its systems and stole undisclosed BIG-IP security vulnerabilities and source code. The company states that it first became aware of the breach on August 9, 2025, with its investigations revealing that the attackers had gained long-term access to its system, including the company's BIG-IP product development environment and engineering knowledge management platform.

F5 is a Fortune 500 tech giant specializing in cybersecurity, cloud management, and application delivery networking (ADN) applications. The company has 23,000 customers in 170 countries, and 48 of the Fortune 50 entities use its products. BIG-IP is the firm's flagship product used for application delivery and traffic management by many large enterprises worldwide. [...]

F5 is still reviewing which customers had their configuration or implementation details stolen and will contact them with guidance. To help customers secure their F5 environments against risks stemming from the breach, the company released updates for BIG-IP, F5OS, BIG-IP Next for Kubernetes, BIG-IQ, and APM clients. Despite any evidence "of undisclosed critical or remote code execution vulnerabilities," the company urges customers to prioritize installing the new BIG-IP software updates.

An anonymous reader shares a report: After acquiring GitHub in 2018, Microsoft mostly let the developer platform run autonomously. But in recent months, that's changed. With GitHub CEO Thomas Dohmke leaving the company this August, and GitHub being folded more deeply into Microsoft's organizational structure, GitHub lost that independence. Now, according to internal GitHub documents The New Stack has seen, the next step of this deeper integration into the Microsoft structure is moving all of GitHub's infrastructure to Azure, even at the cost of delaying work on new features.

[...] While GitHub had previously started work on migrating parts of its service to Azure, our understanding is that these migrations have been halting and sometimes failed. There are some projects, like its data residency initiative (internally referred to as Project Proxima) that will allow GitHub's enterprise users to store all of their code in Europe, that already solely use Azure's local cloud regions.

An anonymous reader quotes a report from Ars Technica: Bose will brick key features of its SoundTouch Wi-Fi speakers and soundbars soon. On Thursday, Bose informed customers that as of February 18, 2026, it will stop supporting the devices, and the devices' cloud-based features, including the companion app, will stop working. The SoundTouch app enabled numerous capabilities, including integrating music services, like Spotify and TuneIn, and the ability to program multiple speakers in different rooms to play the same audio simultaneously.

Bose has also said that some saved presets won't work and that users won't be able to change saved presets once the app is gone. Additionally, Bose will stop providing security updates for SoundTouch devices. The Framingham, Massachusetts-headquartered company noted to customers that the speakers will continue being able to play audio from a device connected via AUX or HDMI. Wireless playback will still work over Bluetooth; however, Bluetooth is known to introduce more latency than Wi-Fi connections. Affected customers can trade in their SoundTouch product for a credit worth up to $200.

In its notice sent to customers this week, Bose provided minimal explanation for end-of-life-ing its pricey SoundTouch speakers, saying: "Bose SoundTouch systems were introduced into the market in 2013. Technology has evolved since then, and we're no longer able to sustain the development and support of the cloud infrastructure that powers this older generation of products. We remain committed to creating new listening experiences for our customers built on modern technologies."

An anonymous reader quotes a report from CSO Online: On Sept. 17, security vendor SonicWall announced that cybercriminals had stolen backup files configured for cloud backup. At the time, the company claimed the incident was limited to "less than five percent" of its customers. Now, the firewall provider has admitted that "all customers" using the MySonicWall cloud backup feature were affected. According to the company, the stolen files contain encrypted credentials and configuration data. "[W]hile encryption remains in place, possession of these files could increase the risk of targeted attacks," SonicWall warns in its press release.

Security specialist Arctic Wolf also warns of the consequences of the incident. "Firewall configuration files store sensitive information that can be leveraged by threat actors to exploit and gain access to an organization's network," explains Stefan Hostetler, threat intelligence researcher at Arctic Wolf. "These files can provide threat actors with critical information such as user, group, and domain settings, DNS and log settings, and certificates," he adds. Arctic Wolf has previously observed threat actors, including nation-state and ransomware groups, exfiltrating firewall configuration files to use for future attacks. SonicWall urges all customers and partners to regularly check their devices for updates. Admins can find additional information here.

smooth wombat writes: At one point in technology history, floppy disks reigned supreme. Files, pictures, games, everything was put on a floppy disk. But technology doesn't stand still and as time went on disks were replaced by CDs, DVDs, thumb drives, and now cloud storage. Despite these changes, floppy disks are still found in long forgotten corners of businesses or stuffed in boxs in the attic. What is on these disks is anyone's guess, but Cambridge University Library is racing against time to preserve the data. However, lack of hardware and software to read the disks, if they're readable at all, poses unique challenges.

Some of the world's most treasured documents can be found deep in the archives of Cambridge University Library. There are letters from Sir Isaac Newton, notebooks belonging to Charles Darwin, rare Islamic texts and the Nash Papyrus -- fragments of a sheet from 200BC containing the Ten Commandments written in Hebrew.

These rare, and often unique, manuscripts are safely stored in climate-controlled environments while staff tenderly care for them to prevent the delicate pages from crumbling and ink from flaking away.

But when the library received 113 boxes of papers and mementoes from the office of physicist Stephen Hawking, it found itself with an unusual challenge. Tucked alongside the letters, photographs and thousands of pages relating to Hawking's work on theoretical physics, were items now not commonly seen in modern offices -- floppy disks.

They were the result of Hawking's early adoption of the personal computer, which he was able to use despite having a form of motor neurone disease known as amyotrophic lateral sclerosis, thanks to modifications and software. Locked inside these disks could be all kinds of forgotten information or previously unknown insights into the scientists' life. The archivists' minds boggled.

These disks are now part of a project at Cambridge University Library to rescue hidden knowledge trapped on floppy disks. The Future Nostalgia project reflects a larger trend in the information flooding into archives and libraries around the world.

American companies have begun cutting middle management positions at rates not seen in years. Google eliminated 35% of managers overseeing teams of fewer than three in August. Fiverr announced in September it would shed managers to focus on AI. Amazon trimmed its management ranks throughout the year and cut positions at its cloud-computing division in July. Meta's Mark Zuckerberg has complained about managers managing managers since 2023.

Phrases relating to reducing management layers appeared 98 times on earnings calls of companies in the S&P global index this year, twice the frequency of all of 2022. The cuts stem partly from an uncertain economic environment and President Donald Trump's tariff regime, Economist writes. The pandemic created the conditions for the current retrenchment. Companies furloughed staff during Covid-19 and then hired rapidly to meet demand for e-commerce and digital services. They promoted employees to management positions to retain talent even when those managers supervised only one or two subordinates. Between 2019 and 2024, five of the ten fastest-growing job categories were management roles. Since November 2022, listed American companies have cut middle-management positions by around 3% on average.

An anonymous reader quotes a report from 404 Media: Sora 2, Open AI's new AI video generator, puts a visual watermark on every video it generates. But the little cartoon-eyed cloud logo meant to help people distinguish between reality and AI-generated bullshit is easy to remove and there are half a dozen websites that will help anyone do it in a few minutes. A simple search for "sora watermark" on any social media site will return links to places where a user can upload a Sora 2 video and remove the watermark. 404 Media tested three of these websites, and they all seamlessly removed the watermark from the video in a matter of seconds.

Hany Farid, a UC Berkeley professor and an expert on digitally manipulated images, said he's not shocked at how fast people were able to remove watermarks from Sora 2 videos. "It was predictable," he said. "Sora isn't the first AI model to add visible watermarks and this isn't the first time that within hours of these models being released, someone released code or a service to remove these watermarks." [...] According to Farid, Open AI is decent at employing strategies like watermarks, content credentials, and semantic guardrails to manage malicious use. But it doesn't matter. "It is just a matter of time before someone else releases a model without these safeguards," he said.

Both [Rachel Tobac, CEO of SocialProof Security] and Farid said that the ease at which people can remove watermarks from AI-generated content wasn't a reason to stop using watermarks. "Using a watermark is the bare minimum for an organization attempting to minimize the harm that their AI video and audio tools create," Tobac said, but she thinks the companies need to go further. "We will need to see a broad partnership between AI and Social Media companies to build in detection for scams/harmful content and AI labeling not only on the AI generation side, but also on the upload side for social media platforms. Social Media companies will also need to build large teams to manage the likely influx of AI generated social media video and audio content to detect and limit the reach for scammy and harmful content." "I'd like to know what OpenAI is doing to respond to how people are finding ways around their safeguards," Farid said. "Will they adapt and strengthen their guardrails? Will they ban users from their platforms? If they are not aggressive here, then this is going to end badly for us all."

An anonymous reader quotes a report from BleepingComputer: The Redis security team has released patches for a maximum severity vulnerability that could allow attackers to gain remote code execution on thousands of vulnerable instances. Redis (short for Remote Dictionary Server) is an open-source data structure store used in approximately 75% of cloud environments, functioning like a database, cache, and message broker, and storing data in RAM for ultra-fast access. The security flaw (tracked as CVE-2025-49844) is caused by a 13-year-old use-after-free weakness found in the Redis source code and can be exploited by authenticated threat actors using a specially crafted Lua script (a feature enabled by default). Successful exploitation enables them to escape the Lua sandbox, trigger a use-after-free, establish a reverse shell for persistent access, and achieve remote code execution on the targeted Redis hosts.

After compromising a Redis host, attackers can steal credentials, deploy malware or cryptocurrency mining tools, extract sensitive data from Redis, move laterally to other systems within the victim's network, or use stolen information to gain access to other cloud services. "This grants an attacker full access to the host system, enabling them to exfiltrate, wipe, or encrypt sensitive data, hijack resources, and facilitate lateral movement within cloud environments," said Wiz researchers, who reported the security issue at Pwn2Own Berlin in May 2025 and dubbed it RediShell.

While successful exploitation requires attackers first to gain authenticated access to a Redis instance, Wiz found around 330,000 Redis instances exposed online, with at least 60,000 of them not requiring authentication. Redis and Wiz urged admins to patch their instances immediately by applying security updates released on Friday, "prioritizing those that are exposed to the internet." To further secure their Redis instances against remote attacks, admins can also enable authentication, disable Lua scripting and other unnecessary commands, launch Redis using a non-root user account, enable Redis logging and monitoring, limit access to authorized networks only, and implement network-level access controls using firewalls and Virtual Private Clouds (VPCs).

BrianFagioli writes: Canonical has revealed the codename for Ubuntu 26.04 LTS: Resolute Raccoon. The announcement came today on X through the official @ubuntu account, continuing the tradition of pairing an adjective with an animal for each release. As an LTS version, it will be supported for five years and serve as the foundation for servers, desktops, and cloud deployments when it launches in April 2026.

While the name itself is now public, the features of Ubuntu 26.04 remain under wraps. The community will be watching closely to see which kernel it ships with, how GNOME evolves, and what improvements land for enterprise and container use. For now, fans simply have a raccoon mascot to rally around as the countdown to April begins.

European labor regulations enacted nearly a century ago now impose costs on companies that discourage investment in disruptive technologies. An American firm shedding workers incurs costs equivalent to seven months of wages per employee. In Germany the figure reaches 31 months. In France it reaches 38 months. The expense extends beyond severance pay and union negotiations. Companies retain unproductive workers they would prefer to dismiss.

New investments face delays of years as dismissed employees are gradually replaced. Olivier Coste, a former EU official turned tech entrepreneur, and economist Yann Coatanlem tracked these opaque restructuring costs and found that European firms avoid risky ventures because of them. Large companies typically finance ten risky projects where eight fail and require mass redundancies. Apple developed a self-driving car for years before abandoning the effort and firing 600 employees in 2024. The two successful projects generate profits worth many times the invested sums. This calculus works in America where failure costs remain low. In Europe the same bet becomes financially unviable.

European blue-chip firms sell products that are improved versions of what they sold in the 20th century -- turbines, shampoos, vaccines, jetliners. American star firms peddle AI chatbots, cloud computers, reusable rockets. Nvidia is worth more than the European Union's 20 biggest listed firms combined. Microsoft, Google, and Meta each fired over 10,000 staff in recent years despite thriving businesses. Satya Nadella called firing people during success the "enigma of success." Bosch and Volkswagen recently announced layoffs with timelines stretching to 2030.

OpenAI and AMD announced a multibillion-dollar partnership on Monday for AI data centers running on AMD processors. OpenAI committed to purchasing 6 gigawatts worth of AMD's MI450 chips starting next year through direct purchases or through its cloud computing partners. AMD chief Lisa Su said the deal will result in tens of billions of dollars in new revenue over the next half-decade.

OpenAI will receive warrants for up to 160 million AMD shares at 1 cent per share, representing roughly 10% of the chip company. The warrants will be awarded in phases if OpenAI hits certain deployment milestones. The partnership marks AMD's biggest win in its quest to disrupt Nvidia's dominance among AI semiconductor companies. Mizuho Securities estimates that Nvidia controls more than 70% of the market for AI chips.

"Microsoft buys a lot of GPUs from both Nvidia and AMD," writes the Register. "But moving forward, Redmond's leaders want to shift the majority of its AI workloads from GPUs to its own homegrown accelerators..." Driving the transition is a focus on performance per dollar, which for a hyperscale cloud provider is arguably the only metric that really matters. Speaking during a fireside chat moderated by CNBC on Wednesday, Microsoft CTO Kevin Scott said that up to this point, Nvidia has offered the best price-performance, but he's willing to entertain anything in order to meet demand.

Going forward, Scott suggested Microsoft hopes to use its homegrown chips for the majority of its datacenter workloads. When asked, "Is the longer term idea to have mainly Microsoft silicon in the data center?" Scott responded, "Yeah, absolutely...

Microsoft is reportedly in the process of bringing a second-generation Maia accelerator to market next year that will no doubt offer more competitive compute, memory, and interconnect performance... It should be noted that AI accelerators aren't the only custom chips Microsoft has been working on. Redmond also has its own CPU called Cobalt and a whole host of platform security silicon designed to accelerate cryptography and safeguard key exchanges across its vast datacenter domains.

An anonymous reader quotes a report from Ars Technica: As we careen toward a future in which Google has final say over what apps you can run, the company has sought to assuage the community's fears with a blog post and a casual "backstage" video. Google has said again and again since announcing the change that sideloading isn't going anywhere, but it's definitely not going to be as easy. The new information confirms app installs will be more reliant on the cloud, and devs can expect new fees, but there will be an escape hatch for hobbyists.

Confirming app verification status will be the job of a new system component called the Android Developer Verifier, which will be rolled out to devices in the next major release of Android 16. Google explains that phones must ensure each app has a package name and signing keys that have been registered with Google at the time of installation. This process may break the popular FOSS storefront F-Droid. It would be impossible for your phone to carry a database of all verified apps, so this process may require Internet access. Google plans to have a local cache of the most common sideloaded apps on devices, but for anything else, an Internet connection is required. Google suggests alternative app stores will be able to use a pre-auth token to bypass network calls, but it's still deciding how that will work.

The financial arrangement has been murky since the initial announcement, but it's getting clearer. Even though Google's largely automated verification process has been described as simple, it's still going to cost developers money. The verification process will mirror the current Google Play registration fee of $25, which Google claims will go to cover administrative costs. So anyone wishing to distribute an app on Android outside of Google's ecosystem has to pay Google to do so. What if you don't need to distribute apps widely? This is the one piece of good news as developer verification takes shape. Google will let hobbyists and students sign up with only an email for a lesser tier of verification. This won't cost anything, but there will be an unclear limit on how many times these apps can be installed. The team in the video strongly encourages everyone to go through the full verification process (and pay Google for the privilege). We've asked Google for more specifics here.

An anonymous reader shares a report from The Verge: Microsoft is getting ready to announce an ad-supported version of Xbox Cloud Gaming. Sources familiar with Microsoft's plans tell The Verge that the software maker has started testing ad-supported games streaming internally, allowing employees to play select titles free without a Game Pass subscription.

I understand that the free ad-supported version of Xbox Cloud Gaming will include the ability to stream some games you own, as well as eligible Free Play Days titles, which let Xbox players try games over a weekend. You'll also be able to stream Xbox Retro Classics games. Sources tell me the internal testing includes around two minutes of preroll ads before a game is available to stream for free through Xbox Cloud Gaming. [...] The ad-supported Xbox Cloud Gaming version will be available on PC, Xbox consoles, handheld devices, and via the web.

An anonymous reader quotes a report from The Register: New Zealand's Institute of IT Professionals has discovered it is insolvent and advised members it has no alternative but to enter liquidation. The Institute (ITP) wrote to members on Thursday and posted a document titled "Important Update on ITP's Future" that reveals it has "reached a point where the organization cannot continue. After a full review of our finances, the Board has confirmed that ITP is insolvent."

Insolvency seems to have come as something of a surprise. "These debts are historic. They go back over many years. While some of the issues were worked on in more recent times, the full scale of the problem only became visible during the leadership change in 2025," the Update states. "Once the Board understood the full picture, it was clear that there was no responsible way forward other than liquidation." [...]

ITP's constitution requires its members to formally resolve to wind up the organization, so as one of its final acts the group has called a Special General Meeting (SGM) for 23 October 2025 to confirm liquidation and appoint a liquidator. This situation impacts more than ITP's ~10,000 members, because the organization offers assessment services that assess whether IT professionals' skills and qualifications make them eligible to move to New Zealand for work. ITP also certifies IT degrees at New Zealand universities, and oversees the NZ Cloud Computing Code of Practice. ITP also conducted educational and advocacy activities aimed at growing New Zealand's tech workforce.

Google has laid off over 100 employees in design-related roles, including user experience research and cloud design teams, as part of broader cost-cutting measures to prioritize AI infrastructure. CNBC reports: Earlier this week, the company laid off employees within the cloud unit's "quantitative user experience research" teams and "platform and service experience" teams, as well as some adjacent teams, according to internal documents viewed by CNBC. The roles often focus on using data, surveys and other tools to understand and implement user behaviors that inform product development and design. Google has halved some of the cloud unit's design teams, and many of those affected are U.S.-based roles. Some employees have been given until early December to find a new role within the company.

Researchers have unveiled two new hardware-based attacks, Battering RAM and Wiretap, that break Intel SGX and AMD SEV-SNP trusted enclaves by exploiting deterministic encryption and physical interposers. Ars Technica reports: In the age of cloud computing, protections baked into chips from Intel, AMD, and others are essential for ensuring confidential data and sensitive operations can't be viewed or manipulated by attackers who manage to compromise servers running inside a data center. In many cases, these protections -- which work by storing certain data and processes inside encrypted enclaves known as TEEs (Trusted Execution Enclaves) -- are essential for safeguarding secrets stored in the cloud by the likes of Signal Messenger and WhatsApp. All major cloud providers recommend that customers use it. Intel calls its protection SGX, and AMD has named it SEV-SNP.

Over the years, researchers have repeatedly broken the security and privacy promises that Intel and AMD have made about their respective protections. On Tuesday, researchers independently published two papers laying out separate attacks that further demonstrate the limitations of SGX and SEV-SNP. One attack, dubbed Battering RAM, defeats both protections and allows attackers to not only view encrypted data but also to actively manipulate it to introduce software backdoors or to corrupt data. A separate attack known as Wiretap is able to passively decrypt sensitive data protected by SGX and remain invisible at all times.

The UK government has issued a new order to Apple to create a backdoor into its cloud storage service, this time targeting only British users' data, despite US claims that Britain had abandoned all attempts to break the tech giant's encryption. Financial Times: The UK Home Office demanded in early September that Apple create a means to allow officials access to encrypted cloud backups, but stipulated that the order applied only to British citizens' data, according to people briefed on the matter.

A previous technical capability notice (TCN) issued in January sought global access to encrypted user data. That move sparked a diplomatic clash between the UK and US governments and threatened to derail the two nations' efforts to secure a trade agreement.

In February, Apple withdrew its most secure cloud storage service, iCloud Advanced Data Protection, from the UK. "Apple is still unable to offer Advanced Data Protection in the United Kingdom to new users," Apple said on Wednesday. "We are gravely disappointed that the protections provided by ADP are not available to our customers in the UK given the continuing rise of data breaches and other threats to customer privacy." It added: "As we have said many times before, we have never built a back door or master key to any of our products or services and we never will."

Microsoft has announced that Xbox Game Pass Ultimate will cost $29.99 per month, up from $19.99. The company restructured its subscription service into three tiers ahead of the October 16 launch of two Xbox ROG Ally handheld consoles. The new Essential tier offers 50-plus games for $9.99 monthly. Premium includes 200-plus games for $14.99. Ultimate subscribers gain access to more than 400 games, day-one releases, improved cloud streaming quality, and services including EA Play, Ubisoft+ Classics, and Fortnite Crew.

Game Pass generated nearly $5 billion in fiscal 2025 revenue with 34 million subscribers in 2024. Console hardware prices are also increasing, with the Xbox Series X rising $50 to $649.99 starting October 3.

An anonymous reader shared this report from Computer Weekly: Policing data hosted in Microsoft's hyperscale cloud infrastructure could be processed in more than 100 countries, but the tech giant is obfuscating this information from its customers, Computer Weekly can reveal. According to documents released by the Scottish Police Authority (SPA) under freedom of information (FoI) rules, Microsoft refused to hand over crucial information about its international data flows to the SPA and Police Scotland when asked...

The tech giant also refused to disclose its own risk assessments into the transfer of UK policing data to other jurisdictions, including China and others deemed "hostile" in the DPIA documents. This means Police Scotland and the SPA — which are jointly rolling out Office 365 — are unable to satisfy the law enforcement-specific data protection rules laid out in Part Three of the Data Protection Act 2018 (DPA18), which places strict limits on the transfer of policing data outside the UK. The same documents also contain an admission from Microsoft — given while simultaneously refusing to divulge key information about data flows — that it is unable to guarantee the sovereignty of policing data held and processed within its O365 infrastructure. This echoes the statements senior Microsoft representatives made to the French senate in June 2025, in which they admitted the company cannot guarantee the sovereignty of European data stored and processed in its services generally.

The revelation that Microsoft may access customer data from more than 100 countries is a result of the correspondence previously disclosed under Freedom of Information and reported on by Computer Weekly... All in all, an analysis of Microsoft's distributed documentation — conducted by independent security consultant Owen Sayers and shared with Computer Weekly — suggests that Microsoft personnel or contractors can remotely access the data from 105 different countries, using 148 different sub-processors. Despite technically being public, Sayers highlighted how this information is not transparently laid out for Microsoft customers, and is distributed across different documents contained in non-indexed webpages.... "[A]ny normal amount of due diligence — even if it is conducted by skilled persons will likely fail to see the full scope of offshoring in play," he said...

Microsoft did not contest the accuracy of the remote access location figures cited by Computer Weekly in this story.