A "slew of layoffs, price hikes and studio closures" for Microsoft's Xbox "have led many to declare — not for the first time — that the Xbox is dead," reports CNBC.

Or is it just changing its business model? The company's overall gaming revenue decreased 2% year-over-year, with a 29% dip in Xbox hardware sales, according to Microsoft's first-quarter earnings for fiscal 2026. The broader console industry has been in a major slump, with hardware spending down 27% year-over-year in November, which is typically a busy shopping month, according to a recent report from research firm Circana. It was the worst November in two decades, IGN reported, citing Circana data. Combined Switch and Switch 2 unit sales were down more than 10% during the month and PS5 sales were down more than 40%, IGN said. But the Xbox Series hardware took the biggest beating, with a dramatic 70% drop in sales...Microsoft's Xbox Series S and Series X, at 1.7 million units, couldn't outsell the original Nintendo Switch, which launched in 2017 and has sold 3.4 million units so far this year, data from game sales tracking site VGChartz estimated...

Microsoft CEO Satya Nadella said in a recent interview with the TBPN podcast that the company's gaming business model will look to be "everywhere in every platform," from consoles to TV to mobile. His comments also hinted that the next Xbox may function more like a PC. "It's kind of funny people think about the console and PC as two different things," Nadella said. "We built a console because we wanted to build a better PC, which could then perform for gaming. So I kind of want to revisit some of that conventional wisdom...." A source familiar with Xbox strategy told CNBC that the company is looking at creating an open system that enables players to jump between console, PC and cloud gaming — and any form of entertainment beyond gaming. [Wedbush analyst Michael Pachter told CNBC] that while Microsoft is not completely abandoning hardware, the company is splitting its audience into existing buyers interested in specialized consoles and everyone else.

Xbox Game Pass subscription service, which gives subscribers access to games from a variety of publishers, is a clear example of this strategy... The growth in cloud gaming has been blistering. Xbox reported a record 34 million Game Pass subscribers in 2024 and a total Game Pass revenue of almost $5 billion over the last fiscal year. Xbox said in a November blog post that the number of cloud gaming hours from Game Pass subscribers was up 45% compared to the same time last year. The Microsoft subsidiary also said console players are "spending 45% more time cloud streaming on console and 24% more on other devices..."

Despite gaming's scaling limitations, Microsoft seems committed to doing what it has done with the rest of its products — moving it to the cloud... [Xbox President Sarah] Bond recently said in an interview with Mashable that the idea of exclusive games is "antiquated" as the company has leaned into cross-platform gaming... Xbox is betting that cloud and cross-platform gaming are the future. For a decade, claims have been made about the death of the Xbox, and what comes next could fully spell the end, or bring a metamorphosis.

Long-time Slashdot reader destinyland wonders if "gifts for geeks" is the next big consumer demographic: For this year's holiday celebrations, Hallmark made a special Christmas tree ornament, a tiny monitor displaying screens from the classic video game "Oregon Trail." ("Recall the fun of leading a team of oxen and a wagon loaded with provisions from Missouri to the West....") Top sites and major brands are now targeting the "tech" demographic — including programmers, sysadmins and even vintage game enthusiasts — and when Hallmark and Amazon are chasing the same customers as GitHub and Copilot, you know there's been a strange yet meaningful shift in the culture...

While AI was conquering the world, GitHub published its "Ultimate gift guide for the developer in your life" just as soon as doors opened on Black Friday. So if you're wondering, "Should I push to production on New Year's Eve?" GitHub recommends their new "GitHub Copilot Amazeball," which it describes as "GitHub's magical collectible ready to weigh in on your toughest calls !" Copilot isn't involved — questions are randomly matched to the answers printed on the side of a triangle-shaped die floating in water. "[Y]ou'll get answers straight from the repo of destiny with a simple shake," GitHub promises — just like the Magic 8 Ball of yore. "Get your hands on this must-have collectible and enjoy the cosmic guidance — no real context switching required!" And GitHub's "Gift Guide for Developers" also suggests GitHub-branded ugly holiday socks and keyboard keycaps with GitHub's mascots.

But GitHub isn't the only major tech site with a shopping page targeting the geek demographic. Firefox is selling merchandise with its new mascot. Even the Free Software Foundation has its own shop, with Emacs T-shirts, GNU beanies and a stuffed baby gnu ("One of our most sought-after items ... "). Plus an FSF-branded antisurveillance webcam guard.

Maybe Dr. Seuss can write a new book: "How the Geeks Stole Christmas." Because this newfound interest in the geek demographic seems to have spread to the largest sites of all. Google searches on "Gifts for Programmers" now point to a special page on Amazon with suggestions like Linux crossword puzzles. But what coder could resist a book called " Cooking for Programmers? "Each recipe is written as source code in a different programming language," explains the book's description... The book is filled with colorful recipes — thanks to syntax highlighting, which turns the letters red, blue and green. There are also real cooking instructions, but presented as an array of strings, with both ingredients and instructions ultimately logged as messages to the console...

Some programmers might prefer their shirts from FreeWear.org, which donates part of the proceeds from every sale to its corresponding FOSS project or organization. (There are T-shirts for Linux, Gnome and the C programming language — and even one making a joke about how hard it is to exit Vim.)

But maybe it all proves that there's something for everybody. That's the real heartwarming message behind these extra-geeky Christmas gifts — that in the end, tech is, after all, still a community, with its own hallowed traditions and shared celebrations.

It's just that instead of singing Christmas carols, we make jokes about Vim.

An anonymous reader shared this report from the site It's FOSS: Linux gives you plenty of ways to install software: native distro packages, Flatpak, Snap, AppImage, source builds, even curl-piped installers. The catch is that each one solves a different problem, yet none of them fully eliminates the "works here, breaks there" reality across all distros. Package Forge (PkgForge) is a new project with a narrower mission: deliver truly distro-independent portable applications that run the same way across systems....

It's not a new packaging format in and of itself, nor is it trying to replace AppImages. Instead, it's an ecosystem that publishes portable packages and static binaries in curated repositories, paired with a package manager designed to install and manage them. One of the ways PkgForge stands out from some portable app efforts on Linux is its focus on accessible documentation and a security-minded distribution model. The project primarily delivers prebuilt binary packages, keeps transparent build logs, and relies on checksum verification. This helps reduce the spread of ad-hoc install scripts and the need for local compilation, which has long been a common pattern when downloading Linux software directly (and still is for many projects today).

To make life easier for the end-user, the project maintains its own frontend, called Soar... which you can use like an additional package manager, and let it handle installation, updates, and system integration. It also allows you to search for apps and utilities without having to dig through the repos online. Alternatively, you can search the PkgForge repos manually, and download and manage individual portable packages on your own. This is preferable if you're building a portable toolkit on a USB drive, testing a single app temporarily, or simply want full control over where files live...

Even if it doesn't replace Flatpak, Snap, or AppImage, it helps give definition to what a more flexible, truly distro-independent future for portable Linux apps could look like.

"In the lead up to its Switch 2 console release, Nintendo updated its user agreement," writes the Free Software Foundation, warning that Nintendo now claims "broad authority to make consoles owned by its customers permanently unusable."

"Under Nintendo's most aggressive digital restrictions management (DRM) update to date, game console owners are now required to give Nintendo the unilateral right to revoke access to games, security updates, and the Internet, at its sole discretion." The new agreement states: "You acknowledge that if you fail to comply with [Nintendo's restrictions], Nintendo may render the Nintendo Account Services and/or the applicable Nintendo device permanently unusable in whole or in part...."

There are probably other reasons that Nintendo has and will justify bricking game consoles, but here are some that we have seen reported:

— "Tampering" with hardware or software in pretty much any way;
— Attempting to play a back-up game;
— Playing a "used" game; or
— Use of a third-party game or accessory...


Nintendo's promise to block a user from using their game console isn't just an empty threat: it has already been wielded against many users. For example, within a month of the Switch 2's release, one user unknowingly purchased an open-box return that had been bricked, and despite functional hardware, it was unusable for many games. In another case, a user installing updates for game cartridges purchased via a digital marketplace had their console disabled. Though it's unclear exactly why they were banned, it's possible that the cartridge's previous owner made a copy and an online DRM check determined that the current and previous owner's use were both "fraudulent." The user only had their console released through appealing to Nintendo directly and providing evidence of their purchase, a laborious process.

Nintendo's new console banning spree is just one instance of the threat that nonfree software and DRM pose to users. DRM is but one injustice posed by nonfree software, and the target of the FSF's Defective by Design campaign. Like with all software, users ought to be able to freely copy, study, and modify the programs running on their devices. Proprietary software developers actively oppose and antagonize their users. In the case of Nintendo, this means punishing legitimate users and burdening them with proving that their use is "acceptable." Console users shouldn't have to tread so carefully with a console that they own, and should they misstep, beg Nintendo to allow them to use their consoles again.

One developer tells MIT Technology Review that AI tools weaken the coding instincts he used to have. And beyond that, "It's just not fun sitting there with my work being done for me."

But is AI making coders faster? "After speaking to more than 30 developers, technology executives, analysts, and researchers, MIT Technology Review found that the picture is not as straightforward as it might seem..." For some developers on the front lines, initial enthusiasm is waning as they bump up against the technology's limitations. And as a growing body of research suggests that the claimed productivity gains may be illusory, some are questioning whether the emperor is wearing any clothes.... Data from the developer analytics firm GitClear shows that most engineers are producing roughly 10% more durable code — code that isn't deleted or rewritten within weeks — since 2022, likely thanks to AI. But that gain has come with sharp declines in several measures of code quality. Stack Overflow's survey also found trust and positive sentiment toward AI tools falling significantly for the first time. And most provocatively, a July study by the nonprofit research organization Model Evaluation & Threat Research (METR) showed that while experienced developers believed AI made them 20% faster, objective tests showed they were actually 19% slower...

Developers interviewed by MIT Technology Review generally agree on where AI tools excel: producing "boilerplate code" (reusable chunks of code repeated in multiple places with little modification), writing tests, fixing bugs, and explaining unfamiliar code to new developers. Several noted that AI helps overcome the "blank page problem" by offering an imperfect first stab to get a developer's creative juices flowing. It can also let nontechnical colleagues quickly prototype software features, easing the load on already overworked engineers. These tasks can be tedious, and developers are typically glad to hand them off. But they represent only a small part of an experienced engineer's workload. For the more complex problems where engineers really earn their bread, many developers told MIT Technology Review, the tools face significant hurdles...

The models also just get things wrong. Like all LLMs, coding models are prone to "hallucinating" — it's an issue built into how they work. But because the code they output looks so polished, errors can be difficult to detect, says James Liu, director of software engineering at the advertising technology company Mediaocean. Put all these flaws together, and using these tools can feel a lot like pulling a lever on a one-armed bandit. "Some projects you get a 20x improvement in terms of speed or efficiency," says Liu. "On other things, it just falls flat on its face, and you spend all this time trying to coax it into granting you the wish that you wanted and it's just not going to..." There are also more specific security concerns, she says. Researchers have discovered a worrying class of hallucinations where models reference nonexistent software packages in their code. Attackers can exploit this by creating packages with those names that harbor vulnerabilities, which the model or developer may then unwittingly incorporate into software.
Other key points from the article:

• LLMs can only hold limited amounts of information in context windows, so "they struggle to parse large code bases and are prone to forgetting what they're doing on longer tasks."

• "While an LLM-generated response to a problem may work in isolation, software is made up of hundreds of interconnected modules. If these aren't built with consideration for other parts of the software, it can quickly lead to a tangled, inconsistent code base that's hard for humans to parse and, more important, to maintain."

• "Accumulating technical debt is inevitable in most projects, but AI tools make it much easier for time-pressured engineers to cut corners, says GitClear's Harding. And GitClear's data suggests this is happening at scale..."

• "As models improve, the code they produce is becoming increasingly verbose and complex, says Tariq Shaukat, CEO of Sonar, which makes tools for checking code quality. This is driving down the number of obvious bugs and security vulnerabilities, he says, but at the cost of increasing the number of 'code smells' — harder-to-pinpoint flaws that lead to maintenance problems and technical debt."

Yet the article cites a recent Stanford University study that found employment among software developers aged 22 to 25 dropped nearly 20% between 2022 and 2025, "coinciding with the rise of AI-powered coding tools."

The story is part of MIT Technology Review's new Hype Correction series of articles about AI.

Airbus is preparing to tender a major contract to move mission-critical systems like ERP, manufacturing, and aircraft design data onto a digitally sovereign European cloud, citing national security concerns and fears around U.S. extraterritorial laws like the CLOUD Act. "I need a sovereign cloud because part of the information is extremely sensitive from a national and European perspective," Catherine Jestin, Airbus's executive vice president of digital, told The Register. "We want to ensure this information remains under European control." The Register reports: The driver is access to new software. Vendors like SAP are developing innovations exclusively in the cloud, pushing customers toward platforms like S/4HANA. The request for proposals launches in early January, with a decision expected before summer. The contract -- understood to be worth more than 50 million euros -- will be long term (up to ten years), with price predictability over the period. [...] Jestin is waiting for European regulators to clarify whether Airbus would truly be "immune to extraterritorial laws" -- and whether services could be interrupted.

The concern isn't theoretical. Chief Prosecutor of the International Criminal Court (ICC) Karim Khan reportedly lost access to his Microsoft email after Trump sanctioned him for criticizing Israeli PM Benjamin Netanyahu, though Microsoft denies suspending ICC services. Beyond US complications, Jestin questions whether European cloud providers have sufficient scale. "If you asked me today if we'll find a solution, I'd say 80/20."

Elite computer science degrees are no longer a guaranteed on-ramp to tech jobs, as AI-driven coding tools slash demand for entry-level engineers and concentrate hiring around a small pool of already "elite" or AI-savvy developers. The Los Angeles Times reports: "Stanford computer science graduates are struggling to find entry-level jobs" with the most prominent tech brands, said Jan Liphardt, associate professor of bioengineering at Stanford University. "I think that's crazy." While the rapidly advancing coding capabilities of generative AI have made experienced engineers more productive, they have also hobbled the job prospects of early-career software engineers. Stanford students describe a suddenly skewed job market, where just a small slice of graduates -- those considered "cracked engineers" who already have thick resumes building products and doing research -- are getting the few good jobs, leaving everyone else to fight for scraps.

"There's definitely a very dreary mood on campus," said a recent computer science graduate who asked not to be named so they could speak freely. "People [who are] job hunting are very stressed out, and it's very hard for them to actually secure jobs." The shake-up is being felt across California colleges, including UC Berkeley, USC and others. The job search has been even tougher for those with less prestigious degrees. [...] Data suggests that even though AI startups like OpenAI and Anthropic are hiring many people, it is not offsetting the decline in hiring elsewhere. Employment for specific groups, such as early-career software developers between the ages of 22 and 25 has declined by nearly 20% from its peak in late 2022, according to a Stanford study. [...]

A common sentiment from hiring managers is that where they previously needed ten engineers, they now only need "two skilled engineers and one of these LLM-based agents," which can be just as productive, said Nenad Medvidovic, a computer science professor at the University of Southern California. "We don't need the junior developers anymore," said Amr Awadallah, CEO of Vectara, a Palo Alto-based AI startup. "The AI now can code better than the average junior developer that comes out of the best schools out there." [...] Stanford students say they are arriving at the job market and finding a split in the road; capable AI engineers can find jobs, but basic, old-school computer science jobs are disappearing. As they hit this surprise speed bump, some students are lowering their standards and joining companies they wouldn't have considered before. Some are creating their own startups. A large group of frustrated grads are deciding to continue their studies to beef up their resumes and add more skills needed to compete with AI.

An anonymous reader quotes a report from Ars Technica: At this point, most competitive online multiplayer games on the PC come with some kind of kernel-level anti-cheat software. As we've written before, this is software that runs with more elevated privileges than most other apps and games you run on your PC, allowing it to load in earlier and detect advanced methods of cheating. More recently, anti-cheat software has started to require more Windows security features like Secure Boot, a TPM 2.0 module, and virtualization-based memory integrity protection. Riot Games, best known for titles like Valorant and League of Legends and the Vanguard anti-cheat software, has often been one of the earliest to implement new anti-cheat requirements. There's already a long list of checks that systems need to clear before they'll be allowed to play Riot's games online, and now the studio is announcing a new one: a BIOS update requirement that will be imposed on "certain players" following Riot's discovery of a UEFI bug that could allow especially dedicated and motivated cheaters to circumvent certain memory protections.

In short, the bug affects the input-output memory management unit (IOMMU) "on some UEFI-based motherboards from multiple vendors." One feature of the IOMMU is to protect system memory from direct access during boot by external hardware devices, which otherwise might manipulate the contents of your PC's memory in ways that could enable cheating. The patch for these security vulnerabilities (CVE-2025-11901, CVE-202514302, CVE-2025-14303, and CVE-2025-14304) fixes a problem where this pre-boot direct memory access (DMA) protection could be disabled even if it was marked as enabled in the BIOS, creating a small window during the boot process where DMA devices could gain access to RAM.

The relative obscurity and complexity of this hardware exploit means that Vanguard isn't going to be enforcing these BIOS requirements on every single player of its games. For now, it will just apply to "restricted" players of Valorant whose systems, for one reason or another, are "too similar to cheaters who get around security features in order to become undetectable to Vanguard." But Riot says it's considering rolling the BIOS requirement out to all players in Valorant's highest competitive ranking tiers (Ascendant, Immortal, and Radiant), where there's more to be gained from working around the anti-cheat software. And Riot anti-cheat analyst Mohamed Al-Sharifi says the same restrictions could be turned on for League of Legends, though they aren't currently. If users are blocked from playing by Vanguard, they'll need to download and install the latest BIOS update for their motherboard before they'll be allowed to launch the game. Riot's new anti-cheat change could create problems for older PCs if the new anti-cheat change is expanded, notes Ars.

The update relies on a BIOS patch to fix a UEFI flaw, and many older motherboards, especially Intel 300-series and AMD AM4 boards, may never receive that update. If Riot flags a system and the manufacturer doesn't provide a patched BIOS, players could be locked out of games despite having otherwise capable hardware.

Microsoft's latest holiday ad for its Copilot AI assistant features a 30-second montage of users seamlessly syncing smart home lights to music, scaling recipes for large gatherings, and parsing HOA guidelines -- none of which the software can actually perform reliably when put to the test. The Verge methodically tested each prompt shown in the ad and found that Copilot repeatedly hallucinated interface elements that didn't exist, claimed to highlight on-screen buttons when it hadn't, and abandoned calculations midway through.

The smart home interface shown in the ad belongs to "Relecloud," a fictional company Microsoft uses in internal case studies. A Microsoft spokesperson confirmed that both the HOA document and the inflatable reindeer photo were fabricated for the advertisement. The ad closes with Santa Claus asking Copilot why toy production is behind schedule.

Further reading: Talking To Windows' Copilot AI Makes a Computer Feel Incompetent.

An anonymous reader quotes a report from KrebsOnSecurity: Direct navigation -- the act of visiting a website by manually typing a domain name in a web browser -- has never been riskier: A new study finds the vast majority of "parked" domains -- mostly expired or dormant domain names, or common misspellings of popular websites -- are now configured to redirect visitors to sites that foist scams and malware. When Internet users try to visit expired domain names or accidentally navigate to a lookalike "typosquatting" domain, they are typically brought to a placeholder page at a domain parking company that tries to monetize the wayward traffic by displaying links to a number of third-party websites that have paid to have their links shown.

A decade ago, ending up at one of these parked domains came with a relatively small chance of being redirected to a malicious destination: In 2014, researchers found (PDF) that parked domains redirected users to malicious sites less than five percent of the time -- regardless of whether the visitor clicked on any links at the parked page. But in a series of experiments over the past few months, researchers at the security firm Infoblox say they discovered the situation is now reversed, and that malicious content is by far the norm now for parked websites. "In large scale experiments, we found that over 90% of the time, visitors to a parked domain would be directed to illegal content, scams, scareware and anti-virus software subscriptions, or malware, as the 'click' was sold from the parking company to advertisers, who often resold that traffic to yet another party," Infoblox researchers wrote in a paper published today.

LG said it will let owners of its TVs delete Microsoft's Copilot shortcut after several reports highlighted the unremovable icon. In a statement to The Verge, LG says the company "respects consumer choice and will take steps to allow users to delete the shortcut icon if they wish." From the report: Last week, a user on the r/mildlyinfuriating subreddit posted an image of the Microsoft Copilot icon in their lineup of apps on an LG TV, with no option to delete it. "My LG TV's new software update installed Microsoft Copilot, which cannot be deleted," the post says. The post garnered more than 36,000 upvotes as people grow more frustrated with AI popping up just about everywhere.

Both LG and Samsung announced plans to add Microsoft's Copilot AI assistant to their TVs in January, but it appears to be popping up on LG TVs following a recent update to webOS. [LG spokesperson Chris De Maria] clarifies that the icon is a "shortcut" to the Microsoft Copilot web app that opens in the TV's web browser, rather than "an application-based service embedded in the TV." He also adds that "features such as microphone input are activated only with the customer's explicit consent." There's no word on when LG will roll out the ability to delete the Copilot icon.

A California judge signaled support for forcing Vizio to provide the full source code for its SmartCast TV software after finding a contractual obligation under the GPL. If upheld, the case could strengthen users' rights to modify GPL-licensed software embedded in consumer electronics. The Register reports: The legal complaint from the Software Freedom Conservancy (SFC) seeks access to the SmartCast source code so that Vizio customers can make changes and improvements to the platform, something that ought to be possible for code distributed under the GPL. On Thursday, California Superior Court Judge Sandy Leal issued a tentative ruling in advance of a hearing, indicating support for part of SFC's legal challenge. The tentative ruling is not a final decision, but it signals the judge's inclination to grant the SFC's motion for summary adjudication, at least in part.

"The tentative ruling [PDF] grants SFC's motion on the issue that a direct contract was made between SFC and Vizio when SFC's systems administrator, Paul Visscher, requested the source code to a TV that SFC has purchased," the SFC said in a blog post. "This contract obligated Vizio to provide SFC the complete and corresponding source code." [...]

Karen Sandler, executive director of the SFC, told The Register in an email that the hearing went well, though Vizio's legal counsel "stridently disagreed" with the legal analysis in the tentative ruling. "Judge Leal said she would take the matter 'under submission' which means she will think about it further," Sandler said. "After the Court went off the record, Leal's clerk specifically verified the Court reporter could provide an expedited transcript, so Leal will likely review the hearing transcript soon." Sandler expects Leal will examine the filings again before issuing her opinion, which is likely to be issued in the next few weeks.

Apple has announced a sweeping set of changes to iOS in Japan that will allow alternative app marketplaces, third-party payment processing, and non-WebKit browser engines -- all to comply with Japan's Mobile Software Competition Act, which takes effect December 18. The changes, now available in iOS 26.2, bear a strong resemblance to Apple's compliance measures for the European Union's Digital Markets Act but differ in key ways.

Japanese developers who want to offer alternative payment options must display them alongside Apple's in-app purchase system, giving users a choice at checkout rather than replacing Apple's option entirely. Apps cannot be distributed directly from websites as they can in the EU; they must go through an authorized marketplace.

Apple has established a tiered fee structure for the new arrangements. Apps distributed through the App Store using in-app purchase will pay between 15 and 26% depending on whether developers qualify for the Small Business Program. Alternative payment processing drops the 5% payment fee but keeps the base commission. Apps distributed outside the App Store pay a flat 5% Core Technology Commission on digital goods and services.

The company introduced several user-facing changes beyond app distribution. iPhone users in Japan will see browser and search engine choice screens during device setup, can assign third-party voice assistants to the side button, and can select alternative default navigation apps. Apple said it worked closely with Japanese regulators on protections for younger users. Apps in the Kids category cannot link to external websites for purchases, and users under 13 cannot access web links for transactions in any app.

An Apple spokesperson told Bloomberg that the company has no plans to extend these changes to other markets.

Meta has paused its third-party Horizon OS headset program, effectively canceling planned VR headsets from Asus and Lenovo as it refocuses on "building the world-class first-party hardware and software needed to advance the VR market." Road to VR reports: A little over a year and a half ago, Meta made an "industry-altering announcement," as I called the move in my reporting: the company was rebranding the Quest operating system to 'Horizon OS' and announced it was working with select partners to launch third-party VR headsets powered by the operating system. Meta specifically named Asus and Lenovo as the first partners it was working with to build new Horizon OS headsets. Asus was said to be building an "all-new performance gaming headset," while Lenovo was purportedly working on "mixed reality devices for productivity, learning, and entertainment."

But as we've now learned, neither headset is likely to see the light of day. Meta say it has frozen the third-party Horizon OS headset program. "We have paused the program to focus on building the world-class first-party hardware and software needed to advance the VR market," a Meta spokesperson told Road to VR. "We're committed to this for the long term and will revisit opportunities for 3rd-party device partnerships as the category evolves."

Coursera announced on Wednesday that it will acquire rival online learning platform Udemy in an all-stock deal that values the combined company at $2.5 billion, a move that brings together two of the largest U.S.-based players in an industry that has struggled since pandemic-era enrollment highs faded. Under the terms of the agreement, Udemy shareholders will receive 0.8 shares of Coursera for each share they hold, valuing Udemy at roughly $930 million. Based on Coursera's last closing price, the offer works out to $6.35 per Udemy share, an 18.3% premium. The deal is expected to close in the second half of next year, pending regulatory and shareholder approvals.

The two companies are betting that a combined platform will be better positioned to pursue corporate customers seeking to retrain workers in artificial intelligence, data science and software development. Coursera has built its business on partnerships with universities and institutions to offer degree programs and professional certificates, while Udemy operates a marketplace where independent instructors sell courses directly to consumers and businesses. Both stocks have significantly underperformed this year. Udemy shares have fallen about 35% and Coursera is down roughly 7%, leaving both trading well below their post-IPO highs as investors remain cautious about competition and pricing pressure in the sector.

Google is suing a Chinese-speaking cybercriminal group it says is responsible for a massive wave of scam text messages sent to Americans this year, according to a legal complaint filed Tuesday. From a report: The group, known as Darcula, sells software that allows users to send phishing text messages en masse, impersonating organizations like the IRS or the U.S. Postal Service in scams. The lawsuit is designed to give Google legal standing so U.S. courts will allow it to seize websites the group uses, hampering their operations, a spokesperson said.

Darcula is possibly the most prominent name in an emerging, loosely affiliated cybercrime world that creates and sells hacking programs for aspiring scammers to use. Darcula's signature program, called Magic Cat, provides an easy-to-use, intuitive way for cybercriminals without advanced hacking skills to quickly spam millions of phone numbers with links to fake websites impersonating businesses like YouTube's premium service, then steal the credit card numbers victims put in.

An anonymous reader quotes a report from the Wall Street Journal: The alleged perpetrator had improper access to virtually every South Korean adult's personal information: names, phone numbers and even the keycode to enter residential buildings. It was one of the biggest data breaches of recent years and it has sent the company it targeted -- Coupang, South Korea's equivalent of Amazon -- reeling, generating lawsuits, government investigation and calls to toughen penalties against such leaks. The leak went undetected for nearly five months, hitting Coupang's radar on Nov. 18 only after a customer flagged suspicious activity.

At first, Coupang, which was founded by a Korean-American entrepreneur, said it had experienced a data "exposure" affecting roughly 4,500 customer accounts. But within days, the e-commerce firm revised the figure: The leak exposed up to roughly 34 million user accounts in South Korea -- a sum representing more than 90% of the country's working-age population. Coupang started calling the incident a "leak" after Korean regulators took issue with the company's prior word choice. "The Whole Nation Is a Victim," read one local news headline.

An investigation has found that the alleged perpetrator had once worked in South Korea as a software developer for authentication systems at Coupang, which is known for its blockbuster U.S. initial public offering a few years ago. The suspected leaker is believed to be a Chinese national who has moved back to China and is now on the lam, South Korean officials say. They haven't named the person. Even after leaving the firm roughly a year ago, the suspect secretly held on to an internal authentication key that granted him unfettered access to the personal information of Coupang users, South Korean authorities and lawmakers say. The infiltration, using overseas servers, started on June 24. By using the login credentials, the suspect was able to appear as if he were still a Coupang employee when accessing the company's systems.

Intel has quietly stopped maintaining its open-source user-space driver stack for Gaudi accelerators. Phoronix reports: It turns out earlier this year Intel archived the SynapseAI Core open-source code and is no longer maintained by Intel. The open-source Synapse AI Core GitHub repository was archived in February and README updated with: "This project will no longer be maintained by Intel. Intel has ceased development and contributions including, but not limited to, maintenance, bug fixes, new releases, or updates, to this project. Intel no longer accepts patches to this project. If you have an ongoing need to use this project, are interested in independently developing it, or would like to maintain patches for the open source software community, please create your own fork of this project."

Mozilla has named Anthony Enzor-DeMeo as its new chief executive, promoting the executive who has spent the past year leading the Firefox browser team and who now plans to make AI central to the company's future.

Enzor-DeMeo announced on Tuesday that an "AI Mode" is coming to Firefox next year. The feature will let users choose from multiple AI models rather than being locked into a single provider. Some options will be open-source models, others will be private "Mozilla-hosted cloud options," and the company also plans to integrate models from major AI companies. Mozilla itself will not train its own large language model.

"We're not incentivized to push one model or the other," Enzor-DeMeo told The Verge. Firefox currently has about 200 million monthly users, a fraction of Chrome's roughly 4 billion, though Enzor-DeMeo insists mobile usage is growing at a decent clip.

He takes over from interim CEO Laura Chambers, who led the company through a major antitrust case and what Mozilla describes as "double-digit mobile growth" in Firefox. Chambers is returning to the Mozilla board of directors. The new CEO has outlined three priorities: ensuring all products give users control over AI features including the ability to turn them off, building a business model around transparent monetization, and expanding Firefox into a broader ecosystem of trusted software. Mozilla VPN integration is planned for the browser next year.

An anonymous reader quotes a report from Ars Technica: Microsoft is killing off an obsolete and vulnerable encryption cipher that Windows has supported by default for 26 years following more than a decade of devastating hacks that exploited it and recently faced blistering criticism from a prominent US senator. When the software maker rolled out Active Directory in 2000, it made RC4 a sole means of securing the Windows component, which administrators use to configure and provision fellow administrator and user accounts inside large organizations. RC4, short for Rivist Cipher 4, is a nod to mathematician and cryptographer Ron Rivest of RSA Security, who developed the stream cipher in 1987. Within days of the trade-secret-protected algorithm being leaked in 1994, a researcher demonstrated a cryptographic attack that significantly weakened the security it had been believed to provide. Despite the known susceptibility, RC4 remained a staple in encryption protocols, including SSL and its successor TLS, until about a decade ago. [...]

Last week, Microsoft said it was finally deprecating RC4 and cited its susceptibility to Kerberoasting, the form of attack, known since 2014, that was the root cause of the initial intrusion into Ascension's network. "By mid-2026, we will be updating domain controller defaults for the Kerberos Key Distribution Center (KDC) on Windows Server 2008 and later to only allow AES-SHA1 encryption," Matthew Palko, a Microsoft principal program manager, wrote. "RC4 will be disabled by default and only used if a domain administrator explicitly configures an account or the KDC to use it." [...] Following next year's change, RC4 authentication will no longer function unless administrators perform the extra work to allow it. In the meantime, Palko said, it's crucial that admins identify any systems inside their networks that rely on the cipher. Despite the known vulnerabilities, RC4 remains the sole means of some third-party legacy systems for authenticating to Windows networks. These systems can often go overlooked in networks even though they are required for crucial functions.

To streamline the identification of such systems, Microsoft is making several tools available. One is an update to KDC logs that will track both requests and responses that systems make using RC4 when performing requests through Kerberos. Kerberos is an industry-wide authentication protocol for verifying the identities of users and services over a non-secure network. It's the sole means for mutual authentication to Active Directory, which hackers attacking Windows networks widely consider a Holy Grail because of the control they gain once it has been compromised. Microsoft is also introducing new PowerShell scripts to sift through security event logs to more easily pinpoint problematic RC4 usage. Microsoft said it has steadily worked over the past decade to deprecate RC4, but that the task wasn't easy. "The problem though is that it's hard to kill off a cryptographic algorithm that is present in every OS that's shipped for the last 25 years and was the default algorithm for so long, Steve Syfuhs, who runs Microsoft's Windows Authentication team, wrote on Bluesky. "See," he continued, "the problem is not that the algorithm exists. The problem is how the algorithm is chosen, and the rules governing that spanned 20 years of code changes."