Gearbox CEO Randy Pitchford has responded to Borderlands 4 performance complaints by calling the game "a premium game made for premium gamers." Pitchford claimed customer service reports for performance issues represent "less than one percent of one percent" of players and told critics to "code your own engine and show us how it's done, please."

The game holds a Mixed rating on Steam despite reaching 300,000 concurrent players Sunday, a franchise record. Gearbox recommends DLSS and frame generation for 60+ fps at 1440p even on powerful hardware. Pitchford compared running the game on older hardware to driving "a monster truck with a leaf blower's motor."

Microsoft is adding the free Microsoft 365 Copilot Chat and agents to Office apps for all Microsoft 365 business users today. From a report: Word, Excel, PowerPoint, Outlook, and OneNote are all being updated with a Copilot Chat sidebar that will help draft documents, analyze spreadsheets, and more without needing an additional Microsoft 365 Copilot license.

"Copilot Chat is secure AI chat grounded in the web -- and now, it's available in the Microsoft 365 apps," explains Seth Patton, general Manager of Microsoft 365 Copilot product marketing. "It's content aware, meaning it quickly understands what you're working on, tailoring answers to the file you have open. And it's included at no additional cost for Microsoft 365 users."

While this free version of Copilot will rewrite documents, provide summaries, and help create slides in PowerPoint, the $30 per month, per user Microsoft 365 Copilot license will still have the best integration in Office apps. The Microsoft 365 Copilot license is also not limited to a single document, and can reason over entire work data.

An anonymous reader shares a column: After nearly 30 years of USB-A connectivity, the market is now transitioning to the convenient USB-C standard, which makes sense given that it supports higher speeds, display data, and power delivery. The symmetrical connection is also smaller and more user-friendly, as it's reversible and works with smartphones and tablets. I get that USB-C is inevitable, but tech brands should realize that the ubiquitous USB-A isn't going anywhere soon and stop removing the ports we need to run our devices.

[...] It's premature for brands to phase out USB-A when peripheral brands are still making compatible products in 2025. For example, Logitech's current wireless pro gaming mice connect using a USB-A Lightspeed dongle, and most Seagate external drives still use USB-A as their connection method. The same can be said for other memory sticks, keyboards, wireless headsets, and other new devices that are still manufactured with a USB-A connection.

I have a gaming laptop with two USB-A and USB-C ports, and it's a constant struggle to connect all my devices simultaneously without needing a hub. I use the two USB-A ports for my mouse and wireless headset dongles, while a phone charging cable and portable monitor take up the USB-Cs. This setup stresses me out because there's no extra space to connect anything else without losing functionality.

Google has restructured Android's decade-old monthly security update process into a "Risk-Based Update System" that separates high-priority patches from routine fixes. Monthly bulletins now contain only vulnerabilities under active exploitation or in known exploit chains -- explaining July 2025's unprecedented zero-CVE bulletin -- while most patches accumulate for quarterly releases.

The September 2025 bulletin contained 119 vulnerabilities compared to zero in July and six in August. The change reduces OEM workload for monthly updates but extends the private bulletin lead time from 30 days to several months for quarterly releases. The company no longer releases monthly security update source code, limiting custom ROM development to quarterly cycles.

The UK's data-protecting Information Commissioner's Office has issued a warning about what it calls a worrying trend, reports the BBC: "students hacking their own school and college IT systems for fun or as part of dares." Since 2022, the the Information Commissioner's Office (ICO) has investigated 215 hacks and breaches originating from inside education settings and says 57% were carried out by children. Other breaches are thought to come from staff, third party IT suppliers and other organisations with access. According to the new data, almost a third of the breaches involved students illegally logging into staff computer systems by guessing passwords or stealing details from teachers.

In one incident, a seven-year-old was involved in a data breach and subsequently referred to the National Crime Agency's Cyber Choices programme to help them understand the seriousness of their actions... In another incident three Year 11 students aged 15 or 16 unlawfully accessed school databases containing the personal information of more than 1,400 students. The pupils used hacking tools downloaded from the internet to break passwords and security protocols. When questioned, they said they were interested in cyber security and wanted to test their skills and knowledge. Another example the ICO gave is of a student illegally logging into their college's databases with a teachers' details to change or delete personal information belonging to more than 9,000 staff, students and applicants. The system stored personal information such as name and home address, school records, health data, safeguarding and pastoral logs and emergency contacts.

Schools are facing an increasing number of cyber attacks, with 44% of schools reporting an attack or breach in the last year according the government's most recent Cyber Security Breaches Survey.
"Youth cyber crime culture is a growing threat linked to English-speaking teen gangs," the article argues, noting breaches at major companies to suggest it's a kind of "gateway" crime.

The ICO's principal cyber specialist tells the BBC that "What starts out as a dare, a challenge, a bit of fun in a school setting can ultimately lead to children taking part in damaging attacks on organisations or critical infrastructure."

"There has never been a successful, widespread malware attack against iPhone," notes Apple's security blog, pointing out that "The only system-level iOS attacks we observe in the wild come from mercenary spyware... historically associated with state actors and [using] exploit chains that cost millions of dollars..."

But they're doing something about it — this week announcing a new always-on memory-safety protection in the iPhone 17 lineup and iPhone Air (including the kernel and over 70 userland processes)... Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry... For Apple, improving memory safety is a broad effort that includes developing with safe languages and deploying mitigations at scale...

Our analysis found that, when employed as a real-time defensive measure, the original Arm Memory Tagging Extension (MTE) release exhibited weaknesses that were unacceptable to us, and we worked with Arm to address these shortcomings in the new Enhanced Memory Tagging Extension (EMTE) specification, released in 2022. More importantly, our analysis showed that while EMTE had great potential as specified, a rigorous implementation with deep hardware and operating system support could be a breakthrough that produces an extraordinary new security mechanism.... Ultimately, we determined that to deliver truly best-in-class memory safety, we would carry out a massive engineering effort spanning all of Apple — including updates to Apple silicon, our operating systems, and our software frameworks. This effort, together with our highly successful secure memory allocator work, would transform MTE from a helpful debugging tool into a groundbreaking new security feature.

Today we're introducing the culmination of this effort: Memory Integrity Enforcement (MIE), our comprehensive memory safety defense for Apple platforms. Memory Integrity Enforcement is built on the robust foundation provided by our secure memory allocators, coupled with Enhanced Memory Tagging Extension (EMTE) in synchronous mode, and supported by extensive Tag Confidentiality Enforcement policies. MIE is built right into Apple hardware and software in all models of iPhone 17 and iPhone Air and offers unparalleled, always-on memory safety protection for our key attack surfaces including the kernel, while maintaining the power and performance that users expect. In addition, we're making EMTE available to all Apple developers in Xcode as part of the new Enhanced Security feature that we released earlier this year during WWDC...

Based on our evaluations pitting Memory Integrity Enforcement against exceptionally sophisticated mercenary spyware attacks from the last three years, we believe MIE will make exploit chains significantly more expensive and difficult to develop and maintain, disrupt many of the most effective exploitation techniques from the last 25 years, and completely redefine the landscape of memory safety for Apple products. Because of how dramatically it reduces an attacker's ability to exploit memory corruption vulnerabilities on our devices, we believe Memory Integrity Enforcement represents the most significant upgrade to memory safety in the history of consumer operating systems.

They stole a woman's phone in Barcelona. Unfortunately, her husband was security consultant/penetration tester Martin Vigo, reports Spain's newspaper El Pais.

"His weeks-long investigation coincided with a massive two-year police operation between 2022 and 2024 in six countries where 17 people were arrested: Spain, Argentina, Colombia, Chile, Ecuador, and Peru...." In Vigo's case, the phone was locked and the "Find my iPhone" feature was activated... Once stolen, the phones are likely wrapped in aluminum foil to prevent the GPS from tracking their movements. "Then they go to a safe house where they are gathered together and shipped on pallets outside of Spain, to Morocco or China." This international step is vital to prevent the phone from being blocked if the thieves try to use it again. Carriers in several European countries share lists of the IMEIs (unique numbers for each device) of stolen devices so they can't be used. But Morocco, for example, doesn't share these lists. There, the phone can be reconnected...

With hundreds or thousands of stored phones, another path begins: "They try to get the PIN," says Vigo. Why the PIN? Because with the PIN, you can change the Apple password and access the device's content. The gang had created a system to send thousands of text messages like the one Vigo received. To know who to target with the bait message, the police say, "the organization performed social profiling of the victims, since, in many cases, in addition to the phone, they also had the victim's personal belongings, such as their ID." This is how they obtained the phone numbers to send the malicious SMS...

Each victim received a unique link, and the server knew which victim clicked it... With the first click, the attackers would redirect the user to a website they believed was credible, such as Apple's real iCloud site... [T]he next day you receive another text message, and you click on it, more confidently. However, that link no longer redirects you to the real Apple website, but to a flawless copy created by the criminals: that's where they ask for your PIN, and without thinking, full of hope, you enter it... "The PIN is more powerful than your fingerprint or face. With it, you can delete the victim's biometric information and add your own to access banking apps that are validated this way," says Vigo. Apple Wallet asks you to re-authenticate, and then everything is accessible...

In the press release on the case, the police explained that the gang allegedly used a total of 5,300 fake websites and illegally unlocked around 1.3 million high-end devices, about 30,000 of them in Spain.
Vigo tells El Pais that if the PIN doesn't unlock the device, the criminal gang then sends it to China to be "dismantled and then sent back to Europe for resale. The devices are increasingly valuable because they have more advanced chips, better cameras, and more expensive materials."

To render the phone untraceable in China, "they change certain components and the IMEI. It requires a certain level of sophistication: opening the phone, changing the chip..."

Paramount and Comcast's NBCUniversal are joining Microsoft in telling employees "they could face consequences if they don't return to the office more frequently," reports the Washington Post: NBCUniversal sent a memo to its employees telling them to return to the office four days a week starting in January [with the option to work remotely on Fridays]. Last week, Paramount told employees to return five days a week, with the first group starting in January. Both Paramount and NBCUniversal said they would offer severance packages to eligible employees who are unwilling or unable to make the switch... Companies have been cracking down on flexible work for the past several years, with Goldman Sachs being one of the first to implement a five-day office policy. Since then, others have joined in including Amazon, AT&T, JPMorgan Chase and the federal government...

Overall, the number of people working full time in office hasn't changed much over the past couple of years. About 61.7 percent of salaried employees worked from an office full time in August, according to data from university researchers Jose Maria Barrero, Nicholas Bloom and Steven J. Davis, who are studying the matter. That is down one percentage point from August 2024, their research shows. During the same period, the amount of people working remotely dropped two percentage points and those working hybrid schedules increased three points.

While most of the big office pushes are coming from some of the largest employers in the nation, the majority of companies in the United States aren't requiring full-time office work, said Brian Elliott [publisher of the Flex Index, which tracks flexible policies, and CEO]. And about half of U.S. workers are employed by smaller companies, he added. Some companies are capitalizing on the mandates, using flexible policies as a way to poach talent from their competitors, he said....

Some employers are using office mandates to purposely shed workers. An August report from the Federal Reserve Bank shows that "multiple districts reported reducing headcounts through attrition — encouraged, at times, by return-to-office policies and facilitated, at times, by greater automation, including new AI tools." Still, with fewer job openings in the market, some employees will have to comply with office mandates.
Announcing their return-to-office mandates, employers gave the following reasons:

• "In-person collaboration is absolutely vital to building and strengthening our culture and driving the success of our business. Being together helps us innovate, solve problems, share ideas, create, challenge one another, and build the relationships that will make this company great."
  
  -- Paramount CEO David Ellison (in a memo to staff)

• "It has become increasingly clear that we are better when we are together. As we have all experienced, in-person work and collaboration spark innovation, promote creativity, and build stronger connections."
  
  -- Adam Miller, NBCUniversal chief operating officer (in a memo to staff)

An anonymous reader quotes a report from The Intercept: The company behind the Proton Mail email service, Proton, describes itself as a "neutral and safe haven for your personal data, committed to defending your freedom." But last month, Proton disabled email accounts belonging to journalists reporting on security breaches of various South Korean government computer systems following a complaint by an unspecified cybersecurity agency. After a public outcry, and multiple weeks, the journalists' accounts were eventually reinstated -- but the reporters and editors involved still want answers on how and why Proton decided to shut down the accounts in the first place.

Martin Shelton, deputy director of digital security at the Freedom of the Press Foundation, highlighted that numerous newsrooms use Proton's services as alternatives to something like Gmail "specifically to avoid situations like this," pointing out that "While it's good to see that Proton is reconsidering account suspensions, journalists are among the users who need these and similar tools most." Newsrooms like The Intercept, the Boston Globe, and the Tampa Bay Times all rely on Proton Mail for emailed tip submissions. Shelton noted that perhaps Proton should "prioritize responding to journalists about account suspensions privately, rather than when they go viral." On Reddit, Proton's official account stated that "Proton did not knowingly block journalists' email accounts" and that the "situation has unfortunately been blown out of proportion."

The two journalists whose accounts were disabled were working on an article published in the August issue of the long-running hacker zine Phrack. The story described how a sophisticated hacking operation -- what's known in cybersecurity parlance as an APT, or advanced persistent threat -- had wormed its way into a number of South Korean computer networks, including those of the Ministry of Foreign Affairs and the military Defense Counterintelligence Command, or DCC. The journalists, who published their story under the names Saber and cyb0rg, describe the hack as being consistent with the work of Kimsuky, a notorious North Korean state-backed APT sanctioned by the U.S. Treasury Department in 2023. As they pieced the story together, emails viewed by The Intercept show that the authors followed cybersecurity best practices and conducted what's known as responsible disclosure: notifying affected parties that a vulnerability has been discovered in their systems prior to publicizing the incident. Phrack said the account suspensions created a "real impact to the author. The author was unable to answer media requests about the article." Phrack noted that the co-authors were already working with affected South Korean organizations on responsible disclosure and system fixes. "All this was denied and ruined by Proton," Phrack stated.

Phrack editors said that the incident leaves them "concerned what this means to other whistleblowers or journalists. The community needs assurance that Proton does not disable accounts unless Proton has a court order or the crime (or ToS violation) is apparent."

The Swiss government could soon require service providers with more than 5,000 users to collect government-issued identification, retain subscriber data for six months and, in many cases, disable encryption. From a report: The proposal, which is not subject to parliamentary approval, has alarmed privacy and digital-freedoms advocates worldwide because of how it will destroy anonymity online, including for people located outside of Switzerland. A large number of virtual private network (VPN) companies and other privacy-preserving firms are headquartered in the country because it has historically had liberal digital privacy laws alongside its famously discreet banking ecosystem.

Proton, which offers secure and end-to-end encrypted email along with an ultra-private VPN and cloud storage, announced on July 23 that it is moving most of its physical infrastructure out of Switzerland due to the proposed law. The company is investing more than $117 million in the European Union, the announcement said, and plans to help develop a "sovereign EuroStack for the future of our home continent." Switzerland is not a member of the EU. Proton said the decision was prompted by the Swiss government's attempt to "introduce mass surveillance."

Sega allegedly orchestrated a police raid to recover Nintendo development kits it had accidentally disposed of during an office relocation from Brentford to Chiswick Business Park. An anonymous UK reseller purchased the items -- including Game Boy Advance, DSi, 3DS, Wii, and Wii U development consoles plus prototype games like Sonic Chronicles and Mario & Sonic at the Winter Olympic Games -- for roughly $13,575 from a removals worker handling Sega's office clearance.

City of London Police arrested the seller July 14, 2025, on money laundering charges, deploying approximately ten officers to seize the hardware. The seller claims the search warrant was defective and authorized Sega representatives to participate in the raid. Nintendo development kits remain the hardware manufacturer's property regardless of possession, outlet Time Extension writes. Police requested the seller relinquish ownership two days after releasing him from eight hours in custody, which he refused. Sega has not responded to multiple legal letters or six separate pre-action protocol claims from the seller.

India's massive IT sector faces a lengthy period of uncertainty with customers delaying or re-negotiating contracts while the U.S. debates a proposed 25% tax on American firms using foreign outsourcing services, analysts and lawyers told Reuters. From a report: The sector is likely to be on the receiving end of a bill which, though unlikely to pass in its nascent form, will initiate a gradual shift in how big-name firms in the world's largest outsourcing market buy IT services, they said. Still, with U.S. firms having to pay the tax, those heavily reliant on overseas IT services are likely to push back, setting the stage for extensive lobbying and legal battles, analysts and lawyers said.

India's $283 billion information technology sector has thrived for more than three decades exporting software services, with prominent clients including Apple, American Express, Cisco, Citigroup, FedEx and Home Depot. It has grown to make up over 7% of GDP. However, it has also drawn criticism in customer countries over job loss to lower-cost workers in India. Last week, U.S. Republican Senator Bernie Moreno introduced the HIRE Act, which proposes taxing companies that hire foreign workers over Americans, with the tax revenue used for U.S. workforce development.

US Senator Ron Wyden says glaring cybersecurity flaws by Microsoft enabled a ransomware attack on a US hospital system and has called on the Federal Trade Commission to investigate. Bloomberg: In a letter sent Wednesday to FTC Chairman Andrew Ferguson, the Oregon Democrat accused Microsoft of "gross cybersecurity negligence," which he said had resulted in ransomware attacks against US critical infrastructure.

The senator cited the case of the 2024 breach at Ascension, one of the nation's largest nonprofit health systems. The intrusion shut down computers at many of Ascension's hospitals, leading to suspended surgeries and the theft of sensitive data on more than 5 million patients. Wyden said an investigation by his office found that the Ascension hack began after a contractor carried out a search using Microsoft's Bing search engine and was served a malicious link, which led to the contractor inadvertently downloading malware. That allowed hackers access to Ascension's computer networks.

According to Wyden, the attackers then gained access to privileged accounts by exploiting an insecure encryption technology called RC4, which is supported by default on Windows computers. The hacking method is called Kerberoasting, which the company described as a type of cyberattack in which intruders aim to gather passwords by targeting an authentication protocol called Kerberos.

An anonymous reader shares a report: South Africa's energy regulator apologized for a 54 billion-rand ($3.1 billion) error in calculating electricity tariffs, a mistake that will be passed on to consumers.

The National Energy Regulator of South Africa, which determines what state power utility Eskom Holdings SOC Ltd. can charge for electricity, announced the miscalculation last month, without providing further details. On Wednesday, it put the blunder down to a "data input error" that was picked up by Eskom, according to a presentation to lawmakers.

While the mistake had been identified before the tariff determination was made in January, it wasn't rectified as indicated at the time, and only discovered five months later, the regulator said. "The error is regrettable; it should not have happened," it said.

The incident brought into the spotlight South Africa's surging electricity prices and will result in them increasing by 8.76% in the next financial year, instead of the 5.36% originally agreed, and by 8.83% the year after, compared with 6.19%.

Canon will rerelease its 2016 PowerShot Elph 360 HS point-and-shoot camera as the PowerShot Elph 360 HS A in late October for $379 -- $169 more than the original's $210 launch price. The camera retains the same 20.2-megapixel CMOS sensor, Digic IV Plus processor, 12x optical zoom, 1080p video recording, and USB Mini port.

The new version switches from SD to microSD cards and removes Wi-Fi image transfer and direct printing capabilities. The rerelease comes after celebrities including Kendall Jenner and Dua Lipa popularized the original model on social media. The camera will be available in black or silver only; the original purple option has been discontinued.