When Microsoft acquired GitHub in 2018, the company tried to stay away. The platform developed relatively independently until things began to change in recent months. The departure of GitHub CEO Thomas Domke in August and the gradual merger with Microsoft’s internal structure have solidified this new direction. As The New Stack has learned, the next step in this integration will be a complete migration of GitHub’s infrastructure to the Azure cloud. To achieve this, the company even plans to delay the launch of new features. In a letter to employees, CTO Vladimir Fedorov explained that GitHub’s Virginia headquarters is no longer able

China is consolidating its position as a global manufacturing powerhouse thanks to an unprecedented pace of production and installation of industrial robots. According to a report by the International Federation of Robotics (IFR) released Thursday, the number of robots operating in Chinese factories will surpass 2 million in 2024 , with nearly 300,000 new installations in just one year —more than the rest of the world combined. The United States , ranked third in terms of robot installations, has only 34,000 units . Automation is now at the heart of Beijing’s industrial strategy, supported by public funds and government policies aimed at

In the United States, a large-scale, coordinated botnet campaign is targeting Remote Desktop Protocol (RDP)-based services. The scale and organizational structure of this campaign poses a significant threat, especially for organizations that rely on RDP for their day-to-day operations. Security firm GreyNoise reported tracking a significant wave of attacks originating from more than 100,000 unique IP addresses in more than 100 countries. The operation appears to be centrally controlled, with the primary goal of compromising the RDP infrastructure , a critical component for remote work and administration. This discovery sparked a broader analysis, which quickly identified similar spikes in activity in a

Apple has significantly expanded its bounty program for security vulnerabilities in the iOS ecosystem. At the Hexacon offensive security conference in Paris, Ivan Krstic, the company’s vice president of security architecture and engineering, announced a maximum reward of $2 million for the discovery of a chain of vulnerabilities that could be exploited for espionage purposes. If such a combination allows the system to bypass the additional “Lockdown Mode” security feature or is discovered in a beta version of the system , the total reward could reach $5 million. The new rules will go into effect next month. The decision reflects the company’s

Today’s students are increasingly turning to artificial intelligence, not only for study aids, but also for social interaction and emotional support. A new study from the Center for Democracy and Technology (CDT) warns that this widespread use of artificial intelligence is gradually weakening adolescents’ social and cognitive abilities , acting almost imperceptibly, like alcohol on the brain. The CDT survey surveyed teachers, parents, and students . Nearly all respondents admitted using AI at least once in the past year: 85% of teachers and 86% of students. However, only 50% of teens use the technology for schoolwork, while 73% use chatbots for personal

Hackers have begun using Velociraptor , the digital forensics and incident response (DFIR) tool, to launch LockBit and Babuk ransomware attacks. Cisco Talos researchers attribute these campaigns to the Storm-2603 group, which operates in China. According to analysts, the attackers used an outdated version of Velociraptor with a privilege escalation vulnerability ( CVE-2025-6264, CVSS score 5.5) to gain complete control over the infected systems. Velociraptor was created by Mike Cohen as an open-source DFIR tool and later acquired by Rapid7, which is developing a commercial version. In late August, Sophos researchers reported that attackers were already using this software for remote access.

SonicWall confirmed that a data breach last month affected all customers using the company’s cloud backup service. As a result, firewall configurations stored on MySonicWall were compromised. MySonicWall is a portal for SonicWall customers that allows them to manage product access, licensing, registration, firmware updates, support requests and cloud backups of firewall configurations (.EXP files). Users are advised to immediately follow the steps below: In mid-September 2025, SonicWall urged its customers to change their login credentials as soon as possible, as a cyberattack on MySonicWall accounts had compromised firewall configuration backup files. At the time, details of the attack were not disclosed,

A large botnet called RondoDox has been discovered exploiting 56 vulnerabilities in more than 30 different devices, including bugs first demonstrated during the Pwn2Own hacking competition. Attackers target a wide range of Internet-accessible devices, including digital video recorders (DVRs), network video recorders (NVRs), video surveillance systems, and web servers. RondoDox uses a strategy that Trend Micro researchers call a “shotgun exploit”: the malware uses multiple exploits simultaneously to maximize the number of infections, despite the high-profile nature of this activity. Researchers report that, among other vulnerabilities, RondoDox attacks CVE-2023-1389, a bug in the TP-Link Archer AX21 Wi-Fi router, initially demonstrated at Pwn2Own

We know that product end-of-life (EoL) brings security risks and the accumulation of vulnerabilities, as manufacturers stop releasing corrective patches. However, starting a replatforming process five years early seems like a perhaps excessive choice. Microsoft is working to fix a bug in its Defender for Endpoint enterprise security platform that caused the security software to incorrectly report SQL Server 2017 and 2019 as “out of date.” BleepingComputer reports that the outage affected Defender XDR customers as early as Wednesday morning. Microsoft itself confirms that SQL Server 2019 will be supported until January 2030 and SQL Server 2017 until October 2027. The error

On October 10, new revelations emerged regarding one of the most notorious license keys in computing history: FCKGW-RHQQ2-YXRKT-8TG6W-2B7Q8 , tied to Windows XP . For years, this character sequence has been synonymous with pirated software, but today a different truth emerges. Dave W. Plummer , a long-time Microsoft engineer and creator of the Windows Product Activation (WPA) activation system, confirmed that the key was not generated by a crack , but rather the result of a serious internal data leak . According to Plummer, the key was intended as a Volume License Key (VLK) intended exclusively for businesses, to allow multiple, automated