"The Overwatch 2 team at Blizzard has unionized," reports Kotaku: That includes nearly 200 developers across disciplines ranging from art and testing to engineering and design. Basically anyone who doesn't have someone else reporting to them. It's the second wall-to-wall union at the storied game maker since the World of Warcraft team unionized last July... Like unions at Bethesda Game Studios and Raven Software, the Overwatch Gamemakers Guild now has to bargain for its first contract, a process that Microsoft has been accused of slow-walking as negotiations with other internal game unions drag on for years.

"The biggest issue was the layoffs at the beginning of 2024," Simon Hedrick, a test analyst at Blizzard, told Kotaku... "People were gone out of nowhere and there was nothing we could do about it," he said. "What I want to protect most here is the people...." Organizing Blizzard employees stress that improving their working conditions can also lead to better games, while the opposite — layoffs, forced resignations, and uncompetitive pay can make them worse....

"We're not just a number on an Excel sheet," [said UI artist Sadie Boyd]. "We want to make games but we can't do it without a sense of security." Unionizing doesn't make a studio immune to layoffs or being shuttered, but it's the first step toward making companies have a discussion about those things with employees rather than just shadow-dropping them in an email full of platitudes. Boyd sees the Overwatch union as a tool for negotiating a range of issues, like if and how generative AI is used at Blizzard, as well as a possible source of inspiration to teams at other studios.

"Our industry is at such a turning point," she said. "I really think with the announcement of our union on Overwatch...I know that will light some fires."
The article notes that other issues included work-from-home restrictions, pay disparities and changes to Blizzard's profit-sharing program, and wanting codified protections for things like crunch policies, time off, and layoff-related severance.

Long-time Slashdot reader smooth wombat writes: Over the past year there have been stories about North Korean spies unknowingly or knowingly being hired to work in western companies. During an interview by Kraken, a crypto exchange, the interviewers became suspicious about the candidate. Instead of cutting off the interview, Kraken decided to continue the candidate through the hiring process to gain more information. One simple question confirmed the user wasn't who they said they were and even worse, was a North Korean spy.
Would-be IT worker "Steven Smith" already had an email address on a "do-not-hire" list from law enforcement agencies, according to CBS News. And an article in Fortune magazine says Kraken asked him to speak to a recruiter and take a technical-pretest, and "I don't think he actually answered any questions that we asked him," according to its chief security officer Nick Percoco — even though the application was claiming 11 years of experience as a software engineer at U.S.-based companies: The interview was scheduled for Halloween, a classic American holiday—especially for college students in New York—that Smith seemed to know nothing about. "Watch out tonight because some people might be ringing your doorbell, kids with chain saws," Percoco said, referring to the tradition of trick or treating. "What do you do when those people show up?"

Smith shrugged and shook his head. "Nothing special," he said.

Smith was also unable to answer simple questions about Houston, the town he had supposedly been living in for two years. Despite having listed "food" as an interest on his résumé, Smith was unable to come up with a straight answer when asked about his favorite restaurant in the Houston area. He looked around for a few seconds before mumbling, "Nothing special here...."

The United Nations estimates that North Korea has generated between $250 million to $600 million per year by tricking overseas firms to hire its spies. A network of North Koreans, known as Famous Chollima, was behind 304 individual incidents last year, cybersecurity company CrowdStrike reported, predicting that the campaigns will continue to grow in 2025.
During a report CBS News actually aired footage of the job interview with the "suspected member of Kim Jong Un's cyberarmy." "Some people might call it trolling as well," one company official told the news outlet. "We call it security research." (And they raise the disturbing possibility that another IT company might very well have hired "Steven Smith"...)

CBS also spoke to CrowdStrike co-founder Dmitri Alperovitch, who says the problem increased with remote work, as is now fueling a state-run weapons program. "It's a huge problem because these people are not just North Koreans — they're North Koreans working for their munitions industry department, they're working for the Korean People's Army." (He says later the results of their work are "going directly" to North Korea's nuclear and ballistic missile programs.)

And when CBS notes that the FBI issued a wanted poster of alleged North Korean agents and arrested Americans hosting laptop farms in Arizona and Tennesse ("computer hubs inside the U.S. that conceal the cybercriminals real identities"), Alperovitch says "They cannot do this fraud without support here in America from witting or unwitting actors. So they have hired probably hundreds of people..." CBS adds that FBI officials say "the IT worker scene is expanding worldwide."

An anonymous reader quotes a report from BleepingComputer: Law enforcement authorities have dismantled a botnet that infected thousands of routers over the last 20 years to build two networks of residential proxies known as Anyproxy and 5socks. The U.S. Justice Department also indicted three Russian nationals (Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin) and a Kazakhstani (Dmitriy Rubtsov) for their involvement in operating, maintaining, and profiting from these two illegal services.

During this joint action dubbed 'Operation Moonlander,' U.S. authorities worked with prosecutors and investigators from the Dutch National Police, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police, as well as analysts with Lumen Technologies' Black Lotus Labs. Court documents show that the now-dismantled botnet infected older wireless internet routers worldwide with malware since at least 2004, allowing unauthorized access to compromised devices to be sold as proxy servers on Anyproxy.net and 5socks.net. The two domains were managed by a Virginia-based company and hosted on servers globally.

On Wednesday, the FBI also issued a flash advisory (PDF) and a public service announcement warning that this botnet was targeting patch end-of-life (EoL) routers with a variant of the TheMoon malware. The FBI warned that the attackers are installing proxies later used to evade detection during cybercrime-for-hire activities, cryptocurrency theft attacks, and other illegal operations. The list of devices commonly targeted by the botnet includes Linksys and Cisco router models, including:

- Linksys E1200, E2500, E1000, E4200, E1500, E300, E3200, E1550
- Linksys WRT320N, WRT310N, WRT610N
- Cisco M10 and Cradlepoint E100 "The botnet controllers require cryptocurrency for payment. Users are allowed to connect directly with proxies using no authentication, which, as documented in previous cases, can lead to a broad spectrum of malicious actors gaining free access," Black Lotus Labs said. "Given the source range, only around 10% are detected as malicious in popular tools such as VirusTotal, meaning they consistently avoid network monitoring tools with a high degree of success. Proxies such as this are designed to help conceal a range of illicit pursuits including ad fraud, DDoS attacks, brute forcing, or exploiting victim's data."

An anonymous reader quotes a report from TechCrunch: A Florida bill, which would have required social media companies to provide an encryption backdoor for allowing police to access user accounts and private messages, has failed to pass into law. The Social Media Use by Minors bill was "indefinitely postponed" and "withdrawn from consideration" in the Florida House of Representatives earlier this week. Lawmakers in the Florida Senate had already voted to advance the legislation, but a bill requires both legislative chambers to pass before it can become law.

The bill would have required social media firms to "provide a mechanism to decrypt end-to-end encryption when law enforcement obtains a subpoena," which are typically issued by law enforcement agencies and without judicial oversight. Digital rights group the Electronic Frontier Foundation called the bill "dangerous and dumb." Security professionals have long argued that it is impossible to create a secure backdoor that cannot also be maliciously abused, and encryption backdoors put user data at risk of data breaches.

Software firm 37signals is completing its migration from AWS to on-premises infrastructure, expecting to save $1.3 million annually on storage costs alone. CTO David Heinemeier Hansson announced the company has begun migrating 18 petabytes of data from Amazon S3 to Pure Storage arrays costing $1.5 million upfront but only $200,000 yearly to operate.

AWS waived $250,000 in data egress fees for the transition, which will allow 37signals to completely delete its AWS account this summer. The company has already slashed $2 million in annual costs after replacing cloud compute with $700,000 worth of Dell servers in 2024. "Cloud can be a good choice in certain circumstances, but the industry pulled a fast one convincing everyone it's the only way," wrote Hansson, who began the repatriation effort in 2022 after discovering their annual AWS bill exceeded $3.2 million.

CrowdStrike, the cybersecurity firm that became a household name after causing a massive global IT outage last year, has announced it will cut 5% of its workforce in part due to "AI efficiency." From a report: In a note to staff earlier this week, released in stock market filings in the US, CrowdStrike's chief executive, George Kurtz, announced that 500 positions, or 5% of its workforce, would be cut globally, citing AI efficiencies created in the business.

"We're operating in a market and technology inflection point, with AI reshaping every industry, accelerating threats, and evolving customer needs," he said. Kurtz said AI "flattens our hiring curve, and helps us innovate from idea to product faster," adding it "drives efficiencies across both the front and back office. AI is a force multiplier throughout the business," he said. Other reasons for the cuts included market demand for sustained growth and expanding the product offering.

An anonymous reader quotes a report from BleepingComputer: Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information, BleepingComputer has learned. Pearson is a UK-based education company and one of the world's largest providers of academic publishing, digital learning tools, and standardized assessments. The company works with schools, universities, and individuals in over 70 countries through its print and online services. In a statement to BleepingComputer, Pearson confirmed they suffered a cyberattack and that data was stolen, but stated it was mostly "legacy data."

"We recently discovered that an unauthorized actor gained access to a portion of our systems," a Pearson representative confirmed to BleepingComputer. "Once we identified the activity, we took steps to stop it and investigate what happened and what data was affected with forensics experts. We also supported law enforcement's investigation. We have taken steps to deploy additional safeguards onto our systems, including enhancing security monitoring and authentication. We are continuing to investigate, but at this time we believe the actor downloaded largely legacy data. We will be sharing additional information directly with customers and partners as appropriate." Pearson also confirmed that the stolen data did not include employee information. The education company previously disclosed in January that they were investigating a breach of one of their subsidiaries, PDRI, which is believed to be related to this attack.

BleepingComputer also notes that threat actors breached Pearson's developer environment in January 2025 using an exposed GitLab access token, gaining access to source code and hard-coded credentials. Terabytes of sensitive data was stolen from cloud platforms and internal systems.

Despite the potential impact on millions of individuals, Pearson has declined to answer key questions about the breach or its response.

Switzerland will hold a national referendum on the introduction of electronic identity cards after opponents of the legislation secured enough signatures to force a public vote. The Federal Chancellery confirmed Wednesday that 55,344 valid signatures were submitted against the Federal Act on Electronic Identity passed last December.

The proposed e-ID would enable citizens to apply online for criminal record extracts, driving licenses, and age verification when purchasing alcohol. This marks the second referendum on e-ID implementation, after voters rejected a previous version in 2021. The government has revised its approach, making the new system free, optional, and fully state-operated rather than privately managed. If approved, the e-ID would come into force no earlier than 2026, though the collection effort suggests privacy concerns remain paramount for many Swiss voters.

The curl open source project is fighting against a flood of AI-generated false security reports. Daniel Stenberg, curl's original author and lead developer, declared on LinkedIn that they are "effectively being DDoSed" by these submissions.

"We still have not seen a single valid security report done with AI help," Stenberg wrote. This week alone, four AI-generated vulnerability reports arrived seeking reputation or bounties, ArsTechnica writes. One particularly frustrating May 4 report claiming "stream dependency cycles in the HTTP/3 protocol stack" pushed Stenberg "over the limit." The submission referenced non-existent functions and failed to apply to current versions.

Some AI reports are comically obvious. One accidentally included its prompt instruction: "and make it sound alarming." Stenberg has asked HackerOne, which manages vulnerability reporting, for "more tools to strike down this behavior." He plans to ban reporters whose submissions are deemed "AI slop."

President Trump's proposed 2026 budget seeks to cut nearly $500 million from CISA, accusing the agency of prioritizing censorship over cybersecurity and election protection. "The proposed cuts -- which are largely symbolic at this stage as they need to be approved by Congress -- are framed as a purge of the so-called 'censorship industrial complex,' a term the White House uses to describe CISA's work countering misinformation," reports The Register. From the report: In its fiscal 2024 budget request, the agency had asked [PDF] for a total of just over $3 billion to safeguard the nation's online security across both government and private sectors. The enacted budget that year was about $34 million lower than the previous year's. Now, a deep cut has been proposed [PDF], as the Trump administration decries the agency's past work tackling the spread of misinformation on the web by America's enemies, as well as the agency's efforts safeguarding election security. [...]

"The budget eliminates programs focused on so-called misinformation and propaganda as well as external engagement offices such as international affairs," it reads [PDF]. "These programs and offices were used as a hub in the censorship industrial complex to violate the First Amendment, target Americans for protected speech, and target the President. CISA was more focused on censorship than on protecting the nation's critical systems, and put them at risk due to poor management and inefficiency, as well as a focus on self-promotion."

Microsoft has instituted a stringent new performance management system that places ousted employees on a two-year rehiring block list and categorizes their departures as "good attrition," Business Insider reported Tuesday, citing internal documents. The company now tracks staff departures it considers beneficial, mirroring Amazon's "unregretted attrition" metric, though no specific targets have been established yet.

Microsoft recently terminated 2,000 underperforming employees without severance and implemented a new performance improvement plan (PIP). Employees facing performance issues now must choose between entering the PIP or accepting a "Global Voluntary Separation Agreement" with 16 weeks of pay.

Further reading: Microsoft Offers Underperformers Cash To Quit.

The Open Document Format reached its 20th anniversary on May 1, marking two decades since OASIS approved the XML-based standard originally developed by Sun Microsystems from StarOffice code. Even as the format has seen adoption by several governments including the UK, India, and Brazil, plus organizations like NATO, Microsoft Office's proprietary formats remain the de facto standard.

Microsoft countered ODF by developing Office Open XML, eventually getting it standardized through Ecma International. "ODF is much more than a technical specification: it is a symbol of freedom of choice, support for interoperability and protection of users from the commercial strategies of Big Tech," said Eliane Domingos, Chair of the Document Foundation, which oversees LibreOffice -- a fork created after Oracle acquired Sun.

Riot Games has reduced cheating in Valorant to under 1% of ranked games through its controversial kernel-level anti-cheat system Vanguard, according to the company's anti-cheat director Phillip Koskinas. The system enforces Windows security features like Trusted Platform Module and Secure Boot while preventing code execution in kernel memory.

Beyond technical measures, Riot deploys undercover operatives who have infiltrated cheat development communities for years. "We've even gone as far as giving anti-cheat information to establish credibility," Koskinas told TechCrunch, describing how they target even "premium" cheats costing thousands of dollars.

Riot faces increasingly sophisticated threats, including direct memory access attacks using specialized PCI Express hardware and screen reader cheats that use separate computers to analyze gameplay and control mouse movements. To combat repeat offenders, Vanguard fingerprints cheaters' hardware. Koskinas admits to deliberately slowing some enforcement: "To keep cheating dumb, we ban slower." The team also employs psychological warfare, publicly discrediting cheat developers and trolling known cheaters to undermine their credibility in gaming communities.

TeleMessage, a communications app used by former Trump national security adviser Mike Waltz, has suspended services after a reported hack exposed some user messages. The breach follows controversy over Waltz's use of the app to coordinate military updates, including accidentally adding a journalist to a sensitive Signal group chat. From the report: In an email, Portland, Oregon-based Smarsh, which runs the TeleMessage app, said it was "investigating a potential security incident" and was suspending all its services "out of an abundance of caution." A Reuters photograph showed Waltz using TeleMessage, an unofficial version of the popular encrypted messaging app Signal, on his phone during a cabinet meeting on Wednesday. A separate report from 404 Media says hackers have also targeted GlobalX Air -- one of the main airlines the Trump administration is using as part of its deportation efforts -- and claim to have stolen flight records and passenger manifests for all its flights, including those for deportation. From the report: The data, which the hackers contacted 404 Media and other journalists about unprompted, could provide granular insight into who exactly has been deported on GlobalX flights, when, and to where, with GlobalX being the charter company that facilitated the deportation of hundreds of Venezuelans to El Salvador. "Anonymous has decided to enforce the Judge's order since you and your sycophant staff ignore lawful orders that go against your fascist plans," a defacement message posted to GlobalX's website reads. Anonymous, well-known for its use of the Guy Fawkes mask, is an umbrella some hackers operate under when performing what they see as hacktivism.

An anonymous reader quotes a report from Ars Technica: Hundreds of e-commerce sites, at least one owned by a large multinational company, were backdoored by malware that executes malicious code inside the browsers of visitors, where it can steal payment card information and other sensitive data, security researchers said Monday. The infections are the result of a supply-chain attack that compromised at least three software providers with malware that remained dormant for six years and became active only in the last few weeks. At least 500 e-commerce sites that rely on the backdoored software were infected, and it's possible that the true number is double that, researchers from security firm Sansec said. Among the compromised customers was a $40 billion multinational company, which Sansec didn't name. In an email Monday, a Sansec representative said that "global remediation [on the infected customers] remains limited."

"Since the backdoor allows uploading and executing arbitrary PHP code, the attackers have full remote code execution (RCE) and can do essentially anything they want," the representative wrote. "In nearly all Adobe Commerce/Magento breaches we observe, the backdoor is then used to inject skimming software that runs in the user's browser and steals payment information (Magecart)." The three software suppliers identified by Sansec were Tigren, Magesolution (MGS), and Meetanshi. All three supply software that's based on Magento, an open source e-commerce platform used by thousands of online stores. A software version sold by a fourth provider named Weltpixel has been infected with similar code on some of its customers' stores, but Sansec so far has been unable to confirm whether it was the stores or Weltpixel that were hacked. Adobe has owned Megento since 2018.

BrianFagioli writes: Microsoft has officially begun rejecting high-volume emails that don't meet its new authentication rules.

Here's the deal. If you send more than 5,000 messages per day to Outlook.com addresses (including hotmail.com and live.com) and you're not properly set up with SPF, DKIM, and DMARC, your emails may never arrive.

The Open Source Initiative is joining "a global community of contributors" for GitHub's annual event "honoring the individuals who steward and sustain Open Source projects."

And the theme of the 5th Annual "Maintainer Month" will be: securing Open Source: Throughout the month, OSI and our affiliates will be highlighting maintainers who prioritize security in their projects, sharing their stories, and providing a platform for collaboration and learning... Maintainer Month is a time to gather, share knowledge, and express appreciation for the people who keep Open Source projects running. These maintainers not only review issues and merge pull requests — they also navigate community dynamics, mentor new contributors, and increasingly, adopt security best practices to protect their code and users....

- OSI will publish a series of articles on Opensource.net highlighting maintainers whose work centers around security...

- As part of our programming for May, OSI will host a virtual Town Hall [May 21st] with our affiliate organizations and invite the broader Open Source community to join....

- Maintainer Month is also a time to tell the stories of those who often work behind the scenes. OSI will be amplifying voices from across our affiliate network and encouraging communities to recognize the people whose efforts are often invisible, yet essential.
"These efforts are not just celebrations — they are opportunities to recognize the essential role maintainers play in safeguarding the Open Source infrastructure that underpins so much of our digital world," according to the OSI's announcement. And this year they're focusing on three key areas of open source security:

• Adopting security best practices in projects and communities

• Recognizing contributors who improve project security

• Collaborating to strengthen the ecosystem as a whole

Remember when U.S. National Security Adviser Mike Waltz mistakenly included a journalist in an encrypted chatroom to discuss looming U.S. military action against Yemen's Houthis?

A recent photo of a high-level cabinet meeting caught Waltz using a "less-secure Signal app knockoff," reports the Guardian: The chat app Waltz was using appears to be a modified version of Signal called TM SGNL, made by a company that copies messaging apps but adds an ability to retain messages and archive them. The White House officials may be using the modified Signal in order to comply with the legal requirement that presidential records be preserved... That function suggests the end-to-end encryption that makes Signal trusted for sharing private communications is possibly "not maintained, because the messages can be later retrieved after being stored somewhere else", according to 404 Media.
Thursday the national security adviser was removed from his position, the article points out.

He was instead named America's ambassador to the United Nations.

A 25-year-old from Santa Clarita has pleaded guilty to hacking a Disney employee's computer using malware disguised as an AI art tool, stealing over 1 terabyte of confidential Disney data and threatening to leak it under the guise of a fake Russian hacktivist group. Variety reports: Santa Clarita resident Ryan Mitchell Kramer, 25, pleaded guilty to two felony charges, including one count of accessing a computer and obtaining information and one count of threatening to damage a protected computer. Each charge carries a maximum sentence of five years in federal prison. According to the plea agreement, in early 2024 Kramer posted a computer program on various online platforms that appeared to be used to create AI-generated art, when it really contained a malicious file to gain access to victims' computers.

Between April and May 2024, a Disney employee downloaded the program, and Kramer gained access to the victim's personal and work accounts, including a non-public Disney Slack channel. Kramer dowloaded approximately 1.1 terabytes of confidential data from thousands of Disney Slack channels. In July, Kramer contacted the victim by pretending to be a member of a fake Russian hacktivist group called "Nullbulge" and threatened to leak their personal information and Disney Slack data. On July 12, Kramer publicly released the data, including the victim's bank, medical, and personal information on multiple online platforms.

Microsoft has appointed a Deputy CISO for Europe to address growing regulatory pressure and reassure EU leaders about its cybersecurity commitment. "The move also highlights strong fears from European IT execs and government officials that the Trump administration may exert significant influence on cybersecurity companies," reports CSO Online. From the report: Who that Deputy CISO will ultimately be is unclear. Wednesday's statement simply said that Microsoft CISO Igor Tsyganskiy is "appointing a new Deputy CISO for Europe as part of the Microsoft Cybersecurity Governance Council," but the phrasing made it unclear when that would happen. However, Tsyganskiy made a separate announcement on LinkedIn that he has given the role to current Deputy CISO Ann Johnson. But he then said that Johnson, who is based at Microsoft's head office in Redmond, Washington, will hold that post "temporarily."

In his LinkedIn post, Tsyganskiy explained that the Cybersecurity Governance Council, which was created in 2024, consists of "our Global CISO and Deputy Chief Information Security Officers (Deputy CISOs) representing each of our technology services. This Council oversees the company's cyber risks, defenses, and compliance across regions and domains." "The Deputy CISO for Europe will be accountable for compliance with current and emerging cybersecurity regulations in Europe, including the Digital Operational Resilience Act (DORA), the NIS 2 Directive, and the Cyber Resilience Act (CRA)," Tsyganskiy wrote. "These laws will prove transformative not only in EU markets, but worldwide, and Microsoft is actively engaged in preparing for what lies ahead." Microsoft said in Wednesday's statement: "the appointment of a Deputy CISO for Europe reflects the importance and global influence of EU cybersecurity regulations and the company's commitment to meeting and exceeding those expectations to prioritize cybersecurity across the region. This new position will report directly to Microsoft's CISO."

Michela Menting, France-based digital security research director at ABI Research, said when she heard on Wednesday that Microsoft was creating such a role, "I was mostly surprised that they don't already have one."

"GDPR has been in place for quite some time now and the fact they are only now putting in a European deputy CISO is concerning," Menting added. "They are playing catch up."