A bungled October 18 heist that saw $102 million of crown jewels stolen from the Louvre in broad daylight has exposed years of lax security at the national art museum. From trivial passwords like 'LOUVRE' to decades-old, unsupported systems and easy rooftop access, the job was made surprisingly easy. PC Gamer reports: As Rogue cofounder and former Polygon arch-jester Cass Marshall notes on Bluesky, we owe a lot of videogame designers an apology. We've spent years dunking on the emptyheadedness of game characters leaving their crucial security codes and vault combinations in the open for anyone to read, all while the Louvre has been using the password "Louvre" for its video surveillance servers. That's not an exaggeration. Confidential documents reviewed by Liberation detail a long history of Louvre security vulnerabilities, dating back to a 2014 cybersecurity audit performed by the French Cybersecurity Agency (ANSSI) at the museum's request. ANSSI experts were able to infiltrate the Louvre's security network to manipulate video surveillance and modify badge access.

"How did the experts manage to infiltrate the network? Primarily due to the weakness of certain passwords which the French National Cybersecurity Agency (ANSSI) politely describes as 'trivial,'" writes Liberation's Brice Le Borgne via machine translation. "Type 'LOUVRE' to access a server managing the museum's video surveillance, or 'THALES' to access one of the software programs published by... Thales." The museum sought another audit from France's National Institute for Advanced Studies in Security and Justice in 2015. Concluded two years later, the audit's 40 pages of recommendations described "serious shortcomings," "poorly managed" visitor flow, rooftops that are easily accessible during construction work, and outdated and malfunctioning security systems. Later documents indicate that, in 2025, the Louvre was still using security software purchased in 2003 that is no longer supported by its developer, running on hardware using Windows Server 2003.

An anonymous reader shares a report: The Microsoft Store on the web now lets you create a multi-app install package on Windows 11 that installs multiple applications from a single installer. This means you can now install multiple apps simultaneously without having to download each one manually. The experience is similar to that of the third-party app Ninite, a package manager that lets you install multiple apps at once.

An anonymous reader shares a report: Microsoft officially ended mainstream support for Windows 10 last month, nudging users to upgrade to Windows 11. While that led to almost an overnight technological revolution in Japan, elsewhere, it has caused a lot of confusion. Certain versions of Windows 10, like Enterprise LTSC -- and those enrolled in the ESU program -- are still scheduled to receive security updates through at least 2027, but they're starting to see out-of-support messages in Settings.

Various users over the past few days reported that they're being subjected to end-of-life warnings in Windows, despite already qualifying for extended security updates through the ESU program. Windows 10 Enterprise LTSC 2021 and âIoT Enterprise are business-oriented editions of the OS, so they're already supported up to 2032, but even they saw these incorrect messages. This widespread bug started to occur after the KB5066791 updates were pushed on October 14, 2025.

Microsoft has already acknowledged this mishap and said, "The message, 'Your version of Windows has reached the end of support, might incorrectly display in the Windows Update Settings page," confirming it as a mistake. The company has already released a cloud config fix that should remove the message, but you need to be connected to the internet for that, and a restart is also required.

Apple is preparing to enter the low-cost laptop market for the first time, developing a budget Mac aimed at luring away customers from Chromebooks and entry-level Windows PCs. Bloomberg News: The new device -- designed for students, businesses and casual users -- will target people who primarily browse the web, work on documents or conduct light media editing, according to people familiar with the matter.

[...] Apple plans to sell the new machine for well under $1,000 by using less-advanced components. The laptop will rely on an iPhone processor and a lower-end LCD display. The screen will also be the smallest of any current Mac, coming in at slightly below the 13.6-inch one used in the MacBook Air. This would mark the first time that Apple has used an iPhone processor in a Mac, rather than a chip designed specifically for a computer. But internal tests have shown that the smartphone chip can perform better than the Mac-optimized M1 used in laptops as recently as a few years ago.

concertina226 shares a report from The Register: [A massive power outage in April left tens of millions across Spain, Portugal, and parts of France without electricity for hours due to cascading grid failures, exposing how fragile and interconnected Europe's energy infrastructure is. The incident, though not a cyberattack, reignited concerns about the vulnerability of aging, fragmented, and insecure operational technology systems that could be easily exploited in future cyber or ransomware attacks.] This headache is one the European Commission is focused on. It is funding several projects looking at making electric grids more resilient, such as the eFort framework being developed by cybersecurity researchers at the independent non-profit Netherlands Organisation for Applied Scientific Research (TNO) and the Delft University of Technology (TU Delft).

TNO's SOARCA tool is the first ever open source security orchestration, automation and response (SOAR) platform designed to protect power plants by automating the orchestration of the response to physical attacks, as well as cyberattacks, on substations and the network, and the first country to demo it will be the Ukraine this year. At the moment, SOAR systems only exist for dedicated IT environments. The researchers' design includes a SOAR system in each layer of the power station: the substation, the control room, the enterprise layer, the cloud, or the security operations centre (SOC), so that the SOC and the control room work together to detect anomalies in the network, whether it's an attacker exploiting a vulnerability, a malicious device being plugged into a substation, or a physical attack like a missile hitting a substation. The idea is to be able to isolate potential problems and prevent lateral movement from one device to another or privilege escalation, so an attacker cannot go through the network to the central IT management system of the electricity grid. [...]

The SOARCA tool is underpinned by CACAO Playbooks, an open source specification developed by the OASIS Open standards body and its members (which include lots of tech giants and US government agencies) to create standardized predefined, automated workflows that can detect intrusions and changes made by malicious actors, and then carry out a series of steps to protect the network and mitigate the attack. Experts largely agree the problem facing critical infrastructure is only worsening as years pass, and the more random Windows implementations that are added into the network, the wider the attack surface is. [...] TNO's Wolthuis said the energy industry is likely to be pushed soon to take action by regulators, particularly once the Network Code on Cybersecurity (NCCS), which lays out rules requiring cybersecurity risk assessments in the electricity sector, is formalized.

A developer operating under the handle @XenoPanther has stripped Windows 7 down to 69MB. The OS boots but runs almost nothing because critical files like common dialog boxes and common controls are missing. @XenoPanther described the project on X as "more of a fun proof of concept rather than something usable." The desktop appears and the genuine check remains intact.

Microsoft has released a patch that fixes a longstanding bug in Windows 11 and Windows 10 where selecting "Update and shut down" would restart the computer instead of powering it off. The issue affected users across both operating systems since Windows 10's initial release. The fix arrived in Windows 11 25H2 Build 26200.7019 and the October 2025 optional update KB5067036.

Microsoft confirmed the patch "addressed underlying issue which can cause 'Update and shutdown' to not actually shut down your PC after updating." The problem likely stemmed from the Windows Servicing Stack failing to carry the power-off command through the required reboot phase. During updates Windows must restart into an offline servicing mode to replace system files. The power-off instruction was either cleared or blocked during this transition.

"It finally happened," writes the GamingOnLinux site: Linux gamers on Steam as of the Steam Hardware & Software Survey for October 2025 have crossed over the elusive 3% mark. The trend has been clear for sometime, and with Windows 10 ending support, it was quite likely this was going to be the time for it to happen as more people try out Linux...

Overall, 3% might not seem like much to some, but again — that trend is very clear and equates to millions of people. The last time Valve officially gave a proper monthly active user count was in 2022, and we know Steam has grown a lot since then, but even going by that original number would put monthly active Linux users at well over 4 million.
Additional details from Phoronix: The only time Steam on Linux use was close to the 3% mark was when Steam on Linux initially debuted a decade ago and at that time the overall Steam user-base was much smaller than it is today. Long story short, thanks to the ongoing success of Valve's Steam Deck and other handhelds plus Steam Play (Proton) working out so well, these October numbers are the best yet... a hearty 0.41% increase to Linux... landing its overall marketshare at 3.05%. Windows meanwhile was at 94.84% (falling below 95% for the first time in a while) and macOS at 2.11%. For comparison, in October 2024 Steam on Linux was at 2.00%.

The Linux-specific data shows SteamOS commanding around 27% of all the Linux installs at large. SteamOS most notably being on the Steam Deck hardware.

Ubuntu "is adopting the memory-safe Rust language," reports ZDNet, citing remarks at this year's Ubuntu Summit from Jon Seager, Canonical's VP of engineering for Ubuntu: . Seager said the engineering team is focused on replacing key system components with Rust-based alternatives to enhance safety and resilience, starting with Ubuntu 25.10. He stressed that resilience and memory safety, not just performance, are the principal drivers: "It's the enhanced resilience and safety that is more easily achieved with Rust ports that are most attractive to me". This move is echoed in Ubuntu's adoption of sudo-rs, the Rust implementation of sudo, with fallback and opt-out mechanisms for users who want to use the old-school sudo command.

In addition to sudo-rs, Ubuntu 26.04 will use the Rust-based uutils/coreutils for Linux's default core utilities. This setup includes ls, cp, mv, and dozens of other basic Unix command-line tools. This Rust reimplementation aims for functional parity with GNU coreutils, with improved safety and maintainability.

On the desktop front, Ubuntu 26.04 will also bring seamless TPM-backed full disk encryption. If this approach reminds you of Windows BitLocker or MacOS FileVault, it should. That's the idea.
In other news, Canonical CEO Mark Shuttleworth said "I'm a believer in the potential of Linux to deliver a desktop that could have wider and universal appeal." (Although he also thinks "the open-source community needs to understand that building desktops for people who aren't engineers is different. We need to understand that the 'simple and just works' is also really important.")

Shuttleworth answered questions from Slashdot's readers in 2005 and 2012.

An anonymous reader quotes a report from Gizmodo: It's time for Xbox to eat some humble pie and perform some real soul-searching. Microsoft released its latest quarterly earnings report and proved the worst of our fears about its gaming brand. Not only are Xbox hardware sales down significantly, but the brand itself is barely treading water. Gamers are voicing their displeasure with their wallets, but Microsoft's top brass is still only thinking about the margins. Microsoft was more keen to promote the scale of its cloud and AI services revenue -- which was up 28% year over year -- than talk about its beleaguered gaming brand. The company's overall gaming revenue fell by 2% compared to the same time last year. This was precipitated by a "decline in Xbox hardware," which was down by 22% following a steady decline quarter after quarter. Its first-party games and its Game Pass subscription were doing better, though the overall growth was only up by 1%, and even that was driven by the "better-than-expected performance" of third-party games. You can give credit to titles like Clair Obscur: Expedition 33 for why Xbox isn't in an even deeper hole than it is now.

The tech giant has no expectation that its Xbox brand will start making more money anytime soon. In its earnings call with investors, Microsoft Chief Financial Officer Amy Hood said the company expects Xbox will continue to decline "in the low to mid-single digits" for the following quarter. That's mostly due to the lack of landmark first-party titles. Just this month, Xbox released Ninja Gaiden 4, The Outer Worlds 2, and Double Fine's The Keeper. Xbox also made a huge marketing push for its first handheld, made in partnership with Asus, the ROG Xbox Ally and Ally X. In any other year, this would be a big month for any gaming company. The dour outlook comes after months of bad news. After two subsequent price hikes, Xbox Series S and Series X consoles now cost between $100 to $150 more than they did at launch five years ago. Microsoft also pushed prices of its Game Pass Ultimate subscription tier from $20 to $30 per month. A full-year's subscription would now demand $360. In a separate article, Gizmodo reviews Microsoft's new ROG Xbox Ally X handheld, which "offers a better experience overall" than the "other small-scale Windows PC gaming devices released this year." However, "it's still nowhere close to what you truly want from a console."

An anonymous reader quotes a report from ZDNet: Even before Azure had a global failure this week, Austria's Ministry of Economy had taken a decisive step toward digital sovereignty. The Ministry achieved this status by migrating 1,200 employees to a Nextcloud-based cloud and collaboration platform hosted on Austrian-based infrastructure. This shift away from proprietary, foreign-owned cloud services, such as Microsoft 365, to an open-source, European-based cloud service aligns with a growing trend among European governments and agencies. They want control over sensitive data and to declare their independence from US-based tech providers.

European companies are encouraging this trend. Many of them have joined forces in the newly created non-profit foundation, the EuroStack Initiative. This foundation's goal is " to organize action, not just talk, around the pillars of the initiative: Buy European, Sell European, Fund European." What's the motive behind these moves away from proprietary tech? Well, in Austria's case, Florian Zinnagl, CISO of the Ministry of Economy, Energy, and Tourism (BMWET), explained, "We carry responsibility for a large amount of sensitive data -- from employees, companies, and citizens. As a public institution, we take this responsibility very seriously. That's why we view it critically to rely on cloud solutions from non-European corporations for processing this information."

Austria's move and motivation echo similar efforts in Germany, Denmark, and other EU states and agencies. The organizations include the German state of Schleswig-Holstein, which abandoned Exchange and Outlook for open-source programs. Other agencies that have taken the same path away from Microsoft include the Austrian military, Danish government organizations, and the French city of Lyon. All of these organizations aim to keep data storage and processing within national or European borders to enhance security, comply with privacy laws such as the EU's General Data Protection Regulation (GDPR), and mitigate risks from potential commercial and foreign government surveillance.

An anonymous reader shares a report: Is installing Windows 11 with a local account or on unsupported hardware harmful or dangerous? YouTube's AI moderation system seems to think so, as it has started pulling videos that show users how to sidestep Microsoft's setup restrictions.

Tech YouTuber Rich White, aka CyberCPU Tech, was the first to go public about the issue on October 26, when he posted a video reporting the removal of a how-to he published on installing Windows 11 25H2 with a local account instead of a Microsoft account. In the video, White expressed concern that YouTube's automated flagging process may be the root of the problem, as he found it hard to believe that "creating a local account in Windows 11 could lead to serious harm or even death," as YouTube reportedly alleged when it removed the video.

When he appealed, White said that YouTube denied the request within 10 to 20 minutes, early on a Sunday morning, which led him to speculate that there wasn't a human in the loop when the request was shut down. That wasn't his only video removed, either. The next day, White uploaded his video for this week on installing Windows 11 25H2 on unsupported hardware, which was removed hours after being posted. YouTube justified the removal on similar grounds. [...] At least two other YouTubers - Britec09 and Hrutkay Mods - have released videos alleging much of the same.

Microsoft is bringing shared audio to Windows 11, allowing you to stream audio across two pairs of wireless headphones, speakers, earbuds, or hearing aids. From a report: The feature is built using the Bluetooth Low Energy (LE) audio codec, and it's rolling out in preview to Windows 11 Insiders in the Dev and Beta channels. Shared audio comes in handy if you're watching a movie on a laptop with your friend or family member, or just want to show them new music that you can both stream inside your own wireless headsets. You can use shared audio by connecting Bluetooth LE-supported devices to your Windows 11 PC and then selecting the Shared audio (preview) button in your quick settings menu. Microsoft introduced an LE Audio feature on Windows 11 in August, enabling higher audio quality while using a wireless headset in a game or call.

A critical security flaw in Chromium's Blink rendering engine can crash billions of browsers within seconds. Security researcher Jose Pino discovered the vulnerability and created a proof-of-concept exploit called Brash to demonstrate the bug affecting Chrome, Edge, OpenAI's ChatGPT Atlas, Brave, Vivaldi, Arc, Dia, Opera and Perplexity Comet.

The flaw, reports The Register, exploits the absence of rate limiting on document.title API updates in Chromium versions 143.0.7483.0 and later. The attack injects millions of DOM mutations per second and saturates the main thread. When The Register tested the code on Edge, the browser crashed and the Windows machine locked up after about 30 seconds while consuming 18GB of RAM in one tab. Pino disclosed the bug to the Chromium security team on August 28 and followed up on August 30 but received no response. Google said it is looking into the issue.

Microsoft shipped its first Xbox handheld nearly two weeks ago. The $600 white Xbox Ally cannot reliably sleep, wake, or hold a charge while asleep. Neither Microsoft nor Asus would admit there's a problem or offer a timeline to fix it after repeated requests by The Verge. Asus said it needs more time to test.

Installing Bazzite, a Linux-based operating system, solves the problems, the publication reports. The same hardware runs games up to 30% faster than Windows and beats the Steam Deck in all but one benchmark. Steam runs more responsively without Windows bloat. The device can be used like a Nintendo Switch, pausing games with the power button and resuming hours or days later. Bazzite initially had sleep issues but fixed them two days after programmer Antheas Kapenekakis obtained the hardware and consulted with two AMD contacts. The black Xbox Ally X, which doesn't have as many sleep issues, gets a similar speed boost with Bazzite.

Two Xbox Ally units tested on Windows repeatedly woke themselves at random intervals. One lost 10% battery after 12 hours of supposed sleep, the other 23%. After another 12 hours, both had only 30% battery remaining. One tried to apply a Windows Update while asleep. Both units refused to wake from sleep at times and required hard resets. Many users have reported similar issues on Reddit with both Xbox Ally versions.

Further reading: Microsoft's Next Xbox Will Run Full Windows and Eliminate Multiplayer Paywall, Report Says.

The best way to innovate in gaming is to have good margins, that's according to Microsoft chief executive Satya Nadella. He made the comments during an interview days after Bloomberg reported that Microsoft has expected unrealistic profit margins from its gaming division, which the report suggested was a likely reason for studio closures, game cancelations and thousands of layoffs at Xbox.

Nadella used the word "innovation" at least five times during the interview but never offered specifics about what he meant by it. He said Microsoft needs to "invent, maybe, some new interactive media" because gaming's competition is short-form video rather than other games. The CEO described Microsoft's new gaming strategy as being "everywhere, on every platform" after comparing the company's game publishing business to Microsoft Office. He said "the biggest gaming business is the Windows business" and added that he is looking forward to "the next console, the next PC gaming."

Nearly nine in ten Windows games can now run on Linux systems, according to data from ProtonDB compiled by Boiling Steam. The gains came through work by developers of WINE and Proton translation layers and through interest in hardware like the Steam Deck.

ProtonDB tracks games across five categories. Platinum-rated games run perfectly without adjustment. Gold titles need minor tweaks. Silver games are playable but imperfect. Bronze exists between silver and borked. Borked games refuse to launch. The proportion of new releases earning platinum ratings has grown. The red and dark red zones have thinned. Some popular titles remain incompatible, however. Boiling Steam noted that other developers appear averse to non-Windows gamers.

Microsoft's next Xbox console will run full Windows and allow users to exit the Xbox interface to access Steam, Epic Games Store, Battle.net, and other PC storefronts, according to Windows Central. The device will launch without a multiplayer paywall. Xbox CEO Phil Spencer told users last week to look at the Xbox Ally handheld for an indication of where Xbox is headed. The company has been using the Ally as a beta test to gather feedback on the experience that will power its next wave of console hardware.

The new Xbox will include the entire Xbox console library spanning original Xbox, Xbox 360, Xbox One, and Xbox Series X/S titles. These games will run natively and launch through the Xbox launcher's library. Users staying within the Xbox ecosystem will encounter an onboarding experience similar to current consoles. Those who choose to access Windows will be able to install PlayStation PC titles like God of War and Spider-Man purchased through Steam or Epic Games.

Slashdot reader joshuark writes: Microsoft says that the File Explorer (formerly Windows Explorer) now automatically blocks previews for files downloaded from the Internet to block credential theft attacks via malicious documents, according to a report from BleepingComputer. This attack vector is particularly concerning because it requires no user interaction beyond selecting a file to preview and removes the need to trick a target into actually opening or executing it on their system.

For most users, no action is required since the protection is enabled automatically with the October 2025 security update, and existing workflows remain unaffected unless you regularly preview downloaded files.

"This change is designed to enhance security by preventing a vulnerability that could leak NTLM hashes when users preview potentially unsafe files," Microsoft says in a support document published Wednesday.

It is important to note that this may not take effect immediately and could require signing out and signing back in.

An anonymous reader quotes a report from Tom's Guide: Microsoft Teams is about to deal a heavy blow to those who like to work from home for peace and quiet. In a new feature update rolling out December 2025, the platform will track a worker's location using the office Wi-Fi, to see whether you're actually there or not. From a boss' perspective, this would eliminate any of that confusion as to where your team actually is. But for those people who have found their own sanctuary of peaceful productivity by working from home, consider this a warning that Teams is about to tattle on you. According to the Microsoft 365 roadmap: "When users connect to their organization's Wi-Fi, Teams will automatically set their work location to reflect the building they are working in." The location of that worker will apparently update automatically upon connecting.

It's set to launch on Windows and macOS, with rollout starting at the end of this year. "This feature will be off by default," notes Microsoft. But "tenant admins will decide whether to enable it and require end-users to opt-in."