theodp writes: In July, Seattle-based and tech-backed nonprofit Code.org announced its 10th policy recommendation for all states "to require all students to take computer science (CS) to earn a high school diploma." In August, Washington State Senator Lisa Wellman phoned-in her plans to introduce a bill to make computer science a Washington high school graduation requirement to the state's Board of Education, indicating that the ChatGPT-sparked AI craze and Code.org had helped convince her of the need. Wellman, a former teacher who worked as a Programmer/System Analyst in the 80's before becoming an Apple VP (Publishing) in the '90s, also indicated that exposure to CS given to students in fifth grade could be sufficient to satisfy a HS CS requirement. In 2019, Wellman sponsored Microsoft-supported SB 5088 (Bill details), which required all Washington state public high schools to offer a CS class. Wellman also sponsored SB 5299 in 2021, which allows high school students to take a computer science elective in place of a third year math or science course (that may be required for college admission) to count towards graduation requirements.

And in October, Code.org CEO Hadi Partovi appeared before the Washington State Board of Education, driving home points Senator Wellman made in August with a deck containing slides calling for Washington to "require that all students take computer science to earn a high school diploma" and to "require computer science within all teacher certifications." Like Wellman, Partovi suggested the CS high school requirement might be satisfied by middle school work (he alternatively suggested one year of foreign language could be dropped to accommodate a HS CS course). Partovi noted that Washington contained some of the biggest promoters of K-12 CS in Microsoft Philanthropies' TEALS (TEALS founder Kevin Wang is a member of the Washington State Board of Education) and Code.org, as well some of the biggest funders of K-12 CS in Amazon and Microsoft -- both which are $3,000,000+ Platinum Supporters of Code.org and have top execs on Code.org's Board of Directors.

Slash_Account_Dot shares a report from 404 Media: Hackers are targeting accounts on Kodex, a platform that connects law enforcement agencies and tech companies and which is designed to verify emergency requests for customer data, according to multiple online conversations between hackers viewed by 404 Media. Screenshots from one of the compromised accounts shows a panel where a law enforcement officer, or a hacker, can potentially 'create a new request.' The screenshots show a wide range of companies such as tech giants Meta and Microsoft's LinkedIn; cryptocurrency exchanges Binance and Coinbase; social media platforms Pinterest, Discord, and Snapchat; financial service Fidelity, and gaming platform Roblox. The compromised account appears to belong to a national police force, but the screenshots do not include the agency's full name.

There is no evidence that hackers have successfully used compromised Kodex accounts to obtain data from a tech company, and Matt Donahue, the former FBI agent and now CEO of Kodex, said that multiple compromised accounts 404 Media found did not have authorization to make such requests, and that Kodex had shut down those accounts. But the repeated examples of criminal chatter show that Kodex is a target of interest for hackers.

An anonymous reader quotes a report from PC Gamer: Whether you think Microsoft's recent acquisition of Activision Blizzard is a move toward a dry gaming monopoly or a financial windfall for Activision and Blizzard games both, it's definitely happened. The UK's CMA has given the thumbs up, Kotick's on his way out -- the deal's closed, and now we get to see the impact ripples spread. It looks like there's already some great news for fans of Activision Blizzard's older catalogue, as confirmed by Xbox boss Phil Spencer himself in an official interview on the Xbox channel. "I do think with Game Pass that we have the ability to pick a couple franchises every year and almost do like a 'revisited' [version] -- I just made up that term ... when you look across the franchises that are part of our teams, there's an opportunity to go back."

"I wanna make sure that when we go back and visit something that we do it with our complete ability not just create something for financial gain (or a PR announcement), and not deliver." Ultimately, while he's got his own wishlist (the return of FPS classic Hexen is a running gag), Spencer says it's important for these fresh coats of paint to be a result of developer passion: "If teams wanna go back and revisit some of the things we have, and do a full focus on it, I'm gonna be all in. I think there's an amazing trove of [games] we can go and touch on again. I think about things like the Quake 2 remaster that just came out from [id Software], I thought that was awesome. They did a real good job revisiting a game, making it current, but not leaving its history behind. I'd love to see more things like that."

Windows Central: According to my sources who are familiar with the matter, Windows 11 is now in use on over 400 million monthly active devices. Internal Microsoft data seen by Windows Central reveals that Windows 11's active device usage just recently surpassed 400 million and is steadily climbing to reach half a billion by early 2024. As noted in our Windows 11 review, the OS has been on the market since October 2021, meaning it's taken Microsoft around two years to reach 400 million monthly active devices with Windows 11. This is a significantly slower rate than Windows 10, which reached the same number in just over a year (and eventually 1 billion users by early 2020). Still, factoring in both platforms' very different launch parameters is essential.

Sometimes, following instructions too precisely can land you in hot water -- if you're a large language model, that is. From a report: That's the conclusion reached by a new, Microsoft-affiliated scientific paper that looked at the "trustworthiness" -- and toxicity -- of large language models (LLMs) including OpenAI's GPT-4 and GPT-3.5, GPT-4's predecessor. The co-authors write that, possibly because GPT-4 is more likely to follow the instructions of "jailbreaking" prompts that bypass the model's built-in safety measures, GPT-4 can be more easily prompted than other LLMs to spout toxic, biased text. In other words, GPT-4's good "intentions" and improved comprehension can -- in the wrong hands -- lead it astray.

"We find that although GPT-4 is usually more trustworthy than GPT-3.5 on standard benchmarks, GPT-4 is more vulnerable given jailbreaking system or user prompts, which are maliciously designed to bypass the security measures of LLMs, potentially because GPT-4 follows (misleading) instructions more precisely," the co-authors write in a blog post accompanying the paper. Now, why would Microsoft greenlight research that casts an OpenAI product it itself uses (GPT-4 powers Microsoft's Bing Chat chatbot) in a poor light? The answer lies in a note within the blog post: "[T]he research team worked with Microsoft product groups to confirm that the potential vulnerabilities identified do not impact current customer-facing services. This is in part true because finished AI applications apply a range of mitigation approaches to address potential harms that may occur at the model level of the technology. In addition, we have shared our research with GPT's developer, OpenAI, which has noted the potential vulnerabilities in the system cards for relevant models."

Baidu's founder Robin Li declared his company's large language model has finally caught up with OpenAI's advanced GPT-4, claiming the lead in his country's race to develop AI that can rival the US. From a report: The billionaire took the stage in Beijing Tuesday to run Ernie 4.0 through a Q&A designed to showcase its ability to provide answers and solve complicated puzzles on the fly. Ernie has matched OpenAI's seminal product in terms of sophistication and general capabilities, Li told a packed house at a converted steel mill that now serves as an auditorium. The marquee Ernie chatbot now surpassed 45 million users -- a milestone that still lags ChatGPT's estimated 180 million, though the US bot launched months earlier. China's search leader, often referred to as a homegrown equivalent to Google, is pinning its hopes on AI to help it surpass rivals from Alibaba Group Holding Ltd. to Tencent that control the rest of the internet.

Baidu is leading a wave of aggressive investment across China after ChatGPT demonstrated the disruptive potential of generative AI -- which can craft video and content from simple commands. It's regarded as a leader in a race with local big tech firms and scores of startups to create a next-generation platform for the world's biggest internet market. They're trying to compete with American names from Microsoft to Google to create services like ChatGPT and Dall-E, but US sanctions on Chinese access to the most advanced chips to train and run AI models, coupled with Beijing's stringent censorship, could cloud their prospects. Washington is tightening curbs on shipments of AI chips to the country, stoking that uncertainty. "Ernie is not inferior in any respect to GPT-4," Li told the audience.

Last year Netflix put up a billboard on Los Angeles's Sunset Boulevard to poke fun at itself. It read: "Wait, Netflix Has Games?" The company is working hard to clear up any confusion. It is deepening its push into the videogame industry, taking advantage of the studios it has acquired in the past two years to create more titles based on popular Netflix movies and TV shows. WSJ: Though Netflix has up to now focused on mobile games -- which appeal to casual gamers and can be downloaded on a smartphone or tablet -- it is taking steps to expand into higher-end games that can be streamed from TVs or PCs. That approach would put it up against giants such as Sony and Microsoft, which just closed its $75 billion acquisition of Activision Blizzard, and would bring some significant technical challenges.

Over the next several months, Netflix subscribers will be able to play games on their mobile devices based on hits such as Korean thriller "Squid Game" and supernatural comedy "Wednesday," according to people familiar with the situation. Similarly, Netflix is discussing games based on "Extraction," its Sherlock Holmes series and its "Black Mirror" series, the people said. Even as Netflix creates homegrown titles, it will continue to license the well-known games, from "Bloons TD 6" to "Classic Solitaire," that currently make up its catalog. It has discussed plans to release a game within the popular action-adventure series "Grand Theft Auto" from Take-Two Interactive Software through a licensing deal, some of the people said. The strategy rips a page from the streaming giant's playbook in Hollywood, where it built an audience based on reruns from other studios -- such as "Friends," "The Office" and "Breaking Bad" -- while gearing up machinery to churn out originals like "House of Cards" and "Stranger Things."

ZDNet's senior contributing editor also maintains software, and recently tested ChatGPT on two fixes for bugs reported by users, and a new piece of code to add a new feature, It's a "real-world" coding test, "about pulling another customer support ticket off the stack and working through what made the user's experience go south." First...

please rewrite the following code to change it from allowing only integers to allowing dollars and cents (in other words, a decimal point and up to two digits after the decimal point). ChatGPT responded by explaining a two-step fix, posting the modified code, and then explaining the changes. "I dropped ChatGPT's code into my function, and it worked. Instead of about two-to-four hours of hair-pulling, it took about five minutes to come up with the prompt and get an answer from ChatGPT." Next up was reformatting an array. I like doing array code, but it's also tedious. So, I once again tried ChatGPT. This time the result was a total failure. By the time I was done, I probably fed it 10 different prompts. Some responses looked promising, but when I tried to run the code, it errored out. Some code crashed; some code generated error codes. And some code ran, but didn't do what I wanted. After about an hour, I gave up and went back to my normal technique of digging through GitHub and StackExchange to see if there were any examples of what I was trying to do, and then writing my own code.
Then he posted the code for a function handling a Wordpress filter, along with the question: "I get the following error. Why?" Within seconds, ChatGPT responded... Just as it suggested, I updated the fourth parameter of the add_filter() function to 2, and it worked!

ChatGPT took segments of code, analyzed those segments, and provided me with a diagnosis. To be clear, in order for it to make its recommendation, it needed to understand the internals of how WordPress handles hooks (that's what the add_filter function does), and how that functionality translates to the behavior of the calling and the execution of lines of code. I have to mark that achievement as incredible — undeniably 'living in the future' incredible...

As a test, I also tried asking ChatGPT to diagnose my problem in a prompt where I didn't include the handler line, and it wasn't able to help. So, there are very definite limitations to what ChatGPT can do for debugging right now, in 2023...

Could I have fixed the bug on my own? Of course. I've never had a bug I couldn't fix. But whether it would have taken two hours or two days (plus pizza, profanity, and lots of caffeine), while enduring many interruptions, that's something I don't know. I can tell you ChatGPT fixed it in minutes, saving me untold time and frustration.
The article does include a warning. "AI is essentially a black box, you're not able to see what process the AI undertakes to come to its conclusions. As such, you're not really able to check its work... If it turns out there is a problem in the AI-generated code, the cost and time it takes to fix may prove to be far greater than if a human coder had done the full task by hand."

But it also ends with this prediction. "I see a very interesting future, where it will be possible to feed ChatGPT all 153,000 lines of code and ask it to tell you what to fix... I can definitely see a future where programmers can simply ask ChatGPT (or a Microsoft-branded equivalent) to find and fix bugs in entire projects."

An anonymous reader shared this report from Neowin: The various versions of Windows have used Kerberos as its main authentication protocol for over 20 years. However, in certain circumstances, the OS has to use another method, NTLM (NT LAN Manager). Today, Microsoft announced that it is expanding the use of Kerberos, with the plan to eventually ditch the use of NTLM altogether.

In a blog post, Microsoft stated that NTLM continues to be used by some businesses and organizations for Windows authentication because it "doesn't require local network connection to a Domain Controller." It also is "the only protocol supported when using local accounts" and it "works when you don't know who the target server is." Microsoft states:

These benefits have led to some applications and services hardcoding the use of NTLM instead of trying to use other, more modern authentication protocols like Kerberos. Kerberos provides better security guarantees and is more extensible than NTLM, which is why it is now a preferred default protocol in Windows. The problem is that while businesses can turn off NTLM for authentication, those hardwired apps and services could experience issues. That's why Microsoft has added two new authentication features to Kerberos.
Microsoft's blog post calls it "the evolution of Windows authentication," arguing that "As Windows evolves to meet the needs of our ever-changing world, the way we protect users must also evolve to address modern security challenges..." So, "our team is building new features for Windows 11."

• Initial and Pass Through Authentication Using Kerberos, or IAKerb, "a public extension to the industry standard Kerberos protocol that allows a client without line-of-sight to a Domain Controller to authenticate through a server that does have line-of-sight."

• A local Key Distribution Center (KDC) for Kerberos, "built on top of the local machine's Security Account Manager so remote authentication of local user accounts can be done using Kerberos."

• "We are also fixing hard-coded instances of NTLM built into existing Windows components... shifting these components to use the Negotiate protocol so that Kerberos can be used instead of NTLM... NTLM will continue to be available as a fallback to maintain existing compatibility."

• "We are also introducing improved NTLM auditing and management functionality to give your organization more insight into your NTLM usage and better control for removing it."

"Reducing the use of NTLM will ultimately culminate in it being disabled in Windows 11. We are taking a data-driven approach and monitoring reductions in NTLM usage to determine when it will be safe to disable."

"The gap between C# and Java never has been so small," according to October's update for TIOBE's "Programming Community Index".

"Currently, the difference is only 1.2%, and if the trends remain this way, C# will surpass Java in about 2 month's time." Java shows the largest decline of -3.92% and C# the largest gain of +3.29% of all programming languages (annually).

The two languages have always been used in similar domains and thus have been competitors for more than 2 decades now. Java's decline in popularity is mainly caused by Oracle's decision to introduce a paid license model after Java 8. Microsoft took the opposite approach with C#. In the past, C# could only be used as part of commercial tool Visual Studio. Nowadays, C# is free and open source and it's embraced by many developers.

There are also other reasons for Java's decline. First of all, the Java language definition has not changed much the past few years and Kotlin, its fully compatible direct competitor, is easier to use and free of charge.
"Java remains a critical language in enterprise computing," argues InfoWorld, "with Java 21 just released last month and Java 22 due next March. And free open source binaries of Java still are available via OpenJDK." InfoWorld also notes TIOBE's ranking is different than other indexes. TIOBE's top 10:

1. Python (14.82%)
2. C (12.08%)
3. C++ (10.67%)
4. Java (8.92%)
5. C# (7.71%)
6. JavaScript (2.91%)
7. Visual Basic (2.13%)
8. PHP (1.9%)
9. SQL (1.78%)
10. Assembly (1.64%)

And here's the Pypl Popularity of Programming Language (based on searches for language tutorials on Google):

1. Python, with a 28.05% share
2. Java (15.88%)
3. JavaScript (9.27%)
4. C# (6.79%)
5. C/C++ (6.59%)
6. PHP (4.86%)
7. R (4.45%)
8. TypeScript (2.93%)
9. Swift (2.69%)
10. Objective-C (2.29%)

"If we carry on the way we're going, we're going to have to concrete the whole planet just to store the data that we're generating," explains a deputy lab director at Microsoft Research Cambridge in a new video.

Fortunately, "A small sheet of glass can now hold several terabytes of data, enough to store approximately 1.75 million songs or 13 years' worth of music," explains a Microsoft Research web page about "Project Silica". (Data is retrieved by a high-speed, computer-controlled microscope from a library of glass disks storing data in three-dimensional pixels called voxels): Magnetic storage, although prevalent, is problematic. Its limited lifespan necessitates frequent re-copying, increasing energy consumption and operational costs over time. "Magnetic technology has a finite lifetime," says Ant Rowstron, Distinguished Engineer, Project Silica. "You must keep copying it over to new generations of media. A hard disk drive might last five years. A tape, well, if you're brave, it might last ten years. But once that lifetime is up, you've got to copy it over. And that, frankly, is both difficult and tremendously unsustainable if you think of all that energy and resource we're using."

Project Silica aims to break this cycle. Developed under the aegis of Microsoft Research, it can store massive amounts of data in glass plates roughly the size of a drink coaster and preserve the data for thousands of years. Richard Black, Research Director, Project Silica, adds, "This technology allows us to write data knowing it will remain unchanged and secure, which is a significant step forward in sustainable data storage." Project Silica's goal is to write data in a piece of glass and store it on a shelf until it is needed. Once written, the data inside the glass is impossible to change.

Project Silica is focused on pioneering data storage in quartz glass in partnership with the Microsoft Azure team, seeking more sustainable ways to archive data. This relationship is symbiotic, as Project Silica uses Azure AI to decode data stored in glass, making reading and writing faster and allowing more data storage... The library is passive, with no electricity in any of the storage units. The complexity is within the robots that charge as they idle inside the lab, awakening when data is needed... Initially, the laser writing process was inefficient, but after years of refinement, the team can now store several TB in a single glass plate that could last 10,000 years. For a sense of scale, each plate could store around 3,500 movies. Or enough non-stop movies to play for over half a year without repeating. A glass plate could hold the entire text of War and Peace — one of the longest novels ever written — about 875,000 times.
And most importantly, it can store data in a fraction of the space of a datacenter...

Thanks to long-time Slashdot reader Kirschey for sharing the article.

Yesterday America's Federal Trade Commission said it remained focused on its appeal opposing Microsoft's deal to buy Activision, reports Reuters.

Reuters notes that Microsoft and Activision closed their transaction Friday "after winning approval from Britain on condition that they sell the streaming rights to Activision's games to Ubisoft Entertainment." But the U.S. Federal Trade Commission "has also fought the deal, and has an argument scheduled before an appeals court on December 6. The agency said on Friday that it remained focused on that appeal." An FTC spokesperson had this comment for Reuters.

"The FTC continues to believe this deal is a threat to competition."

According to the New York Times, Chinese-owned bitcoin mining operations in the United States are causing security concerns due to their proximity to important sites and the potential for cyber threats. The Crypto Times reports: There are some mining facilities close to critical sites such as Microsoft data center for Pentagon's Air Force nuclear's missile base in Wyoming USA. Officials in U.S. fear Chinese espionage activities at these places. These mining operations began after China banned bitcoin mining in 2021. These individuals sometimes maintain connections with the Chinese Communist Party or state-owned companies which may be kept concealed through multiple layers of companies.

Texas has turned out to be a haven for Chinese-linked Bitcoin mining, with some US states having restrictions but Texas offers incentives. This might pose a threat to the power grid or essential infrastructure. A new concern has recently been raised in a report related to a potential cyber strike on the US infrastructure by China in case a major conflict arose.

Microsoft completed its $69 billion purchase of Activision Blizzard after a nearly two-year fight with global regulators threatened to scuttle the deal. From a report: The biggest-ever acquisition in the video game industry gives the maker of Xbox consoles a more formidable position against rivals, vaulting it from fifth to third place globally, behind Tencent Holdings and Sony Group. The acquisition is a stunning turnaround after Microsoft executives underestimated the magnitude and longevity of antitrust objections, forcing the software giant to seek a three-month extension of the deal's expiration period from Activision.

Microsoft was able to close after making alterations to its merger agreement to win over UK authorities. The US Federal Trade Commission, which lost an attempt to block the transaction in court, continues to pursue legal action in its own administrative hearing. That could still force the two companies to unwind the deal if the commission is successful. The UK's Competition and Markets Authority announced on Friday that it had approved the deal after accepting a restructuring plan involving selling some gaming rights to French publisher Ubisoft Entertainment SA. The regulator was concerned about preserving competition in the nascent market for games streamed via the cloud.

Microsoft could use board games to revisit dormant franchises owned by Xbox Game Studios, with Zoo Tycoon: The Board Game potentially being the first of many. From a report: Zoo Tycoon was developed by Elite: Dangerous studio Frontier Developments and published by Microsoft Studios (the previous name for Xbox Game Studios), on November 22, 2013 for Xbox One and Xbox 360. Speaking to Xbox Wire, Xbox Game Studios executive producer Robert Jerauld said this board game adaptation is a "prime illustration" of how Microsoft could expand its franchises that don't have video games in active development. "It's crucial to recognize that even if certain franchises aren't currently undergoing active development, they can still be actively appreciated by their fans," Jerauld said.

"Zoo Tycoon serves as a prime illustration of this. It presents a valuable chance for Microsoft to extend gratitude to the dedicated and ardent Zoo Tycoon fans who have worked tirelessly to sustain the game's enchantment. We acknowledge your dedication and deeply appreciate you." While Jerauld didn't say if he had any other dormant franchises in mind, Xbox certainly has a wealth to choose from. These could include Banjo-Kazooie, Viva Pinata, Blinx: The Time Sweeper, Project Gotham Racing, MechAssault and plenty more. There are some bigger names that haven't seen a release in a long time, of course, but many of these currently have sequels in development at Xbox.

Google said on Thursday that it will defend users of generative AI systems in its Google Cloud and Workspace platforms if they are accused of intellectual property violations, joining Microsoft, Adobe and other companies that have made similar pledges. From a report: Major technology companies like Google have been investing heavily in generative AI and racing to incorporate it into their products. Prominent writers, illustrators and other copyright owners have said in several lawsuits that both the use of their work to train the AI systems and the content the systems create violate their rights. "To our knowledge, Google is the first in the industry to offer a comprehensive, two-pronged approach to indemnity" that specifically covers both types of claims, a company spokesperson said. Google said its new policy applies to software, including its Vertex AI development platform and Duet AI system, which generates text and images in Google Workspace and Cloud programs.

After Microsoft recently imposed storage limits for photos in a user's OneDrive account, Microsoft has now reversed course after receiving a barrage of backlash. From a report: In August, Microsoft announced that photos in a user's OneDrive Gallery and in each of their saved photo albums would count separately toward the company's cloud-based limit of five gigabytes, according to Neowin. The update was expected to roll out on October 16, which would force some users to encounter storage ceilings as the extra data was added to their OneDrive, preventing additional files from syncing. Customers were surprised by the abrupt policy change, so surprised in fact that the company caved to user backlash and recently announced that the change was no longer on the table.

"On August 31, 2023, we began to communicate an upcoming update to our cloud storage infrastructure that would result in a change in how OneDrive photos and photo albums data is counted against your overall cloud storage quota," Microsoft said in an email to customers, which has also been posted to the company's Support page. "This change was scheduled to start rolling out on October 16, 2023. Based on the feedback we received, we have adjusted our approach, we will no longer roll out this update."

Microsoft received Notices of Proposed Adjustment from the Internal Revenue Service for an additional tax payment of $28.9 billion, the company said in an 8-K filing Wednesday. From a report: Microsoft said the dispute concerns the company's allocated profits between countries and jurisdictions between 2004 and 2013. It said up to $10 billion in taxes that the company has already paid are not reflected in the proposed adjustments made by the IRS. Microsoft plans to contest the notices through the IRS' administrative appeal and is willing to go to judicial proceedings, if necessary.

Emilia David reports via The Verge: Adobe and other companies have established a symbol that can be attached to content alongside metadata, establishing its provenance, including whether it was made with AI tools. The symbol, which Adobe calls an "icon of transparency," can be added via Adobe's photo and video editing platforms like Photoshop or Premiere and eventually Microsoft's Bing Image Generator. It will be added to the metadata of images, videos, and PDFs to announce who owns and created the data. When viewers look at a photo online, they can hover over the mark, and it will open a dropdown that includes information about its ownership, the AI tool used to make it, and other details about the media's production.

Adobe developed the symbol with other companies as part of the Coalition for Content Provenance and Authenticity (C2PA), a group that looks to create technical standards to certify the source and provenance of content. (It uses the initials "CR," which confusingly stands for content CRedentials, to avoid being confused with the icon for Creative Commons.) Other members of the C2PA include Arm, Intel, Microsoft, and Truepic. C2PA owns the trademark for the symbol. Andy Parsons, senior director of Adobe's Content Authenticity Initiative, tells The Verge that the symbol acts as a "nutrition label" of sorts, telling people the provenance of the media. The presence of the symbol is meant to encourage the tagging of AI-generated data, as Parsons said it creates more transparency into how content was created. While the small symbol is visible in the image, the information and the symbol are also embedded in the metadata, so it will not be Photoshopped out.

Microsoft says Chinese state-backed hackers are exploiting a "critical"-rated zero-day vulnerability in Atlassian software to break into customer systems. From a report: The technology giant's threat intelligence team said in a post on X, formerly Twitter, that it has observed a nation-state threat actor it calls Storm-0062 exploiting a recently disclosed critical flaw in Atlassian Confluence Data Center and Server. Microsoft has previously identified Storm-0062 as a China-based state-sponsored hacker.

Microsoft said it observed in-the-wild abuse of the maximum rated 10.0 vulnerability, tracked as CVE-2023-22515, since September 14, some three weeks before Atlassian's public disclosure on October 4. A bug is considered a zero-day when the vendor -- in this case Atlassian -- has zero time to fix the bug before it is exploited. Atlassian updated its advisory this week to confirm it has "evidence to suggest that a known nation-state actor" is exploiting the bug, which the company says could allow a remote attacker to create unauthorized administrator accounts to access Confluence servers. Atlassian's Confluence is a widely popular collaborative wiki system used by corporations around the world to organize and share work.