If you don't get lucky with Valve's Steam Machine reservation system, you can make your own Steam Machine instead. Valve says that "starting with the SteamOS 3.8 release, you can put together your own Steam Machine using whatever PC parts you want." SteamOS 3.8.10 launched last week with a slew of updates, including "improved compatibility with recent Intel and AMD platforms." Alongside that improved compatibility, Valve is giving gamers the green light to install SteamOS on their own desktops.
In an interview with The Verge, Valve's Pierre-Loup Griffais said Valve has been "rolling out improvements to [SteamOS] so it's more compatible wit …
Empower people with disabilities to contribute to open source.
Increase the availability and adoption of open source assistive technologies.
Improve the accessibility of mainstream open source projects.
This pledge came with a clear responsibility: turn intention into practical, community-led action. Over the past year we’ve had the chance to work with maintainers, contributors, educators, accessibility advocates, and people with disabilities who are doing the hard, real work of building a culture of inclusion within open source communities.
This post shares our progress over the past year and two ways you can help right now.
Progress since the pledge
Our approach has focused on programs, partnerships, and open tooling that support the pledge goals in real projects and communities.
Empowering contributors with disabilities in open source
Over two days, contributors, maintainers, educators, advocates, and people with disabilities collaborated on open source assistive technology projects addressing real access barriers.
To support meaningful participation, we also hosted:
A GitHub Learning Room with hands-on guidance for GitHub workflows, including NVDA screen reader and keyboard-only navigation
NV Access office hours with the team behind NVDA screen reader to support project teams and troubleshooting
Accessibility Documentation
The GitHub accessibility documentation helps empower contributors with disabilities by making it easier to use GitHub products with screen readers and other assistive technologies, while also giving developers guidance for using Copilot and agents with accessibility in mind. Because people with lived experience contribute to and review these guides, the documentation reflects real-world workflows, reduces barriers to participation, and helps more contributors engage confidently in open source projects.
Supporting open source assistive technology
Hackathon contributors worked across a wide range of projects, including:
Camera-based assistive technology for blind and low vision users
PDF-to-accessible-format workflows
Open wheelchair software and hardware efforts
Accessibility-aware route planning
Pronunciation improvements for screen readers
Accessible gaming
Tactile experiences for a multiline braille display
During this one-day in-person event, we brought together members of the disability, accessibility, and open source communities to define a roadmap for improving the accessibility of open source software.
Improving Workflows
We’ve also continued to invest in practical resources and tools that help teams build accessibility into day-to-day development practices:
GitHub Accessibility Scanner, an AI-powered open source scanner that uses GitHub Actions and GitHub Copilot to find, file, and fix accessibility barriers
These resources are meant to reduce friction by helping teams write better issues, collaborate, and integrate accessibility throughout the development process.
Two ways you can help right now
1. Register for the Open Source Accessibility Community Day (July 9, 2026)
The Open Source Accessibility Community Day is a virtual event for contributors, maintainers, accessibility practitioners, and community members who want to make open source more inclusive and accessible.
The event features demos and updates from projects that participated in the Open Source Assistive Technology Hackathon, including what teams built, what they learned, and where contributors are needed next.
2. Register for the Open Source Accessibility Summit (October 19, 2026)
This year’s summit is designed to teach people how to contribute to open source while following accessibility best practices no matter their level of experience. Grounded in the lived experiences of people with disabilities, the event will create opportunities to learn directly from those perspectives while building practical skills. The goal is simple: help more people leave ready to make meaningful, accessibility-focused contributions across the open source ecosystem.
What began as a routine ransomware investigation quickly revealed something far more complex. In this ninth cyberattack series report, DART details how a single intrusion uncovered parallel activity from two unrelated threat actors operating simultaneously—blending tactics, obscuring signals, and challenging traditional assumptions about how multi-stage intrusion campaigns unfold across hybrid environments. Read on to learn more or access the full report.
The investigation revealed a multi-stage intrusion that blended familiar ransomware activity with quieter, more deliberate techniques designed to establish deep and lasting access. DART found that Storm-2603 had been targeting on-premises SharePoint servers since mid-2025, exploiting known vulnerabilities while simultaneously probing for additional entry points through reconnaissance activity—such as requests for sensitive configuration files often used to validate local file inclusion weaknesses. In this case, initial access was likely attempted through a separate vulnerability, with requests for files like win.ini and web.config, indicating probing for local file inclusion. While exploitation wasn’t confirmed, the timing and activity suggest reconnaissance for entry points.
Once inside, the threat actor shifted focus to persistence and control. Using legitimate tools to blend in, they deployed Velociraptor with SYSTEM-level privileges to map the environment, then established multiple remote access channels through Cloudflare tunneling, Zoho Assist, and Secure Shell (SSH) connections configured through Visual Studio Code. Velociraptor, a legitimate forensic and incident response tool, was deployed by the threat actor to map the environment and operate with high-level privileges—blending malicious activity with trusted administrative behavior. Privilege escalation followed, with new local and domain administrator accounts created to maintain access, while defense evasion techniques—including the use of a vulnerable driver to tamper with memory and disable protections—helped reduce their visibility.
As DART correlated activity across the environment, investigators uncovered signs of a second, unrelated threat actor operating in parallel. Malicious dynamic link library (DLL) sideloading and custom backdoors—techniques not associated with Storm-2603—introduced an additional layer of complexity, obscuring attribution and complicating detection. Together, these overlapping activity streams enabled sustained access while masking the full scope of the intrusion.
Dynamic link library (DLL) sideloading is popular with threat actors because it can be misused to hide behind trusted software (execution looks legitimate), to evade detection by running inside known applications, and to execute payloads, install backdoors, or maintain persistence.
How did Microsoft respond?
DART moved quickly to contain the active intrusion involving multiple threat actors and stabilize the environment, activating a structured response playbook focused on limiting threat actor impact and restoring control. By correlating telemetry across identities, endpoints, and cloud resources, responders established a unified view of the intrusion, enabling them to detect abnormal behavior, uncover credential misuse, and track threat actor activity as it evolved. Continuous coordination with the customer, including daily briefings, ensured that containment actions were timely, aligned, and effective in reducing further threat actor movement.
At the same time, collaboration with Microsoft Threat Intelligence provided critical context that reshaped the investigation. By connecting incident data with broader intelligence, DART identified two distinct threat actors operating simultaneously within the same environment—each masking the other’s activity and complicating detection. Beyond containment, the team delivered targeted guidance to strengthen the organization’s security posture, helping close visibility gaps and improve resilience against future identity compromise and ransomware-driven attacks.
What can customers do to strengthen their defenses?
This case underscores the importance of closing common gaps across exposure, identity, and visibility. Organizations should prioritize rigorous patching and vulnerability management—especially for internet-facing systems—to reduce the risk of initial access. At the same time, strengthening identity security is critical to limiting threat actor escalation and persistence. At a high level, customers can avoid similar cyberattacks by focusing on ways to:
Establish broad, continuous visibility: Deploy endpoint protection widely and retain telemetry centrally to support detection, investigation, and correlation.
Monitor and restrict trusted tools: Validate and oversee the use of remote access, tunneling, and administrative tools that threat actors may exploit for persistence and lateral movement.
Prepare for rapid, coordinated response: Maintain tested incident response playbooks and ensure teams can quickly isolate compromised users, devices, and access paths to reduce dwell time.
Today’s modern cyberattacks can quickly evolve beyond a single incident-blending tactic, spanning environments, and even involving multiple threat actors operating in parallel. For security teams, the takeaway is clear: isolated signals rarely tell the full story. Organizations that invest in connected telemetry, coordinated response, and operational preparedness will be better positioned to detect adversary activity such as credential abuse and lateral movement earlier, contain active intrusions faster, and limit their overall impact.
What is the Cyberattack Series?
In our Cyberattack Series, customers discover how DART investigates unique and notable attacks. For each cyberattack story, we share:
Microsoft’s investigation and eviction of the threat actor.
Strategies to avoid similar cyberattacks.
DART is made up of highly skilled investigators, researchers, engineers, and analysts who specialize in handling global security incidents. We’re here for customers with dedicated experts to work with you before, during, and after a cybersecurity incident.
To learn more about DART capabilities, please visit our website, or contact your Microsoft account manager or Premier Support contact. To learn more about the cybersecurity incidents described above, including more insights and information on how to protect your own organization, download the full report.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
At the JetBrains x Codex Hackathon, I spent two days watching teams build and then pitch their projects. The thing that decided most of the winners wasn’t just the previous twenty-four hours of work. It was the few minutes they spent presenting it. A strong project with a confusing demo loses to a simpler project that the judges understand.
So, I asked a handful of the judges what separates a hackathon pitch that wins from one that gets forgotten by the next presentation. Their answers lined up almost perfectly. Here’s what they told me, plus a few things I’ve picked up judging these myself.
Start with the problem
Every judge said a version of this, which tells you how often people get it wrong.
Here’s how Jono Bacon, CEO of the developer engagement firm Stateshift, put it: “Say what the problem is that you’re solving. You need to get your audience of judges sharing your frustration with the problem that you see in the world.” If the people watching don’t feel the problem, nothing you built in response to it will land.
Avi Press, founder and CEO of Scarf, said the same and added the part people skip: “Always be very clear about what problem you’re solving and what your submission does to address that problem. Sounds obvious, but often people skip it.” They often do so because they’re excited about the tech and assume the problem is self-evident. It isn’t.
Bonnie Xu from OpenAI framed it as a choice you make before you write any code: “My advice is to not start with ‘what’s the coolest new tool I can use?’ but with ‘what’s something I can build now that I probably couldn’t have built before?'” The best projects, she said, come from something specific – a workflow you’ve personally found annoying or slower than it should be. Build from the annoyance rather than the tool.
Do the homework before you write a line of code
Jan-Niklas Wortmann, a Developer Advocate at JetBrains, made the point that the work starts before the hacking does: “Read the rules before. Don’t start writing anything before you really understand the problem space, the objectives of the hackathon, and what the judges are probably looking out for.” Carefully read the prompts or problem statements. Figure out who’s judging and what they care about. If you can talk to them before you build, do it.
Colin Lowenberg from Nebius had a practical version of the same idea: don’t start cold. “There’s always a better starting point than a blank GitHub.” If you don’t have experience with something you need, ask a mentor or a sponsor for a repo to start from.
And give yourself the best odds against the clock. Jan-Niklas again: “Use tools that you’re already familiar with and work with people that you’re already familiar with.” Meeting new people is part of why hackathons are fun and worth going to, and plenty of strong teams come together on the day of. The point is just to limit how many unknowns you’re carrying at once. Stacking a new framework, a new teammate, and a new problem domain all at once is a lot to absorb in a weekend, so lean on what you already know where you can.
Scope down to one thing
This is where a lot of teams miss. They try to build five features and end up shipping none of them cleanly.
The best projects do one thing really well rather than five things halfway. Beware of scope creep and feature-itis. Trying to do too much feels like you’re being ambitious, but what you’re actually doing is guaranteeing that nothing in your demo works end to end.
Colin tied scope directly to the demo: “Your demo should be the focus. It should show what your app does in one flow. If it’s too long, cut down on your features.” If the demo runs long, that’s not a pacing problem. It’s a scope problem, and the fix is to cut.
Bonnie put the upside plainly: one clear “oh, this is possible now” moment is much stronger than a tour of every feature. Show what used to be frustrating, show the new version, and make the contrast obvious.
Make the demo the whole pitch
You might only have a few minutes, and the demo is what people remember. Treat it that way.
Jono’s rule: You have to be able to show something working within about 90 seconds. Take the problem you described and show the solution, fast.
Avi gets specific about the demo itself: “Put the judge in the shoes of the user and walk them through what happens.” Even if what you have isn’t polished or fully working, show what using it actually looks like. And be straightforward about it. “Be very direct about what works, what doesn’t, how it works, and how it could be extended.” Judges can tell when you’re talking around a feature that doesn’t exist yet. Being honest about it reads as confidence.
Colin had a checklist for not stalling out in front of the judges: “Mock everything you can and make sure all your forms are filled and your back and forth flows with the user are smooth.” Pre-fill the data. Mock the slow API call. Remove every place the demo could stall.
And don’t over-engineer the thing underneath. As Jan-Niklas put it, shipping a good demo matters more than having the most reliable, highest-quality code. A hackathon rewards the working demo, not the clean architecture nobody sees.
Rehearse like you’ve already won
Colin’s advice is to start from the finish: “I want you to visualize yourself winning the hackathon and work backwards from there.” Picture the demo that wins, then build toward exactly that. Make the presentation smooth and ready. You may only have a few minutes, so every second of it should earn its place.
Run it out loud at least once before you present, and be sure to time it. The pitch is part of the product, and the teams that practice it look like they practiced it.
Relax and have fun
Enthusiasm does more work than people expect.
Judges will sense your enthusiasm, so try to remember what got you excited to build this in the first place. That’s the part we actually want to see. A team clearly enjoying its own project is more convincing than a team grinding through a script.
Jan-Niklas said the same thing about the weekend as a whole: the time crunch and the pressure are part of the experience, and subjecting yourself to them is its own kind of learning. Enjoy the journey. Have fun. Build.
Success mostly comes down to three things: leading with the problem, showing one thing working, and letting it be obvious that you care.
Governments produce an abundance of information and put that information in the public domain, but often the public can’t easily find or access it. The Internet Archive’s Democracy’s Library project is helping by preserving critical information and publications produced by governments: federal, state, provincial, and municipal– and making them available to anyone wanting to build new services on them.
Since the program’s launch in 2022, the Internet Archive has built on this already strong foundation by becoming a designated Federal Depository Library—joining 1,100+ peer libraries—and by utilizing Democracy’s Library as a means to connect to libraries, archives, and patrons with purpose.
Although it would be convenient to tie the practice of preserving government information to the messy birth of the United States, grounded as it was in principles around liberty and democratic process, we lack pithy quotes from the founders on this exact topic. What we do see is recognition in the very first Congress that citizens needed access to documentation of the business of their government.
In 1789, the House of Representatives provided for the printing and distribution of the laws and proceedings of the new Congress. From this modest beginning, the US Government rapidly rose to become the largest publisher in the world. Over the following century, a series of legislative milestones followed: the establishment of the Government Printing Office in 1860, and the Government Printing Act of 1895, which centralized GPO’s authority as the primary channel for distributing the federal record.
Taken together, these efforts reflect a consistent, if imperfectly realized, principle: that government information belongs to the people and that information should be freely distributed to its citizens for their own use. It is important to note that libraries were identified as the natural and primary means of getting that information into the hands of citizens.
Who are the audiences for government information?
First and foremost, government itself; it is essential that law and policy makers understand prior law and policy. With an abundance of outputs, governments are not always the best record keepers and frequently turn to libraries to find appropriate documentation.
Second, we see serious researchers (including journalists) as those that rely on access to government information. These users seek authoritative sources and want assurances around provenance and reliable sources; libraries provide that authority.
Third, we see curious and motivated citizens. Users in this category include genealogists but can also include people like property owners seeking to understand current or prior ordinances in their jurisdiction, or people seeking to understand the history of their house or neighborhood.
Finally, an emerging category of user is machines; research methods mediated and assisted by computers have been on the rise for some time, but with the advent of LLMs and generative AI tools, a human assisted by a machine is emerging as a distinctive category of user. Looking across these categories, we can assert that government information not only belongs to everyone, but it is for everyone.
Why is Democracy’s Library important today?
Democracy’s Library is more than just collections – it is also a movement to bring people together in common cause, to take action, and to build momentum around increasing access. The Information Stewardship Forum, hosted by the Internet Archive in March, was one such gathering and we look forward to more in the future.
One of the themes that emerged from the Information Stewardship Forum is that, especially in an increasingly complex and dynamic environment, public access to government information cannot be left to chance. As the United States marks 250 years, Democracy’s Library exists to make sure it isn’t. Please join us.
Let us know how we can help you by collaborating to digitize and preserve collections, to build services on existing collections, and to support each other in areas of mutual interest. I welcome your emails at any time. I will be attending GODORT meetings at the June 2026 American Library Association meeting in Chicago, and you can find me there, as well as at the CNI meeting in December in Washington DC, or at our headquarters in San Francisco anytime you are in town.
Today, Microsoft is announcing one of the largest single capacity additions in our history. In Pecos, Texas, we will build a new datacenter campus, expanding our global datacenter capacity by approximately 2 gigawatts (GW) to meet strong and sustained customer demand for AI and cloud services across industries and regions. Beyond the technology, this is a major investment in West Texas. We expect to support over 6,000 construction jobs at peak build-out and to create hundreds of permanent operational jobs that will add a new industry that supports the local economy when the new datacenter campus is operational.
This multibillion-dollar datacenter campus investment over the next five to seven years reflects both the immediate needs we are seeing today and the future trajectory of AI and advanced compute, where reliable infrastructure at scale is essential to unlocking the next generation of innovation. This expansion is grounded in a simple principle: we build where our customers need us, and we build for the long term. We have a track record of doing exactly that in Texas. In the San Antonio region, where we have operated datacenters for nearly a decade, our investment has generated billions of dollars in local economic activity and supported thousands of local jobs. We are committed to delivering the same lasting value in Pecos.
Meeting customer demand with reliable infrastructure
Customer demand for AI and cloud services continues to grow rapidly, from startups building new applications to governments, healthcare providers and educational institutions modernizing critical systems. Meeting this demand requires not only more datacenter capacity, but capacity that is predictable, resilient and able to scale quickly.
The datacenter campus in Pecos enables us to deliver on that need. By pairing new datacenter infrastructure with dedicated energy supply located onsite, we can bring capacity online at the pace our customers require while maintaining operational reliability. Critically, the energy infrastructure required to power this datacenter is being funded by Microsoft. We are paying for the new generation and supporting infrastructure needed to serve our own operations. The capacity we bring online in Pecos is built to meet our demand, ensuring that our growth strengthens, rather than strains, the energy resources the community relies on.
Putting Community First in West Texas
While meeting customer demand is critical, how we grow is equally important. At Microsoft, our Community First approach guides us where we build, own and operate our datacenters, including our new datacenter campus in Pecos.
This work begins with a simple commitment: we show up as a lasting partner, not just a builder of infrastructure.
As shared in our letter to the community in Pecos and Reeves County, we are approaching this project as a new neighbor, with a focus on partnership, transparency and listening. We recognize that earning trust takes time, and we are committed to ongoing engagement with local residents, leaders and organizations as this project moves forward. The region’s elected leadership has welcomed the investment. Reeves County Judge Leo Hung, the county’s top elected official, said:
“We are excited to welcome Microsoft to Pecos. This investment reflects the strength of our region and its ability to support innovation at a global scale. It will create new opportunities for local businesses, support workforce development and reinforce Pecos as a place where forward-looking companies can grow and thrive.”
Our Community First approach in this region focuses on three priorities:
1. Listening and engaging early
We engage early and often through community meetings, local partnerships and ongoing communication across the life of the project, which gives residents multiple ways to ask questions and share feedback, just as we have in other Texas communities.
2. Creating local economic opportunity
This project is built to drive lasting regional growth. As well as supporting thousands of construction jobs, the hundreds of permanent operational roles will add a new industry to the local economy. We will also invest in workforce development and small-business support. We are focused on ensuring that local residents are prepared to take advantage of the opportunities created by the AI economy. This is part of a sustained commitment to the region, building on more than a decade of experience in Texas, including our operations in San Antonio:
A snapshot of Microsoft’s long-term impact in San Antonio, the kind of partnership we are bringing to Pecos.
Near San Antonio, where we have operated for nearly a decade, our Datacenter Academy partners with local colleges to prepare students for datacenter careers, including a $545,000 investment that has already reached more than 450 students. Statewide, workforce programs like TechSpark have helped create more than 1,100 jobs and engaged 20,000 Texans in digital skilling. We will bring the same model of local hiring, training and small-business support to West Texas.
3. Partnering for lasting community impact
Our investment reaches well beyond the datacenter, into education, digital inclusion and nonprofit partnerships. In fiscal year 2024, Microsoft and its employees contributed $11 million in cash and $103.3 million in donated software and cloud technology to more than 10,000 Texas nonprofits, alongside 42,000+ employee volunteer hours. In Pecos, we will direct that same commitment toward the priorities that matter most to West Texas residents.
Advancing sustainability through innovation
As we expand our datacenter footprint, we remain equally committed to building and operating our infrastructure in ways that reduce environmental impact.
Energy and emissions
This includes improving energy efficiency across our infrastructure, from compute to hardware, and building on the 4.7 GW of renewable electricity we have already contracted for our electricity use in Texas, advancing carbon-free electricity through renewable generation and other technologies. This investment is intentionally designed with flexibility in mind, allowing Microsoft to adjust capacity over time as demand evolves.
At launch, the datacenter campus will operate with a co-located natural gas power facility, an arrangement known as “behind the meter.” This serves the campus directly and independently of the public grid, so this demand does not take from the current grid. The plant’s design will integrate state-of-the-art air emissions controls, such as Selective Catalytic Reduction systems to lower nitrogen oxide emissions. Over time, we anticipate connecting the power facility and the datacenter to the broader grid and becoming part of the regional energy system, working in close coordination with utilities and local authorities. We will continue to drive additional improvements in environmental performance in line with our corporate commitments. This evolution reflects our long-term mindset in the region: as we grow, we intend to contribute to a more resilient and reliable grid that delivers value not only to our operations, but to the wider West Texas community.
Water stewardship
We plan to deploy closed loop cooling systems, which significantly reduce water requirements. This approach is expected to limit water usage by requiring only an initial charge of the cooling system at the start of operations, with no additional water consumption during steady-state operation. As a result, the total lifecycle water use of this datacenter is only a fraction of that consumed annually by a typical fast-food restaurant.
We are also designing our operations to minimize reliance on freshwater sources by utilizing nonpotable water where possible, helping to reduce pressure on shared community resources.
This builds on the way we approach water stewardship across Texas. Near San Antonio, Microsoft has helped fund the permanent protection of more than 1,500 acres in the Edwards Aquifer recharge zone — safeguarding a critical water source for over two million Texans — as part of our broader commitment to be water positive by 2030. In Pecos, we will continue to prioritize responsible water use, efficient design and close coordination with local authorities as our operations grow, and we will share our progress with the community over time.
Building for the future, responsibly
The datacenter in Pecos represents an important step forward in how we build infrastructure for the AI era by combining capacity at scale, energy and a commitment to responsible growth.
But just as importantly, it reflects how we do this work: in partnership with communities, with an enduring mindset and with a focus on creating shared value.
As we move forward, we will continue to engage closely with the community in West Texas, provide updates on our progress and ensure that this investment delivers lasting benefits for both our customers and our neighbors. Community members can learn more at Open letter to Pecos and Reeves County – Microsoft Local.
We look forward to building that future together.
Noelle Walsh leads the organization that powers the global Microsoft Cloud. She oversees the company’s physical cloud infrastructure and operations, with a charter focused on safety, security, availability, sustainability and competitive infrastructure growth — bringing decades of global operational leadership.
Log in
