<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
>
    <channel>
                    <atom:link rel="alternate" hreflang="en-AU"
                       href="https://www.pcgamer.com/au/feeds/tag/security/"
                       type="application/rss+xml"/>
                            <title><![CDATA[ Latest from PC Gamer AU in Security ]]></title>
                <link>https://www.pcgamer.com/au/software/security</link>
        <description><![CDATA[ All the latest security content from the PC Gamer  AU team ]]></description>
                                    <lastBuildDate>Thu, 28 May 2026 16:30:30 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ A malware dev has committed a magnificent self-own after an AI-coded malicious package leaked its own GitHub private token ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/a-malware-dev-has-committed-a-magnificent-self-own-after-an-ai-coded-malicious-package-leaked-its-own-github-private-token/</link>
                                                                            <description>
                            <![CDATA[ Whoops. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kuderUisPS69GMfoc5mTjW</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/dkeXN7DukoyNgwQ6AeBkg-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 28 May 2026 16:30:30 +0000</pubDate>                                                                                                                                <updated>Thu, 28 May 2026 16:30:34 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ZGont4SjJV38V5HWmjfNAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/dkeXN7DukoyNgwQ6AeBkg-1280-80.jpg">
                                                            <media:credit><![CDATA[Sony Santa Monica ]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A still from the God of War Ragnarok trailer showing someone looking up at the sky in surprise]]></media:description>                                                            <media:text><![CDATA[A still from the God of War Ragnarok trailer showing someone looking up at the sky in surprise]]></media:text>
                                <media:title type="plain"><![CDATA[A still from the God of War Ragnarok trailer showing someone looking up at the sky in surprise]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/dkeXN7DukoyNgwQ6AeBkg-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>We're continually warned about the prospect of <a href="https://www.pcgamer.com/software/ai/great-now-even-malware-is-using-llms-to-rewrite-its-code-says-google-as-it-documents-new-phase-of-ai-abuse/" target="_blank">AI-generated malware</a> these days, but there is one important factor working in our favour: sometimes, it's kinda rubbish. </p><p><a href="https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/" target="_blank">Ox Security</a> researchers have discovered an info-stealing malicious npm package called mouse5212-super-formatter, designed to target Claude users. The nasty little blighter reached 676 downloads before being unmasked, after the apparently AI-coded malware leaked its own GitHub private token (via <a href="https://www.theregister.com/cyber-crime/2026/05/27/supply-chain-brain-drain-npm-attacker-foolishly-leaks-own-github-private-token/5247424" target="_blank">The Registry</a>).</p><p>The researchers say the infostealer posed as an internal "archive deployment sync utility", but in reality, it "authenticates to GitHub (using an environment token or a hard-coded fallback), checks whether a target repository exists, creates it if needed, then recursively walks a local directory and uploads every file through the GitHub Contents API."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-XmAkPX"></div>                            </div>                            <script src="https://kwizly.com/embed/XmAkPX.js" async></script><p>The malware then stores stolen files under a random per-run folder name, while also writing a fake network connections log to make "execution look like diagnostics rather than theft." </p><p>The GitHub private token allowed the researchers to trace the stolen files and analyse the malware, raising suspicions of AI coding involvement. The threat actor's GitHub account linked to the package has since been deleted.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="6TGQnBqmmkzUUKj64xg7ma" name="GettyImages-1358210974.jpg" alt="Back angle Hacker wearing hoodies cloth motivation emotion and typing coding to hacking cryptocurrency from internet at home" src="https://cdn.mos.cms.futurecdn.net/6TGQnBqmmkzUUKj64xg7ma.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: skaman306 via Getty Images)</span></figcaption></figure><p>My favourite part? OX Security has put together <a href="https://www.ox.security/blog/malware-slop-new-malicious-npm-package-leaks-its-own-github-private-token/#:~:text=them%20as%20compromised.-,Technical%20Analysis,-By%20analyzing%20the" target="_blank">a handy chart</a> to show how it all works, labelling its type as "Infostealer/Malware-Slop." Damn.</p><p>"While threat actors have been leveraging their techniques in recent years, this is a good example showing how some... are using AI to generate malware without understanding basic opsec concepts and best practices," says the company.</p><p>"Now that the bar to create malicious code [has been] reduced significantly, we’re going to see more threat actors getting into the game–uploading more sloppy malwares, mostly mimicking APT groups to get a slice of the cake until npm starts automatically blocking malware completely."</p><p>Well, this particularly insecure, err, security risk appears to have been neutralised, and we can all rest easy in our beds tonight. Hey, just be glad we're still in the early days of the AI self-owning age. If things keep developing at the current rate, these stories are going to become a lot less fun as the years go on.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Security researcher describes freshly uncovered Windows 11 vulnerability as 'one of the most insane discoveries I ever found.' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/security-researcher-describes-freshly-uncovered-windows-11-vulnerability-as-one-of-the-most-insane-discoveries-i-ever-found/</link>
                                                                            <description>
                            <![CDATA[ The king in yellow. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rtRUAiCr8WEsayLdV3Mhg8</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/tMKjmXc5Gj7Rx9NRLV4HY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 21 May 2026 11:28:03 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/tMKjmXc5Gj7Rx9NRLV4HY-1280-80.jpg">
                                                            <media:credit><![CDATA[Beata Zawrzel/NurPhoto via Getty Images/Surasak Suwanmake via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Windows 11 displayed on a laptop, keyboard and pen resting on the keyboard. Overlaid on top of this image is a photo illustration of a hacker, code pouring out from beneath the brim of their hood.]]></media:description>                                                            <media:text><![CDATA[Windows 11 displayed on a laptop, keyboard and pen resting on the keyboard. Overlaid on top of this image is a photo illustration of a hacker, code pouring out from beneath the brim of their hood.]]></media:text>
                                <media:title type="plain"><![CDATA[Windows 11 displayed on a laptop, keyboard and pen resting on the keyboard. Overlaid on top of this image is a photo illustration of a hacker, code pouring out from beneath the brim of their hood.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/tMKjmXc5Gj7Rx9NRLV4HY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A security researcher going by the GitHub handle Nightmare-Eclipse disclosed a potentially nasty BitLocker bypass in Windows 11 earlier this month. Dubbed <a href="https://github.com/Nightmare-Eclipse/YellowKey" target="_blank">YellowKey</a>, the exploit allows an attacker to read the contents of a BitLocker-encrypted drive by abusing standard behavior of the Windows Recovery Environment. </p><p>Nightmare-Eclipse adds that, as far as their testing is concerned, the vulnerability only appears to be present in Windows 11. The security researcher describes it as "one of the most insane discoveries I ever found."</p><p>This week <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45585" target="_blank">Microsoft acknowledged the vulnerability</a>, and criticised the public sharing of the YellowKey proof of concept, saying this violates "coordinated vulnerability best practices." The company has since designated the vulnerability <a href="https://nvd.nist.gov/vuln/detail/CVE-2026-45585" target="_blank">CVE-2026-45585</a>, and provided some mitigation guidance, but the BitLocker bypass remains unpatched at time of writing. That said, the fact this attack requires physical access to a targeted device offers some amount of mitigation in itself.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-eM7mDO"></div>                            </div>                            <script src="https://kwizly.com/embed/eM7mDO.js" async></script><p>Cybersecurity firm <a href="https://eclypsium.com/blog/yellowkey-bitlocker-bypass-windows-recovery-environment/" target="_blank">Eclypsium breaks the vulnerability down in a recent blog post</a>, explaining YellowKey works by leveraging the Windows Recovery Environment to "grant a fully unlocked command shell against drives that the operating system continues to treat as encrypted." In theory, all that would be needed to launch the attack would be "a stolen Windows 11 laptop and a USB stick."</p><p>The company also elaborates that the vulnerability doesn't appear to be present in Windows 10 because "the responsible WinRE component behaves differently in that codebase." Beyond that, it adds, "The vulnerable filesystems on the attacker-supplied media include NTFS, FAT32, and exFAT, which removes any meaningful constraint on how the payload is staged."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2000px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="hYQgGNSjwjKrvyVuLEkzQM" name="GettyImages-1248551713.jpg" alt="Hacker hacking away on a keyboard." src="https://cdn.mos.cms.futurecdn.net/hYQgGNSjwjKrvyVuLEkzQM.jpg" mos="" align="middle" fullscreen="" width="2000" height="1125" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Getty images - Rapeepong Puttakumwong)</span></figcaption></figure><p>Nightmare-Eclipse theorises the bypass is more of a backdoor. "The component that is responsible for this bug is not present anywhere (even in the internet) except inside WinRE image." They explain, "And what makes it raise suspicions is the fact that the exact same component is also present with the exact same name in a normal Windows installation but without the functionalities that trigger the BitLocker bypass issue."</p><p>Microsoft has not confirmed this theory, referring to the issue as "a security feature bypass vulnerability". As you might already suspect, it is far from the only vulnerability uncovered in Windows 11 this year. Just last month, another <a href="https://www.pcgamer.com/software/security/cybersecurity-experts-raise-the-alarm-over-windows-recall-again-the-vault-door-is-titanium-the-wall-next-to-it-is-drywall/" target="_blank">security researcher warned how the new and improved Recall could be leveraged by bad actors</a>. As <em>if </em>I needed another reason to be wary of AI integration.</p><p>It's not just AI features proving a security headache though, with the newest and improv-iest version of <a href="https://www.pcgamer.com/software/windows/thanks-to-microsoft-adding-all-those-extra-features-to-notepad-it-now-unfortunately-sports-one-more-an-exploitation-vulnerability-with-a-high-security-rating/" target="_blank">Notepad finding itself with a remote code execution vulnerability</a>. At the very least, remote code execution is not something you have to worry about with the YellowKey BitLocker bypass. It's a slim win, but I'm sure someone at Microsoft will take it.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Devs, be careful what you plug in: GitHub security breach was apparently facilitated by a 'poisoned Visual Studio Code extension' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/devs-be-careful-what-you-plug-in-github-security-breach-was-apparently-facilitated-by-a-poisoned-visual-studio-code-extension/</link>
                                                                            <description>
                            <![CDATA[ A full incident report is on the way. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jbfK78P7w2rjoEAULmQzfX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/mwTpDXjfLnj26YQL33UfzJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 20 May 2026 16:38:40 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/mwTpDXjfLnj26YQL33UfzJ-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images - NurPhoto / Contributor]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Github Logo on a phone in front of the words &quot;Let&#039;s build from here&quot;]]></media:description>                                                            <media:text><![CDATA[The Github Logo on a phone in front of the words &quot;Let&#039;s build from here&quot;]]></media:text>
                                <media:title type="plain"><![CDATA[The Github Logo on a phone in front of the words &quot;Let&#039;s build from here&quot;]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/mwTpDXjfLnj26YQL33UfzJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>GitHub, arguably <em>the </em>place for developers to store and share code, has been the target of a cyberattack. The Microsoft-owned platform reported on Tuesday that its internal repositories experienced unauthorised access, although it does not appear to have exposed customer information outside of that.</p><p>"Our current assessment is that the activity involved exfiltration of GitHub-internal repositories only," <a href="https://x.com/github/status/2056949168208552080" target="_blank">GitHub shared most recently on X</a>, "The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far."</p><p>The attack reportedly took place via a compromised employee device "involving a poisoned [Visual Studio] Code extension." GitHub did not name the specific developer extension that was leveraged in the breach, nor the attacker. GitHub continues, "We removed the malicious extension version, isolated the endpoint, and began incident response immediately."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-eM7mDO"></div>                            </div>                            <script src="https://kwizly.com/embed/eM7mDO.js" async></script><p>Backdoors placed in useful extensions is not a novel route of attack. For example, one bad actor snaffling up <a href="https://www.pcgamer.com/hardware/someone-has-apparently-snaffled-up-31-wordpress-plugins-and-wedged-a-backdoor-in-each-one/" target="_blank">31 WordPress plugins and placing a backdoor in all of them</a>. For another, security researchers claimed last year that <a href="https://www.pcgamer.com/software/browsers/security-researcher-claims-35-chrome-extensions-with-4-000-000-installs-include-some-kind-of-spyware-or-infostealer/" target="_blank">35 Chrome extensions with over 4,000,000 installs 'include some kind of spyware or infostealer'</a></p><p>GitHub's highest-impact credentials have now been rotated, and the platform says it is continuing to keep an eye out for any further unauthorised access. The platform will share a full report on the security incident in the near future.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2240px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="wbsryXKDFeuXYYZGsVt3yL" name="github crash.jpg" alt="GitHub logo over red code" src="https://cdn.mos.cms.futurecdn.net/wbsryXKDFeuXYYZGsVt3yL.jpg" mos="" align="middle" fullscreen="" width="2240" height="1260" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: EDUARD MUZHEVSKYI / SCIENCE PHOTO LIBRARY, Github)</span></figcaption></figure><p><a href="https://www.bleepingcomputer.com/news/security/github-confirms-breach-of-3-800-repos-via-malicious-vscode-extension/" target="_blank">According to Bleeping Computer</a>, hacker group TeamPCP have since claimed responsibility for the GitHub attack via the Breached cybercrime forum. The group says it's gained access to both GitHub source code, plus over "4,000 repos of private code." However, the cybercriminals' motivations are not so clear cut; the alleged attackers write, "As always this is not a ransom; we do not care about extorting Github."</p><p>"One buyer and we shred the data on our end," the group continues, "It looks like our retirement is soon, so if no buyer is found we will leak it [for] free. If you are interested, send your offers to the communications below. We are not interested in under 50k—the best offer will get it."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Web infrastructure company Cloudflare says Claude Mythos reasoning 'looks like the work of a senior researcher' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/web-infrastructure-company-cloudflare-says-claude-mythos-reasoning-looks-like-the-work-of-a-senior-researcher/</link>
                                                                            <description>
                            <![CDATA[ Cloudflare has been figuring out how to best use the model. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZmAJmPWb52bSRU2d64eJDY</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/dwfifLuqm6nwyPvp9ubVbS-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 20 May 2026 15:36:28 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jacob Fox ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Ee8ZL5rzgTjTNkBFJ4jBnD.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob&#039;s led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world&#039;s #1 PC Gaming site full-time. It&#039;s definitely not an ego thing, he assures us.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/dwfifLuqm6nwyPvp9ubVbS-1280-80.png">
                                                            <media:credit><![CDATA[Cheng Xin via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[CHONGQING, CHINA - JULY 29: In this photo illustration, a person holds a smartphone displaying the logo of Cloudflare Inc. (NYSE: NET), an American web infrastructure and website security company, with the company&#039;s cloud logo visible in the background, on July 29, 2025 in Chongqing, China. (Photo illustration by Cheng Xin/Getty Images)]]></media:description>                                                            <media:text><![CDATA[CHONGQING, CHINA - JULY 29: In this photo illustration, a person holds a smartphone displaying the logo of Cloudflare Inc. (NYSE: NET), an American web infrastructure and website security company, with the company&#039;s cloud logo visible in the background, on July 29, 2025 in Chongqing, China. (Photo illustration by Cheng Xin/Getty Images)]]></media:text>
                                <media:title type="plain"><![CDATA[CHONGQING, CHINA - JULY 29: In this photo illustration, a person holds a smartphone displaying the logo of Cloudflare Inc. (NYSE: NET), an American web infrastructure and website security company, with the company&#039;s cloud logo visible in the background, on July 29, 2025 in Chongqing, China. (Photo illustration by Cheng Xin/Getty Images)]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/dwfifLuqm6nwyPvp9ubVbS-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>It's been difficult as a layman in cybersecurity to figure out how seriously we should take all the hype and fear over Anthropic's Claude Mythos AI. But now I have something a little more concrete to grasp onto, as Cloudflare has been busy <a href="https://blog.cloudflare.com/cyber-frontier-models/" target="_blank">figuring out exactly what Mythos seems good for</a>. </p><p>The AI model recently swept through the cybersecurity industry and caused a stir by showing the magnitude of AI's potential threat to software security—for instance, finding <a href="https://www.pcgamer.com/software/ai/anthropics-new-claude-mythos-ai-model-has-apparently-found-thousands-of-vulnerabilities-in-every-major-operating-system-and-every-major-web-browser-along-with-a-range-of-other-important-pieces-of-software/" target="_blank">thousands of vulnerabilities in every OS and major web browser</a>. But as a mere plebian sitting far from the techbro classes, and despite banks and other institutions <a href="https://www.reuters.com/business/finance/anthropics-mythos-sends-us-banks-rushing-plug-cyber-holes-2026-05-12/" target="_blank">rushing to reckon with it</a>, I'd not been sure exactly how much stock to put behind the stink the AI model was causing. Checking over Cloudflare's analysis earlier today, however, has given me a little bit of a better idea. </p><p>The company has been part of Anthropic's <a href="https://www.anthropic.com/glasswing" target="_blank">Project Glasswing</a>. The idea behind this project (and presumably Mythos in general) seems to be to get in ahead of any bad actors in the AI arms race. It essentially has Anthropic as the 'good guy' that gets companies secured against the latest AI threats to cybersecurity, by using AI to identify the same threats a bad actor might.</p><p>Anthropic explains: "Claude Mythos Preview is a general-purpose, unreleased frontier model that reveals a stark fact: AI models have reached a level of coding capability where they can surpass all but the most skilled humans at finding and exploiting software vulnerabilities… Project Glasswing is an urgent attempt to put these capabilities to work for defensive purposes."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-eM7mDO"></div>                            </div>                            <script src="https://kwizly.com/embed/eM7mDO.js" async></script><p>Glasswing gives selected important tech companies access to Mythos Preview to "scan and secure both first-party and open-source systems", with Anthropic giving up to $100 million of credits for them to use. The companies include Amazon Web Services, Apple, Google, Microsoft, Nvidia, and more, including Cloudflare.</p><p>It might seem strange to have your cybersecurity strategy raise vulnerabilities to light that bad actors could, in theory, exploit, but that's nothing new: companies often hire '<a href="https://en.wikipedia.org/wiki/Red_team" target="_blank">red teams</a>' to do such things so they can patch them. This is essentially the same idea, but on a whole new scale, given the use of AI. </p><p>Overall, Cloudflare is impressed with Mythos, saying it's a "real step forward... not just a refinement of what came before... what changed with Mythos Preview is that a model can now take those low-severity bugs (which would traditionally sit invisible in a backlog) and chain them into a single, more severe exploit."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="NSshYFCwhM3hJ3MHBb38Eo" name="GettyImages-2259623291" alt="An image showing the Claude AI logo displayed on the screen of a smartphone placed on a reflective surface onto which lines of computer code are projected." src="https://cdn.mos.cms.futurecdn.net/NSshYFCwhM3hJ3MHBb38Eo.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: NurPhoto via Getty Images)</span></figcaption></figure><p>Two features that Cloudflare says stood out about Mythos during the company's testing were its "exploit chain construction" (ie, its ability to chain vulnerabilities together intelligently into a single attack) and "proof generation" (ie, actually demonstrating that what it comes up with works).  </p><p>The model isn't perfect, however—would one expect a "preview" to be so? Cloudflare, for instance, found it would sometimes pop up guardrails that didn't make sense, preventing legitimate security research.</p><p>The company also seems to suggest that a lot of people have been thinking about Mythos somewhat incorrectly, focusing on how quickly it can find vulnerabilities for quick patching. And it discovered (the hard way) that it's better to use the AI model in a more directed and split-up way rather than just setting one Mythos agent to a big review with hands off.</p><p>If you just set it to check out a giant codebase, it might struggle to maintain relevant context throughout the entire process in a way that a human researcher wouldn't. "Using the model directly in a coding agent turns out to be fine for manual investigation when a researcher already has a lead and wants a second pair of eyes. However, it's the wrong tool for achieving high coverage."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2560px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="QMfrCQqzyLtHjPLZuNM47f" name="New Project (38)" alt="A Cloudflare diagram of the 'vulnerability discovery harness' it uses for Claude Mythos." src="https://cdn.mos.cms.futurecdn.net/QMfrCQqzyLtHjPLZuNM47f.jpg" mos="" align="middle" fullscreen="" width="2560" height="1440" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Cloudflare)</span></figcaption></figure><p>The company ultimately found that using Mythos effectively means using a 'harness' that narrows its scope, relying on a second agent to clear signal from noise, and using multiple agents along the chain as well as in parallel. In other words, it seems like having lots of Mythos 'worker' with specific tasks works better than trying to have one super-worker Mythos taking on the entire codebase.</p><p>Moving forward, rather than using Mythos solely with a focus on patching faster, Cloudflare thinks people's focus should be on architecture:</p><p>"The harder question is what the architecture around the vulnerability should look like. The principle is to make exploitation harder for an attacker even when a bug exists, so that the gap between when a vulnerability is disclosed and when it is patched matters less. </p><p>That means defenses that sit in front of the application and block the bug from being reached. It means designing the application so that a flaw in one part of the code cannot give an attacker access to other parts. It means being able to roll out a fix to every place the code is running at the same moment, rather than waiting on individual teams to deploy it."</p><p>Exactly how Cloudflare plans to use Mythos in this way is something the company is still keeping close to its chest, but it says it will "share more on what that means for customers in the weeks ahead."</p><p>Cloudflare is far from unfamiliar with AI. The company has <a href="https://www.pcgamer.com/software/ai/increasingly-the-distinction-between-bots-and-humans-is-moot-says-one-of-the-biggest-web-infrastructure-companies/" target="_blank">previously said</a> that "increasingly the distinction between bots and humans is moot", at least when it comes to how websites (which often run through Cloudflare servers) treat users. So I suppose it's no surprise the company is diving into a heavily agentic approach to cybersecurity. Though if Mythos really is as much of a leap ahead as the company is suggesting, it might be a case of 'get to it before your adversaries do'—the AI arms race churns on whether we want it or not.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Interpol's 'Operation Ramz' has arrested over 200 people for phishing scams, malware threats, and security breaches ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/interpols-operation-ramz-has-arrested-over-200-people-for-phishing-scams-malware-threats-and-all-sorts-of-internet-neer-do-well-behaviour/</link>
                                                                            <description>
                            <![CDATA[ Knock knock, it's the cyber police. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vn7m8x779i8RrrGJSpUD9K</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/oiLtyNerA9NERKHemTzTB6-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Tue, 19 May 2026 16:29:18 +0000</pubDate>                                                                                                                                <updated>Tue, 19 May 2026 16:48:52 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ZGont4SjJV38V5HWmjfNAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/oiLtyNerA9NERKHemTzTB6-1280-80.png">
                                                            <media:credit><![CDATA[rob dobi via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A hooded figure is depicted running with a large sack, from which slips of paper featuring asterisks (symbolizing passwords or confidential information) are falling out. The background is solid red, creating a striking contrast and emphasizing the theme of cyber theft or data breach.]]></media:description>                                                            <media:text><![CDATA[A hooded figure is depicted running with a large sack, from which slips of paper featuring asterisks (symbolizing passwords or confidential information) are falling out. The background is solid red, creating a striking contrast and emphasizing the theme of cyber theft or data breach.]]></media:text>
                                <media:title type="plain"><![CDATA[A hooded figure is depicted running with a large sack, from which slips of paper featuring asterisks (symbolizing passwords or confidential information) are falling out. The background is solid red, creating a striking contrast and emphasizing the theme of cyber theft or data breach.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/oiLtyNerA9NERKHemTzTB6-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>International police organisation Interpol has announced the arrest of 201 individuals as part of "<a href="https://www.interpol.int/en/News-and-Events/News/2026/201-arrests-in-first-of-its-kind-cybercrime-operation-in-MENA-region" target="_blank">Operation Ramz</a>", a multinational effort to target phishing operations, malware threats, and "cyber scams" in the Middle East and North Africa region.</p><p>The "first of its kind" operation involved the participation of 13 countries and resulted in the seizure of 53 servers alongside the arrests. 3,867 victims of cybercrime were confirmed via nearly 8,000 pieces of data pulled from said servers (via <a href="https://www.bleepingcomputer.com/news/security/interpol-operation-ramz-seizes-53-malware-phishing-servers/" target="_blank">Bleeping Computer</a>).</p><p>"In a world where cybercriminals exploit the digital landscape without borders, Operation Ramz demonstrates the effectiveness of global collaboration," said Neal Jetton, Interpol's director of cybercrime.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-eM7mDO"></div>                            </div>                            <script src="https://kwizly.com/embed/eM7mDO.js" async></script><p>"Interpol is dedicated to working with its member countries and private sector partners to take down malicious infrastructure, disrupt criminal groups and bring perpetrators to justice.”</p><p>The press release highlights several countries involved in the effort, including Qatar, Jordan, Oman, Algeria, and Morocco. In the case of Jordan, Interpol claims that 15 individuals were discovered by police to be running an investment scam that mimicked a legitimate trading platform, but were later determined to be victims of human trafficking.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="mFkytw2xMwt8YqnsfRjQj4" name="GettyImages-1706985510-1920x1080size.jpg" alt="A stylised photograph of a person acting as a hacker, break into servers and infecting them with a virus, as show by computer monitors displaying green text and codes Their System with a Virus" src="https://cdn.mos.cms.futurecdn.net/mFkytw2xMwt8YqnsfRjQj4.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Witthaya Prasongsin via Getty Images)</span></figcaption></figure><p>Interpol says the individuals originated from elsewhere in Asia, but had been recruited under a false promise of employment before having their passports confiscated and being forced to participate in the scheme. Two people accused of orchestrating the fraudulent operation were arrested.</p><p>Another deferred method of operation occurred in Qatar, according to Interpol. There, investigators found multiple compromised devices that were being used to spread malicious threats, all while their owners were left completely unaware that their electronics had been hijacked.</p><p>Which is a pretty unnerving thought. Us PC users are usually pretty savvy to the idea that our machines need securing against outside threats, but it's important to remember that routers, phones, and other, less-obvious devices can also be vulnerable to attack, often without your knowledge. </p><p>Basically, think about security when using any electronic device. None of us want a knock on the door and a chat with the authorities, do we?</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Discord just got the privacy feature it probably should have had for years, introducing end-to-end encryption for very nearly every voice and video call ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/discord-just-got-the-privacy-feature-it-probably-should-have-had-for-years-introducing-end-to-end-encryption-for-very-nearly-every-voice-and-video-call/</link>
                                                                            <description>
                            <![CDATA[ "Likely one of the internet’s most platform-diverse E2EE voice and video implementations." ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xxkTPAeER4TBPA5HGWQjFL</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/bK4uZhxvRgcb85EAubQrc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 19 May 2026 15:11:24 +0000</pubDate>                                                                                                                                <updated>Tue, 19 May 2026 15:12:16 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/bK4uZhxvRgcb85EAubQrc-1280-80.jpg">
                                                            <media:credit><![CDATA[Jakub Porzycki/NurPhoto via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Discord logo displayed on a phone screen and Discord website displayed on a screen in the background are seen in this illustration photo taken in Krakow, Poland on November 5, 2022.]]></media:description>                                                            <media:text><![CDATA[Discord logo displayed on a phone screen and Discord website displayed on a screen in the background are seen in this illustration photo taken in Krakow, Poland on November 5, 2022.]]></media:text>
                                <media:title type="plain"><![CDATA[Discord logo displayed on a phone screen and Discord website displayed on a screen in the background are seen in this illustration photo taken in Krakow, Poland on November 5, 2022.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/bK4uZhxvRgcb85EAubQrc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Discord has just announced that all voice and video calls that take place on its platform will now enjoy end-to-end encryption.</p><p>You may be forgiven for thinking the platform already had this in place, but that's not the case. The platform began 'experimenting' with end-to-end encryption <a href="https://discord.com/blog/encryption-for-voice-and-video-on-discord" target="_blank">back in 2023</a>, but has only just <a href="https://discord.com/blog/every-voice-and-video-call-on-discord-is-now-end-to-end-encrypted" target="_blank">made it the standard for almost every call</a>.</p><p>I say 'almost' because the major exception is voice and video calls taking place on a server's stage channel. Otherwise, for standard server channels, the switch is automatic with no need to opt in. The company says that right now, "every voice and video call on Discord, whether in DMs, group DMs, voice channels, or Go Live streams, is end-to-end encrypted by default."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-eM7mDO"></div>                            </div>                            <script src="https://kwizly.com/embed/eM7mDO.js" async></script><p>The vice president of technology at <a href="https://www.pcgamer.com/uk/discord/" target="_blank">Discord</a>, Mark Smith, dove into some depth about the multi-year process of implementing end-to-end call encryption. Long story short, <a href="https://discord.com/blog/meet-dave-e2ee-for-audio-video" target="_blank">2024 saw the introduction of DAVE</a> (no, <a href="https://www.pcgamer.com/author/dave-james/" target="_blank">not that one</a>), Discord's very own encryption protocol. If you'd like to take a closer look at DAVE (still not that one), <a href="https://github.com/discord/libdave" target="_blank">Discord has made it open-source via GitHub</a>.</p><p>Smith explains, "We began migrating calls on desktop and mobile and started proving that E2EE could operate at Discord's scale without compromising the experience people expect from us."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="id4wHipjYPcsESTxAdLoj3" name="LinusDiscord1" alt="Linus Torvalds holds a small PC onto the screen of which Discord has been photoshopped clumsily." src="https://cdn.mos.cms.futurecdn.net/id4wHipjYPcsESTxAdLoj3.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Jim Sugar via Getty Images / Discord)</span></figcaption></figure><p>Then in 2025, <a href="https://discord.com/blog/bringing-dave-to-all-discord-platforms" target="_blank">DAVE was extended to every remaining Discord platform</a>, such as the browser-based app and console-based apps. Smith writes, "At the beginning of March 2026, we completed that migration."</p><p>That's the briefest of overviews, but already hints at what a social beast Discord has become, and just how many moving parts this migration had to account for. "The thing that makes Discord's voice and video infrastructure unusual isn't just scale — it's diversity," Mark Smith writes, "A single Discord call can have someone on a laptop, someone on their phone, someone on a PlayStation, someone on an Xbox, and someone in a web browser, all in the same conversation at the same time." </p><p>He goes on to add, "Every one of those participants expects Discord’s high-quality, low-latency communications, regardless of what device they're on. Building an E2EE protocol that works seamlessly across all of those surfaces simultaneously is, to my knowledge, unlike anything else that's been shipped. DAVE is likely one of the internet’s most platform-diverse E2EE voice and video implementations."</p><p>It's definitely an impressive project that represents a recommitment to user privacy. You may remember that the embattled social platform experienced a lot of pushback over proposed age verification measures, particularly after <a href="https://www.pcgamer.com/hardware/discord-says-70-000-age-verification-id-photos-may-have-been-leaked-in-recent-security-breach-that-also-includes-names-usernames-emails-credit-cards-and-ip-addresses/" target="_blank">the potential exposure of 70,000 users' personal data in a data breach last year</a>.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="cQky3vgcKgB2hQgKLThUsn" name="discord-hackers.jpg" alt="Discord hackers distribute malware that can stay persistent for months" src="https://cdn.mos.cms.futurecdn.net/cQky3vgcKgB2hQgKLThUsn.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: TheDigitalArtist - Pixabay & Discord)</span></figcaption></figure><p>Though <a href="https://www.pcgamer.com/software/platforms/discord-delays-its-global-age-verification-rollout-and-cuts-ties-with-peter-thiel-backed-verification-vendor-after-upsetting-almost-everyone-on-earth-weve-made-mistakes/" target="_blank">the platform has delayed rolling out age checks globally</a> in light of criticism, the platform has already deployed age verification in the UK in accordance with local law there (<a href="https://www.pcgamer.com/gaming-industry/theres-no-reason-for-discord-to-comply-in-advance-with-social-media-age-verification-laws-instead-of-fighting-for-their-users-says-eff-expert/" target="_blank">though critics argue the platform did not need to comply in advance</a>). As a long-time user in the UK, <a href="https://www.pcgamer.com/hardware/discord-clarifies-it-is-not-requiring-everyone-to-complete-a-face-scan-or-upload-an-id-and-will-confirm-your-age-group-using-information-we-already-have/" target="_blank">I've managed to avoid these latest checks</a>. All the same, here's hoping that the user privacy win of end-to-end encryption isn't soon undone by poorly implemented age checks in the near future.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft continues to build towards a passwordless future by phasing out an authentication method that's become 'a leading source of fraud' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/microsoft-continues-to-build-towards-a-passwordless-future-by-phasing-out-an-authentication-method-thats-become-a-leading-source-of-fraud/</link>
                                                                            <description>
                            <![CDATA[ Bad news for forgetful folks like me. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">uSmpNcEApNi2gSpjt8XSDd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iL6D95t98F3a3oPkTLE4A-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 19 May 2026 10:48:22 +0000</pubDate>                                                                                                                                <updated>Tue, 19 May 2026 10:48:29 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iL6D95t98F3a3oPkTLE4A-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft]]></media:description>                                                            <media:text><![CDATA[Microsoft]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iL6D95t98F3a3oPkTLE4A-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Everyone wants your data, so that means everyone would like you to make an account with them. I don't know about you, but more accounts simply means more passwords I'm bound to forget—at least there's multi-factor authentication methods like SMS codes, right? Well, soon that won't be the case for your personal Microsoft account.</p><p>Traditionally, codes sent via text to your phone have been deployed as an authentication method when you log in, or as a way to recover your Microsoft account when you inevitably forget your password. Unfortunately for forgetful folks such as myself, <a href="https://support.microsoft.com/en-us/accounts-billing/manage/microsoft-to-stop-sending-sms-codes-for-personal-accounts" target="_blank">Microsoft has chosen to phase out SMS codes</a> in both cases (via <a href="https://www.windowslatest.com/2026/05/19/microsoft-is-killing-sms-codes-for-microsoft-account-sign-in-aggressively-pushes-passkeys-on-windows-11/" target="_blank">Windows Latest</a>).</p><p>According to Microsoft, "SMS-based authentication is now a leading source of fraud, and by moving to passwordless accounts, passkeys, and verified email, we're helping you stay ahead of evolving threats while making account access simpler and more seamless."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-eM7mDO"></div>                            </div>                            <script src="https://kwizly.com/embed/eM7mDO.js" async></script><p>So, if SMS codes are out and Microsoft truly believes "the future of authentication is passwordless," what does that leave? Primarily, <a href="https://support.microsoft.com/en-us/account-billing/create-and-save-a-passkey-e92cd3e0-11fa-4630-a5ea-3ccc0396b3d9" target="_blank">Passkeys</a>. These can take the form of a PIN, but biometric passkeys, like a face or fingerprint scan, avoid the whole 'a sequence of characters you can forget' problem. That said, it requires handing over yet more data that I'm personally reluctant to give up to big tech.</p><p>This isn't the first time the company has said it wants <a href="https://www.pcgamer.com/software/operating-systems/microsoft-says-it-wants-to-completely-ditch-passwords-as-it-makes-passwordless-login-the-default-for-all-new-accounts/" target="_blank">to completely ditch traditional passwords</a>. As much as <a href="https://www.pcgamer.com/hardware/today-i-learned-motorola-was-once-developing-a-password-pill-that-turns-your-body-into-an-authentication-token-we-have-demoed-this-working-and-authenticating-a-phone/" target="_blank">Motorola's 'password pill'</a> captures the imagination, it was far from practical. As such, Microsoft is pitching Passkeys as a faster, "phishing-resistant" way to log in as this method uses your device's local, "built-in authentication (like Face ID, fingerprint, or PIN)."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2048px;"><p class="vanilla-image-block" style="padding-top:56.88%;"><img id="f4tei8tW9372mYpFwNSeEJ" name="Microsoft security 2" alt="Microsoft security" src="https://cdn.mos.cms.futurecdn.net/f4tei8tW9372mYpFwNSeEJ.jpg" mos="" align="middle" fullscreen="" width="2048" height="1165" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>This makes sense. For a start, SMS codes are displayed in plain text and sent over mobile networks that committed bad actors can fairly easily breach at a distance. On-device authentication cuts out that vulnerable network—though <a href="https://www.pcgamer.com/software/security/cybersecurity-experts-raise-the-alarm-over-windows-recall-again-the-vault-door-is-titanium-the-wall-next-to-it-is-drywall/" target="_blank">security researchers have already exposed how Windows Recall could be leveraged by bad actors</a> to get around Microsoft's best security intentions, so, as always, it's important to remember that device security should be maintained across the board.</p><p>No authentication measure is 100% secure, but limiting a forgetful user's login options is a headache. I would use a password manager like LastPass, but security researchers argue such services are <a href="https://www.pcgamer.com/hardware/three-of-the-biggest-password-managers-are-vulnerable-to-a-cornucopia-of-practical-attacks-say-security-researchers/" target="_blank">vulnerable to 'a cornucopia of practical attacks'</a>, though some of my colleagues swear by them (the two Jacobs swear by BitWarden). </p><p>At any rate, you won't be able to get auto-filling from a PWM before you log into the OS. At least if I forget a password, no one has a hope of retrieving it from my grey matter besides me.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Owner of $400,000 in bitcoin was locked out of their account a decade ago and they just used Claude to get back in  ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/owner-of-usd400-000-in-bitcoin-was-locked-out-of-their-account-a-decade-ago-and-they-just-used-claude-to-get-back-in/</link>
                                                                            <description>
                            <![CDATA[ They technically could have saved money by not cashing out earlier. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">BLBE8YgLavbc57B6ARKhsU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JP56t7mvBwVyFkWrgpVzN3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 15 May 2026 10:30:35 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JP56t7mvBwVyFkWrgpVzN3-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images / Chris McGrath]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Gold Bitcoins are seen in the window of a Bitcoin and cryptocurrency exchange office on November 08, 2024 in Istanbul, Turkey. Bitcoin has soared to new record highs nearing 77,000 in the days after Donald Trump&#039;s re-election and on his campaign promise to support Bitcoin and the cryptocurrency market. ]]></media:description>                                                            <media:text><![CDATA[Gold Bitcoins are seen in the window of a Bitcoin and cryptocurrency exchange office on November 08, 2024 in Istanbul, Turkey. Bitcoin has soared to new record highs nearing 77,000 in the days after Donald Trump&#039;s re-election and on his campaign promise to support Bitcoin and the cryptocurrency market. ]]></media:text>
                                <media:title type="plain"><![CDATA[Gold Bitcoins are seen in the window of a Bitcoin and cryptocurrency exchange office on November 08, 2024 in Istanbul, Turkey. Bitcoin has soared to new record highs nearing 77,000 in the days after Donald Trump&#039;s re-election and on his campaign promise to support Bitcoin and the cryptocurrency market. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JP56t7mvBwVyFkWrgpVzN3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>You may think getting locked out of your account because you've forgotten the password is annoying, but have you ever gotten locked out and lost almost half a million dollars in the process? That's what happened to X user <a href="https://x.com/cprkrn/status/2054586810475364536" target="_blank">@cprkrn</a>, when they stored five bitcoin ($402k at the time of writing) in an account in 2015 and forgot how to get back in. </p><p>As reported by <a href="https://www.tomshardware.com/tech-industry/cryptocurrency/bitcoin-trader-recovers-usd400-000-using-claude-ai-after-losing-wallet-password-11-years-ago-bot-tried-3-5-trillion-passwords-before-decrypting-an-old-wallet-backup" target="_blank">Tom's Hardware</a>, cprkrn used Anthropic's AI model, Claude, to get access again. After using 'like 7 trillion passwords ', they found a password that happened to be the one before the current one. </p><p>Thinking they had no way back in, they reportedly dumped their college computer into Claude, which found an old wallet file that, once decrypted, got them into their account. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-eM7mDO"></div>                            </div>                            <script src="https://kwizly.com/embed/eM7mDO.js" async></script><p>This computer had a mnemonic device that they seemingly didn't spot, and Claude put that together with the rest of their account details to get into the account. The LLM didn't hack into the account, or anything so elaborate, it just found the pieces to get into the account, lost in an old computer.  </p><p>If you're wondering how and why they lost their password for an account that is so valuable, <a href="https://x.com/cprkrn/status/2054593989177757763?s=20" target="_blank">they were apparently</a> "Locked out 11+ years because I got stoned and changed the password."</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">I tried like 7 trillion passwords lmfaoFound this old pneumonic a few weeks ago that ended up being the old password before I changed itThought I was screwedLast ditch effort dumped my whole college computer into ClaudeIt found an OLD wallet file that the pneumonic…<a href="https://twitter.com/cantworkitout/status/2054593989177757763">May 13, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>There's an ironic silver lining here, in that we don't know if cprkm would have held onto the bitcoin so long if they hadn't lost access. According to the <a href="https://blockchair.com/bitcoin/address/14VJySbsKraEJbtwk9ivnr1fXs6QuofuE6?utm_referrer=https%3A%2F%2Ft.co%2F#history" target="_blank">account history</a>, 5 bitcoin were purchased on April Fools' Day in 2015. By this point, the cryptocurrency was worth around $245. Now, one bitcoin fetches $60,000. That's a fair jump in value, though it is down from its peak of $90,000 in October, 2025. </p><p>Still, cprkrn would have been aware that they had somewhere close to half a million dollars in a locked account for years now. They report that dumping their computer into Claude was their 'last ditch effort' to get the account back. </p><p>You may be wondering what they plan on doing with all that cash now that they finally have it back. Their answer? <a href="https://x.com/cprkrn/status/2054699774561959991?s=20" target="_blank">Asking electronic artist and DJ Deadmau5 to play at their wedding</a>. I suppose there are technically worse ways to spend the money.  </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ There's a devious hacking scheme that involves a hijacked Microsoft Teams account, a fake IT helpdesk, and a covert infection tool ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/theres-a-devious-hacking-scheme-that-involves-a-hijacked-microsoft-teams-account-a-fake-it-helpdesk-and-a-covert-infection-tool/</link>
                                                                            <description>
                            <![CDATA[ IT's a pretty bad one. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">8jknwt9gd3QUxFCTYVgGeN</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/LSQReDFmyiXJPKj2vGJhEe-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 13 May 2026 15:07:20 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/LSQReDFmyiXJPKj2vGJhEe-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images / Gabby Jones / Bloomberg ]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Microsoft Teams app on a laptop arranged in New York, US, on Tuesday, June 25, 2024. Microsoft Corp. risks a hefty European Union fine after regulators accused the company of abusing its market power by bundling the Teams video-conferencing app to its other business software.]]></media:description>                                                            <media:text><![CDATA[The Microsoft Teams app on a laptop arranged in New York, US, on Tuesday, June 25, 2024. Microsoft Corp. risks a hefty European Union fine after regulators accused the company of abusing its market power by bundling the Teams video-conferencing app to its other business software.]]></media:text>
                                <media:title type="plain"><![CDATA[The Microsoft Teams app on a laptop arranged in New York, US, on Tuesday, June 25, 2024. Microsoft Corp. risks a hefty European Union fine after regulators accused the company of abusing its market power by bundling the Teams video-conferencing app to its other business software.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/LSQReDFmyiXJPKj2vGJhEe-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Hackers aren't known for punching above the belt, but one recent scam feels so devious it's made me even more wary of the next time IT tries to reach out to me. The scam uses hijacked Microsoft Teams account to pose as an IT helpdesk, which then convinces users to download malicious files. </p><p>As noted by <a href="https://gbhackers.com/hackers-hijack-microsoft-teams/" target="_blank">GBHackers</a>, some versions of this scam use fresh Microsoft Teams accounts to impersonate existing users, but others use accounts gained in this scam to further scam others. </p><p>Once contact is established with a user, they are encouraged to access a bespoke chat client, which lends the hack an air of legitimacy. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W3px8O"></div>                            </div>                            <script src="https://kwizly.com/embed/W3px8O.js" async></script><p>From here, users are encouraged to run a command via PowerShell that then secretly unpacks a WinPython environment. This is all under the guise of it being a "diagnostic tool". The ModeloRAT can start to infect the PC without any obvious signs of what is even happening. </p><p>The hack in question has two separate components to it: one searches for and retrieves data covertly, while the other establishes a connection to a different device. GBHackers notes "Run‑key persistence is still present but is now paired with a scheduled task using a randomly generated name, increasing resiliency and making cleanup harder if only one mechanism is removed."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1024px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="xKBnoERaRRpKUrwbaPyPHT" name="fallout hacking game.jpg" alt="Fallout hacking minigame" src="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT.jpg" mos="" align="middle" fullscreen="" width="1024" height="576" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Bethesda)</span></figcaption></figure><p>The goal of the ModeloRAT malware software is to embed itself into corporate environments so that it can do what it likes with all that harvested data. GBHackers reports it "was able to execute without detections from several major endpoint detection and response (EDR) products, and related samples showed zero antivirus hits on VirusTotal at the time of analysis."</p><p>This form of social engineering is becoming ever more popular. Just yesterday, I found out about a <a href="https://www.pcgamer.com/software/security/a-jobstealer-trojan-virus-has-popped-up-that-attacks-pcs-via-fake-job-interviews/" target="_blank">password-stealing Trojan virus that managed to get into users' PCs with fake job interviews</a>.</p><p>Social engineering scams are getting even more sophisticated in the age of AI, too. A few months ago, another scheme was found, <a href="https://www.pcgamer.com/software/ai/ai-assisted-hacking-group-hits-targets-with-a-complicated-social-engineering-scam-that-involves-deepfaked-ceos-spoofed-zoom-calls-and-a-malicious-troubleshooting-program/" target="_blank">where hackers would pose as CEOs with deepfake technology</a> and set up a bogus troubleshooting program to help with technical problems. As you might be able to guess, that troubleshooting program was a virus.  </p><p>As always, the best defence against hacks and scams is verifying the identity of folks who contact you, especially if they're trying to make you download a dodgy file or click on a suspect link.  </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Teaching software company strikes a deal with hackers to get customer data back, defying FBI guidance ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/teaching-software-company-strikes-a-deal-with-hackers-to-get-customer-data-back-defying-fbi-guidance/</link>
                                                                            <description>
                            <![CDATA[ A strange choice with details to follow. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">c9YTbxtvzg554DfZWBCLUj</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/toD7dricW9DJqnsPdwk9XH-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 13 May 2026 14:01:53 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/toD7dricW9DJqnsPdwk9XH-1280-80.jpg">
                                                            <media:credit><![CDATA[Urbazon via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An FBI agent using a comuter.]]></media:description>                                                            <media:text><![CDATA[An FBI agent using a comuter.]]></media:text>
                                <media:title type="plain"><![CDATA[An FBI agent using a comuter.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/toD7dricW9DJqnsPdwk9XH-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Education technology company Instructure has "reached an agreement" with the hacker group that breached its systems for a second time earlier this month. Most recently, hacker group ShinyHunters had exfiltrated hundreds of gigabytes of data from the company's cloud-based learning management system Canvas.</p><p>This breach potentially exposed the names, email addresses, and private messages of about <a href="https://www.pcgamer.com/hardware/rockstar-ransom-hackers-claim-to-have-stolen-the-data-of-280-million-teachers-school-staff-and-students-in-canvas-attack/" target="_blank">280 million Canvas users</a>. ShinyHunters had threatened to leak this data if Instructure did not make contact before a May 12 deadline, though Instructure <a href="https://www.instructure.com/incident_update" target="_blank">now reports</a> that the stolen data has been returned.</p><p>The company has additionally received "digital confirmation of data destruction (shred logs)" from ShinyHunters, and the assurance that "no Instructure customers will be extorted as a result of this incident, publicly or otherwise" (via <a href="https://techcrunch.com/2026/05/12/instructure-strikes-deal-with-hackers-who-breached-it-twice/" target="_blank">TechCrunch</a>). To date, Instructure has not disclosed the full terms of the agreements—financial or otherwise.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W3px8O"></div>                            </div>                            <script src="https://kwizly.com/embed/W3px8O.js" async></script><p><a href="https://www.bbc.co.uk/news/articles/cdepzg83x87o" target="_blank">According to the BBC</a>, a previous version of Instructure's security incident update read, "While there is never complete certainty when dealing with cyber criminals, we believe it was important to take every step within our control to give customers additional peace of mind, to the extent possible."</p><p>Official guidance frequently urges ransomware victims <em>not </em>to pay up. To begin with, <a href="https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-frauds-and-scams/ransomware" target="_blank">one of the FBI's ransomware info pages</a> advises that the bureau "does not support paying a ransom in response to a ransomware attack." The FBI also <a href="https://x.com/FBICyberDiv/status/2052910397196292460" target="_blank">alluded to the Canvas breach in a post on X last week</a>, writing, "If you are contacted directly by anyone claiming to have your data, we recommend you not send payment or respond to their demands."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:3840px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ZKEZ5pcnnfswatquMwibBG" name="Grand Theft Auto VI Trailer 1 00-01-10.jpg" alt="gta 6 trailer" src="https://cdn.mos.cms.futurecdn.net/ZKEZ5pcnnfswatquMwibBG.jpg" mos="" align="middle" fullscreen="" width="3840" height="2160" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Rockstar)</span></figcaption></figure><p>Besides the Canvas cyberattack, <a href="https://www.pcgamer.com/hardware/the-same-group-that-tried-to-ransom-rockstar-over-gta-6-says-it-has-breached-user-data-from-armenian-geforce-now-servers/" target="_blank">ShinyHunters has most recently breached Nvidia's GeForce Now</a>—the hacker group claims that it "pulled their entire database straight from the backend." The group also <a href="https://www.pcgamer.com/games/grand-theft-auto/hackers-demand-ransom-from-gta6-studio-rockstar-threaten-to-leak-stolen-data/" target="_blank">demanded a ransom from GTA 6 studio Rockstar last month</a>, though it was soon revealed that <a href="https://www.pcgamer.com/games/rockstar-hackers-release-their-stolen-data-reveal-that-rockstar-was-right-to-not-pay-them-anything-for-it/" target="_blank">they didn't have all that much to leak in the end</a>.</p><p>It has not yet been confirmed if or how much Instructure paid ShinyHunters in order to retrieve its stolen data. At the time of writing, the company's latest security incident update does not explain why the company chose to broker an agreement with the cybercriminal group. That said, Instructure leadership apparently intends to offer some clarity in an upcoming webinar, detailing "information about the cyber attack and our activities to harden the system."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Hackers are using fake job interviews to load applicants' PCs with a password-stealing Trojan ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/a-jobstealer-trojan-virus-has-popped-up-that-attacks-pcs-via-fake-job-interviews/</link>
                                                                            <description>
                            <![CDATA[ No job and a new virus. What a nightmare. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">SvsZdheoVMKDMVdpypWgKc</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 12 May 2026 10:31:31 +0000</pubDate>                                                                                                                                <updated>Tue, 12 May 2026 11:09:29 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW-1280-80.jpg">
                                                            <media:credit><![CDATA[Chris Ratcliffe/Bloomberg via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg]]></media:description>                                                            <media:text><![CDATA[Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg]]></media:text>
                                <media:title type="plain"><![CDATA[Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As is ever the case, hackers are a devious old bunch, and this time, they're using your desire to finally get a job to stick a virus on your PC. Ironically named 'JobStealer', one Trojan virus is buried in a fake video conferencing app. </p><p>As pointed out by antivirus software <a href="https://news.drweb.ru/show/?i=15253&lng=ru&c=5" target="_blank">Dr.Web</a>, bad actors contact users looking for jobs and invite them to interview via a video conference website intended to look like a real one, which prompts users to download its software. </p><p>In many of these cases, the software has connected social media accounts to make it all seem real. Bad actors are also spoofing real sites like Webex to add legitimacy to their attacks. If you happen to get contacted by one of these scammers on Mac, the site will encourage you to even run the virus via the terminal or a disk image file that runs the terminal for you—a clear red flag. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W3px8O"></div>                            </div>                            <script src="https://kwizly.com/embed/W3px8O.js" async></script><p>The 'Jobstealer' virus is a pretty involved one that collects data on the system itself, its browser extensions, passwords, notes and more. All that data is then placed in a ZIP archive and uploaded to a server. As is so often the case with viruses right now, this one primarily aims to steal cryptocurrency wallets. </p><p>There is currently both a macOS and Windows version of the software available to download. There are also versions for iOS, Android, and Linux, though Dr.Web has not yet seen distribution of the virus on these platforms. Still, their presence indicates that there may be plans to roll the virus out to other platforms in the future. Dr.Web does point out that its antivirus software can get rid of JobStealer, though, so it's at least detectable and removable. </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tv5e8eVbT7uQcLL7Dtt3bZ" name="hacking-omg.jpg" alt="Person typing on a laptop with red and blue lighting" src="https://cdn.mos.cms.futurecdn.net/tv5e8eVbT7uQcLL7Dtt3bZ.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">Examples of the fake websites, as noted by Dr.Web. </span><span class="credit" itemprop="copyrightHolder">(Image credit: Westend61)</span></figcaption></figure><p>Faking credentials of employers has become a more common hacking tactic in recent times, thanks in part to the prevalence of AI. Earlier this year, <a href="https://www.pcgamer.com/software/ai/ai-assisted-hacking-group-hits-targets-with-a-complicated-social-engineering-scam-that-involves-deepfaked-ceos-spoofed-zoom-calls-and-a-malicious-troubleshooting-program/" target="_blank">researchers spotted a complicated social engineering scam that used deepfakes versions of CEOs to spoof Zoom calls</a> and prompt users to download troubleshooting software to fix software issues. As you may be able to guess, that troubleshooting software is in fact a virus. </p><p>As is ever the case, scams that rely on tricking the most desperate are a reliable method for bad actors. Just make sure to double and triple-check the credentials of the next employer who reaches out to you. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ A killswitch has been pitched for the Linux kernel that could shut down vulnerable functions while users wait for patches ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/linux/a-killswitch-has-been-pitched-for-the-linux-kernel-that-could-shut-down-vulnerable-functions-while-users-wait-for-patches/</link>
                                                                            <description>
                            <![CDATA[ Is the 'nuclear option' sometimes the best one? ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">3mXAvKJDrwQ2M48jy5iJCU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/r7kH7a3UqjhfFT7a798xhm-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 11 May 2026 16:17:16 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Linux]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                    <category><![CDATA[Operating Systems]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/r7kH7a3UqjhfFT7a798xhm-1280-80.jpg">
                                                            <media:credit><![CDATA[Future]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Origami Linux on a Dell XPS 13 laptop]]></media:description>                                                            <media:text><![CDATA[Origami Linux on a Dell XPS 13 laptop]]></media:text>
                                <media:title type="plain"><![CDATA[Origami Linux on a Dell XPS 13 laptop]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/r7kH7a3UqjhfFT7a798xhm-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>If you've ever felt anxious about the security of your machine while you wait for a solution to some vulnerability, a proposed change to the Linux kernel may interest you. <a href="https://lore.kernel.org/all/20260507070547.2268452-1-sashal@kernel.org/" target="_blank">Pitched</a> by Nvidia staff Sasha Levin, it's effectively a killswitch that could shut down some functions while waiting for a more official solution. </p><p>As spotted by <a href="https://www.theregister.com/oses/2026/05/11/linux-kernel-maintainers-pitch-emergency-killswitch-after-copyfail-and-dirty-frag-chaos/5237801" target="_blank">The Information</a>, Levin writes, "Killswitch lets a privileged operator make a chosen kernel function return a fixed value without executing its body, as a temporary mitigation for a security bug while a real fix is being prepared"</p><p>Levin notes that when a security issue becomes public, many users of Linux are technically made more vulnerable until the patch is sent out into the world. You would naturally have to stay more vigilant and use the killswitch manually when issues are made known, but it gives some extra agency over your rig. Though the main focus are the commercial users that are most vulnerable, not your everyday Linux user.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W3px8O"></div>                            </div>                            <script src="https://kwizly.com/embed/W3px8O.js" async></script><p>Levine continues, "For most users, the cost of 'this socket family stops working for the day' is</p><p>much smaller than the cost of running a known vulnerable kernel until the fix lands."</p><p>This killswitch was suggested just a week after researchers caught a root exploit called "<a href="https://blog.cloudflare.com/copy-fail-linux-vulnerability-mitigation/" target="_blank">Copyfail</a>". Effectively, this exploit can escalate user privileges by replacing code, and that user can exploit escalated user privileges to attack machines. Over on the Cybersecurity Reddit, <a href="https://www.reddit.com/r/cybersecurity/comments/1t2z1xa/comment/ojrpi6o/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button" target="_blank">one user says</a>, "That script is stupidly easy to run and gain root."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:3840px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="XiVwBANybbwmEEkWwKQzRf" name="linux-pc-gaming" alt="Blade 14 gaming laptop running PopOS with an Xbox Wireless controller in front of it" src="https://cdn.mos.cms.futurecdn.net/XiVwBANybbwmEEkWwKQzRf.jpg" mos="" align="middle" fullscreen="" width="3840" height="2160" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p>There was a period of time in between Copyfail being spotted and patches rolling out where users were left more vulnerable than before, and this is the perfect use case for the likes of this killswitch. </p><p>It's naturally not the most elegant solution to problems, given it simply shuts down parts of the machine, but that level of granular control could be a good thing, especially in the hands of the already rather granular Linux community. </p><p>Not everyone is fully on board with it, though, and understandably so. <a href="https://www.reddit.com/r/cybersecurity/comments/1t9bn66/comment/ol10yt3/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button" target="_blank">One Reddit user, with over 100 upvotes</a>, argues it is "Useful as a last-resort mitigation, but scary if people treat it like a patch. Easy to imagine this breaking production in creative ways." </p><p>Even more negatively, <a href="https://www.reddit.com/r/cybersecurity/comments/1t9bn66/comment/ol0wa6u/?utm_source=share&utm_medium=web3x&utm_name=web3xcss&utm_term=1&utm_content=share_button" target="_blank">another argues</a> it's a "security feature that may be worse than the vulnerability."</p><p>Some believe the 'nuclear option' is far too extreme, and even when it works, it could incentivise some to simply lock down functions rather than actually patching their machine. And that's before mentioning users could shut down processes they probably shouldn't with it. It seems like the nuclear option could be good or bad, depending on who has the button.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft reiterates that it's totally fine with Edge storing passwords in cleartext, despite security researchers' concerns ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/microsoft-reiterates-that-its-totally-fine-with-edge-storing-passwords-in-cleartext-despite-security-researchers-concerns/</link>
                                                                            <description>
                            <![CDATA[ An attacker would need access to your pc to use it but why leave it open anyways? ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pT5PsDrTdxsQ2tTyodZaVQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/e7FykHnZ2ufzXBvQQ2VA6U-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 07 May 2026 14:38:17 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/e7FykHnZ2ufzXBvQQ2VA6U-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images/Jakub Porzycki/NurPhoto]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Edge logo displayed on a phone screen and Microsoft logo displayed on a screen in the background are seen in this illustration photo taken in Krakow, Poland on February 7, 2023.]]></media:description>                                                            <media:text><![CDATA[Edge logo displayed on a phone screen and Microsoft logo displayed on a screen in the background are seen in this illustration photo taken in Krakow, Poland on February 7, 2023.]]></media:text>
                                <media:title type="plain"><![CDATA[Edge logo displayed on a phone screen and Microsoft logo displayed on a screen in the background are seen in this illustration photo taken in Krakow, Poland on February 7, 2023.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/e7FykHnZ2ufzXBvQQ2VA6U-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Earlier this week, we reported that a researcher found <a href="https://www.pcgamer.com/hardware/microsoft-edge-saves-passwords-in-cleartext-by-design-and-researchers-argue-this-turns-into-a-credential-harvest-on-shared-pcs/" target="_blank">Microsoft Edge saves passwords in cleartext </a>in the memory of your machine. This means you can seemingly bypass even the likes of 2FA if you have access to someone's rig. At the time, Microsoft said this was 'by design', and it has affirmed the same statement in a correspondence with me. </p><p>I've been told, "Safety and security are foundational to Microsoft Edge. Access to browser data as described in the reported scenario would require the device to already be compromised."</p><p>This is true. Being able to get into the terminal to find the passwords on Edge does require having admin access on the machine, and that's already a severe breach of your security. However, this technique gets around many security restrictions already in place, should someone get hold of your machine, so it seems like a heightened risk for little reward. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W3px8O"></div>                            </div>                            <script src="https://kwizly.com/embed/W3px8O.js" async></script><p>As pointed out by the <a href="https://isc.sans.edu/diary/32954" target="_blank">Internet Storm Center</a>, you can actually get all that information by simply creating a dump memory file of the browser via Task Manager and using strings to search through that dump file for passwords. That means someone could get access in mere moments, with not too much technical know-how. </p><p><a href="https://x.com/L1v1ng0ffTh3L4N/status/2051308329880719730" target="_blank">Tom Jøran Sønstebyseter Rønning</a>, the researcher who drew attention to this, says that Edge is the only Chromium-based browser they've tested that behaves like this.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">❗️🚨 Microsoft Edge keeps every saved password in process memory as cleartext from the moment it launches. Microsoft's responsed when reported: "by design." All of them. Including credentials for sites you won't open this session.Researcher @L1v1ng0ffTh3L4N tested every major… pic.twitter.com/AIG4EPkPjq<a href="https://twitter.com/cantworkitout/status/2051406295828250963">May 4, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>Microsoft tells me: "Design choices in this area involve balancing performance, usability, and security, and we continue to review it against evolving threats. Browsers access password data in memory to help users sign in quickly and securely—this is an expected feature of the application. We recommend users install the latest security updates and antivirus software to help protect against security threats." </p><p>The latest security updates and antivirus software will not protect from this specific problem. Though a user getting admin privilege might seem far-fetched, it's worth noting that many Windows users will simply use their standard account at an administrator level. This means that, should you leave it open in a cafe or even in an office space, one could theoretically nab any passwords on Edge in a short time. </p><p>As International <a href="https://x.com/IntCyberDigest/status/2051406295828250963" target="_blank">Cyber Digest points out</a>, "In shared environments, this turns into a credential harvest. On a terminal server, an attacker with admin rights can read the memory of every logged-on user process."</p><p>It's never a bad idea to brush up on your cybersecurity knowledge, but this is as good a time as any to remind you to lock down your account if you have to step away. And that's especially true if you are on Microsoft Edge. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'A single 732-byte Python script can be used to obtain root on essentially all Linux distributions shipped since 2017': Time to update your kernel ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/linux/a-single-732-byte-python-script-can-be-used-to-obtain-root-on-essentially-all-linux-distributions-shipped-since-2017-time-to-update-your-kernel/</link>
                                                                            <description>
                            <![CDATA[ Batten down the distros. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">BY79qQzhwpsbumfRgKd3D4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/YF9oxZF4B6pytrLsSXL8gQ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 05 May 2026 16:23:44 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Linux]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                    <category><![CDATA[Operating Systems]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/YF9oxZF4B6pytrLsSXL8gQ-1280-80.jpg">
                                                            <media:credit><![CDATA[JUAN BARRETO/AFP via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A view of a gentoo (Pygoscelis papua) penguin at the Paradise Bay in the Gerlache Strait -which separates the Palmer Archipelago from the Antarctic Peninsula, on January 20, 2024. Scientists and researchers from various countries are collaborating on projects during the X Antarctic Expedition aboard the Colombian research vessel &#039;ARC Simon Bolivar,&#039; designed exclusively to develop scientific projects. These initiatives involve analyzing the current condition of the Antarctic sea, studying atmospheric pressure, and monitoring the species inhabiting this region of the planet. ]]></media:description>                                                            <media:text><![CDATA[A view of a gentoo (Pygoscelis papua) penguin at the Paradise Bay in the Gerlache Strait -which separates the Palmer Archipelago from the Antarctic Peninsula, on January 20, 2024. Scientists and researchers from various countries are collaborating on projects during the X Antarctic Expedition aboard the Colombian research vessel &#039;ARC Simon Bolivar,&#039; designed exclusively to develop scientific projects. These initiatives involve analyzing the current condition of the Antarctic sea, studying atmospheric pressure, and monitoring the species inhabiting this region of the planet. ]]></media:text>
                                <media:title type="plain"><![CDATA[A view of a gentoo (Pygoscelis papua) penguin at the Paradise Bay in the Gerlache Strait -which separates the Palmer Archipelago from the Antarctic Peninsula, on January 20, 2024. Scientists and researchers from various countries are collaborating on projects during the X Antarctic Expedition aboard the Colombian research vessel &#039;ARC Simon Bolivar,&#039; designed exclusively to develop scientific projects. These initiatives involve analyzing the current condition of the Antarctic sea, studying atmospheric pressure, and monitoring the species inhabiting this region of the planet. ]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/YF9oxZF4B6pytrLsSXL8gQ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Gaming on Linux has never been better—but that doesn't mean your distros are free from security threats. Case in point is a severe vulnerability nicknamed 'Copy Fail,' which allows a local user to dig into the guts of the OS and give themselves root privileges merely by writing four bytes of controlled data into the page cache of any readable file.</p><p>The security research team at <a href="https://xint.io/blog/copy-fail-linux-distributions" target="_blank">Theori disclosed the vulnerability last Wednesday</a>, though CISA reports that threat actors have since been observed using the exploit in the wild. The security flaw has been given the designation <a href="https://www.cve.org/CVERecord?id=CVE-2026-31431" target="_blank">CVE-2026-31431</a> and marked with a high severity score of 7.8 (via <a href="https://www.bleepingcomputer.com/news/security/cisa-says-copy-fail-flaw-now-exploited-to-root-linux-systems/" target="_blank">Bleeping Computer</a>).</p><p>This is because Copy Fail could potentially leave a large number of Linux users exposed—if you've not updated your kernel in a hot minute, now would be the time. Theori puts it succinctly in its write-up, summarising, "A single 732-byte Python script can [be used to] obtain root on essentially all Linux distributions shipped since 2017."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-Xp4ZAX"></div>                            </div>                            <script src="https://kwizly.com/embed/Xp4ZAX.js" async></script><p>As such, CISA <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search=CVE-2026-31431&field_date_added_wrapper=all&field_cve=&sort_by=field_date_added&items_per_page=20&url=" target="_blank">added the vulnerability to its Known Exploited Vulnerabilities Catalog</a>. In accordance with '<a href="https://www.cisa.gov/news-events/directives/bod-22-01-reducing-significant-risk-known-exploited-vulnerabilities" target="_blank">Binding Operational Directive (BOD) 22-01</a>', this move in turn requires <a href="https://www.cisa.gov/news-events/directives/federal-civilian-executive-branch-agencies-list" target="_blank">Federal Civilian Executive Branch agencies</a> based throughout the USA to update their systems by May 15 in order to protect their systems against this active threat.</p><p>CISA warns, "This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="moJu4CGvCX5NeT5qQNPPeX" name="ubuntu-login" alt="Ubuntu's user screen in the settings." src="https://cdn.mos.cms.futurecdn.net/moJu4CGvCX5NeT5qQNPPeX.png" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Ubuntu)</span></figcaption></figure><p>Cybersecurity firm Theori also offers <a href="https://copy.fail/" target="_blank">a more digestible Copy Fail guide</a>. This includes the security research team's original Proof of Concept script so "defenders can verify their own systems and validate vendor patches." It's worth clarifying that this script requires local access to a machine running Linux, and that the security vulnerability is <em>not </em>an example of remote code execution.</p><p>The team found the same script works in Ubuntu 24.04 LTS, Amazon Linux 2023, RHEL 10.1, and SUSE 16, but obviously, plenty of other Linux distros are also affected.</p><p>This news follows claims made last week by Canonical—the company that created Ubuntu—that its web infrastructure was under a "<a href="https://www.pcgamer.com/software/security/canonical-the-company-that-makes-ubuntu-linux-says-its-web-infrastructure-is-under-a-sustained-cross-border-attack/" target="_blank">sustained, cross-border attack</a>". Though the Copy Fail vulnerability was disclosed by Theori around the same time, the exploit may not be to blame. Canonical has yet to provide an update after <a href="https://x.com/ubuntu/status/2050112955132297652" target="_blank">its X post on May 1st</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft Edge saves passwords in cleartext 'by design' and researchers argue 'this turns into a credential harvest' on shared PCs ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/microsoft-edge-saves-passwords-in-cleartext-by-design-and-researchers-argue-this-turns-into-a-credential-harvest-on-shared-pcs/</link>
                                                                            <description>
                            <![CDATA[ You do need admin rights to get that far, though. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">MsmKLt3LM2Q7PqiHbcwrZ8</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/J6q9JPs7o8VPPwCEheXaQN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 05 May 2026 15:54:41 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/J6q9JPs7o8VPPwCEheXaQN-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft Edge]]></media:description>                                                            <media:text><![CDATA[Microsoft Edge]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft Edge]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/J6q9JPs7o8VPPwCEheXaQN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A Norwegian cybersecurity researcher recently spotted that passwords in Microsoft Edge are saved in memory in cleartext. Thus exposing <em>all</em> passwords to anyone that might wish to peek behind the curtain, providing they can gain access to the PC through other means, including a shared admin.</p><p>The researcher, <a href="https://x.com/L1v1ng0ffTh3L4N/status/2051308329880719730" target="_blank">Tom Jøran Sønstebyseter Rønning</a>, says, "Edge is the only Chromium‑based browser I’ve tested that behaves this way."</p><p>When Rønning reported this to Microsoft, they were reportedly told this behaviour is "by design." </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-Xp4ZAX"></div>                            </div>                            <script src="https://kwizly.com/embed/Xp4ZAX.js" async></script><p>Rønning clarifies that Edge decrypts every credential at startup, regardless of whether you visit a site using those credentials. This doesn't mean that one can simply access those passwords with little know-how, though. A user needs administrative access to a terminal server, which is already a major breach on a computer, but from here, "they can access the memory of all logged‑on user processes."</p><p>Importantly, one could have administrative rights on one account and use that to compromise the stored credentials for other logged-in users. Rønning posted an Edge password dumper tool on <a href="https://github.com/L1v1ng0ffTh3L4N/EdgeSavedPasswordsDumper/tree/main" target="_blank">GitHub </a>that simulates this process.</p><p>One could argue that if a user has admin rights, they can already cause havoc on a rig if they have access, and that's true. But something worth considering is that many PC users will have admin rights on their accounts as a default. And even if you have admin rights, you often have to use passwords to get access to password managers, or even use two-factor authentication. Cleartext saved passwords, as argued by <a href="https://x.com/IntCyberDigest/status/2051406295828250963" target="_blank">International Cyber Digest</a>, means "in shared environments, this turns into a credential harvest."</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">Microsoft Edge loads all your saved passwords into memory in cleartext — even when you’re not using them. pic.twitter.com/ci0ZLEYFLB<a href="https://twitter.com/cantworkitout/status/2051308329880719730">May 4, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>Last year, researcher <a href="https://x.com/LopezLucio666/status/2051648029019799590" target="_blank">@LopezLucio666</a> reported this to Microsoft, and it said, "after careful investigation, this case has been assessed as not a vulnerability and no security and does not meet Microsoft's bar for immediate servicing."</p><p>Chrome, inversely, decrypts credentials when required, so it doesn't keep them decrypted in memory at all times. It binds decryption to an authenticated Chrome process, which means other processes on the machine can't duplicate the process of Chrome's encryption keys. </p><p>Microsoft's "<a href="https://learn.microsoft.com/en-us/deployedge/microsoft-edge-security-password-manager-security" target="_blank">password manager security</a>" web page / FAQ does briefly address this point, but argues "Even if an attacker has admin rights or offline access and can get to the locally stored data, the system is designed to prevent the attacker from getting the plaintext passwords of a user who isn't logged in. "</p><p>The research of Rønning and others suggests the system is not quite doing its job in preventing attackers from getting those plaintext passwords, so hopefully the noise around its discovery can urge Microsoft to give it another look. We have reached out to Microsoft for comment on this story. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Nvidia confirms some user data may have been stolen in the Armenian GeForce Now breach, but not passwords ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/the-same-group-that-tried-to-ransom-rockstar-over-gta-6-says-it-has-breached-user-data-from-armenian-geforce-now-servers/</link>
                                                                            <description>
                            <![CDATA[ If you use GeForce Now in Armenia, it may be a good idea to change your password and activate 2FA. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Zn5jFEdeSAMdTxC8DZcXfM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/fw8W4TABYfc649FPtndt9Z-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 05 May 2026 14:32:18 +0000</pubDate>                                                                                                                                <updated>Thu, 07 May 2026 14:32:41 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/fw8W4TABYfc649FPtndt9Z-1280-80.jpg">
                                                            <media:credit><![CDATA[NVIDIA]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[NVIDIA GeForce NOW cloud gaming platform running on multiple devices]]></media:description>                                                            <media:text><![CDATA[NVIDIA GeForce NOW cloud gaming platform running on multiple devices]]></media:text>
                                <media:title type="plain"><![CDATA[NVIDIA GeForce NOW cloud gaming platform running on multiple devices]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/fw8W4TABYfc649FPtndt9Z-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Last week, hacking group ShinyHunters took to a black hat hacking forum to share that it had successfully breached Nvidia's GeForce Now and was looking to sell "millions of real user records" to the highest bidder. However, Nvidia seems to claim that's not quite the case. </p><p>As originally spotted by <a href="https://thecybersecguru.com/news/nvidia-geforce-now-data-breach/" target="_blank">The Cybersec Guru</a>, ShinyHunters claims to have "pulled their entire database straight from the backend" with users' first and last names, email addresses, dates of birth, membership status, 2FA status, and more. </p><p>The mention of 2FA status is important here, as bad actors could effectively ignore any account with extra protective measures to get a better hit rate when trying to get access to users' accounts. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-Xp4ZAX"></div>                            </div>                            <script src="https://kwizly.com/embed/Xp4ZAX.js" async></script><p>However, according to a statement given to <a href="https://videocardz.com/newz/nvidia-confirms-geforce-now-partner-security-breach-says-its-own-systems-were-not-affected" target="_blank">VideoCardz</a> from Nvidia: </p><p>"Our investigation found no impact to Nvidia-operated services. The issue is limited to systems run by a third-party GeForce Now Alliance partner based in Armenia. We are working closely with the partner to support their investigation and resolution. Impacted users will be notified by GFN.am.” </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ZidW5wMAjuuxws3At4Jgo" name="C (23)" alt="The CyberSec Guru's screenshot of ShinyHunters, attempting to sell GeForce Now user data from its breach" src="https://cdn.mos.cms.futurecdn.net/ZidW5wMAjuuxws3At4Jgo.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: The CyberSec Guru)</span></figcaption></figure><p>Nvidia has pointed me to <a href="https://gfn.am/hy/blog/%D5%A1%D5%B6%D5%BE%D5%BF%D5%A1%D5%B6%D5%A3%D5%B8%D6%82%D5%A9%D5%B5%D5%A1%D5%B6-%D5%B4%D5%AB%D5%BB%D5%A1%D5%A4%D5%A5%D5%BA/" target="_blank">GFN.am's statement </a>(and a translation of it), noting that hackers did not get access to passwords but may have got may have got the following: </p><ul><li>E-mail address</li><li>Telephone number, if registered through a mobile operator</li><li>Date of birth</li><li>Name and surname if logged in through Google</li><li>GFN.AM username</li></ul><p>That same statement says, "Following the discovery of the incident, the Society has taken immediate measures to eliminate the causes of unauthorized access, as well as additional organizational and technical measures have been implemented to increase the level of protection of information systems and prevent similar situations in the future."</p><p>Unless you live in Armenia and have an account through Nvidia's Armenian GeForce Now provider (GFN.am), you are unlikely to be affected by the breach, but Armenian users should keep an eye on the site and activate 2FA at a minimum.</p><p>This unfortunately does not necessarily account for users who no longer subscribe to the service, so hopefully they will get other forms of communication too. </p><p>Still, even after all of this is done, ShinyHunters claims it has a list of email addresses, so it's worth being extra vigilant of phishing and spam emails going forward. </p><p>If the name ShinyHunters is familiar to you, there's a good chance it is because, just last month, it <a href="https://www.pcgamer.com/games/grand-theft-auto/hackers-demand-ransom-from-gta6-studio-rockstar-threaten-to-leak-stolen-data/" target="_blank">demanded a ransom for Rockstar</a> in regard to data it managed to steal. </p><p>After Rockstar refused to pay the fee, ShinyHunters revealed the data, and <a href="https://www.pcgamer.com/games/rockstar-hackers-release-their-stolen-data-reveal-that-rockstar-was-right-to-not-pay-them-anything-for-it/" target="_blank">our Andy Chalk reckons Rockstar was right not to pay.</a> We don't know what processes Nvidia will implement from here, but here's hoping its providers continue to brush up on their cybersecurity. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Canonical, the company that makes Ubuntu Linux, says its web infrastructure is under a 'sustained, cross-border attack' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/canonical-the-company-that-makes-ubuntu-linux-says-its-web-infrastructure-is-under-a-sustained-cross-border-attack/</link>
                                                                            <description>
                            <![CDATA[ A whole range of Ubuntu sites and services seem to be affected. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">UrddhdmsrRvvJ2FoUe2XZ3</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/moJu4CGvCX5NeT5qQNPPeX-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Fri, 01 May 2026 08:46:17 +0000</pubDate>                                                                                                                                <updated>Fri, 01 May 2026 10:30:42 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jacob Fox ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Ee8ZL5rzgTjTNkBFJ4jBnD.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob&#039;s led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world&#039;s #1 PC Gaming site full-time. It&#039;s definitely not an ego thing, he assures us.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/moJu4CGvCX5NeT5qQNPPeX-1280-80.png">
                                                            <media:credit><![CDATA[Ubuntu]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Ubuntu&#039;s user screen in the settings.]]></media:description>                                                            <media:text><![CDATA[Ubuntu&#039;s user screen in the settings.]]></media:text>
                                <media:title type="plain"><![CDATA[Ubuntu&#039;s user screen in the settings.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/moJu4CGvCX5NeT5qQNPPeX-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Canonical, the company behind the most popular Linux distro, says its web infrastructure is currently under a "sustained, cross-border attack."</p><p>Affected sites and services seem to run across the entire Ubuntu gamut, from its website to its blog and even potentially its repos. According to what user reports I could gleam from online forums—given official status pages are down—the problems have been ongoing for hours even if Canonical only officially commented on it recently. </p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">Canonical’s web infrastructure is under a sustained, cross-border attack and we are working to address it.We will provide more information in our official channels as soon as we are able to.<a href="https://twitter.com/cantworkitout/status/2050112955132297652">May 1, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>Importantly, <a href="https://www.reddit.com/r/Ubuntu/comments/1t07tb2/canonical_ubuntu_being_targeted_by_a_ddos_attack/" target="_blank">there are reports</a> of the security repo servers at security.ubuntu.com being either slow or down for many users, and indeed when I tried the website it didn't load. Repositories are how Ubuntu users get their updates, and the security repo is, of course, a very important one, as it allows users to download and install important security updates and patches. It is worth noting, however, that updates should still be able to be installed from different mirror repos, which you can choose by selecting one in the 'Download from' dropdown in the Software & Updates tool.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-Xp4ZAX"></div>                            </div>                            <script src="https://kwizly.com/embed/Xp4ZAX.js" async></script><p>Even the <a href="https://status.canonical.com/" target="_blank">page that lists server statuses</a> is disabled by Canonical. It instead reiterates the same message that Canonical posted to X.</p><p>All this follows the disclosure yesterday of a recently discovered <a href="https://www.cve.org/CVERecord?id=CVE-2026-31431" target="_blank">vulnerability nicknamed "Copy Fail"</a> which cybersecurity research firm <a href="https://xint.io/blog/copy-fail-linux-distributions#what-makes-copy-fail-different-0" target="_blank">Theori, on Xint.io</a>, explains as meaning the discovery that a "single 732-byte Python script can edit a setuid binary and obtain root on essentially all Linux distributions shipped since 2017."</p><p>It's not known, however, whether this vulnerability has anything to do with the current attack. In fact, Canonical saying that it's a "sustained, cross-border attack" could imply it's not vulnerability-related attack but simply a wide-scale DDoS or something similar. If it is to do with Copy Fail, then perhaps it's only indirectly so—possibly to attempt to prevent some from installing updates that fix the vulnerability.</p><p>Cybersecurity company <a href="https://x.com/VECERTRadar/status/2050027038216536473?s=20" target="_blank">Vercert Analyzer claims</a> that hacktivist group 'The Islamic Cyber ​​Resistance in Iraq – 313 Team' has claimed responsibility for the attack(s) and has sent an extortion message to the Ubuntu team. Though we can't confirm this ourselves and will be waiting for more word from Canonical itself. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ State cybersecurity agencies around the world are advising extra care over home routers as they could be used in 'China-nexus' covert networks ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/state-cybersecurity-agencies-around-the-world-are-advising-extra-care-over-home-routers-as-they-could-be-used-in-china-nexus-covert-networks/</link>
                                                                            <description>
                            <![CDATA[ Though at least one security company thinks there are more important measures to take than those CISA suggests. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">RSML5hT8KsEyt9xZWFURNU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9RrLbYubNhAfrxZDcaY7N9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 29 Apr 2026 11:09:37 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jacob Fox ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Ee8ZL5rzgTjTNkBFJ4jBnD.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob&#039;s led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world&#039;s #1 PC Gaming site full-time. It&#039;s definitely not an ego thing, he assures us.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9RrLbYubNhAfrxZDcaY7N9-1280-80.jpg">
                                                            <media:credit><![CDATA[Future]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A photo showing a top-down view of a TP-Link Archer BE9700 Wi-Fi 7 router.]]></media:description>                                                            <media:text><![CDATA[A photo showing a top-down view of a TP-Link Archer BE9700 Wi-Fi 7 router.]]></media:text>
                                <media:title type="plain"><![CDATA[A photo showing a top-down view of a TP-Link Archer BE9700 Wi-Fi 7 router.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9RrLbYubNhAfrxZDcaY7N9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Just a month after the <a href="https://www.pcgamer.com/hardware/networking/the-fcc-says-foreign-routers-pose-an-unacceptable-risk-and-now-require-special-approval-to-be-sold-in-the-us/" target="_blank">FCC banned foreign consumer-grade routers</a> that lack the special permissions to be sold, the Cybersecurity and Infrastructure Security Agency (CISA), along with the National Cyber Security Centre (NCSC-UK) and other security orgs, has <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113a" target="_blank">advised users of their risks</a>. Compromised home routers, it seems, are the new cybersecurity bugbears.</p><p>This is because, as CISA puts it: "Over the past few years there has been a major shift in the tactics, techniques and procedures (TTPs) used by China-nexus cyber actors, moving away from the use of individually procured infrastructure, and towards the use of externally provisioned, large-scale networks of compromised devices."</p><p>'Covert networks' have supposedly been used "for each phase of their Cyber Kill Chains, from performing scans as part of reconnaissance, to the delivery of malware, communicating with said malware, and exfiltrating stolen data from a victim."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-Xm4jRO"></div>                            </div>                            <script src="https://kwizly.com/embed/Xm4jRO.js" async></script><p>The attackers will exploit vulnerable devices, including home routers, and then sit there, using them as little nodes in their broader covert network infrastructure.</p><p>"Covert networks mostly consist of compromised SOHO routers, but they also pull in any vulnerable device they can exploit at scale" says the CISA report. Examples include webcams, firewalls, and NAS devices. If they're end-of-life (EOL) and not receiving security updates, the risk increases.</p><p>"If a particular threat group could now come from one of many covert networks," CISA says, "each with potentially hundreds of thousands of endpoints, and each used by multiple threat actors, old network defense paradigms of static malicious IP block lists will be less effective."</p><p>"A description of all known covert networks in detail, including how they are constructed and how they communicate, would immediately be out of date."</p><p>Last month, the US Federal Communications Commission (FCC) added "all consumer-grade routers produced in foreign countries" to the Covered List, meaning they'll require special permission to be sold in the US. Which, of course, does nothing to solve any compromised routers that are already sitting in homes and offices around the country.  </p><p>Firmware security company <a href="https://eclypsium.com/blog/cisa-cybsersecurity-advisory-router-botnets-fcc-router-ban/" target="_blank">Eclypsium says</a> that, with this and now the CISA advisory, "the message is clear: the SOHO router supply chain is being framed as a meaningful source of cyber risk to U.S. critical infrastructure" </p><p>However, Eclypsium says that this is "only part of the picture... a router ban can reduce some risk at the edges. It does not fundamentally change the attacker playbook."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1024px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="xKBnoERaRRpKUrwbaPyPHT" name="fallout hacking game.jpg" alt="Fallout hacking minigame" src="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT.jpg" mos="" align="middle" fullscreen="" width="1024" height="576" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Bethesda)</span></figcaption></figure><p>The most important thing, according to Eclypsium, is "defending the enterprise edge of critical infrastructure companies", and one of the biggest gaps on this front is a "lack of device integrity visibility", meaning device trust should be "continuously re-established, not assumed." </p><p>In other words, repeated security validation for devices across its entire lifespan. We need to be "continuously validating what is already inside the organization’s walls."</p><p>CISA recommends "active hunting" for the most at-risk organisations, sniffing out IP addresses that are likely part of a covert network, and to generally act more dynamically and actively to keep defenses shored up. For organisations that aren't quite as at risk, but still somewhat so, the agency advises things like zero-trust connection policies and IP address allow lists rather than deny lists for remote work.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ngq4HJFyDVZxseMf2oNVvH" name="TP-Link_GE800_7684.jpg" alt="TP-Link Archer GE800 router" src="https://cdn.mos.cms.futurecdn.net/ngq4HJFyDVZxseMf2oNVvH.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p>For organisations that aren't at risk, however, recommendations are broadly what should already be expected, such as understanding what connections you should be seeing and implementing multi-factor authentication.</p><p>There are also some more general recommendations, and you probably won't be surprised to see that these include keeping devices up to date and using modern systems and software. For the home user, just ensuring your device is still live and receiving security updates is, as always, the way to go. I wouldn't fancy being a larger organisation having to do much more to deal with these "covert networks",  though.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Someone has apparently snaffled up 31 WordPress plugins and wedged a backdoor in each one ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/someone-has-apparently-snaffled-up-31-wordpress-plugins-and-wedged-a-backdoor-in-each-one/</link>
                                                                            <description>
                            <![CDATA[ Don't blog without the proper protections in place, folks. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">QQLyxwFawMzzoDoEpjme9j</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 22 Apr 2026 16:28:21 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW-1280-80.jpg">
                                                            <media:credit><![CDATA[Chris Ratcliffe/Bloomberg via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg]]></media:description>                                                            <media:text><![CDATA[Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg]]></media:text>
                                <media:title type="plain"><![CDATA[Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Rather than juggling way too many tabs in Chrome, I sweep them all into <a href="https://chromewebstore.google.com/detail/onetab/chphlpgkkbolifaimnlloiipkdnihall?hl=en&pli=1">OneTab</a> and promptly forget about them—extensions and plugins are great. If I still had my own blog, I'd probably use them for all sorts of things, but third-party platform add-ons also represent a security concern.</p><p>It's important to double-check the provenance of anything you're considering adding, though I suspect few attackers will be quite as ambitious as the person who bought 30 WordPress plugins and then installed backdoors in all of them.</p><p>That's according to<a href="https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/" target="_blank"> Austin Ginder</a>, the founder of Anchor Hosting. He began to investigate after noticing the previously dormant Countdown Timer Ultimate had begun pushing out malicious code. A number of the affected plugins have since been taken offline (via <a href="https://techcrunch.com/2026/04/14/someone-planted-backdoors-in-dozens-of-wordpress-plugins-used-in-thousands-of-websites/" target="_blank">TechCrunch</a>).</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W099kO"></div>                            </div>                            <script src="https://kwizly.com/embed/W099kO.js" async></script><p>Countdown Timer Ultimate was originally built by a team called Essential Plugin. Due to a decline in revenue, the founders sold their entire business on Flippa, a private marketplace for buying and selling online outfits like Essential Plugin. <a href="https://flippa.com/blog/how-to-sell-a-wordpress-plugin-business-for-6-figures-on-flippa/" target="_blank">The platform itself shared a case study on the six-figure sale in 2025</a>. According to Ginder's timeline, the new owner allegedly planted the backdoor barely a month after that glowing post went up on Flippa.</p><p>The backdoor wasn't weaponised until about April 5, 2026, according to the blog, with the WordPress plugins team moving to shut down all 31 of Essential Plugin's offerings. Quick action is definitely welcome in a situation like this, but Ginder criticises the fact that no users would have suspected anything was up until the attack began.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tv5e8eVbT7uQcLL7Dtt3bZ" name="hacking-omg.jpg" alt="Person typing on a laptop with red and blue lighting" src="https://cdn.mos.cms.futurecdn.net/tv5e8eVbT7uQcLL7Dtt3bZ.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Westend61)</span></figcaption></figure><p>He writes, "WordPress.org has no mechanism to flag or review plugin ownership transfers. There is no 'change of control' notification to users. No additional code review triggered by a new committer."</p><p>Worse still, Ginder reports this sort of hijack is not uncommon. Ginder shares one story from 2017 where someone "purchased the Display Widgets plugin (200,000 installs) for $15,000 and injected payday loan spam." He also shares another story from earlier this very month, where someone launched <a href="https://anchor.host/how-i-caught-a-wordpress-plugin-supply-chain-attack/" target="_blank">a supply chain attack via the previously trusted Widget Logic WordPress plugin</a>.</p><p>For context, the <a href="https://essentialplugin.com/wordpress-development-company/" target="_blank">Essential plugin team's website</a> is still live, touting "15,000+ Global Happy Customers." That's a lot of users who could have been potentially affected—how many of them would have no idea until either WordPress took the plugins down, or they independently stumbled across news coverage of the polluted plugins themselves? It's hard not to see Ginder's argument.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'Defenders finally have a chance to win, decisively': Firefox CTO raves about Claude Mythos' bug hunting capabilities after it finds 271 vulnerabilities ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/browsers/defenders-finally-have-a-chance-to-win-decisively-firefox-cto-raves-about-claude-mythos-bug-hunting-capabilities-after-it-finds-271-vulnerabilities/</link>
                                                                            <description>
                            <![CDATA[ That's one heck of a fly swatter, Anthropic. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cuD6FmgYG4DJJ5QKvpt5q4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JFixp63yhVS9YLjvmczgBd-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 22 Apr 2026 10:41:29 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Browsers]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JFixp63yhVS9YLjvmczgBd-1280-80.jpg">
                                                            <media:credit><![CDATA[Mozilla]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Mozilla Firefox logo on gradient background]]></media:description>                                                            <media:text><![CDATA[Mozilla Firefox logo on gradient background]]></media:text>
                                <media:title type="plain"><![CDATA[Mozilla Firefox logo on gradient background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JFixp63yhVS9YLjvmczgBd-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>When you create anything, whether that be software or a short story about two characters that never meet, there's no telling what a fresh pair of eyes will bring to the work. Once a work breaches containment, your adoring audience may reward you with a short work of fanfiction—or make you kick yourself by immediately sniffing out a zero-day exploit. Well, Firefox claims that thanks to AI, 'the zero-days are numbered.'</p><p><a href="https://blog.mozilla.org/en/firefox/hardening-firefox-anthropic-red-team/" target="_blank">Firefox teamed up with Anthropic’s Frontier Red Team</a> earlier this year to leverage AI tools in finding and securing zero-day exploits before they have a chance to be unearthed in the real world. As part of that collaboration, Mozilla recently <a href="https://blog.mozilla.org/en/firefox/ai-security-zero-day-vulnerabilities/" target="_blank">applied an early version of Claude Mythos to the Firefox bug hunt</a>.</p><p>The bot found 271 vulnerabilities, which the browser team were then able to fix and ship as part of Firefox 150. Coupled with reports of Claude Mythos finding thousands of vulnerabilities in '<a href="https://www.pcgamer.com/software/ai/anthropics-new-claude-mythos-ai-model-has-apparently-found-thousands-of-vulnerabilities-in-every-major-operating-system-and-every-major-web-browser-along-with-a-range-of-other-important-pieces-of-software/" target="_blank">every major operating system and every major web browser, along with a range of other important pieces of software</a>' earlier this month, this could be a security game-changer.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W099kO"></div>                            </div>                            <script src="https://kwizly.com/embed/W099kO.js" async></script><p>Firefox CTO Bobby Holley is quick to note that none of the bugs found by Claude Mythos "couldn’t have been found by an elite human researcher," but also highlights that much of security is a battle fought "to a draw."</p><p>"Vendors of critical internet-exposed software like Firefox take security extremely seriously and have teams of people who get out of bed every morning thinking about how to keep users safe," he explains, "Nevertheless, we’ve all long quietly acknowledged that bringing exploits to zero was an unrealistic goal."</p><p>This is largely because it can be so time-consuming for even a team of 'elite human researchers' to pore over source code and look for exploits. Holley reflects on the sense of 'vertigo' these sorts of AI-assisted findings brought up for the browser team, sharing, "Just one such bug would have been red-alert in 2025, and so many at once makes you stop to wonder whether it’s even possible to keep up."</p><p>But ultimately, Holley is hopeful for the future of security supported by AI assistance: "Our work isn’t finished, but we’ve turned the corner and can glimpse a future much better than just keeping up. Defenders finally have a chance to win, decisively."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Security researchers hacked the demo version of the European Commission's new age verification app in less than two minutes ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/security-researchers-hacked-the-demo-version-of-the-european-commissions-new-age-verification-app-in-less-than-two-minutes/</link>
                                                                            <description>
                            <![CDATA[ Still a far cry from 'actually ready'. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qUASGKDjc8FhtyK2icyJbG</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kNCDGE87fMuTymbxurAHYN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 21 Apr 2026 14:24:43 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kNCDGE87fMuTymbxurAHYN-1280-80.jpg">
                                                            <media:credit><![CDATA[boonchai wedmakawand via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A stock photo of a hacker with computers in dark room. The devices are displaying computer code on the screens.]]></media:description>                                                            <media:text><![CDATA[A stock photo of a hacker with computers in dark room. The devices are displaying computer code on the screens.]]></media:text>
                                <media:title type="plain"><![CDATA[A stock photo of a hacker with computers in dark room. The devices are displaying computer code on the screens.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kNCDGE87fMuTymbxurAHYN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>I've said it before, and I'll say it again: I'm really not keen on handing over any of my personally identifying details to a third-party age verification vendor. Whether it be a scan of my face, my official ID, or my <em>payment card, </em>I'd rather not engage with yet another potential point of failure for my data to leak out from. Unfortunately, we are rapidly approaching a widely age-gated internet.</p><p>As such, the European Commission has been working on developing an app to use across online services in EU member states. EC president Ursula von der Leyen <a href="https://ec.europa.eu/commission/presscorner/detail/en/statement_26_817" target="_blank">recently stated</a> that this age verification app is "technically ready" and will "soon [be] available for citizens to use." <a href="https://github.com/eu-digital-identity-wallet/av-app-android-wallet-ui" target="_blank">A demo of the Android app is available via GitHub</a>—though security researchers claim they were able to bypass the security practices of this version in under two minutes (via <a href="https://www.sofx.com/eu-declared-age-app-ready-while-github-flagged-it-unfit-then-hackers-bypassed-it-in-2-minutes/" target="_blank">SOFX</a>).</p><p>UK-based security consultant <a href="https://x.com/Paul_Reviews/status/2044723123287666921" target="_blank">Paul Moore took to X to demonstrate</a> just how easy it is to steal the contents of someone else's 'identity wallet' and present it as your own. Moore tagged von der Leyen in his post, before writing, "This product will be the catalyst for an enormous breach at some point. It's just a matter of time."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W099kO"></div>                            </div>                            <script src="https://kwizly.com/embed/W099kO.js" async></script><p>The app currently requires users to input a six-digit PIN. However, Moore's screen recording demonstrates you can easily scrub a user's previous PIN from the app’s eudi-wallet.xml configuration file, set a fresh PIN via the app, and then use that to gain access to the verified credentials saved to the device. This bypass could be used by bad actors—or the youngsters in your life who know how to unlock your phone and possess enough technical know-how to find the .xml in question.</p><p>The European Commission <a href="https://www.politico.eu/article/eu-brussels-launched-age-checking-app-hackers-say-took-them-2-minutes-break-it/" target="_blank">clarified to Politico last week</a> that this exploit was present in the demo version, but that the bypass would not be present in the full release. Digital spokesperson Thomas Regnier introduced some wiggle room, explaining, "When we say it's a final version, it's still a demo version...the code will be constantly updated and improved."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="pdDL8Uyn7FY6vpFU6Q55nB" name="GTA Online Age Verification" alt="Grand Theft Auto Online" src="https://cdn.mos.cms.futurecdn.net/pdDL8Uyn7FY6vpFU6Q55nB.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Rockstar Games)</span></figcaption></figure><p>The whole episode follows <a href="https://www.pcgamer.com/hardware/scientists-warn-against-crappy-age-verification-if-implemented-without-careful-consideration-the-new-regulation-might-cause-more-harm-than-good/" target="_blank">a joint statement from 400 security researchers</a> sent to the European Commission last month. This statement raised a number of concerns, including how easy it is to bypass existing age estimation services (our James <a href="https://www.pcgamer.com/hardware/brits-can-get-around-discords-age-verification-thanks-to-death-strandings-photo-mode-bypassing-the-measure-introduced-with-the-uks-online-safety-act-we-tried-it-and-it-works-thanks-kojima/" target="_blank">has written about two</a> <a href="https://www.pcgamer.com/hardware/someone-has-already-made-a-free-in-browser-3d-model-to-bypass-discord-age-verification-that-works-on-any-potato-computer/" target="_blank">different methods</a>).</p><p>Still, chief spokesperson Paula Pinho stood by President von der Leyen's original statement, telling reporters, "Yes, [the final version of the app] is ready. Maybe we can add, 'and it can always be improved'." So it often goes in software development—but given the app in question is the result of <a href="https://digital-strategy.ec.europa.eu/en/funding/call-tenders-development-consultancy-and-support-age-verification-solution" target="_blank">a €4 million tender</a>, that's going to be little comfort to grumpy guts like me or folks who genuinely just want to keep their kids safe online.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ A 17-year-old Excel vulnerability is currently being exploited by threat actors, and it's been flagged by the US' cyber defence agency ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/a-17-year-old-excel-vulnerability-is-currently-being-exploited-by-threat-actors-and-its-been-flagged-by-the-us-cyber-defence-agency/</link>
                                                                            <description>
                            <![CDATA[ The little exploit that could. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">mSSvZ3mWsu9XVz4A4qwX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 16 Apr 2026 14:16:13 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg">
                                                            <media:credit><![CDATA[Bethesda]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Fallout hacking minigame]]></media:description>                                                            <media:text><![CDATA[Fallout hacking minigame]]></media:text>
                                <media:title type="plain"><![CDATA[Fallout hacking minigame]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Though the world of hacking is only getting more and more advanced, some exploits have seemingly stuck around unchanged for years. Originally filed back in February 2009, one curious vulnerability has caught the eyes of the US government. </p><p>Published in <a href="https://www.cisa.gov/news-events/alerts/2026/04/14/cisa-adds-two-known-exploited-vulnerabilities-catalog" target="_blank">a report </a>this week by the American Cybersecurity and Infrastructure Security Agency (CISA), a 17-year-old exploit in Microsoft Office has been flagged as being actively exploited by threat actors (via <a href="https://www.theregister.com/2026/04/15/excel_exploit/?td=rt-3a" target="_blank">The Register</a>). The specifics on how to do this exploit have not been shared, but the record was last updated in 2018, implying some new information was found almost a decade after it was first spotted. </p><p>It seemingly allows remote attacks to execute code via a specifically crafted Excel document. In its first outing, this attack was used to install a Trojan dropper on a device, which would then inject further malware. The ability to upload nefarious software remotely is naturally a rather dangerous exploit. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-W099kO"></div>                            </div>                            <script src="https://kwizly.com/embed/W099kO.js" async></script><p>This exploit has a severity score of 8.8, which is very high. However, that does not automatically mean it was super popular or common: the rating is a measure of how severe the consequences of an exploit are, paired with factors like ease-of-use. But even so, a score this high means bad news. </p><p>The reason it was added to CISA's list of vulnerabilities is that it is now considered active, which implies some threat actor, or group of threat actors, has managed to use the same method today. Microsoft did patch the problem back when it first showed up, but CISA has given it two weeks to patch it once more. </p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">📢 Stay informed on the latest vulnerabilities with @CISAgov's Vulnerability Bulletin & gain valuable insights into emerging threats. 💡Check out the latest updates: https://t.co/uawsKV3yTD #Cybersecurity #InfoSec #VulnerabilityManagement pic.twitter.com/ue6PtW8sDd<a href="https://twitter.com/cantworkitout/status/2044048527966216215">April 14, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>Alongside this, CISA has also flagged up a brand new exploit which uses Microsoft Office SharePoint to "perform spoofing over a network." This one is less severe, at a score of 6.5, though it is considered active and is even automatable. This means the likes of AI agents can do this exploit en masse. </p><p>AI is a major proponent of the growth of cybercrimes, with it being a focal point of the nearly <a href="https://www.pcgamer.com/software/security/us-victims-lost-nearly-usd21-billion-to-cybercrime-last-year-says-fbi-with-crypto-and-ai-complaints-among-the-costliest/" target="_blank">$21 billion lost to cybercrime scams last year.</a> Not only have we seen AI used in the research of scams and the automation of them, but we've also seen some rather devious schemes with it, including <a href="https://www.pcgamer.com/software/ai/ai-assisted-hacking-group-hits-targets-with-a-complicated-social-engineering-scam-that-involves-deepfaked-ceos-spoofed-zoom-calls-and-a-malicious-troubleshooting-program/" target="_blank">deepfaking CEOs to prompt users to troubleshoot,</a> only for the troubleshooting program to contain nasty files.</p><p>Just because the world is adopting AI into every approach doesn't mean that threat actors won't pull out the classics when they seemingly work so well. Some things never change. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Seems like opting out of website cookies doesn't actually guarantee you are opted out of website cookies ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/seems-like-opting-out-of-website-cookies-doesnt-actually-guarantee-you-are-opted-out-of-website-cookies/</link>
                                                                            <description>
                            <![CDATA[ That's not very tasty. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">YvfRUkDs7wAeyo8ZqNrsn7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/bYZdn47Fa7mFXjEdNrYk5J-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 15 Apr 2026 15:28:56 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/bYZdn47Fa7mFXjEdNrYk5J-1280-80.jpg">
                                                            <media:credit><![CDATA[DashNet]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[cookie clicker]]></media:description>                                                            <media:text><![CDATA[cookie clicker]]></media:text>
                                <media:title type="plain"><![CDATA[cookie clicker]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/bYZdn47Fa7mFXjEdNrYk5J-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>If you click on almost any major website, you'll surely have notice that you get asked about cookies. These files store your preferences and help companies track your data. However, it turns out that even if you decline to use them, there's a good chance you're still being tracked.</p><p>A recent audit from <a href="https://globalprivacyaudit.org/2026/california" target="_blank">webXray</a> has found that "major technology companies simply ignore globally defined opt-out signals" (via <a href="https://www.techspot.com/news/112073-clicking-reject-cookies-might-not-actually-do-anything.html" target="_blank">TechSpot</a>). The report states that it observed 194 online advertising services ignore standard opt-out services, plus cookie banners certified by Google that reportedly "fail to prevent Google from setting cookies after users opt out with a globally standard signal."</p><p>webXray studied 242 ad tech vendors in total, which means an 80% failure rate to adequately opt-out users, according to the report. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-X1lxaO"></div>                            </div>                            <script src="https://kwizly.com/embed/X1lxaO.js" async></script><p>The analysis shows that 55% of sites set ad cookies despite users opting out, and 78% of cookie banners failed to protect their users. It argues that companies' liability exposure racks up to a whopping $5.8 Billion.</p><p>webXray has examined Google's own cookie system and reckons that when it sends an encoded cookie, it then reportedly responds by creating a new advertising cookie named IDE. The report says, "This non-compliance is easy to spot, hiding in plain sight," and makes the case that Google should instead respond to encrypted cookies with a 451 code, stating "unavailable for legal reasons." webXray states that Google failed to adequately opt-out users in 86% of cookies, with over 11,000 cookies set, despite user preferences. </p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">Today we release our California Privacy Audit. Top: Google, Meta, and Microsoft set cookies despite presence of Global Privacy Control opt-outs, 100% of Google-Certified Cookie Banners failed to provide full protection, with major vendors failing:https://t.co/zJKHaQ42vg<a href="https://twitter.com/cantworkitout/status/2044030354852323436">April 14, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>Microsoft and Meta are also highlighted in the report. It's claimed that both companies fail to adequately respect cookie opt-out requests. It states Microsoft creates a new MUID cookie, even when sent an encoded one, and reports it failing to opt-out users in 50% of attempts. This means that over 7,500 cookies were sent, despite opting out. </p><p>The report argues Meta's Pixel tracking code fails to check for opt-out signals, with it getting a 59% opt-out failure rate in testing. That works out to over 1,200 cookies set despite opting out. </p><p>webXray concludes that cookies are now a "legal minefield that puts users at risk", and one can hope the worry of legal fees and other penalties will eventually correct the problem. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cybersecurity experts raise the alarm over Windows Recall again: 'The vault door is titanium. The wall next to it is drywall' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/cybersecurity-experts-raise-the-alarm-over-windows-recall-again-the-vault-door-is-titanium-the-wall-next-to-it-is-drywall/</link>
                                                                            <description>
                            <![CDATA[ Hacking tool supposedly creates "precisely the scenario Microsoft’s architecture is supposed to restrict." ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">EaNf5XVtxmLREN4Ef6ahAR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/RaSZxEp25MGHEghVEtKBuJ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 15 Apr 2026 15:16:25 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/RaSZxEp25MGHEghVEtKBuJ-1280-80.jpg">
                                                            <media:credit><![CDATA[Jason Redmond / AFP via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Microsoft Corporate Vice President, Windows and Devices Pavan Davuluri speaks about Recall during the Microsoft May 20 Briefing event at Microsoft in Redmond, Washington, on May 20, 2024. Microsoft unveiled a new category of PC on Monday that features generative artificial intelligence tools built directly into Windows, the company&#039;s world leading operating system. The tech giant estimates that more than 50 million &quot;AI PCs&quot; will be sold over the next 12 months, given the appetite for devices powered by ChatGPT-style technology. (Photo by Jason Redmond / AFP) (Photo by JASON REDMOND/AFP via Getty Images)]]></media:description>                                                            <media:text><![CDATA[Microsoft Corporate Vice President, Windows and Devices Pavan Davuluri speaks about Recall during the Microsoft May 20 Briefing event at Microsoft in Redmond, Washington, on May 20, 2024. Microsoft unveiled a new category of PC on Monday that features generative artificial intelligence tools built directly into Windows, the company&#039;s world leading operating system. The tech giant estimates that more than 50 million &quot;AI PCs&quot; will be sold over the next 12 months, given the appetite for devices powered by ChatGPT-style technology. (Photo by Jason Redmond / AFP) (Photo by JASON REDMOND/AFP via Getty Images)]]></media:text>
                                <media:title type="plain"><![CDATA[Microsoft Corporate Vice President, Windows and Devices Pavan Davuluri speaks about Recall during the Microsoft May 20 Briefing event at Microsoft in Redmond, Washington, on May 20, 2024. Microsoft unveiled a new category of PC on Monday that features generative artificial intelligence tools built directly into Windows, the company&#039;s world leading operating system. The tech giant estimates that more than 50 million &quot;AI PCs&quot; will be sold over the next 12 months, given the appetite for devices powered by ChatGPT-style technology. (Photo by Jason Redmond / AFP) (Photo by JASON REDMOND/AFP via Getty Images)]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/RaSZxEp25MGHEghVEtKBuJ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Remember Windows Recall? The AI feature that essentially screenshots nearly everything you do on your PC in order to present users with a timeline of activity they can rewind back through? It was meant to be available on Copilot+ AI PCs from June 2024 but got, ahem, <em>recalled </em>a number of times amid cybersecurity concerns. The feature has since been redesigned, but security researchers are raising the alarm again.</p><p><a href="https://www.pcgamer.com/gaming-industry/microsoft-is-finally-rolling-out-its-controversial-recall-feature-that-screenshots-everything-you-do-again-but-only-for-select-users/" target="_blank">Windows Insiders have had access to the redesigned Recall since last year</a>, but allegedly the more things change, the more they stay the same. Case in point, after already breaking the original Recall, <a href="https://www.linkedin.com/posts/alexhagenah_breaking-%F0%9D%90%96%F0%9D%90%A2%F0%9D%90%A7%F0%9D%90%9D%F0%9D%90%A8%F0%9D%90%B0%F0%9D%90%AC-%F0%9D%90%91%F0%9D%90%9E%F0%9D%90%9C%F0%9D%90%9A%F0%9D%90%A5%F0%9D%90%A5-again-activity-7447864305460547585-P72P/?utm_source=share&utm_medium=member_desktop&rcm=ACoAAAGe5_YBNBxfcDaC5YJlW57cvMMdg5ZCG-g" target="_blank">security researcher Alexander Hagenah has created another tool</a> that can expose the refreshed Recall's various vulnerabilities by extracting and displaying the data it captures (via <a href="https://www.theverge.com/report/912101/microsoft-windows-recall-new-security-concerns-response" target="_blank">The Verge</a>).</p><p>Microsoft previously described Recall's security model in a <a href="https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/" target="_blank">September 2024 blog post</a>, sharing, "Recall snapshots and associated data are protected by secure VBS Enclaves." Basically, all of that potentially sensitive data is meant to be cordoned off in a "locked box that can only be accessed after permission is granted by the user through Windows Hello." </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-X1lxaO"></div>                            </div>                            <script src="https://kwizly.com/embed/X1lxaO.js" async></script><p>Unfortunately, Hagenah says, "My research shows that the vault is real, but the trust boundary ends too early.”</p><p>Hagenah's tool is called <a href="https://github.com/xaitax/TotalRecall" target="_blank">TotalRecall Reloaded</a>, but how does it work? Very simply, it will camp out quietly in the background of your desktop, and then ride the coat tails of your access to the Recall timeline when you next open the 'locked box' via a Windows Hello prompt. From there, TotalRecall Reloaded can reportedly snaffle the contents of the entire vault like a hydrocolloid bandage on a zit.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:3008px;"><p class="vanilla-image-block" style="padding-top:68.09%;"><img id="DToEFoLamXRdV4D2CZVomm" name="Recall Homepage" alt="Windows 11 Recall" src="https://cdn.mos.cms.futurecdn.net/DToEFoLamXRdV4D2CZVomm.png" mos="" align="middle" fullscreen="" width="3008" height="2048" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>Microsoft wrote back in 2024 that asking users for biometric credentials each time they want to access Recall would restrict "attempts by latent malware trying to ’ride along’ with a user authentication to steal data." Unfortunately, Hagenah says his tool creates "precisely the scenario Microsoft’s architecture is supposed to restrict."</p><p>As such, Hagenah claims he responsibly disclosed his security research to Microsoft last month—but this leads me to perhaps the most infuriating twist in this tale. According to Hagenah, Microsoft told him that what he found was 'not a vulnerability'.</p><p>In a statement to The Verge, Microsoft Security's corporate vice president David Weston said, "We appreciate Alexander Hagenah for identifying and responsibly reporting this issue. After careful investigation, we determined that the access patterns demonstrated are consistent with intended protections and existing controls, and do not represent a bypass of a security boundary or unauthorized access to data. The authorization period has a timeout and anti-hammering protection that limit the impact of malicious queries.”</p><p>Given that Recall can hoard everything from browsing history, to whatever text may have crossed your screen in the form of emails, private messages, and so on, it may be difficult to understand Microsoft's stance here. Though in its view, this doesn't qualify as a vulnerability.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="cxN83wR25nSNPzozd5nGVW" name="MS Recall" alt="Microsoft Recall" src="https://cdn.mos.cms.futurecdn.net/cxN83wR25nSNPzozd5nGVW.png" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>At the risk of over-simplifying, TotalRecall Reloaded isn't forcing Windows to do anything it doesn't already do, and a fully fledged fix would likely involve overhauling the OS's foundations. Microsoft is also hoping that prompting for biometric credentials every time a user wants to use Recall will curtail malicious activity.</p><p>To Microsoft's credit, Hagenah did praise Recall's "rock solid" VBS Enclave—though the issue isn't that the 'locked box' has a dodgy door. “The fundamental problem isn’t the crypto, the enclave, the authentication, or the PPL. It’s sending decrypted content to an unprotected process for rendering," Hagenah says, "The vault door is titanium. The wall next to it is drywall.”</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ CPUID's download page has been hacked, with its popular processor and PC info tools replaced with links to files containing malware (Update: Fixed) ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/cpuids-download-page-has-been-hacked-with-its-popular-processor-and-pc-info-tools-replaced-with-links-to-files-containing-malware/</link>
                                                                            <description>
                            <![CDATA[ Staff at CPUID have reportedly fixed the issue now. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">LTAciQp9UcNApWtAjYxLkN</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qku9TEsNL4xzJmxxEddxz4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 10 Apr 2026 10:07:20 +0000</pubDate>                                                                                                                                <updated>Fri, 10 Apr 2026 16:28:49 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nick Evanson ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/HH5qHxdCSKxFpY2HXp2Q5K.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nick, gaming, and computers all first met in the early 1980s. After leaving university, he became a physics and IT teacher and started writing about tech in the late 1990s. That resulted in him working with MadOnion to write the help files for 3DMark and PCMark. After a short stint working at Beyond3D.com, Nick joined Futuremark (MadOnion rebranded) full-time, as editor-in-chief for its PC gaming section, YouGamers. After the site shutdown, he became an engineering and computing lecturer for many years, but missed the writing bug. Cue four years at TechSpot.com covering everything and anything to do with tech and PCs. He freely admits to being far too obsessed with GPUs and open-world grindy RPGs, but who isn&#039;t these days?&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qku9TEsNL4xzJmxxEddxz4-1280-80.jpg">
                                                            <media:credit><![CDATA[CPUID]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A stylized screenshot of the software tool CPU-Z, against a colorful background]]></media:description>                                                            <media:text><![CDATA[A stylized screenshot of the software tool CPU-Z, against a colorful background]]></media:text>
                                <media:title type="plain"><![CDATA[A stylized screenshot of the software tool CPU-Z, against a colorful background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qku9TEsNL4xzJmxxEddxz4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>There are lots of great software tools out there that can tell you all kinds of things about your gaming PC, and perhaps two of the most well-known by enthusiasts are CPU-Z and HWMonitor. However, two sharp-eyed Redditors spotted that while everything seems all normal on the official download page, the links will give you files that are anything but official.</p><p>Reddit users <a href="https://www.reddit.com/r/pcmasterrace/comments/1sh4e5l/warning_hwmonitor_163_download_on_the_official/" target="_blank">DMkiIIer</a> and <a href="https://www.reddit.com/r/pcmasterrace/comments/1shbnxn/cpuid_got_compromised_via_hijack_link_to_the/" target="_blank">OthoAi5657</a> posted their discovery just a few hours ago, and the findings have been confirmed by <a href="https://x.com/vxunderground/status/2042483067655262461" target="_blank">vx-underground on </a><a href="http://x.in">X.</a></p><blockquote class="reddit-card"  ><a href="https://www.reddit.com/r/pcmasterrace/comments/1sh4e5l/warning_hwmonitor_163_download_on_the_official">WARNING! HWMonitor 1.63 Download on the official "cpuid" page is a Virus!!!</a> from <a href="https://www.reddit.com/r/pcmasterrace">r/pcmasterrace</a></blockquote><script async src="//embed.redditmedia.com/widgets/platform.js" charset="UTF-8"></script><p>In short, what look like normal download links for CPU-Z and HWMonitor, producing seemingly correct files, appear to result in your getting a file with an altered name, Russian setup language, and a different wrapper for the installation screen.</p><p>Oh, and an immediate warning from anti-virus software.</p><p>Adding to the confusion is that, instead of getting something like 'hwmonitor_1.63.exe' as your download, the file is labelled 'HWiNFO_Monitor_Setup.exe'. This has led some people to report on social media that HWInfo has been affected by malware, but this is absolutely <em>not</em> the case.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-X1lxaO"></div>                            </div>                            <script src="https://kwizly.com/embed/X1lxaO.js" async></script><p>While I haven't used HWMonitor in a long time, I do fire up CPU-Z quite often when I'm hardware testing. For example, if I want to check what BIOS version a motherboard sample is sporting, CPU-Z can tell me that within a matter of seconds. Admittedly, so can HWInfo, it's just that the program takes longer to get going than CPU-Z does.</p><p>Worryingly, this is no simple hijack of CPUID, either. According to vx-underground, "This is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain, performs file masquerading, is multi-staged, operates (almost) entirely in-memory, and uses some interesting methods to evade EDRs and/or AVs such as proxying NTDLL functionality from a .NET assembly."</p><p>"This is the same Threat Group who was masquerading FileZilla in early March, 2026. They've been busy."</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">Mr. Titus Tech is correct. cpuid-dot-com is indeed delivering malware right now.As I began poking this with I stick I discovered this is not your typical run-of-the-mill malware. This malware is deeply trojanized, distributes from a compromised domain (cpuid-dot-com), performs… https://t.co/ubkXmG7LKV pic.twitter.com/jPlAMmpijN<a href="https://twitter.com/cantworkitout/status/2042483067655262461">April 10, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>The hack vx-underground is referring to was <a href="https://www.malwarebytes.com/blog/threat-intel/2026/03/a-fake-filezilla-site-hosts-a-malicious-download" target="_blank">subtle but also very devious</a>, though it's certainly not the only instance of FileZilla (an FTP client) being the target for malware. As to who's behind all of this, that's not certain at all, but if it is indeed the same group that targeted CPUID and FileZilla, then other popular PC software tools could well be next.</p><p>Your best defence in all of this is to use a good anti-virus/malware package, keep it regularly updated, and make sure you scan any programs or compressed files that you download. In the case of common software tools, you can also try downloading several copies, from different sources, and comparing the file names, sizes, and digital signatures. If they're all legitimate, they will be identical in every respect.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Hackers claim they've breached a Chinese supercomputer and are demanding huge amounts of crypto for the data, but security researchers are sceptical ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/hackers-claim-theyve-breached-a-chinese-supercomputer-and-are-demanding-huge-amounts-of-crypto-for-the-data-but-security-researchers-are-sceptical/</link>
                                                                            <description>
                            <![CDATA[ The jury is still out on this one. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">XD4X8xoorxbrfNrNvXZ8f8</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/jY4T9qtnQJh2MSVgPD2Sc4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 09 Apr 2026 14:34:38 +0000</pubDate>                                                                                                                                <updated>Thu, 09 Apr 2026 14:34:44 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/cMDJJibKgeMg3wogzv9AgY.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending a significant chunk of that time working on print publications PLAY and Official PlayStation Magazine. When she’s not investigating all things hardware here, she&#039;s either constructing a passionate defence of a 7/10 game, daydreaming about her debut novel, or feeling wistful about the last time she chased some nerds around a field with an oversized foam sword.&amp;nbsp;&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/jY4T9qtnQJh2MSVgPD2Sc4-1280-80.jpg">
                                                            <media:credit><![CDATA[Bloomberg Creative - Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Flag of China]]></media:description>                                                            <media:text><![CDATA[Flag of China]]></media:text>
                                <media:title type="plain"><![CDATA[Flag of China]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/jY4T9qtnQJh2MSVgPD2Sc4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Earlier this year, dark web hackers claimed to have exfiltrated a huge amount of data from the National Supercomputing Center (NSCC) in Tianjin, China. The hacker group FlamingChina claims that it stole 10 petabytes of data pertaining to advanced science and defence agencies within China. However, a number of security researchers have since cast doubt on the leak's legitimacy.</p><p>As far as I can tell, NetAskari was the first to bring the data leak to wider attention back in February 2026 <a href="https://x.com/NetAskari/status/2023044109833810006?s=20" target="_blank">via X</a>, before further <a href="https://netaskari.substack.com/p/chinas-massive-data-leak-of-military" target="_blank">delving into a sample of the leaked files on their SubStack</a>.</p><p>According to them, a dark web forum user going by the handle 'airborneshark1' initially offered a sample of the full leak for $3,000 USD (in cryptocurrency, of course), before offering up all 10 petabytes to the highest bidder.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-X1lxaO"></div>                            </div>                            <script src="https://kwizly.com/embed/X1lxaO.js" async></script><p>NetAskari was able to obtain a multi-gigabyte sample of the allegedly stolen data. This includes screenshots of the internal system directory layout and user credentials as supporting evidence that some kind of hack did take place.</p><p>Beyond that, this sample also included PDFs of reports and handbooks, radar test data, and physics simulation renderings depicting "the effect of payloads and weapon systems against certain targets and materials."</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">❗️The leaked sample data from China's National Supercomputing Center in Tianjin includes a video of what seems to be a simulation of a bunker buster bomb, designed to penetrate bunkers and damage underground structures. https://t.co/AC2PmfTZTj pic.twitter.com/Br4vQqLCVi<a href="https://twitter.com/cantworkitout/status/2034632403696656542">March 19, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>China's NSCC undertakes supercomputing tasks from about 6,000 clients, potentially explaining the breadth of files.</p><p><a href="https://edition.cnn.com/2026/04/08/china/china-supercomputer-hackers-hnk-intl" target="_blank">CNN has since picked up the story</a>, reaching out to China’s Ministry of Science and Technology as well as the Cyberspace Administration of China for comment. At the time of writing, there has been no official comment on the data breach. That could be for a number of security reasons, but there's also a chance that this leak is simply not legitimate.</p><p>For instance, security researcher and malware archivist Vx-underground <a href="https://x.com/vxunderground/status/2042037604283990088" target="_blank">expressed their scepticism via X</a>, writing, "Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time [...] I have not seen the moniker 'FlamingChina' before."</p><p>NetAskari notes that the hacker group FlamingChina has had a Telegram channel since at least February 5. That said, they also say this is less likely a permanent 'base of operations', so to speak and more likely just a short-term alias.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">Chinese government super computer (allegedly) compromised and (allegedly) 10PB exfiltrated.The source is CNN.Something about this story is very strange to me. I've been doing cybersecurity stuff for a long, long time. I'm usually on top of most cybersecurity incidents,… pic.twitter.com/tFLrDet4MW<a href="https://twitter.com/cantworkitout/status/2042037604283990088">April 9, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>They also write that getting 10 petabytes out of any high-security facility without being noticed over months and months would be quite a feat if it were legitimate. "Did they truly get 10 PB!? We don't know. To extract such an amount of data means, you have to be lodged in the system over a longer period of time," NetAskari writes.</p><p>"Most likely with the help of someone from the inside. Even if the cyber security is a little bit shoddy, eventually someone probably would notice a constant data extraction process of this size."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2109px;"><p class="vanilla-image-block" style="padding-top:67.43%;"><img id="BTvwifuqkVLC9Kj7mjxrNi" name="GettyImages-1942927607.jpg" alt="An illustration of a silhouetted thief in motion running while carrying a stolen fingerprint. The overall aesthetic is bold and dynamic." src="https://cdn.mos.cms.futurecdn.net/BTvwifuqkVLC9Kj7mjxrNi.jpg" mos="" align="middle" fullscreen="" width="2109" height="1422" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p>CNN posits a botnet-based approach that could have distributed the extraction of data across many sources simultaneously, thereby making such an attack difficult to trace.</p><p>Vx-underground is more intrigued about the practicalities of holding on to all of that data. "I'm also very curious [about] the 10 PETABYTES of data exfiltrated because [that] is an unfathomable number," they write, "10PB is 10,000 TB. Even in cold storage that's roughly $43,000/month. If it's 'hot storage' you're looking at something like, $150,000/month, that doesn't even include the fees for moving the data which would be ASTRONOMICAL."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2122px;"><p class="vanilla-image-block" style="padding-top:66.54%;"><img id="qSpfj64SGsd4MVkEqi3Vmg" name="GettyImages-2225582668" alt="Hacker in hoodie dark theme Hacker in a blue hoody standing in front of a coding background with binary streams and information security terms cybersecurity concept - stock photo" src="https://cdn.mos.cms.futurecdn.net/qSpfj64SGsd4MVkEqi3Vmg.jpg" mos="" align="middle" fullscreen="" width="2122" height="1412" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Getty Images)</span></figcaption></figure><p>CNN itself reached out to a number of experts to speak to the authenticity of the leak's contents, including Dakota Cary. A consultant at SentinelOne, a cybersecurity firm focusing on China, Cary told CNN that the leak's contents were what he would expect given the alleged source, elaborating, "You would use supercomputer centers for large computational tasks. The swath of samples that the sellers put out kind of really speaks to the breadth of customers that this supercomputing center had."</p><p>That doesn't sound like the most damning evidence to me. Cary also went on to share that China has had "really poor cybersecurity for a very long time across a wide number of industries and organizations." He went on to tell CNN, "If you look at what Chinese policymakers say themselves, cybersecurity in China has not been good. They would say it’s still improving at this point in time."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ US victims lost nearly $21 billion to cybercrime last year says FBI with crypto and AI 'complaints among the costliest' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/us-victims-lost-nearly-usd21-billion-to-cybercrime-last-year-says-fbi-with-crypto-and-ai-complaints-among-the-costliest/</link>
                                                                            <description>
                            <![CDATA[ A good reason to be even more sceptical of everything you see online. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hbiTa4QqvcZe2AmsnfTUon</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/tv5e8eVbT7uQcLL7Dtt3bZ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 09 Apr 2026 11:45:10 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/PVsHAkx27zJptZHndizEAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/tv5e8eVbT7uQcLL7Dtt3bZ-1280-80.jpg">
                                                            <media:credit><![CDATA[Westend61]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Person typing on a laptop with red and blue lighting]]></media:description>                                                            <media:text><![CDATA[Person typing on a laptop with red and blue lighting]]></media:text>
                                <media:title type="plain"><![CDATA[Person typing on a laptop with red and blue lighting]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/tv5e8eVbT7uQcLL7Dtt3bZ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As AI continues to make its way into every walk of life, it seems like it has boldened and bolstered bad actors, with the FBI reporting crime complaints almost 20% higher than the previous year. Its latest analysis reports over 1,000,000 complaints in 2025. </p><p>The FBI reports that, among the $21 billion lost to cybercrime in 2025, "cryptocurrency and artificial intelligence-related complaints [were] among the costliest."</p><p>It tallied the 1,008,597 complaints sent to the Internet Crime Complaint Center during that period (higher than the 859,532 reports in 2024), and the most common of these complaints were phishing, extortion and investment schemes. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-X1lxaO"></div>                            </div>                            <script src="https://kwizly.com/embed/X1lxaO.js" async></script><p>Among those hit hardest were holders of cryptocurrency who, with 181,565 complaints, totalled $11 billion in losses. Cryptocurrency holders are often targeted by hacks and scams, partly because one can obfuscate wallets through many transactions, but also partly because it's a newer technology with less regulation, where owners are encouraged to store large amounts of cash at once. </p><p>Notably, despite only making up 22,364 complaints in 2025, Americans lost nearly $893 million in scams. AI-led scams have been more and more popular recently. <a href="https://www.pcgamer.com/software/ai/google-has-published-a-list-of-ways-ai-is-currently-being-used-by-threat-actors-to-more-efficiently-hack-you/" target="_blank">Google published a report in February</a> on all the ways that threat actors are using AI to hack victims, and speed up efficiency in hacking organisations, and last October, it was revealed that <a href="https://www.pcgamer.com/software/security/people-are-falling-for-ai-phishing-attempts-4-5x-more-often-than-human-ones-but-the-solutions-are-the-same-as-ever/" target="_blank">people fall for AI phishing attempts 4.5 x more than human ones</a>.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1024px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="xKBnoERaRRpKUrwbaPyPHT" name="fallout hacking game.jpg" alt="Fallout hacking minigame" src="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT.jpg" mos="" align="middle" fullscreen="" width="1024" height="576" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Bethesda)</span></figcaption></figure><p>And AI-led scams only threaten to get worse with time. At the start of the year, we saw a complicated 'social engineering scam' where people used <a href="https://www.pcgamer.com/software/ai/ai-assisted-hacking-group-hits-targets-with-a-complicated-social-engineering-scam-that-involves-deepfaked-ceos-spoofed-zoom-calls-and-a-malicious-troubleshooting-program/" target="_blank">deepfaked versions of CEOs to garner trust</a>, with victims being redirected towards a troubleshooting software that would then get into their devices.  </p><p>This is something noted in the FBI's report: "Scammers rely on pressure techniques to defraud Americans while deploying fake social profiles, voice clones, identification documents, and believable videos depicting public figures or loved ones."</p><p>With so many of the most noteworthy AI cybercrimes only being spotted at the start of this year, it's hard to imagine next year's cybercrime stats being any better. One can only hope that, as these scams get smarter, our defences get smarter in turn. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Anthropic's new Claude Mythos AI model has apparently found thousands of vulnerabilities in 'every major operating system and every major web browser, along with a range of other important pieces of software' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/ai/anthropics-new-claude-mythos-ai-model-has-apparently-found-thousands-of-vulnerabilities-in-every-major-operating-system-and-every-major-web-browser-along-with-a-range-of-other-important-pieces-of-software/</link>
                                                                            <description>
                            <![CDATA[ It managed to find a vulnerability in OpenBSD that had lain hidden for 27 years. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">Pt3fM5M445dCcHpvLLshad</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/NSshYFCwhM3hJ3MHBb38Eo-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Apr 2026 12:28:37 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[AI]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nick Evanson ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/HH5qHxdCSKxFpY2HXp2Q5K.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nick, gaming, and computers all first met in the early 1980s. After leaving university, he became a physics and IT teacher and started writing about tech in the late 1990s. That resulted in him working with MadOnion to write the help files for 3DMark and PCMark. After a short stint working at Beyond3D.com, Nick joined Futuremark (MadOnion rebranded) full-time, as editor-in-chief for its PC gaming section, YouGamers. After the site shutdown, he became an engineering and computing lecturer for many years, but missed the writing bug. Cue four years at TechSpot.com covering everything and anything to do with tech and PCs. He freely admits to being far too obsessed with GPUs and open-world grindy RPGs, but who isn&#039;t these days?&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/NSshYFCwhM3hJ3MHBb38Eo-1280-80.jpg">
                                                            <media:credit><![CDATA[NurPhoto via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An image showing the Claude AI logo displayed on the screen of a smartphone placed on a reflective surface onto which lines of computer code are projected.]]></media:description>                                                            <media:text><![CDATA[An image showing the Claude AI logo displayed on the screen of a smartphone placed on a reflective surface onto which lines of computer code are projected.]]></media:text>
                                <media:title type="plain"><![CDATA[An image showing the Claude AI logo displayed on the screen of a smartphone placed on a reflective surface onto which lines of computer code are projected.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/NSshYFCwhM3hJ3MHBb38Eo-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>If there's one thing that AI is good at, particularly language models, it's detecting patterns in datasets so large that it would be practically impossible for humans to sift through them all, quickly and accurately. That certainly seems to be the case with Anthropic's new general-purpose model, Claude Mythos, as the company has announced that it used it to detect "thousands of high-severity vulnerabilities, including some in every major operating system and web browser."</p><p>Alongside the launch of Claude Mythos, Anthropic also announced <a href="https://www.anthropic.com/glasswing" target="_blank">Project Glasswing</a>, an "initiative that brings together Amazon Web Services, Apple, Broadcom, Cisco, CrowdStrike, Google, JPMorganChase, the Linux Foundation, Microsoft, NVIDIA, and Palo Alto Networks in an effort to secure the world’s most critical software."</p><p>This is all down to Claude Mythos finding so many vulnerabilities, and perhaps more importantly, "99% of [those] found have not yet been patched". </p><p>If all of this seems very alarming, Anthropic's detailed <a href="https://red.anthropic.com/2026/mythos-preview/" target="_blank">blog post on the project</a> reminds us that such vulnerabilities are only a potential weakness: someone has to figure out how to exploit them and then successfully use them in the wild.</p><p>Don't breathe a sigh of relief just yet, though. "We have seen Mythos Preview write exploits in hours that expert penetration testers said would have taken them weeks to develop," writes Anthropic. </p><p>Oh, that's not good at all. Anyway, one such example that Mythos created was an exploit for an old vulnerability in <a href="https://ffmpeg.org/" target="_blank">FFmpeg</a>:</p><p>"The underlying bug dates back to the 2003 commit that introduced the H.264 codec. And then, in 2010, this bug was turned into a vulnerability when the code was refactored. Since then, this weakness has been missed by every fuzzer and human who has reviewed the code, and points to the qualitative difference that advanced language models provide.</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-Oq8PwW"></div>                            </div>                            <script src="https://kwizly.com/embed/Oq8PwW.js" async></script><p>In addition to this vulnerability, Mythos Preview identified several other important vulnerabilities in FFmpeg after several hundred runs over the repository, includ[ing] further bugs in the H.264, H.265, and AV1 codecs, along with many others."</p><p>It's worth noting that there's a distinct financial cost to all of this, because running all those mega AI servers isn't free, and code repositories need to be repeatedly scanned to find bugs. Anthropic discovered a vulnerability via a 27-year-old bug in <a href="https://www.openbsd.org/" target="_blank">OpenBSD</a>: </p><p>"Across a thousand runs through our scaffold, the total cost was under $20,000 and found several dozen more findings. While the specific run that found the bug above cost under $50, that number only makes sense with full hindsight. Like any search process, we can't know in advance which run will succeed."</p><p>One good bit of news is that Anthropic actually <a href="https://x.com/FFmpeg/status/2041595801483264002" target="_blank">sent patches out to FFmpeg</a>, though it's not clear as to whether AI was used to generate the fixes themselves. Another bit of good news is actually the whole caboodle.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:3840px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="YQxRRHrtJC6P5tbohXotpS" name="FRT-Blog-Chart-CMP-Firefox-exploit" alt="A chart produced by Anthropic showing the relative differences in creating successful exploits via its three variants of Claude AI" src="https://cdn.mos.cms.futurecdn.net/YQxRRHrtJC6P5tbohXotpS.jpg" mos="" align="middle" fullscreen="" width="3840" height="2160" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">Mythos is <em>way</em> better than Anthropic's other models at creating successful exploits. </span><span class="credit" itemprop="copyrightHolder">(Image credit: Anthropic)</span></figcaption></figure><p>As worrying as it may seem that an AI model has discovered thousands of vulnerabilities in the software that we all use on a daily basis, with the issues now exposed, Claude Mythos has found exposable bugs that passed mere humans by. If the AI model can find new ones quicker than any human can, it's perhaps the turning point in staying one step ahead of hackers and cybercrime.</p><p>And this makes me wonder as to whether the future of software will see email servers using AI servers to detect spam, phishing mail, or other dodgy messages and delete them so that they never get sent out. Imagine the same thing running on phone networks, nixing spam SMS and robocalls.</p><p>Hmm, that sounds suspiciously like the beginning of a Skynet-type of AI that decides the real problem isn't vulnerabilities and exploits, but human beings. Yeah, maybe traditional spam filters aren't so bad after all.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Two high-rated motherboard security vulnerabilities have been identified in Gigabyte Control Center, so come update your software along with me ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/two-high-rated-motherboard-security-vulnerabilities-have-been-identified-in-gigabyte-control-center-so-come-update-your-software-along-with-me/</link>
                                                                            <description>
                            <![CDATA[ Time for a spring clean. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cg3K8KKEhy8EyMGcBDWqaD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xgA5S2JiXAXvKGMQEaHZWT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 02 Apr 2026 11:16:27 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ZGont4SjJV38V5HWmjfNAE.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xgA5S2JiXAXvKGMQEaHZWT-1280-80.jpg">
                                                            <media:credit><![CDATA[GIGABYTE]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[GIGABYTE X870e motherboard and AMD Ryzen 9 processor]]></media:description>                                                            <media:text><![CDATA[GIGABYTE X870e motherboard and AMD Ryzen 9 processor]]></media:text>
                                <media:title type="plain"><![CDATA[GIGABYTE X870e motherboard and AMD Ryzen 9 processor]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xgA5S2JiXAXvKGMQEaHZWT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As an owner of a Gigabyte motherboard, I am intimately familiar with the intricacies of the <a href="https://www.gigabyte.com/consumer/software/gigabyte-control-center/global" target="_blank">Gigabyte Control Center</a> (GCC) app. We've had issues in the past, me and that particular program. Anyway, there's an even better reason to update it now, as the company has posted <a href="https://www.gigabyte.com/Support/Security" target="_blank">two separate advisories</a> relating to a pair of particularly nasty security vulnerabilities.</p><p>Candidate number one is called <a href="https://www.gigabyte.com/Support/Security/2377" target="_blank">CVE-2026-4415</a>, and it scores an 8.1 out of ten on the CVSS scale. That's High, for those of you wondering. "The issue stems from insufficient input validation during file handling within the GCC software", says Gigabyte. </p><p>"When the pairing feature is enabled, an unauthenticated remote attacker with network access can write arbitrary files to any location on the underlying operating system."</p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-Oq8PwW"></div>                            </div>                            <script src="https://kwizly.com/embed/Oq8PwW.js" async></script><p>Yep, that sounds bad. The vulnerability affects GCC versions 25.07.21.01 and earlier, with the more recent versions plugging the gap. "Customers are strongly advised to upgrade to <a href="https://www.gigabyte.com/Support/Utility?kw=GIGABYTE+Control+Center&p=1" target="_blank">the latest GCC version</a> immediately", says Gigabyte. I will, thanks very much.</p><p>The second issue scores slightly lower on the CVSS scale (7.8, which is still classed as High), but is still well worth an update to fix. <a href="https://www.gigabyte.com/Support/Security/2376" target="_blank">CVE-2026-4416</a> is related to GCC's EasyTune Engine Service, and "allows a local malicious actor to execute arbitrary code with system privileges, leading to Local Privilege Escalation."</p><p>So, depending on your network setup and who has local access to your PC, it doesn't seem quite as bad as the first issue. Still, a security hole identified is a security hole worth plugging, and this one is also fixed by the very latest version of Gigabyte Control Center.</p><p>Motherboard software like GCC is very easy to forget about after its been setup. Even if you're not running a Gigabyte mobo, I'd say it's worth having a check of whatever motherboard software package is currently installed, and making sure everything is ship-shape and up-to-date. Better safe than sorry, as my dear old mother used to say.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Web-code library with millions of weekly downloads poisoned by malicious release: 'This is unironically a malware nuclear missile' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/web-code-library-with-millions-of-weekly-downloads-poisoned-by-malicious-release-this-is-unironically-a-malware-nuclear-missile/</link>
                                                                            <description>
                            <![CDATA[ Developers using Axios are recommended to check for exposure. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">KWAbJYFie9hqWTV5LNnsK4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 01 Apr 2026 12:02:40 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jacob Fox ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/kwSjjnBRtitBmscifdHJ7R.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob&#039;s led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world&#039;s #1 PC Gaming site full-time. It&#039;s definitely not an ego thing, he assures us.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg">
                                                            <media:credit><![CDATA[Bethesda]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Fallout hacking minigame]]></media:description>                                                            <media:text><![CDATA[Fallout hacking minigame]]></media:text>
                                <media:title type="plain"><![CDATA[Fallout hacking minigame]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>One of the most popular JavaScript libraries, Axios, was recently the victim of an attack that had fake, malicious versions available to roll out to developers. These malicious versions install a remote access trojan (RAT), which is, as the name implies, a kind of malware that allows an attacker to access compromised devices from a remote location.</p><p>Google has <a href="https://cloud.google.com/blog/topics/threat-intelligence/north-korea-threat-actor-targets-axios-npm-package" target="_blank">identified the attackers</a> responsible as likely being UNC1069, "a financially motivated North Korea-nexus threat actor" that goes by CryptoCore.</p><p>They compromised the Axios maintainer's npm account, npm being a trusted online registry of JavaScript code for users to share and use. Two poisoned packages were added to the Axios npm, and these added a new dependency that installs a RAT. </p><p>Malicious code never got into the official Axios software itself, which remains safe, but instead two separate malicious versions were published from an account that usually publishes legitimate Axios versions. Given the way npm works, these compromised, fake versions were able to be pushed to some developers.</p><p>The attack was staged almost a day in advance, the two poisoning attacks were timed pretty precisely, and evidence was erased post-exploit, pointing towards a calculated rather than opportunistic attack. </p><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-OKQz7e"></div>                            </div>                            <script src="https://kwizly.com/embed/OKQz7e.js" async></script><p>As cybersecurity company<a href="https://www.stepsecurity.io/blog/axios-compromised-on-npm-malicious-versions-drop-remote-access-trojan" target="_blank"> StepSecurity explains:</a> "This was not opportunistic. It was precision. The malicious dependency was staged 18 hours in advance. Three payloads were pre-built for three operating systems. Both release branches were poisoned within 39 minutes of each other. </p><p>Every artifact was designed to self-destruct. Within two seconds of npm install, the malware was already calling home to the attacker's server before npm had even finished resolving dependencies. This is among the most operationally sophisticated supply chain attacks ever documented against a top-10 npm package."</p><p>However, it's important to note that developers using Axios wouldn't have been automatically infected. The malicious versions would have been automatically installed by many projects whenever they next run an npm install command. How often this command is run depends entirely on the company—maybe every week or two, or with a new package install.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="SM8hnsh8PPqNMXUJSPvVmW" name="AMD Hack Password.jpg" alt="Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg" src="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Chris Ratcliffe/Bloomberg via Getty Images)</span></figcaption></figure><p>Given that the malicious versions were removed within a few hours, it's likely that most developers using Axios are safe. However, <a href="https://www.bitdefender.com/en-us/blog/businessinsights/technical-advisory-axios-npm-supply-chain-attack-cross-platform-rat-deployed-compromised-account" target="_blank">BitDefender says</a> its "telemetry confirms RAT execution attempts on customer systems, blocked by GravityZone and says "the blast radius is not theoretical."</p><p>The company recommends identifying exposure, assessing for prior compromise, and monitoring outgoing. <a href="https://www.malwarebytes.com/blog/news/2026/03/axios-supply-chain-attack-chops-away-at-npm-trust" target="_blank">Malwarebytes says</a>: "If you are a developer deploying Axios, treat any machine that installed the bad versions as potentially fully compromised and rotate secrets. The attacker may have obtained repo access, signing keys, API keys, or other secrets that can be used to backdoor future releases or attack your backend and users."</p><p>Someone from a cybersecurity site and educational malware repo, VX-Underground, recently <a href="https://x.com/vxunderground/status/2038836590290620726" target="_blank">explained the severity of this on X</a> as follows: "The impact from Axios being compromised is devastating, the fallout from this will be a massive headache. This is unironically a malware nuclear missile and will likely be studied in the future."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Google says it's preparing for the quantum apocalypse, when traditional encryption methods are broken by quantum computers, by 2029—which is much sooner than originally expected ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/google-says-its-preparing-for-the-quantum-apocalypse-when-traditional-encryption-methods-are-broken-by-quantum-computers-by-2029-which-is-much-sooner-than-originally-expected/</link>
                                                                            <description>
                            <![CDATA[ Well, it's been fun folks. Thanks for all the fish. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rbB8q6YvaPuNPbjgReWVE6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/8RdZWA9vJcT3jihHWavhXe-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 26 Mar 2026 16:04:37 +0000</pubDate>                                                                                                                                <updated>Thu, 26 Mar 2026 16:06:01 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/RqRA6M28uuy6JeF64tnvJR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/8RdZWA9vJcT3jihHWavhXe-1280-80.png">
                                                            <media:credit><![CDATA[Maxis, Electronic Arts]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Sims 4 - Bella Goth screams in horror]]></media:description>                                                            <media:text><![CDATA[Sims 4 - Bella Goth screams in horror]]></media:text>
                                <media:title type="plain"><![CDATA[Sims 4 - Bella Goth screams in horror]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/8RdZWA9vJcT3jihHWavhXe-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>If you've never heard of <a href="https://www.wired.com/story/q-day-apocalypse-quantum-computers-encryption/" target="_blank">Q-Day</a>, the moment when quantum computers become capable of breaking traditional encryption methods and exposing vast amounts of data, often referred to as the '<a href="https://www.bbc.co.uk/news/technology-60144498" target="_blank">quantum apocalypse</a>', then Google's latest announcement might come as something of a shock.</p><p>The company is <a href="https://blog.google/innovation-and-ai/technology/safety-security/cryptography-migration-timeline/" target="_blank">giving itself a 2029 timeline</a> to "secure the quantum era" by migrating over to post-quantum cryptography (PQC) methods before the old ones are broken by existing quantum computers. And being one of the primary players in the space, Google's hoping that if it starts making major changes now, the rest of the tech world might follow suit.</p><p>"As a pioneer in both quantum and PQC, it’s our responsibility to lead by example and share an ambitious timeline", the announcement reads. "By doing this, we hope to provide the clarity and urgency needed to accelerate digital transitions not only for Google, but also across the industry."</p><p>"Quantum computers will pose a significant threat to current cryptographic standards, and specifically to encryption and digital signatures", says the company.  "The threat to encryption is relevant today with <a href="https://security.googleblog.com/2024/08/post-quantum-cryptography-standards.html" target="_blank">store-now-decrypt-later attacks</a>, while digital signatures are a future threat that requires the transition to PQC prior to a Cryptographically Relevant Quantum Computer (CRQC)."</p><p>Google says that it's adjusted its threat model to prioritise this migration for its authentication services, and it recommends other engineering teams "follow suit".</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="QADz6rKcfmeHv7t9ngzekF" name="GettyImages-1455925126-1080p.jpg" alt="A photo of a quantum computer hanging from the ceiling of a clean room laboratory" src="https://cdn.mos.cms.futurecdn.net/QADz6rKcfmeHv7t9ngzekF.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: John D via Getty Images)</span></figcaption></figure><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-XpJMlW"></div>                            </div>                            <script src="https://kwizly.com/embed/XpJMlW.js" async></script><p>Google has often claimed <a href="https://www.pcgamer.com/hardware/googles-willow-chip-is-a-big-leap-towards-usable-quantum-computing-but-its-claim-of-beating-a-classical-computer-by-a-septillion-years-is-meaningless/" target="_blank">significant (and debateable) advances in its quantum computer development</a> over the years, so perhaps there's a touch of humble brag to this timeline, too. I've got a scary-powerful quantum computer and it's only getting better, that sort of thing.</p><p>Still, the threat of traditional cryptographic keys being broken in one quantum sweep appears to be a legitimate one, as evidenced by the preparation of <a href="https://media.defense.gov/2025/May/30/2003728741/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS.PDF" target="_blank">organisations like the US National Security Agency (NSA)</a>. Until recently, however, the <a href="https://arstechnica.com/security/2026/03/google-bumps-up-q-day-estimate-to-2029-far-sooner-than-previously-thought/#:~:text=The%20timeline%20for,past%2030%20years." target="_blank">running joke</a> was that Q-Day was always at least a decade away, a bit like <a href="https://world-nuclear.org/information-library/current-and-future-generation/nuclear-fusion-power#:~:text=A%20long%2Dstanding,can%20be%20commercialized." target="_blank">viable nuclear fusion</a> or Half Life 3. I know, I shouldn't have mentioned it.</p><p>This new timeline, though, would suggest that Google is earnestly concerned about the potential impacts of such an event and wants the world to speed up in its <a href="https://www.ibm.com/think/insights/prepare-your-organization-for-q-day" target="_blank">ongoing efforts</a> to get ahead of it. Personally, I'm still trying (and failing) to wrap my brain around <a href="https://www.pcgamer.com/hardware/google-claims-it-has-made-a-major-breakthrough-in-quantum-computing-with-an-algorithm-13-000x-faster-than-a-traditional-equivalent-although-not-everyone-is-convinced/" target="_blank">exactly how the company's quantum computing tech works</a>, never mind the wide-ranging implications it might have for security measures going forward.</p><p>Anyway, the clever people need to hurry up, or security stuff gets all broken. That, I can get my head around. Thanks, Google. It's a brand new worry for my brain to gnaw on while I try to fall asleep tonight.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Asus says it's confident in its 'strong product security' after FCC foreign-made router ban, also *checks notes* fixes major security hole in its routers ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/networking/asus-says-its-confident-in-its-strong-product-security-after-fcc-foreign-made-router-ban-also-checks-notes-fixes-major-security-hole-in-its-routers/</link>
                                                                            <description>
                            <![CDATA[ Well, there's that principle in action I guess. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">RyrdqvWHkCtaoZvZKK7X6N</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/aDLu8iFZiNmuv4QwYJynE4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 26 Mar 2026 11:21:14 +0000</pubDate>                                                                                                                                <updated>Thu, 26 Mar 2026 11:21:23 +0000</updated>
                                                                                                                                            <category><![CDATA[Networking]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/RqRA6M28uuy6JeF64tnvJR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/aDLu8iFZiNmuv4QwYJynE4-1280-80.jpg">
                                                            <media:credit><![CDATA[Future]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Asus RT-BE88U Wi-Fi 7 router]]></media:description>                                                            <media:text><![CDATA[Asus RT-BE88U Wi-Fi 7 router]]></media:text>
                                <media:title type="plain"><![CDATA[Asus RT-BE88U Wi-Fi 7 router]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/aDLu8iFZiNmuv4QwYJynE4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>After the US Federal Communications Commission (FCC) put consumer-grade routers produced in foreign countries on its Covered List earlier this week, <a href="https://www.pcgamer.com/hardware/networking/the-fcc-says-foreign-routers-pose-an-unacceptable-risk-and-now-require-special-approval-to-be-sold-in-the-us/" target="_blank">effectively banning the sale of new models in the country without special permission</a>, Taiwanese manufacturer Asus has been quick to respond. </p><p>An <a href="https://press.asus.com/news/statements/public-statement-on-fcc-ban-on-imports-of-foreign-made-routers/" target="_blank">official statement</a> released by the company yesterday says the following: "Asus has proudly served US customers since 1991, with a long-standing commitment to trusted innovation and strong product security. </p><p>"We are confident in the integrity of our supply chain and the security of our networking products. This <a href="https://www.fcc.gov/document/fcc-adds-routers-produced-foreign-countries-covered-list" target="_blank">FCC action</a> has no impact on existing ASUS router users, software updates, and customer support."</p><p>With unfortunate timing, Asus also published <a href="https://www.asus.com/security-advisory/#:~:text=CVE%2D2025%2D15101-,03/25/2026,-03/26/2026" target="_blank">a major security update for its routers</a> on the very same day. The patch aims to mitigate against <a href="https://www.cve.org/CVERecord?id=CVE-2025-15101" target="_blank">CVE-2025-15101</a>, a particularly nasty-sounding vulnerability that scores an 8.5 out of 10 (or High severity) on the official record. </p><p>According to its listing, CVE-2025-15101 "potentially allows actions to be performed with the existing privileges of an authenticated user on the affected device, including the ability to execute system commands through unintended mechanisms".</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="eBL6h7cTUebkBZbHjfoiG5" name="asus-tuf-ax4200-review-05.jpg" alt="Asus TUF-AX4200 gaming router" src="https://cdn.mos.cms.futurecdn.net/eBL6h7cTUebkBZbHjfoiG5.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><div style="min-height: 250px;">                                <div class="kwizly-quiz kwizly-OKQz7e"></div>                            </div>                            <script src="https://kwizly.com/embed/OKQz7e.js" async></script><p>On the one hand, you could argue that the continual discovery and patching of these flaws speaks to Asus' commitment to ongoing security. On the other, the fact that such major vulnerabilities are still cropping up on Asus routers is perhaps a little defeating of the point.</p><p>Of course, all router manufacturers experience security issues from time to time, and Asus is far from unique in this regard. <a href="https://www.pcgamer.com/hardware/tp-link-botnet-7777/" target="_blank">Hackers managed to hijack over 16,000 TP-Link routers</a> (and other networking devices) in 2024, creating an Azure-slamming botnet of massive proportions.</p><p>Not to mention <a href="https://www.pcgamer.com/hardware/networking/the-fbi-says-that-elderly-cisco-linksys-router-youve-been-meaning-to-replace-may-be-under-serious-threat-from-cyber-criminals/" target="_blank">older Cisco Linksys routers being called out by the FBI</a> for their vulnerabilities, no less. However, Asus does seem to patch its routers <a href="https://www.pcgamer.com/hardware/dangerous-security-flaws-could-potentially-affect-millions-of-asus-pc-and-router-owners-heres-how-to-protect-yourself/" target="_blank">more often than most</a>, which again, could be looked at in two different ways. </p><p>Certainly, the timing of this particular fix is less than ideal. But hey, it's a good chance for me to remind you once again: Update your networking hardware, folks. It simply ain't worth the risk to ignore.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The FCC says foreign routers 'pose an unacceptable risk' and now require special approval to be sold in the US ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/networking/the-fcc-says-foreign-routers-pose-an-unacceptable-risk-and-now-require-special-approval-to-be-sold-in-the-us/</link>
                                                                            <description>
                            <![CDATA[ Such routers will be able to have 'conditional' approval. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">KkznGdNxrwoZU8hkktBLhd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kWMFdgxHXobRg75ndZGXw3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 24 Mar 2026 11:33:10 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Networking]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jacob Fox ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/kwSjjnBRtitBmscifdHJ7R.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob&#039;s led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world&#039;s #1 PC Gaming site full-time. It&#039;s definitely not an ego thing, he assures us.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kWMFdgxHXobRg75ndZGXw3-1280-80.jpg">
                                                            <media:credit><![CDATA[Future]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A photo of a TP-Link Archer BE9700 Wi-Fi 7 router next to its retail packaging.]]></media:description>                                                            <media:text><![CDATA[A photo of a TP-Link Archer BE9700 Wi-Fi 7 router next to its retail packaging.]]></media:text>
                                <media:title type="plain"><![CDATA[A photo of a TP-Link Archer BE9700 Wi-Fi 7 router next to its retail packaging.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kWMFdgxHXobRg75ndZGXw3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As part of the country's defense-shoring strategy, the US<a href="https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routers" target="_blank"> Federal Communications Commission (FCC) has put</a> "all consumer-grade routers produced in foreign countries" on the Covered List. This means foreign routers are now "deemed to pose an unacceptable risk to the national security of the US or the safety and security of US persons" and will require special permission to be sold in the US. </p><p>The FCC notes that "the restrictions imposed today apply to new device models", not ones consumers already own, or ones being sold and marketed that have been previously approved by the FCC. </p><p>This is considered an application of President <a href="https://www.whitehouse.gov/wp-content/uploads/2025/12/2025-National-Security-Strategy.pdf" target="_blank">Trump's strategy [PDF]</a> to "re-secure our own independent and reliable access to the goods we need to defend ourselves and preserve our way of life." Ie, isolationist economics, ostensibly for national security.</p><p>It makes sense for routers, specifically, to be on this list, given the potential vectors for attack they open up. And if those routers are foreign-made, it makes sense that a state might be cautious. We've already seen, for instance, <a href="https://www.pcgamer.com/hardware/tp-link-botnet-7777/" target="_blank">TP-Link routers being hijacked</a> by hackers working on behalf of the Chinese government. And there have been <a href="https://www.pcgamer.com/hardware/networking/us-congressman-calls-again-for-the-government-to-ban-chinese-made-tp-link-routers-i-would-not-have-that-in-my-home/" target="_blank">calls to ban these routers</a> for some time.</p><p>The FCC's decision is informed by an <a href="https://www.fcc.gov/sites/default/files/NSD-Routers0326.pdf" target="_blank">inter-agency expert determination [PDF]</a> that explains the risk: "Given the criticality of routers to the successful functioning of our nation’s economy and defense, the United States can no longer depend on foreign nations for router manufacturing ... Compromised routers can enable in-depth network surveillance, data exfiltration, botnet attacks, and unauthorized access to US government or American businesses’ networks ... foreign-produced routers present additional and unacceptable risks to Americans." </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ngq4HJFyDVZxseMf2oNVvH" name="TP-Link_GE800_7684.jpg" alt="TP-Link Archer GE800 router" src="https://cdn.mos.cms.futurecdn.net/ngq4HJFyDVZxseMf2oNVvH.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p>This statement cites a <a href="https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-038a" target="_blank">report from CISA</a>, the NSA, and the FBI that says these bodies "assess that People’s Republic of China (PRC) state-sponsored cyber actors are seeking to pre-position themselves on IT networks for disruptive or destructive cyberattacks against US critical infrastructure in the event of a major crisis or conflict with the United States."</p><p>These concerns aren't anything new, as anyone who's got an eye on cybersecurity will likely have seen increasing focus on 'supply chain' attacks over the last year or two. The Open Web Application Security Project (OWASP), for instance, <a href="https://owasp.org/Top10/2025/0x00_2025-Introduction/" target="_blank">recently said</a> "software supply chain failures" are one of the top web app security risks. In other words, vulnerabilities at source (or some other point in the supply chain) are becoming a real issue. Throw in some increased risk of interference from the manufacturer's state agencies, and you can see why precautions might be prudent.</p><p>Thus the ban on new foreign routers. However, it's not an unbreakable blanket ban, as the determination states—and the FCC agrees—that there should be a way for routers to become approved:</p><p>"To facilitate this transition period, entities that produce routers in a foreign country are encouraged to apply for Conditional Approvals (Annex A) which, if approved, will allow such producers to continue to receive FCC authorization for their products while they work to address the US government’s national security concerns described above."</p><p>So, it's not as if all TP-Link routers are going to disappear in a cloud of smoke and you'll have the state knocking at your door to collect contraband. Instead, it just looks like the US government is getting a little more serious about ensuring the networking devices it lets in are secure and don't pose a national security threat.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Intel has published a whole host of security vulnerabilities, with mitigations rolling out, but attackers will need local access to actually do anything ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/motherboards/intel-has-published-a-whole-host-of-security-vulnerabilities-with-mitigations-rolling-out-but-attackers-will-need-local-access-to-actually-do-anything/</link>
                                                                            <description>
                            <![CDATA[ Just don't let strangers near your rig soon, or any time really. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ZJ3p6WZEJHtoTjJvivHT9J</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/uLk7sVyzSvn9UM47pK2iQe-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 16 Mar 2026 13:30:26 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Motherboards]]></category>
                                                    <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SEb5dKTVfZ5EZF4fEcqdGR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/uLk7sVyzSvn9UM47pK2iQe-1280-80.jpg">
                                                            <media:credit><![CDATA[Future]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A photo of an Intel Core Ultra 5 245K processor against a dark background]]></media:description>                                                            <media:text><![CDATA[A photo of an Intel Core Ultra 5 245K processor against a dark background]]></media:text>
                                <media:title type="plain"><![CDATA[A photo of an Intel Core Ultra 5 245K processor against a dark background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/uLk7sVyzSvn9UM47pK2iQe-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Intel has recently spotted a whole host of security vulnerabilities in the UEFI for many of its products, which could allow the escalation of privileges to bad actors. It's a problem worth updating your device over when updates are available, but for now, just stay vigilant of who is near your rig.</p><p>The highest severity problems on <a href="https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01234.html" target="_blank">the list</a> register a CVSS score of 8.7 (1.3 off the highest), and these both involve improper input validation, which can enable local code execution. Though local access to your rig is needed, neither 8.7 severity vulnerability involves "special internal knowledge and requires no user interaction". </p><p>Moving down to a measly 7.1 severity, one vulnerability has been spotted where the system management verifies a resource, then swaps out that resource to something else before the action can actually happen. </p><p>An example of this is checking privileges on a folder, seeing that it is accessible, then swapping that folder for another one, therefore getting into a locked folder without a password or privileged user access. In this case, it uses that access to escalate privilege. Like the rest of the exploits, this requires local access to use. </p><p>Intel clarifies it is "releasing" updates to mitigate these vulnerabilities, so we can expect them to roll out to motherboard manufacturers going forward. I've checked through many Intel motherboard manufacturers for updates, and though I've seen some updates after the publishing of Intel's findings (like this <a href="https://www.msi.com/Motherboard/MAG-Z890M-GAMING-PLUS-WIFI/support" target="_blank">MSI Mag Z890M Gaming Plus driver</a>), they don't note UEFI vulnerability fixes. This is to say the rollout doesn't appear to have fully happened yet. </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2560px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="mRGXPxKcbVSt6detQXygv9" name="msi_mag_z890_tomahawk_wifi_motherboard_02" alt="A photo of the MSI MAG Z890 Tomahawk WiFi motherboard." src="https://cdn.mos.cms.futurecdn.net/mRGXPxKcbVSt6detQXygv9.jpg" mos="" align="middle" fullscreen="" width="2560" height="1440" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p>Nonetheless, requiring local access does mean you aren't necessarily in trouble without the update for now. It's always good to stay up-to-date, in case you've found yourself unlucky enough to be found by a bad actor, but for most, it's not a huge deal. </p><p>The severity of reported problems isn't purely about ease of use. That 8.7 on the high end is a combination of complexity to use, plus how much it impacts confidentiality, integrity and availability, <a href="https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H" target="_blank">plus a whole pile of other factors</a>. Severity is a good sign of how serious a problem is, but many problems will be hypothetical in nature. </p><p>As pointed out by Intel, "Intel, and nearly the entire technology industry, follows a disclosure practice called coordinated disclosure, under which a cybersecurity vulnerability is generally publicly disclosed only after mitigations are available."</p><p>Generally, by the time you hear about a problem from the manufacturer, chances are that fixes are already out there, or in the works. Just don't leave it too long before updating your system. A healthy rig is an updated rig. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The lyrics to the rap song about John McAfee, annotated ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/the-lyrics-to-the-rap-song-about-john-mcafee-annotated/</link>
                                                                            <description>
                            <![CDATA[ Virtual insanity. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gq4QLMp5EMF5YCGW7SG3FD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Ugcs6JbYhSAAufbkbJUKuV-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 13 Mar 2026 22:30:03 +0000</pubDate>                                                                                                                                <updated>Fri, 13 Mar 2026 23:09:30 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rich Stanton ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/GPhM6upeyfJZn62cbguMnQ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Ugcs6JbYhSAAufbkbJUKuV-1280-80.jpg">
                                                            <media:credit><![CDATA[John McAfee (via Twitter)]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[John McAfee]]></media:description>                                                            <media:text><![CDATA[John McAfee]]></media:text>
                                <media:title type="plain"><![CDATA[John McAfee]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Ugcs6JbYhSAAufbkbJUKuV-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>I recently watched the Netflix documentary Running with the Devil: The Wild World of John McAfee, and it's one of the craziest things I've seen in a long time. I've written about McAfee (<a href="https://www.pcgamer.com/john-mcafee-found-dead-in-spanish-prison-cell/" target="_blank">who died in 2021</a>) a few times over the years, and knew a few things about his chaotic and at times outright criminal life, but this sees filmmaker Charlie Russell and cameraman Robert King following and filming McAfee in 2012 and 2013 as he hides in Belize, escapes to Guatemala, and is deported back to the United States.</p><p>One of the most eye-popping moments in a documentary full of them comes when the raw footage suddenly segues into a rap music video for a song called The McAfee Effect by the Coin Bros (from 2018). As if that wasn't enough, it soon emerges the video is being filmed at a luxurious property with John McAfee, who among other things we see sitting at a table with endless booze, a huge pile of gold bars, stacks of cash, a handgun, and a large pile of white powder that probably isn't flour. </p><p>I couldn't believe what I was watching, and what I was hearing was even more absurd. The song's questionable contention is that the so-called "McAfee Effect" is to be desired in one's life, and to that end it goes through some of the man's greatest hits. The thing is, what in a normal rap song would just be the usual daft boasts are, in almost all cases, true. </p><p>Here is the video, followed by the lyrics with a few notes about how utterly, utterly bananas McAfee's life was.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="high" data-lazy-src="https://www.youtube-nocookie.com/embed/WV-vdI2CzMc" allowfullscreen></iframe></div></div><h2 id="the-lyrics-to-the-mcafee-effect-annotated">The lyrics to The McAfee Effect, annotated</h2><p><em><strong>What you know bout the streets?</strong></em></p><p><em><strong>What you know bout Belize?</strong></em></p><p>Fairly simple to start off with: McAfee took a massive hit in the global financial crash of 2008, and emigrated to Belize, claiming he wished to escape US regulations and "materialism."</p><p><em><strong>What you know bout faking your own heart attack just to ditch the police!?</strong></em></p><p>A classic: McAfee faked a heart attack while under threat of deportation, forcing his transfer to a hospital. Take everything McAfee says with a huge pinch of salt, but he later explained <a href="https://x.com/officialmcafee/status/1216064557203980288" target="_blank">the incident on X</a>:</p><p>"Did I really fake a heart attack while in prison in Guatemala?" writes McAfee. "A: Yes. Why? A: I was being deported back to Belize at noon. My lawyers needed until 2:00 to file a stay of deportation. I told them:</p><p>"Don't worry. Get the Stay.  I got the rest."</p><p><em><strong>What you know bout privacy?</strong></em></p><p>McAfee's fortune began with the antivirus company that bears his name, the slogan of which to this day is "McAfee Protects Your Privacy."</p><p><em><strong>I got a bad bitch on side of me</strong></em></p><p>McAfee's love life was as messed-up as all the rest of it, but he was never far away from women and enjoyed playing to that side of his character. This line may also be a pun on his love of dogs, though perhaps I am giving the Coin Bros too much credit there.</p><p><em><strong>I got the FBI eyeing me</strong></em></p><p>McAfee was indeed investigated by the FBI, and the file is now unclassified and <a href="https://vault.fbi.gov/john-mcafee" target="_blank">can be viewed here</a>.</p><p><em><strong>All of these hackers are trying me</strong></em></p><p><em><strong>Tryna get them a peek, Tryna get all on my Twitter for the coin of the week</strong></em></p><p>McAfee ran a "coin of the week" scheme in 2017 on X (then Twitter) which was essentially a "pump-and-dump" scheme. McAfee and his cronies would hoard or launch a crypto shitcoin of some kind, McAfee would use his profile to promote the coin, and then they'd all sell once the price spiked.</p><p>McAfee was indicted in the US on fraud and money laundering conspiracy charges in 2021 stemming from these crypto schemes, but died in a Spanish jail three months later.</p><p><em><strong>I got China trying to ban every time that I speak </strong></em></p><p>McAfee was an outspoken critic of China's crackdown on cryptocurrencies, which is perhaps not surprising given his own activities. "Even the Chinese people are skeptical that China can enforce its Crypto ban," <a href="https://x.com/officialmcafee/status/960873558527365120" target="_blank">he rather unconvincingly asserted in 2018</a>. "For me, I am certain it cannot."</p><p><em><strong>Now we got Trump don't you wish you voted for me</strong></em></p><p>This might be the one line of the song I agree with. McAfee made a presidential bid in 2016, looking to become the Libertarian Party's candidate. His platform, such as it was, involved lots of cybersecurity and anti-government stuff: he failed to secure the nomination. The 2016 US presidential election was, of course, won by Donald Trump.</p><p><em><strong>I got An arsenal, an arsenal, a bunch of big guns, drugs, and some cards to pull </strong></em></p><p><em><strong>Cars, hoes with crypto paid in full </strong></em></p><p>This all seems fairly self-explanatory.</p><p><em><strong>A bunch of hating motherfuckers writing articles about....</strong></em></p><p>Ah yes: the blasted press. Despite living a life straight out of the hedonist's handbook, McAfee was often critical of his own media coverage and the media ecosystem more widely, which he said "manipulated people" whereas he "<a href="https://www.youtube.com/watch?v=dklpn_y40iM" target="_blank">will not lie to people</a>."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2048px;"><p class="vanilla-image-block" style="padding-top:56.15%;"><img id="qPoBtyxVJUWKXvVR23sj2b" name="EuNVCvXXEAAXWFM.jpg" alt="John McAfee" src="https://cdn.mos.cms.futurecdn.net/qPoBtyxVJUWKXvVR23sj2b.jpg" mos="" align="middle" fullscreen="" width="2048" height="1150" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: John McAfee (via Twitter))</span></figcaption></figure><h2 id="the-chorus">The Chorus</h2><p>We now get to the song's hook, which begins by repeating "McAfee, McAfee, McAfee, John" three times before:</p><p><em><strong>Don't fuck with my dogs</strong></em></p><p><em><strong>Don't fuck with my dogs</strong></em></p><p><em><strong>(Whoa)</strong></em></p><p>These lines are unreal when you realise what the reference is. The most controversial incident in McAfee's life occurred in November 2012, when he accused neighbour Gregory Faull of poisoning his dogs. The two had previously had multiple disputes over the dogs' behaviour. The next day <a href="https://abcnews.com/Blotter/belize-murder-victim-confronted-john-mcafee-dogs/story?id=17717178" target="_blank">Faull was found shot to death</a>, and McAfee was made a "person of interest" in the case, which led to him fleeing Belize for Guatemala.</p><p>McAfee was never charged with the murder, though in 2019 a Florida court ordered him to pay $25m to Faull's estate in a wrongful death claim. Lord knows how much of that they ever saw.</p><p><em><strong>Crypto flipping</strong></em></p><p><em><strong>(Whoa)</strong></em></p><p><em><strong>In the lab just mixing </strong></em></p><p><em><strong>(Whoa)</strong></em></p><p>The crypto-flipping we've already explained. As for the lab mixing… in 2012 the Belize authorities raided a compound owned by McAfee, suspecting it of being a methamphetamine lab. No drugs were found, and McAfee claimed he was not manufacturing meth but experimenting with botanical compounds, specifically mentioning an interest in… bath salts. He was never charged.</p><p><em><strong>You gone see my vision, got hoes shooting at me but they just keep missing </strong></em></p><p>McAfee repeatedly claimed that the Belize or US authorities were out to assassinate him, and even claimed that the murder of Gregory Faull could have been a hit aimed at him. In 2019 McAfee said "If I suicide myself, I didn't. I was whackd." Nope, that's not a typo: McAfee used the opportunity to launch another shitcoin called $WHACKD, and shared an apparent tattoo of the logo on his arm.</p><p>There is always another layer to the grift. Needless to say, one of the reasons McAfee's death in a jail cell has attracted such scrutiny is this tweet.</p><h2 id="second-verse">Second Verse</h2><p>The second verse, sadly, does not offer such rich pickings as the first, though we still somehow reach a point where McAfee promises to eat his own penis:</p><p><em><strong>Some people think I’m psychotic</strong></em></p><p><em><strong>I’m riding in something exotic </strong></em></p><p><em><strong>I got no need for a rubber</strong></em></p><p><em><strong>I’m whipping up antibiotics </strong></em></p><p>I imagine quite a lot of people thought he was psychotic, and McAfee's lifestyle obviously included expensive vehicles and fast ladies. The last line refers to McAfee co-founding QuorumEx in Belize in 2010, a company that supposedly developed herbal antibiotics. </p><p><em><strong>I only fuck with the crypto</strong></em></p><p><em><strong>I got no need for a pocket</strong></em></p><p>I only deal in cryptocurrencies, my good man. </p><p><em><strong>Bitcoin 2020 a millie, a millie </strong></em></p><p><em><strong>I hope that you bought it</strong></em></p><p>McAfee predicted in 2017 that Bitcoin would reach $1 million in value by the end of 2020. McAfee claimed that, if he was wrong, "I will eat my dick on national television." He was wrong, <a href="http://thenextweb.com/news/john-mcafee-reneges-on-promise-to-eat-his-dick-if-bitcoin-fails-to-hit-1m" target="_blank">and reneged on his promise</a>.</p><p><em><strong>Sittin in the tub got my girl pouring bath salt</strong></em></p><p><em><strong>Pickin ICOs that’s a mutha fuckin cash vault </strong></em></p><p><em><strong>Ridin in the Bentley....burning asphalt </strong></em></p><p><em><strong>Hating on my twitter get a mother fucka black balled</strong></em></p><p><em><strong>I be living like....</strong></em></p><p><em><strong>McAfee, McAfee, McAfee</strong></em></p><p><em><strong>John</strong></em></p><p>Initial Coin Offerings (ICOs) are a part of the "pump-and-dump" crypto schemes explained above. McAfee was <a href="https://www.sec.gov/newsroom/press-releases/2020-246" target="_blank">charged by the SEC in 2020</a> for fraudulently touting ICOs. The Twitter line just refers to the fact that McAfee was block-happy on the platform..</p><p>We then get another go-around of the chorus, but no changes to the lyrics.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="low" data-lazy-src="https://www.youtube-nocookie.com/embed/5Ux_ipIsNyo" allowfullscreen></iframe></div></div><p>And… we're done. All that remains for me to do is recommend the documentary where I first caught a glimpse of this unique cultural production. Running with the Devil: The Wild World of John McAfee can be found on Netflix and is an eye-opening glimpse into the life of a clearly remarkable and deeply intelligent, but crooked and insane man. </p><p>Around that core of raw footage, the documentary mixes in other interviews and footage from McAfee's life, up to and including his death (the film was released in 2022). One of the unexpected stories here is that of cameraman Robert King, who after a long and remarkable career as a war correspondent became director of photography at Vice Media in 2012. Which is why he was chasing a madman around Belize while Vice was simultaneously posting headlines like "<a href="https://www.vice.com/en/article/we-are-with-john-mcafee-right-now-suckers/" target="_blank">We are with John McAfee right now, suckers</a>."</p><p>King has clearly Seen Some Shit and been right in the middle of horrible conflicts, but at times even he's taken aback by what he's witnessing, while simultaneously becoming further embroiled with McAfee as… an associate maybe, at times even somewhere near the line of a collaborator. Towards the end of the documentary it does a great job digging into how King feels about this, and he's a deeply intelligent and articulate individual, someone who is obviously willing to cross lines, and does, but in doing so becomes the story himself: a catastrophic mistake by Vice saw the geodata of a photo of McAfee exposed and, though King and a fellow Vice journalist were blamed by some initially, <a href="https://www.buzzfeednews.com/article/josephbernstein/vice-geodata" target="_blank">it later emerged neither were at fault</a>. </p><div class="product"><a data-dimension112="b8384960-9cf1-4789-abcf-a5b06eaa9b37" data-action="Deal Block" data-label="2026 games" data-dimension48="2026 games" target="_blank" rel="nofollow"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:661px;"><p class="vanilla-image-block" style="padding-top:98.94%;"><img id="6offQUY4CXebir2TC27dMd" name="kingdom come 2 square" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/6offQUY4CXebir2TC27dMd.jpg" mos="" align="middle" fullscreen="" width="661" height="654" attribution="" endorsement="" credit="" class=""></p></div></div></figure></a><p><a href="https://www.pcgamer.com/games/new-pc-games-2026/" target="_blank" data-dimension112="b8384960-9cf1-4789-abcf-a5b06eaa9b37" data-action="Deal Block" data-label="2026 games" data-dimension48="2026 games" data-dimension25=""><strong>2026 games</strong></a>: All the upcoming games<br><a href="https://www.pcgamer.com/the-best-pc-games/" target="_blank"><strong>Best PC games</strong></a>: Our all-time favorites<br><a href="https://www.pcgamer.com/the-50-best-free-pc-games/" target="_blank"><strong>Free PC games</strong></a>: Freebie fest<br><a href="https://www.pcgamer.com/best-fps-games/" target="_blank"><strong>Best FPS games</strong></a>: Finest gunplay<br><a href="https://www.pcgamer.com/best-rpgs-of-all-time/" target="_blank"><strong>Best RPGs</strong></a>: Grand adventures<br><a href="https://www.pcgamer.com/the-best-co-op-games/" target="_blank"><strong>Best co-op games</strong></a>: Better together</p></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft announces that Office has two critical security vulnerabilities, and here's where you can find patches to fix them ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/microsoft-announces-that-office-has-two-critical-security-vulnerabilities-and-heres-where-you-can-find-patches-to-fix-them/</link>
                                                                            <description>
                            <![CDATA[ Both also require local access to exploit, so while they're bad, they're not super bad. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nbKdCa6CGwKCUcRvt4Edp7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2X3WkJj3NAV6B8NeYuzmx6-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 11 Mar 2026 12:46:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nick Evanson ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/hBkuK3ByiJBMa2CMabQTAR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nick, gaming, and computers all first met in the early 1980s. After leaving university, he became a physics and IT teacher and started writing about tech in the late 1990s. That resulted in him working with MadOnion to write the help files for 3DMark and PCMark. After a short stint working at Beyond3D.com, Nick joined Futuremark (MadOnion rebranded) full-time, as editor-in-chief for its PC gaming section, YouGamers. After the site shutdown, he became an engineering and computing lecturer for many years, but missed the writing bug. Cue four years at TechSpot.com covering everything and anything to do with tech and PCs. He freely admits to being far too obsessed with GPUs and open-world grindy RPGs, but who isn&#039;t these days?&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2X3WkJj3NAV6B8NeYuzmx6-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A screenshot of Microsoft Word, skewed and shown against a gradient background]]></media:description>                                                            <media:text><![CDATA[A screenshot of Microsoft Word, skewed and shown against a gradient background]]></media:text>
                                <media:title type="plain"><![CDATA[A screenshot of Microsoft Word, skewed and shown against a gradient background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2X3WkJj3NAV6B8NeYuzmx6-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>When it comes to news about Microsoft Office, it's probably fair to say that it's usually about aspects that users have mixed feelings about, such as the addition of overbearing AI tools or changes to the interface, but two brief announcements from Redmond are likely to be welcomed by everyone. That's because they're about fixes for critical security vulnerabilities.</p><p>With the catchy codenames of <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26110" target="_blank">CVE-2026-26110</a> and <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-26113" target="_blank">CVE-2026-26113</a>, these issues potentially allow anyone with local access to Office to execute whatever code they like. Both have a common vulnerability and exposure rating of 8.4 and 7.3 for base and temporal scores, which puts them firmly in the 'critical' zone for severity.</p><p>The good news is that there are already patches from Microsoft to resolve the problems: just scroll down the relevant pages (use the links above) for the vulnerabilities until you see the list of Office versions. Note that the oldest one listed is 2016, as official support for anything before that one has ended (e.g. Office 2013 reached EOL in 2023).</p><p>It's also good news that any exploits that could take advantage of an unpatched copy of Office require local access, so you shouldn't have to worry about what some random person in a hoodie, sitting in a dark room staring at Matrix-like code on a laptop, will be able to do to your PC over the internet. Well, at least not through these vulnerabilities, at least.</p><p>Security issues are so commonplace these days, I can't imagine anyone even batting an eyelid at the above, and when it comes to Office in general, I suspect people are more likely to be concerned by Microsoft's seemingly random approach to progressing its productivity suite.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2000px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="S3VsWNETsYAbiMTqtaTG8a" name="microsoft_outlook_promo_image" alt="A promotional image for Microsoft Outlook, against a gradient background" src="https://cdn.mos.cms.futurecdn.net/S3VsWNETsYAbiMTqtaTG8a.jpg" mos="" align="middle" fullscreen="" width="2000" height="1125" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>While the inclusion of Copilot doesn't bother me, as I can simply ignore it or even disable the option, other changes make me rue the day I purchased a 365 subscription. Take Outlook, for example. What used to be my de facto email client for countless years has been slowly turned into a clunky, confusing, feature-fudge mess of a program, and I only use it begrudgingly and sparingly now.</p><p>If some hacker ever decides to make an exploit that turns the current version of Outlook back to the app it used to be in its heyday, that would be one vulnerability I wouldn't want to see patched.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ iOS exploit kit Coruna may have begun life as a set of iPhone hacking tools used by the US government, according to security researchers ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/ios-exploit-kit-coruna-may-have-begun-life-as-iphone-hacking-tools-used-by-the-us-government-according-to-security-researchers/</link>
                                                                            <description>
                            <![CDATA[ Nothing to hide, but plenty to fear. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">j4VsjApozMkQ5uJJQzpNkZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/eKgXq4VJvcsgPLNEEC2F49-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Fri, 06 Mar 2026 17:06:11 +0000</pubDate>                                                                                                                                <updated>Fri, 06 Mar 2026 17:06:15 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Md68GDXhupcXtwAacuPKrd.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending the last seven working on print publications PLAY and Official PlayStation Magazine. When she’s not writing about all things hardware here, she’s getting cosy with a horror classic, ranting about a cult hit to a captive audience, or tinkering with some tabletop nonsense.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/eKgXq4VJvcsgPLNEEC2F49-1280-80.png">
                                                            <media:credit><![CDATA[MirageC via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Many Fingerprints on Phone Screen Against White Background High Angle View.]]></media:description>                                                            <media:text><![CDATA[Many Fingerprints on Phone Screen Against White Background High Angle View.]]></media:text>
                                <media:title type="plain"><![CDATA[Many Fingerprints on Phone Screen Against White Background High Angle View.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/eKgXq4VJvcsgPLNEEC2F49-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Earlier this week, the Google Threat Intelligence Group (GTIG) <a href="https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit" target="_blank">published a report</a> on an exploit kit specifically targeting older Apple iPhones. Those with an up-to-date iOS may only feel momentarily smug as it turns out the kit, called Coruna, can sink its hooks into a wide range of phones—though the malicious range of this exploit kit is far from the worst wrinkle in this story.</p><p>GTIG says it tracked Coruna's use throughout 2025, beginning with "highly targeted operations initially conducted by a customer of a surveillance vendor." However, the exploit framework is unlikely to have been built by cybercriminals alone, and may originate from hacking tools used by the US government.</p><p>Device security company iVerify has recently issued its own report on what it's calling the '<a href="https://iverify.io/press-releases/first-known-mass-ios-attack" target="_blank">First Known Mass iOS Attack</a>,' claiming that the exploit chain at the centre of Coruna "has similarities to previous frameworks developed by threat actors affiliated with the US government."</p><p>"While iVerify has some evidence that this tool is a leaked US government framework, that shouldn’t overshadow the knowledge that these tools will find their way into the wild and will be used unscrupulously by bad actors", says the researchers.</p><p>GTIG says Coruna consists of "five full iOS exploit chains and a total of 23 exploits," two of which bear a striking resemblance to iOS exploits "that were also used as zero-days as part of Operation Triangulation." Triangulation was <a href="https://www.kaspersky.com/about/press-releases/connecting-the-dots-kaspersky-reveals-in-depth-insights-into-operation-triangulation" target="_blank">a 2023 hacking operation targeting Russian cybersecurity firm Kaspersky</a>. The Russian government alleged the NSA was behind it, though the US government has neither confirmed nor denied this.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2000px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="dKUV6n5waEfF9Wuo9BUqcF" name="1661532246.jpg" alt="Hacker hacking things." src="https://cdn.mos.cms.futurecdn.net/dKUV6n5waEfF9Wuo9BUqcF.jpg" mos="" align="middle" fullscreen="" width="2000" height="1125" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Getty images - boonchai wedmakawand)</span></figcaption></figure><p>The full Coruna framework can be levelled at iPhone models running iOS version 13.0 (released in September 2019), all the way up to version 17.2.1 (released in December 2023). Coruna can quietly infect what is potentially <em>a lot </em>of phones, and then be used to harvest swathes of sensitive data (including photos and emails), as well as steal cryptocurrency.</p><p>GTIG was able to extract the full exploit kit from an attack by "UNC6691, a financially motivated threat actor operating from China." But the team additionally reported it also saw the exploit framework deployed in earlier attacks against Ukrainian users by suspected Russian threat actor UNC6353.</p><p>This is cause for concern all on its own as it suggests cybercriminals are trading tips on how to carry out malicious attacks internationally, and that there's "an active market for 'second hand' zero-day exploits." The alleged US government origin lore makes that all the more dreadful. </p><p>IVerify's report sums it up, saying, "Despite assurances from commercial spyware developers and the governments who purchase them that use will be limited to counterterrorism, only against criminals and by non-authoritarian administrations, the reality has begun to settle in: once spyware or an exploit capability is sold, control over the end customer is lost."</p><p>To put it another way, <a href="https://www.pcgamer.com/hardware/there-is-no-such-thing-as-a-good-secret-backdoor-says-nvidia-reiterating-that-there-are-no-kill-switches-spyware-or-secret-ways-to-access-its-gpus/" target="_blank">and to paraphrase Jensen Huang</a>, that's why I'd argue manufacturers of consumer electronics like phones and PCs shouldn't offer up 'secret backdoors'—you can't guarantee who exactly will end up with the keys.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Malwarebytes says a fake Google Account security page is distributing 'what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/malwarebytes-says-a-fake-google-account-security-page-is-distributing-what-may-be-one-of-the-most-fully-featured-browser-based-surveillance-toolkits-we-have-observed-in-the-wild/</link>
                                                                            <description>
                            <![CDATA[ A particularly nasty RAT. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">FsWBRAzNhZQTygHVczCNsR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/EoqBxY9uUAovMwwqauQKYa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 04 Mar 2026 12:23:54 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/RqRA6M28uuy6JeF64tnvJR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/EoqBxY9uUAovMwwqauQKYa-1280-80.jpg">
                                                            <media:credit><![CDATA[Chris Stein]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[An angler using Google as bait.]]></media:description>                                                            <media:text><![CDATA[An angler using Google as bait.]]></media:text>
                                <media:title type="plain"><![CDATA[An angler using Google as bait.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/EoqBxY9uUAovMwwqauQKYa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cybersecurity provider Malwarebytes has thrown up a red flag regarding a fake Google Account security page that it says is distributing "what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild", and it's capable of infecting Windows, Apple, and Google Android devices.</p><p>In <a href="https://www.malwarebytes.com/blog/privacy/2026/02/inside-a-fake-google-security-check-that-becomes-a-browser-rat" target="_blank">a blog post</a> breaking down the methodology of the attack, Malwarebytes says that the infiltration begins with what appears to be a genuine Google Account security check, from a page with Google's familiar stylesheet and with an official-looking domain.</p><p>A prompt then asks to install "security software" via a Progressive Web App (PWA) as part of a four-step process, which proceeds to gradually grant the attacker access to notifications, contact lists, real-time GPS location, and the contents of the host machine's clipboard, among others.</p><p>If a victim installs the PWA and grants requested permissions to the site, simply closing the tab is not enough to prevent it from access. The page script itself runs as long as the app or tab is open, and attempts to read the clipboard, looking for "one-time passwords and cryptocurrency wallet addresses". It also attempts to intercept SMS verification codes on mobile devices, and polls the API every 30 seconds as it waits for operator commands. </p><p>However, with the app and tab closed, a separate service worker runs malicious, data-stealing tasks in the background, and even queues stolen data locally if the device goes offline, before sending its payload as soon as the connection is restored.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="6TGQnBqmmkzUUKj64xg7ma" name="GettyImages-1358210974.jpg" alt="Back angle Hacker wearing hoodies cloth motivation emotion and typing coding to hacking cryptocurrency from internet at home" src="https://cdn.mos.cms.futurecdn.net/6TGQnBqmmkzUUKj64xg7ma.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: skaman306 via Getty Images)</span></figcaption></figure><p>"Close the browser tab and the page script stops. Clipboard monitoring and SMS interception end immediately," says Malwarebytes. "But the service worker remains registered. If the victim granted notification permissions, the attacker can still wake it silently, push a new task, or trigger a data upload without reopening the app. And if the victim ever opens it again, collection resumes instantly."</p><p>The malware also operates as a WebSocket relay, which means it can act as an HTTP Proxy and be used to gain access to corporate networks, bypassing IP-based access controls and funnelling traffic through the victim's IP address. "Once connected, the attacker can route arbitrary web requests through the victim’s browser as if they were browsing from the victim’s own network", says Malwarebytes.</p><p>The fun doesn't stop there, either. On Android devices, a separately-installed APK disguised as a "critical security update" includes a custom keyboard capable of capturing keystrokes, a notification listener for capturing two-factor authentication codes, an accessibility service that can observe screen content, and an autofill intercepting service to capture user credential fill requests. Oh, and microphone recording, of course. Fabulous.</p><p>Phew. It's about as comprehensive as malware gets by the looks of things, and getting rid of it seems to be something of a convoluted process. Malwarebytes provides <a href="https://www.malwarebytes.com/blog/privacy/2026/02/inside-a-fake-google-security-check-that-becomes-a-browser-rat#:~:text=What%20to%20do%20if%20you%20may%20have%20been%20affected" target="_blank">step-by-step removal instructions</a> for Windows and macOS users, including Chrome, Firefox, and Safari-specific options, along with some Android and iOS-focused steps to take if you've been duped into falling for its charms on your mobile device.</p><p>It's certainly one of the most nefarious-looking trojans I've ever read about, and the fact that it's capable of gaining access to your system via most of the popular browsers on Windows, Apple, and Android devices is deeply concerning. Pay attention to what you're clicking on, folks—it's a dangerous world out there.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Google says it's disrupted a super-serious 'global espionage campaign' that uses *checks notes* Google Sheets to covertly intercept telecoms data ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/google-says-its-disrupted-a-super-serious-global-espionage-campaign-that-uses-checks-notes-google-sheets-to-covertly-intercept-telecoms-data/</link>
                                                                            <description>
                            <![CDATA[ It's not the sexiest spy story I've ever heard, I'll be honest. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">rPKU7CWP85WeeSEE8p5PVb</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/arBdvsiotgaJ7uuLexE7iY-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 26 Feb 2026 17:02:21 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/RqRA6M28uuy6JeF64tnvJR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/arBdvsiotgaJ7uuLexE7iY-1280-80.png">
                                                            <media:credit><![CDATA[Valve]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Spy from Team Fortress 2 holds up a folder with an accusatory expression.]]></media:description>                                                            <media:text><![CDATA[The Spy from Team Fortress 2 holds up a folder with an accusatory expression.]]></media:text>
                                <media:title type="plain"><![CDATA[The Spy from Team Fortress 2 holds up a folder with an accusatory expression.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/arBdvsiotgaJ7uuLexE7iY-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Google Sheets is perhaps my most disliked member of the Google Workplace suite. It's not that it's bad at what it does, more that it's a deathly-dull spreadsheet editor that I loathe having to stare at for more than five minutes.</p><p>But lo and indeed behold, because Google says it's caught Sheets being used in a super-exciting act of global espionage! Okay, exciting was the wrong word. Concerning, that's what I was going for.</p><p>According to Google's most recent <a href="https://cloud.google.com/blog/topics/threat-intelligence/disrupting-gridtide-global-espionage-campaign" target="_blank">Threat Intelligence blog post</a>, last week the Google Threat Intelligence Group (GTIG), alongside its partners, "took action to disrupt a global espionage campaign targeting telecommunications and government organisations in dozens of nations across four continents."</p><p>The threat actor, mysteriously named "UNC2814" and said by Google to be suspected of connection to the People's Republic of China, was said to be using API calls to communicate with SaaS apps and "disguise their malicious traffic as benign."</p><p>And would you believe it, the primary SaaS app in question was none other than our old friend, Google Sheets. At this point, I'd like you to imagine me ripping a Scooby Doo-style mask off a spreadsheet. </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="wmsJYJzqmHbqbeVoGnnFYf" name="Googlesheets" alt="An empty spreadsheet in, well, Google Sheets" src="https://cdn.mos.cms.futurecdn.net/wmsJYJzqmHbqbeVoGnnFYf.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text"><em>The accused.</em> </span><span class="credit" itemprop="copyrightHolder">(Image credit: Google)</span></figcaption></figure><p>The mechanism by which our alleged spies operated is referred to by Google as Gridtide, and is described as a "sophisticated C-based backdoor with the ability to execute arbitrary shell commands", as well as uploading and downloading files.</p><p>Gridtide is said to have been leveraging Google Sheets as "a high-availability C2 platform, treating [a] spreadsheet not as a document, but as a communication channel to facilitate the transfer of raw data and shell commands."</p><p>If anyone else is thinking of poor Google Sheets being marched at gunpoint past security and into a bank vault, you're in good company. </p><p>Anyway, the over-simplified version goes as thus: A UNC2814 co-opted Google Sheet file is used to connect to a Google Service Account for API authentication, before wiping itself and allowing its attackers backdoor access via a 16-byte cryptographic key "present in a separate file on the host at the time of execution."</p><p>"Once the Sheet is prepared, the backdoor conducts host-based reconnaissance. It fingerprints the endpoint by collecting the victim’s username, endpoint name, OS details, local IP address, and environmental data such as the current working directory, language settings, and local time zone." says Google. </p><p>"This information is then exfiltrated and stored in cell V1 of the attacker-controlled spreadsheet."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="7bLrjLxdfLELriW397aQ4e" name="googlesheetbarry" alt="A Google Sheet cell with the name "Barry" written into it" src="https://cdn.mos.cms.futurecdn.net/7bLrjLxdfLELriW397aQ4e.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Google)</span></figcaption></figure><p>The access can then be used to transmit shell commands and mask the transfer of data to "identify, track, and monitor persons of interest."</p><p>At least, that's what Google believes it was doing: "We expect UNC2814 used this access to exfiltrate a variety of data on persons and their communications. Similar campaigns have been used to exfiltrate call data records, monitor SMS messages, and to even monitor targeted individuals through the telco’s lawful intercept capabilities."</p><p>"GTIG did not directly observe UNC2814 exfiltrate sensitive data during this campaign. However, historical PRC-nexus espionage intrusions against telecoms have resulted in the theft of call data records, unencrypted SMS messages, and the compromise and abuse of lawful intercept systems", says Google. Okey-dokey then.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1208px;"><p class="vanilla-image-block" style="padding-top:56.29%;"><img id="t7zpD9ga4jF85h5bwSB5T5" name="gmod1.jpg" alt="TF2 Heavy characters looking angrily at TF2 spy character" src="https://cdn.mos.cms.futurecdn.net/t7zpD9ga4jF85h5bwSB5T5.jpg" mos="" align="middle" fullscreen="" width="1208" height="680" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Facepunch Studios)</span></figcaption></figure><p>Anyway, beyond what UNC2814 did or did not get away with, according to Google it's been thoroughly disrupted—and presumably sent to bed with no dinner. Google Sheets has now entered the witness protection program, and is believed to be on the mend. Oh okay, I'll finish off with something serious, if I must. Per the conclusion of the Google blog:</p><p>"The global scope of UNC2814’s activity, evidenced by confirmed or suspected operations in over 70 countries, underscores the serious threat facing telecommunications and government sectors, and the capacity for these intrusions to evade detection by defenders. </p><p>"Prolific intrusions of this scale are generally the result of years of focused effort and will not be easily re-established. We expect that UNC2814 will work hard to re-establish their global footprint." Dun-dun-duuuuuuun!</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'I had to RUN to my Mac mini like I was defusing a bomb': OpenClaw AI chose to 'speedrun' deleting Meta AI safety director's inbox due to a 'rookie error' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/ai/i-had-to-run-to-my-mac-mini-like-i-was-defusing-a-bomb-openclaw-ai-chose-to-speedrun-deleting-meta-ai-safety-directors-inbox-due-to-a-rookie-error/</link>
                                                                            <description>
                            <![CDATA[ Not the kind of error you want an AI director of safety and alignment making. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">YJh9Wnh9HKPVFzWUZyeiEd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/BHcXLGQJZK2KwNBm4rT7oS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 23 Feb 2026 16:35:37 +0000</pubDate>                                                                                                                                <updated>Mon, 23 Feb 2026 16:40:56 +0000</updated>
                                                                                                                                            <category><![CDATA[AI]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jacob Fox ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/kwSjjnBRtitBmscifdHJ7R.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob&#039;s led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world&#039;s #1 PC Gaming site full-time. It&#039;s definitely not an ego thing, he assures us.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/BHcXLGQJZK2KwNBm4rT7oS-1280-80.jpg">
                                                            <media:credit><![CDATA[OpenClaw]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The OpenClaw logo, with its name and a catchphrase &quot;the AI that actually does things.&quot;]]></media:description>                                                            <media:text><![CDATA[The OpenClaw logo, with its name and a catchphrase &quot;the AI that actually does things.&quot;]]></media:text>
                                <media:title type="plain"><![CDATA[The OpenClaw logo, with its name and a catchphrase &quot;the AI that actually does things.&quot;]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/BHcXLGQJZK2KwNBm4rT7oS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Last month I <a href="https://www.pcgamer.com/software/ai/theres-a-hot-new-personal-ai-in-town-that-can-send-texts-check-your-calendar-come-up-with-business-ideas-spend-your-money-and-leak-your-data-all-depends-how-you-use-it/" target="_blank">checked out the hype</a> surrounding Moltbot, AKA Clawdbot, AKA <a href="https://openclaw.ai/" target="_blank">OpenClaw</a> (third time's the charm?). I spent a lot of time highlighting the potential security risks of using the hot new polymath AI. And now it looks like Summer Yue, director of safety and alignment at Meta Superintelligence, has gotten a personal taste of those potential risks.</p><p>According to <a href="https://x.com/summeryue0/status/2025774069124399363?s=20" target="_blank">Yue</a>, she was watching the AI bot "speedrun" deleting her inbox, and she couldn't stop it from her phone:</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">Nothing humbles you like telling your OpenClaw “confirm before acting” and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb. pic.twitter.com/XAxyRwPJ5R<a href="https://twitter.com/cantworkitout/status/2025774069124399363">February 23, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>"Nothing humbles you like telling your OpenClaw "confirm before acting" and watching it speedrun deleting your inbox. I couldn’t stop it from my phone. I had to RUN to my Mac mini like I was defusing a bomb."</p><p>Now, far be it from me to judge a silly mistake as somewhat of a connoisseur of such matters myself, but it's not exactly the kind of mistake you want a director of AI safety making. One X user commented as much, asking if she made a rookie mistake, and <a href="https://x.com/summeryue0/status/2025857778708050169?s=20" target="_blank">Yue responded</a>:</p><p>"Rookie mistake tbh. Turns out alignment researchers aren't immune to misalignment. Got overconfident because this workflow had been working on my toy inbox for weeks. Real inboxes hit different."</p><p>What is especially confusing about this is that, apparently, if you say "stop", the AI bot should abort whatever it's doing:</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">@summeryue0 if you had just said “stop” it aborts whatever it’s doing. Say “stop” multiple times if there’s multiple tasks queued. pic.twitter.com/8csgbBxaS1<a href="https://twitter.com/cantworkitout/status/2025819968252653794">February 23, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>Yue's screenshots of her chat with OpenClaw show her attempting some commands to get it to stop, my favourite of which being the initial "do not do that," a command it seems OpenClaw blissfully steamrolled right on through. She did try some variations of a "stop" command, but not the word on its own.</p><p>Of course, there's always the possibility none of this is real at all. It does seem a little strange that there wasn't an attempt at a simple "stop" command on its own; I feel like that would be the very first thing I'd try. But hey, we never know how we'll react in the moment when we're panicking, I suppose.</p><p>When I looked into it back in January, I concluded that the number of potential security issues meant it was not worth trying out ClawdBot. I can't say this has made me any keener. But I suppose I'm not one of the "solopreneurs" and similar types who might really stand to benefit. If you do give it a try, just make sure to remember that "stop" command.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Age verification checks are now in force in the UK because of the Online Safety Act, but with the Discord fallout, it seems like one bad idea after another ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/gaming-mice/age-verification-checks-are-now-in-force-in-the-uk-because-of-the-online-safety-act-but-with-the-discord-fallout-it-seems-like-one-bad-idea-after-another/</link>
                                                                            <description>
                            <![CDATA[ Data disaster. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">QRESWUwnyzpxzq6z8wf8y8</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/78vHRxr5xPhrY52QmqnWZ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Sun, 22 Feb 2026 14:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Md68GDXhupcXtwAacuPKrd.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending the last seven working on print publications PLAY and Official PlayStation Magazine. When she’s not writing about all things hardware here, she’s getting cosy with a horror classic, ranting about a cult hit to a captive audience, or tinkering with some tabletop nonsense.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/78vHRxr5xPhrY52QmqnWZ-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images - NurPhoto / Contributor]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Discord logo on a phone on top of a dark laptop]]></media:description>                                                            <media:text><![CDATA[The Discord logo on a phone on top of a dark laptop]]></media:text>
                                <media:title type="plain"><![CDATA[The Discord logo on a phone on top of a dark laptop]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/78vHRxr5xPhrY52QmqnWZ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <div  class="fancy-box"><div class="fancy_box-title">Jess Kinghorn, hardware writer</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="DRzxJepbFyykShbMVKgcER" name="PCG Writers 2025 Teal30" caption="" alt="PC Gamer headshots" src="https://cdn.mos.cms.futurecdn.net/DRzxJepbFyykShbMVKgcER.png" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p class="fancy-box__body-text"><strong>This week I've been:</strong> Taking to Discord to sell my favourite weirdoes on my current cozy games of choice: <a data-analytics-id="inline-link" href="https://www.pcgamer.com/games/life-sim/starsand-island-is-the-first-cant-miss-cozy-game-of-2026-and-its-already-taken-over-20-hours-from-me/" target="_blank">Starsand Island</a>, <a data-analytics-id="inline-link" href="https://www.pcgamer.com/games/card-games/gorgeous-deck-building-shop-sim-potionomics-just-got-a-patch-that-fixes-all-my-problems-with-it-plus-voice-acting-and-an-option-to-smooch-everyone-in-a-single-playthrough/" target="_blank">Potionomics</a>, and <a data-analytics-id="inline-link" href="https://www.pcgamer.com/10-years-on-recettear-an-item-shops-tale-is-still-the-best-fantasy-shopkeeper-tycoon-game/" target="_blank">Recettear: An Item Shop's Tale</a>.</p></div></div><p>Currently, I can't check my Bluesky direct messages until I've allowed the Epic Games-owned KWS to look at either my bank card, my ID, or my wizened visage. As I'm based in the UK, it's not just Bluesky I've got to worry about either, with similar verification processes now present on <a href="https://support.reddithelp.com/hc/en-us/articles/36429514849428-Why-is-Reddit-asking-for-my-age" target="_blank">Reddit</a>, Discord, and even my partner's <a href="https://support.xbox.com/en-GB/help/family-online-safety/online-safety/UK-age-verification" target="_blank">Xbox</a>.</p><p>This is all due to the <a href="https://www.gov.uk/government/publications/online-safety-act-explainer/online-safety-act-explainer" target="_blank">Online Safety Act</a>, which came into effect in the UK last year. For many, these age checks are an annoyance at best—but they also represent something that will have ramifications far beyond the British Isles. The UK's Act was designed in part to ensure children in the UK could not easily access "harmful content." This is a broad term that includes but is not limited to pornography, content that promotes "self-harm, eating disorders, or suicide," and "bullying".</p><p>To comply with the act and differentiate children from the adults, many platforms have opted for age-gates like the one I'm encountering on Bluesky. Almost 70% of Brits surveyed shortly after the Online Safety Act came into effect said they supported it…<a href="https://www.pcgamer.com/hardware/nearly-two-thirds-of-brits-surveyed-about-the-uks-new-age-verification-laws-think-the-changes-arent-effective-but-even-more-support-them-being-made-in-the-first-place/" target="_blank">though 64% didn't think it would be all that effective</a>. Indeed, I <em>could</em> log into <a href="https://www.pcgamer.com/best-vpn-for-pc-gaming/" target="_blank">a VPN</a> to get past the UK-based Bluesky block—though unfortunately for me, I am stubborn, lazy, <em>and </em>cheap (apologies if you've been trying to get ahold of me).</p><p>Besides all that, I'm not especially keen to hand over my personal data to a third-party age verification vendor such as KWS for data privacy reasons. As recently as October, a <a href="https://www.pcgamer.com/hardware/discord-says-70-000-age-verification-id-photos-may-have-been-leaked-in-recent-security-breach-that-also-includes-names-usernames-emails-credit-cards-and-ip-addresses/" target="_blank">Discord security breach may have leaked 70,000 age-verification ID photos</a>. Discord's primary age-verification partner, <a href="https://www.k-id.com/post/discord-security-incident" target="_blank">K-ID, was keen to clarify that it was not involved</a>.</p><p>As Jacob has previously outlined, <a href="https://www.pcgamer.com/hardware/the-uks-new-age-verification-is-a-privacy-nightmare-but-it-doesnt-need-to-be/" target="_blank">there are better ways to implement age checks</a>. As it stands, though, I'm not naive enough to think the data I keep elsewhere is in hands that are any safer. However, <em>not </em>submitting to an age assurance check makes for one less point of failure from which my likeness or even <em>my official documents </em>can leak out.</p><p><a href="https://www.pcgamer.com/gaming-industry/eugh-discord-is-scanning-users-faces-and-ids-in-australia-and-the-uk-to-experiment-with-age-verification-features/" target="_blank">Discord first announced it would be using Brits as age assurance guinea pigs</a> back in April 2025, but it turns out that may have all been prologue. Just in case you've been napping under a cool mossy rock for the last while, the social platform caused quite a stir this month when it announced it would be <a href="https://www.pcgamer.com/games/discord-is-rolling-out-facial-scanning-and-id-checks-in-march-for-everyone-who-doesnt-want-to-be-locked-into-a-teen-appropriate-experience/" target="_blank">rolling out age verifying facial scans and ID checks globally this March</a>. The case can be made that it is '<a href="https://www.pcgamer.com/gaming-industry/theres-no-reason-for-discord-to-comply-in-advance-with-social-media-age-verification-laws-instead-of-fighting-for-their-users-says-eff-expert/" target="_blank">complying in advance</a>,' as the UK's approach to online safety potentially serves as a preview for PC gamers further afield.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="cQky3vgcKgB2hQgKLThUsn" name="discord-hackers.jpg" alt="Discord hackers distribute malware that can stay persistent for months" src="https://cdn.mos.cms.futurecdn.net/cQky3vgcKgB2hQgKLThUsn.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: TheDigitalArtist - Pixabay & Discord)</span></figcaption></figure><p>On the one hand, yeah, I'd rather children growing up today didn't see all the things I saw thanks to having unfettered internet access throughout the early oughts. I'd also rather young'uns now didn't have to experience all the harassment I experienced at the hands of my own peers, newly empowered by that unfettered internet access.</p><p>On the other hand, the internet answered a lot of questions I was absolutely not going to ask my parents; when I see a vague term like "harmful content" I do have to wonder what genuinely educational resources on the wider internet—say, regarding art history or personal health—might end up age-gated because someone somewhere has decided they're tantamount to 'pornography.'</p><p>I'm only just the other side of 30, but Section 28 was still in effect for some of my school years. For those who don't know, <a href="https://www.legislation.gov.uk/ukpga/1988/9/section/28/enacted?view=plain" target="_blank">Section 28 was a law</a> that prevented schools in England, Scotland, and Wales from doing anything that could be interpreted as "intentionally [promoting] homosexuality or [publishing] material with the intention of promoting homosexuality". So, until the law was repealed in the early 2000's, a lot of schools simply pretended LGBTQIA+ folks didn't exist. The internet, for all of its faults, helped to fill that deafening silence for me.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="L45pQnt2tFgteaqo5hxhxJ" name="C (6)" alt="A screenshot of a 3D model being used to pass the DIscord age verification system" src="https://cdn.mos.cms.futurecdn.net/L45pQnt2tFgteaqo5hxhxJ.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: PromptPirate on GitHub)</span></figcaption></figure><p>Even so, I remember there being content blocks back in my day, too, and I know I found more than a few ways around those. Indeed, if we take just Discord today, our James has found <a href="https://www.pcgamer.com/hardware/brits-can-get-around-discords-age-verification-thanks-to-death-strandings-photo-mode-bypassing-the-measure-introduced-with-the-uks-online-safety-act-we-tried-it-and-it-works-thanks-kojima/" target="_blank">not one</a> but <a href="https://www.pcgamer.com/hardware/someone-has-already-made-a-free-in-browser-3d-model-to-bypass-discord-age-verification-that-works-on-any-potato-computer/" target="_blank">two</a> different ways to fool its face scans—though the platform may already be formulating a counter to these workarounds.</p><p>Shortly after <a href="https://www.pcgamer.com/hardware/discord-clarifies-it-is-not-requiring-everyone-to-complete-a-face-scan-or-upload-an-id-and-will-confirm-your-age-group-using-information-we-already-have/" target="_blank">issuing assurances</a> that not all users will even have to undergo an age check, <a href="https://support.discord.com/hc/en-us/articles/30326565624343-How-to-Complete-Age-Assurance-on-Discord" target="_blank">a since-edited support article revealed</a> that some UK users "may be part of an experiment where your information will be processed by an age-assurance vendor, Persona." Amid reports of folks easily fooling its primary third-party vendor's age verification checks, Discord may have been seeking to diversify its defences. </p><p><a href="https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/" target="_blank">Persona's investors include Peter Thiel</a>, co-founder of ICE's premier surveillance provider, Palantir. Though Persona and Palantir are two totally separate companies that do not share either data or operations, that's still a pretty grimy connection. Not least of all because earlier <em>this week</em>, the US Department of Homeland Security reportedly subpoenaed a number of major online platforms—including Discord, Reddit, Google, and Meta—in order to obtain the personal details of accountholders <a href="https://www.pcgamer.com/software/platforms/us-department-of-homeland-security-has-reportedly-demanded-personal-information-about-ices-critics-from-discord-reddit-google-and-meta-and-at-least-3-of-those-platforms-have-complied/" target="_blank">who had been critical of ICE or identified the locations of its agents</a>. We don't yet know if Discord complied, though we have reached out for comment.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="dED4RSSho7VKy6xqkS4UfM" name="discord_looking" alt="EDMONTON, CANADA - APRIL 28: An image of a woman holding a cell phone in front of the Discord logo displayed on a computer screen, on April 29, 2024, in Edmonton, Canada." src="https://cdn.mos.cms.futurecdn.net/dED4RSSho7VKy6xqkS4UfM.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Artur Widak/NurPhoto via Getty Images)</span></figcaption></figure><p>There is an even worse wrinkle in the Discord-Persona 'experiment': while Discord had previously said that data like age verification face scans would only be stored and processed on users' own devices, those who ended up part of the Persona experiment may have their information "temporarily stored for up to 7 days, then deleted."</p><p>Indeed, some security researchers are already claiming to have "<a href="https://www.therage.co/persona-age-verification/" target="_blank">found a Persona frontend exposed to the open internet on a US government-authorized server</a>."</p><p>All of that said, Persona is not part of Discord's long-term strategy, with <a href="https://kotaku.com/discord-palantir-peter-thiel-persona-age-verification-2000668951" target="_blank">the platform telling Kotaku earlier this week</a> that its dealings with the vendor were part of a "limited test" that has since been concluded. That leaves <a href="https://www.k-id.com/post/adapting-discord-for-the-uk-online-safety-act" target="_blank">K-id's on-device processing in effect</a>, but even that doesn't necessarily end the privacy nightmare. Data breaches usually leave platforms scrambling for user good will, but Discord seems all too happy to keep walking into rakes.</p><p>One could jump ship and shop around for <a href="https://www.pcgamer.com/hardware/ive-tested-three-free-discord-alternatives-in-a-desperate-attempt-not-to-offer-up-my-personal-data-just-to-talk-to-my-favorite-weirdos/" target="_blank">a free Discord alternative</a> as I recently did, but all of the platforms I tested will likely have to implement some sort of age assurance check if they haven't already in order to continue serving users based in the UK in the future. That doesn't mean I'll be letting them scan my face any time soon; <a href="https://www.pcgamer.com/hardware/brits-can-get-around-discords-age-verification-thanks-to-death-strandings-photo-mode-bypassing-the-measure-introduced-with-the-uks-online-safety-act-we-tried-it-and-it-works-thanks-kojima/" target="_blank">I may have to deploy Norman Reedus and his funky foetus before long</a> as third-party age verification vendors have done little to earn my trust or a gander at my actual face.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Security researchers claim Persona, the provider behind Discord's UK age verification 'experiment', performs '269 individual verification checks' on user data, including those for terrorism and espionage ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/security-researchers-claim-persona-the-provider-behind-discords-uk-age-verification-experiment-performs-269-individual-verification-checks-on-user-data-including-those-for-terrorism-and-espionage/</link>
                                                                            <description>
                            <![CDATA[ I'm sure this will be well-received. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">L2FwuaVtVeKysGLwoYv2v</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XnJ9Lq678VBAUso2zwfamS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 20 Feb 2026 17:45:01 +0000</pubDate>                                                                                                                                <updated>Fri, 20 Feb 2026 18:09:26 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/RqRA6M28uuy6JeF64tnvJR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XnJ9Lq678VBAUso2zwfamS-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Discord logo is displayed on a smartphone screen and on a computer screen in Athens, Greece, on April 17, 2024. (Photo Illustration by Nikolas Kokovlis/NurPhoto via Getty Images)]]></media:description>                                                            <media:text><![CDATA[The Discord logo is displayed on a smartphone screen and on a computer screen in Athens, Greece, on April 17, 2024. (Photo Illustration by Nikolas Kokovlis/NurPhoto via Getty Images)]]></media:text>
                                <media:title type="plain"><![CDATA[The Discord logo is displayed on a smartphone screen and on a computer screen in Athens, Greece, on April 17, 2024. (Photo Illustration by Nikolas Kokovlis/NurPhoto via Getty Images)]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XnJ9Lq678VBAUso2zwfamS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Discord's age verification rollout has been met with... shall we say, <em>dismay </em>by many users of the platform, with many hunting for a better, more privacy-focused <a href="https://www.pcgamer.com/hardware/ive-tested-three-free-discord-alternatives-in-a-desperate-attempt-not-to-offer-up-my-personal-data-just-to-talk-to-my-favorite-weirdos/" target="_blank">alternative</a>. </p><p>The news was even less well-received when Discord informed some UK users that they may be <a href="https://www.pcgamer.com/software/platforms/oh-good-discords-age-verification-rollout-has-ties-to-palantir-co-founder-and-panopticon-architect-peter-thiel/" target="_blank">part of an "experiment" with an age verification provider called Persona</a>, the lead investor of which, in its most recent rounds of capital funding, was a venture fund co-founded and directed by none other than <a href="https://en.wikipedia.org/wiki/Peter_Thiel" target="_blank">Peter Thiel</a>.</p><p>You know, the co-founder of Palantir, a surveillance technology firm that's been hitting headlines recently for <a href="https://www.404media.co/elite-the-palantir-app-ice-uses-to-find-neighborhoods-to-raid/" target="_blank">working on apps to help track targets of the US government's deportation efforts</a>. And claims that it may compile databases from the <a href="https://www.nytimes.com/2025/05/30/technology/trump-palantir-data-americans.html" target="_blank">private information of US citizens</a>. Naturally.</p><p>Discord later said that it <a href="https://kotaku.com/discord-palantir-peter-thiel-persona-age-verification-2000668951#:~:text=When%20asked%20for%20comment%2C%20Discord%20told%20Kotaku%20its%20work%20with%20Persona%20was%20part%20of%20a%20%E2%80%9Climited%20test%E2%80%9D%20which%20has%20since%20been%20concluded.%C2%A0" target="_blank">had concluded testing</a> with Persona's platform. Anyway, security and private data concerns around Persona's data verification efforts have been spreading, and now three security researchers say they've discovered a Persona frontend that was exposed to the open internet on a US government-authorised server (via <a href="https://www.therage.co/persona-age-verification/" target="_blank">Rage</a>).</p><p>Quoting directly from <a href="https://vmfunc.re/blog/persona" target="_blank">the researcher's blog</a>, the team says its work was supposed to be a "passive recon investigation," which quickly turned into "a rabbit hole deep dive into how commercial AI and federal government operations work together to violate our privacy every waking second."</p><p>"We didn’t even have to write or perform a single exploit, the entire architecture was just on the doorstep," claims the team. </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tv5e8eVbT7uQcLL7Dtt3bZ" name="hacking-omg.jpg" alt="Person typing on a laptop with red and blue lighting" src="https://cdn.mos.cms.futurecdn.net/tv5e8eVbT7uQcLL7Dtt3bZ.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Westend61)</span></figcaption></figure><p>"53 megabytes of unprotected source maps on a FedRAMP government endpoint, exposing the entire codebase of a platform that files Suspicious Activity Reports with FinCEN, compares your selfie to watchlist photos using facial recognition, screens you against 14 categories of adverse media from terrorism to espionage, and tags reports with codenames from active intelligence programs.</p><p>"2,456 source files containing the full TypeScript codebase," the blog continues. "Every permission, every API endpoint, every compliance rule, every screening algorithm. Sitting unauthenticated on the public internet. On a government platform no less."</p><p>Beyond the astonishing thought that such data could be accessed so easily, it certainly seems like Persona operates more deeply than anyone would reasonably expect. The researchers say that the full verification program performs 269 individual verification checks across 14 check types, including "SelfieSuspiciousEntityDetection".</p><p>"What makes a face 'suspicious?'", say the researchers. "The code doesn't say. The users aren't told."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:2560px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="yqLcfo8Hb7Kd8FVZRjVJ2B" name="death-stranding-discord-age-verification-process" alt="The process for verifying your age on Discord using Death Stranding" src="https://cdn.mos.cms.futurecdn.net/yqLcfo8Hb7Kd8FVZRjVJ2B.jpg" mos="" align="middle" fullscreen="" width="2560" height="1440" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p>What we're often told, however, is that age verification is in our best interests, <a href="https://www.gov.uk/government/news/keeping-children-safe-online-changes-to-the-online-safety-act-explained#:~:text=Age%20verification%20keeps%20children%20safe.%20Rather%20than%20looking%20for%20ways%20around%20it%2C%20let%E2%80%99s%20help%20make%20the%20internet%20a%20safer%2C%20more%20positive%20space%20for%20children%20%2D%20and%20a%20better%20experience%20for%20everyone.%20That%E2%80%99s%20something%20we%20should%20all%20aspire%20to." target="_blank">in an effort to prevent children from watching harmful content</a>. Still, it doesn't take a genius to realise that there's a whole lot more value in facial recognition data than simply verifying that someone's old enough to view adult material. </p><p>How much of this leak applies to Discord's earlier testing is unclear. However, it's an excellent example of why privacy advocates have been <a href="https://www.pcgamer.com/hardware/the-uks-new-age-verification-is-a-privacy-nightmare-but-it-doesnt-need-to-be/" target="_blank">vocally uncomfortable</a> with the idea of current digital age verification methods, and why you should be very, very picky about who you hand your data over to. If, let's be honest, anyone at all.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ LastPass responds to security research that suggested many popular password managers are vulnerable to 'a cornucopia of practical attacks' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/hardware/three-of-the-biggest-password-managers-are-vulnerable-to-a-cornucopia-of-practical-attacks-say-security-researchers/</link>
                                                                            <description>
                            <![CDATA[ Post-its still aren't a better option. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">GS3mgpPr2gyzLfHRQ6DAzN</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/T57wYtSENm7nCAGkSewHnA-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 18 Feb 2026 14:12:34 +0000</pubDate>                                                                                                                                <updated>Thu, 26 Feb 2026 11:14:00 +0000</updated>
                                                                                                                                            <category><![CDATA[Hardware]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jess Kinghorn ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/Md68GDXhupcXtwAacuPKrd.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jess has been writing about games for over ten years, spending the last seven working on print publications PLAY and Official PlayStation Magazine. When she’s not writing about all things hardware here, she’s getting cosy with a horror classic, ranting about a cult hit to a captive audience, or tinkering with some tabletop nonsense.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/T57wYtSENm7nCAGkSewHnA-1280-80.png">
                                                            <media:credit><![CDATA[Boris Zhitkov via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A stock illustration showing a human hand holding an asterisk from an encrypted password.]]></media:description>                                                            <media:text><![CDATA[A stock illustration showing a human hand holding an asterisk from an encrypted password.]]></media:text>
                                <media:title type="plain"><![CDATA[A stock illustration showing a human hand holding an asterisk from an encrypted password.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/T57wYtSENm7nCAGkSewHnA-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><strong>Original story, February 18: </strong>Despite <a href="https://www.pcgamer.com/hardware/ive-tested-three-free-discord-alternatives-in-a-desperate-attempt-not-to-offer-up-my-personal-data-just-to-talk-to-my-favorite-weirdos/" target="_blank">banging on about data privacy</a>, my password practices are perhaps not actually that secure. No, I'm not leaving them lying around on post-it notes like my office is just the latest level of an immersive sim, but a recent study suggests that cloud-based password managers ain't it either.</p><p>A number of these services tout their 'Zero Knowledge Encryption,' insisting that no one besides you, not even the service itself, can sneak a peek at the contents of your password vault—in theory, anyway. According to <a href="https://eprint.iacr.org/2026/058" target="_blank">a fresh study</a> by a team of security researchers out of ETH Zurich and Universita della Svizzera Italiana, zero knowledge encryption is far from airtight in practice (via <a href="https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/" target="_blank">Ars Technica</a>).</p><p>By closely analysing or reverse-engineering a number of different vendors—including LastPass, Bitwarden, and Dashlane—the team of researchers found "a cornucopia of practical attacks." The paper notes, "Worryingly, the majority of the [team's devised security] attacks allow recovery of passwords—the very thing that the password managers are meant to protect."</p><p>Some of the researcher's devised attacks take advantage of vulnerabilities within various password managers' key escrow mechanisms.</p><p>For instance, when an admin of a shared password vault either invites a new member or attempts to reset a member's forgotten access code, a number of 'keys' are generated. These keys are sent to the software client of the member in question. The client bundles all of these keys together and encrypts them locally before sending them back to the password manager's server.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1152px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="y5tHYXjpzvCqmzuxCVunae" name="Change your password.png" alt="An illustration featuring a noodly arm reaching down and plucking a speech bubble containing the word 'password' from a computer screen." src="https://cdn.mos.cms.futurecdn.net/y5tHYXjpzvCqmzuxCVunae.png" mos="" align="middle" fullscreen="" width="1152" height="648" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: MirageC via Getty Images)</span></figcaption></figure><p>The researchers found the resulting ciphertext is not always integrity-checked, meaning a bad actor could swoop in, swap one of the keys sent to the client out for one of their own paired keys, and then use that to decode the resulting ciphertext. This could allow someone to extract a shared vault's key, which could then be used to perform an account recovery on a targeted member of the shared vault. Key pair manipulation can also be used to decrypt and directly modify shared items within a password vault. </p><p>To return to the case of inviting a new member, the most unnerving wrinkle to the key escrow attack is that a bad actor could run rampant through a member's vault as soon as the initial invitation to join was accepted.</p><p>The team delve into a number of other potential attacks throughout the paper, targeting both multiple password managers' backwards compatible support of older versions, and even a threat model where the server is "fully malicious, meaning that it can deviate arbitrarily from its expected behaviour."</p><p>The team found, "Despite [encrypted password vault] vendors’ attempts to achieve security in this setting, we [uncovered] several common design anti-patterns and cryptographic misconceptions that resulted in vulnerabilities."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Abm28GfhcAxpwSjV6wB83W" name="password game.jpg" alt="A screenshot of The Password Game and Rule 5 which reads: The digits in your password must add up to 25." src="https://cdn.mos.cms.futurecdn.net/Abm28GfhcAxpwSjV6wB83W.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Neal Agarwal)</span></figcaption></figure><p>Long story short, either an employee working for your password manager of choice, or a malicious actor that has managed to infiltrate its servers, could potentially get more than an eyeful of your passwords. That said, I still doubt <a href="https://www.pcgamer.com/hardware/today-i-learned-motorola-was-once-developing-a-password-pill-that-turns-your-body-into-an-authentication-token-we-have-demoed-this-working-and-authenticating-a-phone/" target="_blank">Motorola's proposed 'password pill'</a> was ever the future, to say nothing of trying to keep all of your passwords memorised in your very own fallible noggin'. </p><p>But even with the paper's findings in mind, password managers are still the best way to store piles of unique passwords—though there are ways to keep your data safe without going to too much hassle. It's a good idea to have your recovery account connected to these services using a separate password that is not included within the password manager's vault, and you should also set 2FA authentication with a separate service to deal with your codes.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Thanks to Microsoft adding all those extra features to Notepad, it now unfortunately sports one more: An exploitation vulnerability with a high security rating ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/windows/thanks-to-microsoft-adding-all-those-extra-features-to-notepad-it-now-unfortunately-sports-one-more-an-exploitation-vulnerability-with-a-high-security-rating/</link>
                                                                            <description>
                            <![CDATA[ At least it's easy enough to avoid, until Notepad gets patched to fix the problem. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pik8kegy975QQunECmKZ8a</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iYJr4eoTuEtbb5DjPbSo3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 11 Feb 2026 11:12:05 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Windows]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                    <category><![CDATA[Operating Systems]]></category>
                                                                                                                    <dc:creator><![CDATA[ Nick Evanson ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/hBkuK3ByiJBMa2CMabQTAR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Nick, gaming, and computers all first met in the early 1980s. After leaving university, he became a physics and IT teacher and started writing about tech in the late 1990s. That resulted in him working with MadOnion to write the help files for 3DMark and PCMark. After a short stint working at Beyond3D.com, Nick joined Futuremark (MadOnion rebranded) full-time, as editor-in-chief for its PC gaming section, YouGamers. After the site shutdown, he became an engineering and computing lecturer for many years, but missed the writing bug. Cue four years at TechSpot.com covering everything and anything to do with tech and PCs. He freely admits to being far too obsessed with GPUs and open-world grindy RPGs, but who isn&#039;t these days?&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iYJr4eoTuEtbb5DjPbSo3-1280-80.jpg">
                                                            <media:credit><![CDATA[Microsoft]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A screenshot of Windows Notepad, demonstrating the use of tables, as created by Microsoft]]></media:description>                                                            <media:text><![CDATA[A screenshot of Windows Notepad, demonstrating the use of tables, as created by Microsoft]]></media:text>
                                <media:title type="plain"><![CDATA[A screenshot of Windows Notepad, demonstrating the use of tables, as created by Microsoft]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iYJr4eoTuEtbb5DjPbSo3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>For over four decades, Windows Notepad has been the basic text editor of choice for many a discerning PC user. In recent years, though, Microsoft has been steadily adding all kinds of features to it, turning it from a barebones word processor into something decidedly more complex. Unfortunately, the addition of formatting and tables now includes one more feature: a remote code execution vulnerability that could let hackers run all kinds of nasty stuff on your PC.</p><p>Microsoft <a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-20841" target="_blank">acknowledges the issue in its security update guide</a>, snappily labelled as CVE-2026-20841. With a common vulnerability base score of 8.8 and temporal score of 7.7, it's rated as a 'high' security problem.</p><p>Basically, it all works like this: A user opens up a Markdown file that contains an innocent-looking link in it, but upon opening said link, Notepad then starts to load and execute remote files that scrape data or do other nasty stuff with the computer. If the user has admin rights, then the attacker would have the same privileges too.</p><p>Like so many vulnerabilities of this kind, the computer would need to be connected to a network for the attacker to gain remote access, and it would only trigger if the user opened the Markdown file <em>and</em> then clicked on the link inside it. You'd think that this would mean that almost nobody would be affected by the problem, but the fact that cybercrime is such a problem these days just shows how many folks <em>would</em> be at risk.</p><p>If you're wondering what <a href="https://daringfireball.net/projects/markdown/" target="_blank">Markdown</a> is, it's a simple markup language that can be used to translate basic text into HTML, and it's what Microsoft uses to give Notepad the ability to add tables and formatting (e.g. bold or italic) to a text document. If you've ever used an app where you've added two asterisks before a word to make it go bold, then you're probably using Markdown to do this. Well, the app is, but you get what I mean.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="vNiF6r6B8zL8uCAW56VrqP" name="microsoft_windows_notepad_ai_streaming_update" alt="A screenshot of Windows Notepad, demonstrating the AI streaming ability of Copilot, as created by Microsoft" src="https://cdn.mos.cms.futurecdn.net/vNiF6r6B8zL8uCAW56VrqP.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">Notepad also has a Copilot feature, as well as Markdown support, but at least that's secure. Hopefully. </span><span class="credit" itemprop="copyrightHolder">(Image credit: Microsoft)</span></figcaption></figure><p>This security vulnerability isn't an issue with Markdown itself, just how Notepad renders it, but exactly how Microsoft will fix this isn't clear at this stage. For now, though, you <em>can</em> avoid the problem entirely by sticking to some important procedures: Do not download any file that you can't verify the integrity of its source and never click on a random link.</p><p>The good news is that there is currently no known exploitation of this vulnerability doing the rounds out in the wild, and even if there was, it's pretty straightforward to avoid putting your PC into harm's way. But given the simplicity of the hack, you'd think that Microsoft would have already thought about the possibility of it before going all willy-nilly with expanding Notepad's feature set.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Crypto scammer who reportedly stole at least $73 million through social media, calls, and dating services sentenced to a 'statutory maximum of 20 years in prison' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/crypto-scammer-who-reportedly-stole-at-least-usd73-million-through-social-media-calls-and-dating-services-sentenced-to-a-statutory-maximum-of-20-years-in-prison/</link>
                                                                            <description>
                            <![CDATA[ “While technology has made it possible for people to quickly communicate with others who live oceans away, it also has made it easier for criminals to prey on innocent victims.” ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">WikUnZKvwkjhQprMMqStr4</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/v3hhFmPBF3vevoWJZTqb7d-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 10 Feb 2026 11:14:25 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SEb5dKTVfZ5EZF4fEcqdGR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/v3hhFmPBF3vevoWJZTqb7d-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images / Anna Barclay]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[ In this photo illustration a novelty Bitcoin token is photographed on a US Dollar bank note, on January 4, 2025 in Bath, England. The Cryptocurrency market has recently received a significant boost by the election of Donald Trump with hopes of the start of a policy framework that could see Bitcoin as a strategic asset]]></media:description>                                                            <media:text><![CDATA[ In this photo illustration a novelty Bitcoin token is photographed on a US Dollar bank note, on January 4, 2025 in Bath, England. The Cryptocurrency market has recently received a significant boost by the election of Donald Trump with hopes of the start of a policy framework that could see Bitcoin as a strategic asset]]></media:text>
                                <media:title type="plain"><![CDATA[ In this photo illustration a novelty Bitcoin token is photographed on a US Dollar bank note, on January 4, 2025 in Bath, England. The Cryptocurrency market has recently received a significant boost by the election of Donald Trump with hopes of the start of a policy framework that could see Bitcoin as a strategic asset]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/v3hhFmPBF3vevoWJZTqb7d-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A crypto scammer who is accused (alongside his co-conspirators) of stealing at least $73.6 million has been sentenced to "the statutory maximum of 20 years in prison and three years of supervised release for his role in an international cryptocurrency investment conspiracy carried out from scam centers in the Kingdom of Cambodia".</p><p>42-year old Daren Li allegedly cut his ankle monitor off and fled in December 2025, and thus has been sentenced in absentia. This means he has been sentenced without being present. <a href="https://www.justice.gov/opa/pr/man-sentenced-20-years-prison-role-73-million-global-cryptocurrency-investment-scam" target="_blank">General A. Tysen Duva of the US Justice Department’s Criminal Division</a> says it "will work with our law enforcement partners around the world to ensure that Li is returned to the United States to serve his full sentence."</p><p>Li pled guilty in November, 2024, and before fleeing gave details on the methods he and his co-conspirators engaged in. According to the U.S Department of Justice:</p><p>"Li admitted that unindicted members of the conspiracy would contact victims directly through unsolicited social-media interactions, telephone calls and messages, and online dating services. The unindicted co-conspirators would gain the trust of victims by establishing either professional or romantic relationships with them, often communicating by electronic messages sent via end-to-end encrypted applications.</p><p>"These co-conspirators established spoofed domains and websites that resembled legitimate cryptocurrency trading platforms and promote fraudulent cryptocurrency investments to the victims after gaining the victims’ trust."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="KTjU4Ugt75iewBov55L2vB" name="GettyImages-1954723423" alt="A rendered concept image of an imaginary real Bitcoin against a stylized digital/electronic background" src="https://cdn.mos.cms.futurecdn.net/KTjU4Ugt75iewBov55L2vB.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: BlackJack3D via Getty Images)</span></figcaption></figure><p>Some involved in the scam would claim to be from a customer service or tech support team, and would ask for payment in the form of cryptocurrency, which could then be laundered, according to the US DoJ.</p><p>Li reportedly admitted to at least $73.6 in stolen assets, at least $59.8 million of which has been allegedly laundered by U.S shell companies. So far, eight co-conspirators have pleaded guilty. Li is said to be the "first defendant to be sentenced who was directly involved in the ultimate receipt of victim funds."</p><p>First Assistant U.S Attorney Bill Essayli for the Central District of California says , "While technology has made it possible for people to quickly communicate with others who live oceans away, it also has made it easier for criminals to prey on innocent victims." He urges "the investing public to use caution and to not talk to strangers…especially ones who solicit money online."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ New ransomware spotted with a 'coding mistake' that means even the hackers can't decrypt the files ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/new-ransomware-spotted-with-a-coding-mistake-that-means-even-the-hackers-cant-decrypt-the-files/</link>
                                                                            <description>
                            <![CDATA[ A true lose/lose situation. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4yNWbwfiCuuGC7W7C2oxGB</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 06 Feb 2026 15:41:55 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ James Bentley ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SEb5dKTVfZ5EZF4fEcqdGR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;James is a more recent PC gaming convert, often admiring graphics cards, cases, and motherboards from afar. It was not until 2019, after just finishing a degree in law and media, that they decided to throw out the last few years of education, build their PC, and start writing about gaming instead. In that time, he has covered the latest doodads, contraptions, and gismos, and loved every second of it. Hey, it’s better than writing case briefs.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg">
                                                            <media:credit><![CDATA[Bethesda]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Fallout hacking minigame]]></media:description>                                                            <media:text><![CDATA[Fallout hacking minigame]]></media:text>
                                <media:title type="plain"><![CDATA[Fallout hacking minigame]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/xKBnoERaRRpKUrwbaPyPHT-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Ransomware is a nasty bit of malware. Effectively, it locks down your device, and the only way of potentially getting access back is by paying hackers to get it removed. At least, that's what ransomware is <em>supposed </em>to be. Recently, a new one has been spotted that couldn't be removed even if the hackers  wanted to. </p><p>Nitrogen's ESXi ransomware, as spotted by <a href="https://www.coveware.com/blog/2026/2/2/nitrogen-ransomware-esxi-malware-has-a-bug" target="_blank">Coveware </a>(via <a href="https://www.theregister.com/2026/02/04/nitrogen_ransomware_broken_decryptor/?td=rt-3a" target="_blank">The Register</a>), has a "coding mistake in the ESXi malware [that] causes it to encrypt all the files with the wrong public key, irrevocably corrupting them."</p><p>Effectively, once ransomware gets into your device (often via suspicious links or PC vulnerabilities), it then encrypts your valuable files and stores a randomly generated key that only it knows. That key can then be used to decrypt files. It's like someone who spots you removing your lock from a locker and putting theirs on instead. Thus, affected users are forced to fork out cash to bad actors on the chance they can actually get the files back. </p><p>Coveware points out that when the public key is accessed, the ransomware mistakenly overwrites the first four bytes of the key, which means "no one actually knows the private key that goes with the corrupted public key." Modern-day encryption relies on having a public key and secret private key, both required to unlock a device. Without both parts, the data cannot be accessed. There's no point guessing, either, as the whole point is it would take a computer an impossible amount of time to brute force unlock the data.</p><p>Essentially, even if you pay the ransom, the hackers are incapable of getting back into your files. Though even if Nitrogen can't get your files back, that likely won't stop them from asking for payment if they get into your device. </p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="SM8hnsh8PPqNMXUJSPvVmW" name="AMD Hack Password.jpg" alt="Computer code and text displayed on computer screens. Photographer: Chris Ratcliffe/Bloomberg" src="https://cdn.mos.cms.futurecdn.net/SM8hnsh8PPqNMXUJSPvVmW.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Chris Ratcliffe/Bloomberg via Getty Images)</span></figcaption></figure><p>This ransomware is reportedly a coding offshoot of the Conti 2 builder code. Conti is a type of Malware from the hacking group 'Wizard Spider' that was created in 2019. In 2022, a splintering of the group formed due to political differences over the Russian invasion of Ukraine and a leak of the builder code happened as a result. </p><p>There's no word yet on how widespread this specific offshoot of the builder code is, but its target is VMware ESXi hypervisors. Being software that runs and manages virtual machines, it could mean a virus gains access to not just a device but a mass of devices. That being said, it's a lot more niche than a more traditional virus. </p><p>Naturally, there's no way of guaranteeing a hacker will obey the contract you've made with them, even if they're capable of getting into files. And, as a result, the best way to prevent ransomware from destroying your files is to try not download any weird gunk on the internet to begin with.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The Notepad++ website was hijacked by 'malicious actors' last year and security researchers are picking through the wreckage ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/the-notepad-website-was-hijacked-by-malicious-actors-last-year-and-security-researchers-are-picking-through-the-wreckage/</link>
                                                                            <description>
                            <![CDATA[ That lizard sure looks shocked. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ic72e7k4RcsJfzGmzV7Tuf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/hRk8nxfHwtBGYS6MgLBhxP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 03 Feb 2026 16:40:27 +0000</pubDate>                                                                                                                                <updated>Tue, 03 Feb 2026 16:40:35 +0000</updated>
                                                                                                                                            <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/RqRA6M28uuy6JeF64tnvJR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/hRk8nxfHwtBGYS6MgLBhxP-1280-80.jpg">
                                                            <media:credit><![CDATA[Notepad++]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Notepad++ logo, depicting a green frog on a yellow pencil]]></media:description>                                                            <media:text><![CDATA[The Notepad++ logo, depicting a green frog on a yellow pencil]]></media:text>
                                <media:title type="plain"><![CDATA[The Notepad++ logo, depicting a green frog on a yellow pencil]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/hRk8nxfHwtBGYS6MgLBhxP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Popular open source text editor Notepad++ experienced a significant security breach last year, and now its developer has <a href="https://notepad-plus-plus.org/news/hijacked-incident-info-update/" target="_blank">given an update</a> regarding the attack. </p><p>It's believed that, between June and November 10/December 2, 2025 (independent security experts and its hosting provider disagree on the exact timings), a shared hosting server was compromised, allowing attackers to redirect Notepad++ update traffic to malicious servers.</p><p>"According to the analysis provided by security experts, the attack involved infrastructure-level compromise that allowed malicious actors to intercept and redirect update traffic destined for notepad-plus-plus.org." says a statement on the now-secure website.</p><p>"The exact technical mechanism remains under investigation, though the compromise occurred at the hosting provider level rather than through vulnerabilities in Notepad++ code itself."</p><p>The update goes on to say that "Multiple independent security researchers have assessed that the threat actor is likely a Chinese state-sponsored group, which would explain the highly selective targeting observed during the campaign."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:6998px;"><p class="vanilla-image-block" style="padding-top:56.26%;"><img id="dcBbYJeH9xN4gK6jiyhNNm" name="hacker-green-code" alt="Hacker, IT and person with code on computer, programming and phishing scam with malware or virus." src="https://cdn.mos.cms.futurecdn.net/dcBbYJeH9xN4gK6jiyhNNm.jpg" mos="" align="middle" fullscreen="" width="6998" height="3937" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: seksan Mongkhonkhamsao @ Getty Images)</span></figcaption></figure><p>According to <a href="https://www.rapid7.com/blog/post/tr-chrysalis-backdoor-dive-into-lotus-blossoms-toolkit/" target="_blank">cybersecurity firm Rapid7</a>, the attack can be contributed to Chinese APT group <a href="https://attack.mitre.org/groups/G0030/" target="_blank">Lotus Blossom</a>, a threat actor that has been known to perform "targeted espionage campaigns" primarily impacting organisations across Southeast Asia and Central America. The custom backdoor used in the attack has since been dubbed "Chrysalis", and explaining its methodology is where I start to get lost, so I'll quote directly from the Rapid7 report instead:</p><p>"Its wide array of capabilities indicates it is a sophisticated and permanent tool, not a simple throwaway utility. It uses legitimate binaries to sideload a crafted DLL with a generic name, which makes simple filename-based detection unreliable. </p><p>"It relies on custom API hashing in both the loader and the main module, each with its own resolution logic. This is paired with layered obfuscation and a fairly structured approach to C2 communication."</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1024px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="DSMgNiFu8DsMe3DsBzQnVY" name="Security.jpg" alt="Security Padlock" src="https://cdn.mos.cms.futurecdn.net/DSMgNiFu8DsMe3DsBzQnVY.jpg" mos="" align="middle" fullscreen="" width="1024" height="576" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Pixabay)</span></figcaption></figure><p>Of course, of course. However, Rapid7's main concern appears to be what Chrysalis, and other tools and methods used in the attack, says about Lotus Blossom's newfound capabilities:</p><p>"While the group continues to rely on proven techniques like DLL sideloading and service persistence, their multi-layered shellcode loader and integration of undocumented system calls (NtQuerySystemInformation) mark a clear shift toward more resilient and stealth tradecraft," says the firm.</p><p>"This demonstrates that Lotus Blossom is actively updating their playbook to stay ahead of modern detection."</p><p>Gulp. So, while the Notepad++ developer has since switched to a different hosting provider (with what are described as "significantly stronger security practices"), it seems that Lotus Blossom is gaining strength—and some hosting providers are falling victim to its modern methods. Sleep tight, website.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ 'An unprecedented bombardment': Cloudflare claims a new world record for a 31.4 Tbps DDoS botnet attack it recorded late last year ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/an-unprecedented-bombardment-cloudflare-claims-a-new-world-record-for-a-31-4-tbps-ddos-botnet-attack-it-recorded-late-last-year/</link>
                                                                            <description>
                            <![CDATA[ "The largest attack ever disclosed publicly." ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">gA5y66Z7PW5hoo98zUpfTd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/HXaXfqmUT6QkLiXhAhFbRb-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 29 Jan 2026 14:51:59 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Andy Edser ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/RqRA6M28uuy6JeF64tnvJR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/HXaXfqmUT6QkLiXhAhFbRb-1280-80.jpg">
                                                            <media:credit><![CDATA[ArtemisDiana via Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A stylized illustration of a global network of servers, showing lines connecting computing towers]]></media:description>                                                            <media:text><![CDATA[A stylized illustration of a global network of servers, showing lines connecting computing towers]]></media:text>
                                <media:title type="plain"><![CDATA[A stylized illustration of a global network of servers, showing lines connecting computing towers]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/HXaXfqmUT6QkLiXhAhFbRb-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cloudflare has sent us a copy of its quarterly DDoS threat report, and it makes for hair-raising reading. The gigantic CDN provider claims that it recorded "an unprecedented bombardment" from a botnet in the fourth quarter of 2025, resulting in a DDoS attack that peaked at 31.4 Terabits a second.</p><p>Cloudflare claims that this is "the largest attack ever disclosed publicly", and "a new world record". The attack is said to have been launched by the Aisuru/Kimwolf botnet against Cloudflare customers and its infrastructure, with the campaign itself dubbed "The Night Before Christmas".</p><p>The campaign is believed to have begun on December 19, 2025, and it's said that over 94% of the attacks delivered between one and five billion packets of unwanted traffic per second, with 58% of those lasting between one and two minutes. </p><p>It appears that similar attacks are on the rise, with Cloudflare claiming that in the final quarter of 2025, the amount of DDoS attacks overall grew by 31% quarter-over-quarter and 58% year-over-year.</p><p>Telecommunications providers are believed to have borne the brunt of so-called "hyper-volumetric" attacks, with 42% pointing their way. 15% are said to have targeted information technology and services providers, while a mere 2% affected gaming. Small mercies, I guess, although Arc Raiders developer Embark has recently complained of <a href="https://www.pcgamer.com/games/third-person-shooter/arc-raiders-has-been-hit-with-extensive-and-coordinated-ddos-attacks-as-embark-reassures-players-that-it-is-working-hard-to-mitigate-the-issues/" target="_blank">an "extensive" coordinated DDoS attack</a> this week, which suggests that modern gaming providers are far from immune.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:1920px;"><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tv5e8eVbT7uQcLL7Dtt3bZ" name="hacking-omg.jpg" alt="Person typing on a laptop with red and blue lighting" src="https://cdn.mos.cms.futurecdn.net/tv5e8eVbT7uQcLL7Dtt3bZ.jpg" mos="" align="middle" fullscreen="" width="1920" height="1080" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Westend61)</span></figcaption></figure><p>In terms of the most attacked locations for DDoS attacks in Q4 of 2025, China, Hong Kong, Germany, and Brazil make up the top four, with the US coming in fifth, just ahead of the UK. In terms of the geographical sources of the attacks, the report claims that Bangladesh tops the list, with Ecuador, Indonesia, Argentina and Hong Kong making up the rest of the top five. </p><p>The report highlights that the top 10 list of attack source networks "reads like a list of internet giants", stating that:</p><p>"The common thread is clear: threat actors are leveraging the world's most accessible and powerful network infrastructure, primarily large, public-facing services."</p><p>Cloud computing providers like DigitalOcean, Microsoft, Tencent, Oracle and Hetzner are claimed to be the largest sources of DDoS attacks, "demonstrating the strong link between easily-provisioned virtual machines and high-volume attacks".</p><p>Ah, it's a scary digital world out there. By the looks of this data, it seems it might not be long before this new record is broken, although Cloudflare says that over 50% of HTTP DDoS attacks were detected and mitigated by its new real-time botnet detection system. So, it's the same old game of cat and mouse—but this particular squeaker seems to be getting larger every year.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ There's a hot new personal AI in town that can send texts, check your calendar, come up with business ideas, spend your money and leak your data—all depends on how you use it ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/ai/theres-a-hot-new-personal-ai-in-town-that-can-send-texts-check-your-calendar-come-up-with-business-ideas-spend-your-money-and-leak-your-data-all-depends-how-you-use-it/</link>
                                                                            <description>
                            <![CDATA[ Techfluencers everywhere are fawning over Moltbot, AKA Clawdbot, but I'm not convinced. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vjqoASvzqkG5prFnPSffBm</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/y3skGssDdn9BVoUxXk8kJB-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 28 Jan 2026 16:57:13 +0000</pubDate>                                                                                                                                <updated>Wed, 28 Jan 2026 17:41:37 +0000</updated>
                                                                                                                                            <category><![CDATA[AI]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jacob Fox ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/kwSjjnBRtitBmscifdHJ7R.png ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Jacob got his hands on a gaming PC for the first time when he was about 12 years old. He swiftly realised the local PC repair store had ripped him off with his build and vowed never to let another soul build his rig again. With this vow, Jacob the hardware junkie was born. Since then, Jacob&#039;s led a double-life as part-hardware geek, part-philosophy nerd, first working as a Hardware Writer for PCGamesN in 2020, then working towards a PhD in Philosophy for a few years while freelancing on the side for sites such as TechRadar, Pocket-lint, and yours truly, PC Gamer. Eventually, he gave up the ruthless mercenary life to join the world&#039;s #1 PC Gaming site full-time. It&#039;s definitely not an ego thing, he assures us.&lt;/p&gt; ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/y3skGssDdn9BVoUxXk8kJB-1280-80.jpg">
                                                            <media:credit><![CDATA[Moltbot]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Moltbot logo on a computer screen, plus a catchphrase underneath.]]></media:description>                                                            <media:text><![CDATA[The Moltbot logo on a computer screen, plus a catchphrase underneath.]]></media:text>
                                <media:title type="plain"><![CDATA[The Moltbot logo on a computer screen, plus a catchphrase underneath.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/y3skGssDdn9BVoUxXk8kJB-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Clawdbot—sorry, <em>Moltbot—</em>is everywhere right now, assuming your algorithms are vaguely tech-adjacent. It's an AI bot that claims to be able to do stuff. Lots of stuff. Of course, alongside such extravagant promises are a whole host of potential security and privacy concerns.</p><p>According to its website, which can still be found at <a href="https://clawd.bot/" target="_blank">clawd.bot as well as molt.bot</a>—Claude-owner Anthropic forced the AI bot to change its name because of trademark issues—it says that it's "the AI that actually does things: clears your inbox, sends emails, manages your calendar, checks you in for flights. All from WhatsApp, Telegram, or any chat app you already use."</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">🦞 BIG NEWS: We've molted!Clawdbot → MoltbotClawd → MoltySame lobster soul, new shell. Anthropic asked us to change our name (trademark stuff), and honestly? "Molt" fits perfectly - it's what lobsters do to grow.New handle: @moltbotSame mission: AI that actually does…<a href="https://twitter.com/cantworkitout/status/2016058924403753024">January 27, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>In fact, it's generated so much hype right now that <a href="https://www.marketwatch.com/story/cloudflares-stock-pops-on-viral-moltbot-heres-how-a-cybersecurity-company-became-the-newest-ai-winner-22e66a6a" target="_blank">Cloudflare recently saw its stocks shoot up</a> as a result, because its CDNs could help bolster the kinds of fast connections needed for Moltbot to function well. Stocks have since started to dip again, though. </p><p>So, what's all the fuss about? Well, it's such a big deal because you can use it to, erm, remotely play YouTube videos, I guess?</p>                    <div class= "tiktok-wrapper" style="min-height: 750px;"><blockquote class="tiktok-embed" cite="https://www.tiktok.com/@nickvasiles/video/7598652601214717197" data-video-id="7598652601214717197" style="max-width: 605px; min-width: 325px;">                        <section>                            <a target="_blank" title="@nickvasiles" href="https://www.tiktok.com/@nickvasiles">@nickvasiles</a>                            <p></p><a target="_blank" title="♬ original sound - Nick Vasilescu" href="https://www.tiktok.com/music/original-sound-7598652699164429069">♬ original sound - Nick Vasilescu</a></section>                    </blockquote></div>                <p>At least, that seems to be the way that many who are dipping their toes into the AI sphere are talking about it. Really, though, the idea is much more than that. The bot is essentially meant to act as a middleman between all of your different apps/accounts and your AI chatbot subscriptions—or at least as many apps and accounts you give it access to. </p><p>The end result is that you should be able speak to Moltbot via your usual messaging apps, telling it what to do, and it can go and do these things in the background as long as you've linked it up with all the apps and services it might need to get the job done. It's also supposed to have leeway to be proactive in what it does to help you.</p><p>Part of what seems so appealing about it, at least for me, is that Moltbot itself runs locally, on whatever device you want. Or a cloud server of your choice if you choose to go down that route. It sits on a machine of your choosing and stores all its 'memory' persistently on there as Markdown, which initially sounds great if, like me, you're interested in having control over your data.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:865px;"><p class="vanilla-image-block" style="padding-top:56.30%;"><img id="8Xewsr4mXtPCFyzWjtwK46" name="image (2)" alt="A graphic showing what Moltbot can do." src="https://cdn.mos.cms.futurecdn.net/8Xewsr4mXtPCFyzWjtwK46.jpg" mos="" align="middle" fullscreen="" width="865" height="487" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="credit" itemprop="copyrightHolder">(Image credit: Moltbot)</span></figcaption></figure><p>In some ways it seems true that it does give you more control over this data. You can control everything about the bot locally, or through remote connection, and version control it through Git, which is great for someone like me who loves apps like <a href="https://obsidian.md/" target="_blank">Obsidian</a>. On the other hand, because it's essentially an intermediary between your apps and other AI model subscriptions, the actual brainpower that the AI is using is still non-local. </p><p>Essentially, the way this works is you follow a command-line setup to get it installed on your device, and you then have to tinker around copying tokens from all your different AI subscriptions, as well as the apps and services you want the bot to be able to interface with, and give them to the bot through its Control UI. You have your 'Gateway', which is the device that houses Moltbot, and its Control UI, which you jump onto to manage all these app connections and so on. </p><p>But once it's all set up, you can interact with it through your usual messaging apps like WhatsApp or Discord.</p><p>Of course, you <em>could </em>use this to turn on YouTube videos remotely, but that would be missing the point. The best I've seen an actual use case put across is by <a href="https://www.youtube.com/watch?v=U8kXfk8enrY" target="_blank">SaaS-maker Alex Finn talking to entrepreneur Greg Isenberg</a>:</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="low" data-lazy-src="https://www.youtube-nocookie.com/embed/U8kXfk8enrY" allowfullscreen></iframe></div></div><p>"You are going to have an AI employee that's tracking trends for you, building you product, delivering you news, creating you content, running your whole business … You're going to be running a business by yourself with AI employees … It's for people who want to actually improve their life, get more productivity, and not just kind of have a Tamagotchi toy."</p><p>"I talked about the fact that I'm buying a Mac Studio to run it on in the next couple of weeks, and so it started going and it started looking at different ways to run local models on a Mac Studio, overnight, while I was sleeping, without me asking, and it created an entire report for that."</p><p>In other words, you can treat it like an actual employee, discuss your goals and so on, and set it up in a way as to be proactive and suggest ideas and do research for you, then brief you on what it's done. Moltbot even took the initiative to code a new feature for his software based on a new trend that it spotted on X.</p><p>Naturally, this could all add up to a lot of AI 'brainpower' that you're paying for, ie, a lot of tokens, as this guy found out:</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="low" data-lazy-src="https://www.youtube-nocookie.com/embed/9fcoCwQkFSM" allowfullscreen></iframe></div></div><p>Finn argues that this is something that needs to be considered and accounted for when you set it up. Apparently there are ways to limit what Moltbot uses its tokens for, but I reckon I'd be a little worried each night as I went to bed that I would wake up to a big bill.</p><p>Of course, for Finn, these costs are slim anyway considering he envisions such AI bots acting as actual employees; it's much less than a salary.</p><p>Finn also recommends being careful with what you give Moltbot access to, not giving it access to anything of critical importance. This is in response to concerns—very reasonable ones, in my opinion—over the security and privacy threats Moltbot raises.</p><h2 class="article-body__section" id="section-security-risks"><span>Security risks</span></h2><p>Let's start with the possible straight-up hacking scenario. Security researcher and hacker Jamieson O'Reilly detailed in a <a href="https://x.com/theonejvo/status/2015401219746128322" target="_blank">lengthy X article</a> how you can use web traffic scrapers such as Shodan or Censys to spot vulnerable Moltbot Control UIs. Hundreds of publicly visible Moltbot Controls showed up on these services, and a small portion of these "ranged from misconfigured to completely exposed." </p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr">https://t.co/W75HavRqBl<a href="https://twitter.com/cantworkitout/status/2015401219746128322">January 25, 2026</a></p></blockquote><div class="see-more__filter"></div></div><p>Some have pushed back against scaremongering over this particular issue, though. <a href="https://www.youtube.com/watch?v=kSno1-xOjwI" target="_blank">Cybersecurity YouTuber Low Level</a>, for instance, points out that the vast majority of those hundreds of visible Moltbot instances that were visible couldn't actually be hacked, but were simply visible.</p><p>From my perspective, such configuration missteps in themselves don't point at a problem with Moltbot, as it's down to each user to ensure they've configured things correctly. But we'll return to that shortly.</p><p>The bigger issue, according to Low Level, is prompt injection. LLMs don't distinguish very clearly between a user command and just any old data that it feeds; that's just the nature of probabilistic machine learning models. As such, there's a chance that data from elsewhere might be used to "inject" commands to trick the AI into doing something you never wanted it to do.</p><div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="low" data-lazy-src="https://www.youtube-nocookie.com/embed/kSno1-xOjwI" allowfullscreen></iframe></div></div><p>This kind of thing is a known issue with AI. In fact, researchers have shown how <a href="https://www.miggo.io/post/weaponizing-calendar-invites-a-semantic-attack-on-google-gemini" target="_blank">Gemini can be used to inject prompts into calendar invites</a> to leak Google Calendar info (via <a href="https://mashable.com/article/google-gemini-ai-tricked-into-leaking-google-calendar-data" target="_blank">Mashable</a>). And Low Level says his producer's wife managed to trick her husband's Moltbot into thinking she was him by sending him an email, and got it to play Spotify on his Gateway computer. I don't know how much I'd be giving AI the reins for, just yet, given such issues.</p><div  class="fancy-box"><div class="fancy_box-title">AI, explained</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="eQ4QvnT5n24R9f4nQNq5MP" name="GettyImages-1245391728.jpg" caption="" alt="OpenAI logo displayed on a phone screen and ChatGPT website displayed on a laptop screen are seen in this illustration photo taken in Krakow, Poland on December 5, 2022." src="https://cdn.mos.cms.futurecdn.net/eQ4QvnT5n24R9f4nQNq5MP.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: Jakub Porzycki/NurPhoto via Getty Images)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.pcgamer.com/software/ai/general-intelligence-explained/" target="_blank"><strong>What is artificial general intelligence?</strong></a><strong>:</strong> We dive into the lingo of AI and what the terms actually mean.</p></div></div><p>To me, the real problem is that, in going viral, Moltbot is being touted by so many as the next big thing for beginners. But as the number of potential security issues as well as the level of awareness, restraint, and technical ability to prevent these issues increases, so too, I think, should the caution with which we recommend it to anyone.</p><p>Not to toot my own horn, but I'm quite techy myself, although I haven't dived too much into the AI sphere yet, and I'm hesitant to try out Moltbot for this very reason. If I can't make that choice for myself then I certainly can't recommend it to others, unless they're well-versed in all things AI, networking, and cybersecurity. That's why it's kind of frustrating that so much content surrounding Moltbot right now is touting it as something fairly beginner-friendly that can make you tons of money.</p><p>Saying that, though, I can't deny how impressive it seems to be, if we move beyond the simpler use cases. It's a bit of a mask-off moment for me, to see just what AI is now capable of when given free rein. I just wonder whether those security concerns will be ironed out in the years to come—whether it's ever truly possible to eradicate prompt injection—and whether the number of tokens required for it to be useful will make it useful for anyone other than content creators and other 'solopreneur' types.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Google says a WinRAR exploit for Windows is in 'widespread' use by government-backed threat actors 'linked to Russia and China' ]]></title>
                                                                                                                                                                                                <link>https://www.pcgamer.com/software/security/google-says-a-winrar-exploit-for-windows-is-in-widespread-use-by-government-backed-threat-actors-linked-to-russia-and-china/</link>
                                                                            <description>
                            <![CDATA[ If you are using WinRAR you definitely want to update to version 7.13. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">WWYBhKYYm4vonugtXuhUJS</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/M2BvTUBPpcWvGeQznqFSyU-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 28 Jan 2026 11:50:25 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Security]]></category>
                                                    <category><![CDATA[Software]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jeremy Laird ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/yAFomvQ2kRS39NDfXHRP7G.jpeg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/M2BvTUBPpcWvGeQznqFSyU-1280-80.jpg">
                                                            <media:credit><![CDATA[WinRAR]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[WinRAR logo on website]]></media:description>                                                            <media:text><![CDATA[WinRAR logo on website]]></media:text>
                                <media:title type="plain"><![CDATA[WinRAR logo on website]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/M2BvTUBPpcWvGeQznqFSyU-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://cloud.google.com/blog/topics/threat-intelligence/exploiting-critical-winrar-vulnerability" target="_blank">Google has warned</a> that well-known and already-patched exploit for the WinRAR file archiving and compression tool for Windows remains in "widespread, active" use by "government-backed threat actors linked to Russia and China".</p><p>Known as critical vulnerability CVE-2025-8088, the exploit identified was in July last year and was posted on the <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-8088" target="_blank">National Vulnerability Database back in August</a>. It's widely known and numerous other bodies, <a href="https://digital.nhs.uk/cyber-alerts/2025/cc-4689" target="_blank">even including the UK's NHS</a>, have registered the threat.</p><p>The exploit was actually addressed by the makers of WinRAR, RARLAB, with the <a href="https://www.win-rar.com/predownload.html?&L=0" target="_blank">7.13 update on July 30 last year</a>. Of course, that isn't going to help anyone running earlier versions of WinRAR.</p><p>As we understand it, the exploit works by concealing a malicious file within within the ADS of a decoy file in a WinRAR archive. When a user extracts the archive, the payload is saved to critical locations such as the Windows Startup folder via path traversal sequences and then automatically executes upon a machine restart.</p><p>Google says the bad guys involved include such favourites as "Russia-nexus" actors targeting the Ukrainian military, China-nexus actors exploiting the vulnerability to deliver the POISONIVY malware via a BAT file dropped into the Startup folder, which then downloads a dropper, and financially motivated hacking groups.</p><figure class="van-image-figure  inline-layout" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' style="max-width:829px;"><p class="vanilla-image-block" style="padding-top:71.53%;"><img id="KPJcUtL253JjmXhdENJaeT" name="Startup Task Manager.PNG" alt="Startup Task Manager screen shot" src="https://cdn.mos.cms.futurecdn.net/KPJcUtL253JjmXhdENJaeT.png" mos="" align="middle" fullscreen="" width="829" height="593" attribution="" endorsement="" class="inline"></p></div></div><figcaption itemprop="caption description" class=" inline-layout"><span class="caption-text">One observed exploit from the WinRAR bug is to deposit malicious files in the Windows Startup folder. </span><span class="credit" itemprop="copyrightHolder">(Image credit: Future)</span></figcaption></figure><p>Among the latter, Google says one group targets hospitality and travel sectors using phishing emails around hotel bookings. Google concludes that this WinRAR bug just goes to show the "enduring danger posed by n-day vulnerabilities."</p><p>N-day vulnerabilities, of course, are known security flaws for which patches or fixes exist. The point being, again, that patches are only of any use with actual, ya-know, <em>use</em>.</p><p>All of which means the conclusion here is fairly straightforward. Happily, it's very easy to ensure you aren't at risk from this exploit.</p><p>If you use WinRAR and haven't updated to the latest 7.13 build, do that immediately. Until then, do not pass go. Do not open any WinRAR archive, no matter its provenance. And that's really it. </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>