You are now subscribed
Your newsletter sign-up was successful
Want to add more newsletters?
Every Friday
GamesRadar+
Your weekly update on everything you could ever want to know about the games you already love, games we know you're going to love in the near future, and tales from the communities that surround them.
Every Thursday
GTA 6 O'clock
Our special GTA 6 newsletter, with breaking news, insider info, and rumor analysis from the award-winning GTA 6 O'clock experts.
Every Friday
Knowledge
From the creators of Edge: A weekly videogame industry newsletter with analysis from expert writers, guidance from professionals, and insight into what's on the horizon.
Every Thursday
The Setup
Hardware nerds unite, sign up to our free tech newsletter for a weekly digest of the hottest new tech, the latest gadgets on the test bench, and much more.
Every Wednesday
Switch 2 Spotlight
Sign up to our new Switch 2 newsletter, where we bring you the latest talking points on Nintendo's new console each week, bring you up to date on the news, and recommend what games to play.
Every Saturday
The Watchlist
Subscribe for a weekly digest of the movie and TV news that matters, direct to your inbox. From first-look trailers, interviews, reviews and explainers, we've got you covered.
Once a month
SFX
Get sneak previews, exclusive competitions and details of special events each month!
Minecraft server admins better lock up their Echo Shards because this newsroom is about to get deep and dark. According to the Minecraft Malware Prevention Alliance (MMPA)—yep, that's a thing—users have spotted a vulnerability affecting a whole lot of Minecraft servers, citing many popular mods able to be exploited by hackers looking to take over players' machines.
"This vulnerability is well known in the Java community, and has been fixed before in other mods," the MMPA blog post notes (via Tom's Hardware). It's not a new thing, then. Though the post makes it clear that "none have been of this scale in the Minecraft community."
One Computer Science student, known as Dogboy21 on GitHub, spotted something like 36 mods that are vulnerable to the so-called Bleeding Pipe exploit. They warn that, right now: "It is completely dangerous to play with unpatched mods currently."
"Attackers already attempted (and succeeded in some cases) Microsoft access token and browser session steals. But since they can literally execute any code they want on a target system, the possibilities are endless."
Best CPU for gaming: The top chips from Intel and AMD.
Best gaming motherboard: The right boards.
Best graphics card: Your perfect pixel-pusher awaits.
Best SSD for gaming: Get into the game ahead of the rest.
The exploit utilises a Java deserialization attack/gadget chain that's able to take advantage of "unsafe use of the Java serialization feature in network packets sent by servers to clients or clients to servers."
Thankfully Dogboy21 (what a name) has been working together with other helpful users to offer a fix on their GitHub page.
Mods such as EnderCore, AetherCraft mode, LogisticsPipes, Immersive Armors and ttCore are just a few of those affected, though the Git page warns users to "KEEP IN MIND THAT THIS LIST IS DEFINITELY NOT COMPLETE", beside the (mostly) full list.
