Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereferencing in steamrecv,sendreport It is possible for a malicious device to fail to submit a Feature Report. The HID Steam driver currently does not handle this situation and dereferences the...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: HID: hid-steam – Fixed a use-after-free issue when removing a device. When a hid-steam device is removed, it must clean up the clienthdev that was used to intercept hidraw access. This can result in deferred tasks being scheduled...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Added support for Van Gogh SoC. The ROG Xbox Ally non-X SoC features an architecture similar to the Steam Deck. While the Steam Deck supports S3 mode s2idle causes a crash, this feature was removed from the...

Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are...

A week in security (June 8 – June 14)

Last week on Malwarebytes Labs: Stolen iPhones could soon be worth a lot less to thieves Fake verification pages are stealing Steam accounts from players Google can be liable for false AI Overviews, court rules VRChat says reported data breach never happened Children’s phones must block nude imag...

Fake verification pages are stealing Steam accounts from players

Online gamers should watch out for a convincing scam that aims to steal your Steam account. The scam uses fake FACEIT verification pages that look legitimate, complete with official branding, working links, and what appears to be a real Steam login window. By the time it asks for your password,...

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator

An INTERPOL-led operation last month resulted in the disruption of Sniper Dz , a decade-long phishing-as-a-service PhaaS platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle...

New WordPress Malware Uses Steam Profile Comments to Hide C2 Instructions

GoDaddy researchers found WordPress malware using Steam Community profile comments to hide encoded command and control data, with nearly 1,980 sites affected...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/fence: Fixed an oops due to incorrect initialization of drmsched before its fini. Currently, amdgpu calls drmschedfini from the fence driver’s fini routine. Such a call is expected to occur only after the respective in...

ai.h2o:h2o-admissibleml (>=3.34.0.1 <=3.46.0.1), ai.h2o:h2o-algos (>=3.0.0.5 <=3.46.0.1) +44 more potentially affected by CVE-2026-3960 via ai.h2o:h2o-core (>=3.0.0.12 <=3.46.0.1)

ai.h2o:h2o-core MAVEN version =3.0.0.12, =3.34.0.1, =3.0.0.5, =3.0.0.5, =3.12.0.1, =3.10.0.1, =3.14.0.7, =3.16.0.1, =3.14.0.1, =3.24.0.1, =3.30.1.1, =3.26.0.4, =3.10.5.1, =3.24.0.1, =3.30.0.1, =3.34.0.3, =3.46.0.1 and more Source cves: CVE-2026-3960 Source advisory: SNYK:JAVA-AIH2O-16417170...

CVE-2026-5128

A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. In...

EUVD-2026-17075

A sensitive information exposure vulnerability exists in ArthurFiorette steam-trader 2.1.1. An unauthenticated attacker can send a request to the /users API endpoint to retrieve highly sensitive Steam account data, including the account username, password, identity secret, and shared secret. In...

CVE-2026-5128

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

CVE-2026-5128

...

CVE-2026-5128

...

CVE-2026-5128

CVE-2026-5128 affects ArthurFiorette steam-trader 2.1.1 and exposes sensitive Steam account data via the /users API endpoint without authentication, enabling retrieval of usernames, passwords, identity secrets, and shared secrets. Application logs may also disclose authentication artifacts (acces...

编号撤回

Steam Trader is a multi-account automatic trading tool developed by Arthur Fiorette personally. This CVE number has been withdrawn...

PT-2026-29007

Name of the Vulnerable Software and Affected Versions ArthurFiorette steam-trader version 2.1.1 Description A sensitive information exposure issue exists. An unauthenticated attacker can send a request to the /users API endpoint to retrieve sensitive Steam account data, including the account...

FBI Investigates Steam Games Linked to Malware and Crypto Wallet Theft

FBI warns gamers after malware hidden in several Steam games stole browser data and drained cryptocurrency wallets between May 2024 and January 2026...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004879)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004879 advisory. In the Linux kernel, the following vulnerability has been resolved: HID: steam: Prevent NULL pointer dereference in steamrecv,sendreport It is possible for a malicio...