56 matches found
EUVD-2023-31248
Malicious code in bioql PyPI...
Inside the Multimillion-Dollar Gray Market for Video Game Cheats
Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge...
FBI Seizes Major Sites Sharing Unreleased and Pirated Video Games
FBI seizes top piracy sites leaking unreleased and pirated video games with millions of downloads and 170 million dollars in losses for developers and publishers...
This Video Game Controller Has Become the US Military’s Weapon of Choice
After decades of relying on buttons, switches, and toggles, the Pentagon has embraced simple, ergonomic video-game-style controllers already familiar to millions of potential recruits...
Xeno RAT Open-Source Trojan Sparks Alarm
Summary: The Xeno RAT, a remote access trojan RAT available on GitHub, has gained attention in the threat landscape due to its open-source nature. This C-based malware is compatible with both Windows 10 and 11, specifically targeting consumers by presenting itself as disguised binaries that...
The Israel-Hamas War Is Drowning X in Disinformation
People who have turned to X for breaking news about the Israel-Hamas conflict are being hit with old videos, fake photos, and video game footage at a level researchers have never seen...
CVE-2023-27472
quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...
Design/Logic Flaw
quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...
CVE-2023-27472 HTML tags in entity names in the tree view are not sanitised in quickentity-editor-next
quickentity-editor-next is an open source, system local, video game asset editor. In affected versions HTML tags in entity names are not sanitised XSS vulnerability. Allows arbitrary code execution within the browser sandbox, among other things, simply from loading a file containing a script tag ...
CVE-2023-27472
The CVE-2023-27472 issue affects quickentity-editor-next. It arises because HTML tags in entity names are not sanitized, enabling XSS and potentially arbitrary code execution within the browser sandbox simply by loading a file containing a script tag in an entity name. The vulnerability is mitiga...
ChromeLoader Malware Targeting Gamers via Fake Nintendo and Steam Game Hacks
A new ChromeLoader malware campaign has been observed being distributed via virtual hard disk VHD files, marking a deviation from the ISO optical disc image format. "These VHD files are being distributed with filenames that make them appear like either hacks or cracks for Nintendo and Steam games...
Rockstar Games Confirms Hacker Stole Early Grand Theft Auto VI Footage
American video game publisher Rockstar Games on Monday revealed it was a victim of a "network intrusion" that allowed an unauthorized party to illegally download early footage for the Grand Theft Auto VI. "At this time, we do not anticipate any disruption to our live game services nor any long-te...
Playing Doom on a John Deere tractor with Sick Codes: Lock and Code S03E18
In 1993, the video game developers at id Software released Doom, a first-person shooter that placed a nameless protagonist into the fiery depths of hell, equipped with an arsenal of weapons to mow down imps, demons, lost souls, and the intimidating "Barons of Hell." In 2022, the hacker Sick Codes...
A week in security (August 15 - August 21)
Last week on Malwarebytes Labs: Donut breach: Lessons from pen-tester Mike Miller: Lock and Code S03E17 Introducing Malwarebytes Cloud Storage Scanning: How to scan for malware in cloud file storage repositories JSSLoader: the shellcode edition CISA and FBI issue alert about Zeppelin ransomware H...
$6 million heist targets video game skin trading site
An incredibly popular digital item trading site has suffered a spectacular loss at the hands of wily attackers. According to Bleeping Computer, CS Money lost out on $6 million via just 20,000 pilfered items. How did this happen, and why are digital items so popular in the first place? The digitiz...
CVE-2022-31135
Akashi is an open-source Akashi/Attorney Online server. CVE-2022-31135 describes a denial-of-service condition triggered by a specially crafted evidence packet that can cause an illegal modification and crash the server. The issue affects Akashi servers and there is no publicly documented workaro...
Gaming Company Ubisoft Confirms It was Hacked, Resets Staff Passwords
French video game company Ubisoft on Friday confirmed it was a victim of a "cyber security incident," causing temporary disruptions to its games, systems, and services. The Montreuil-headquartered firm said that an investigation into the breach was underway and that it has initiated a company-wid...
Debian: Security Advisory (DSA-5075-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
The Great Christmas Download
Video game downloads and console updates helped game industry traffic peak at 125% above average on Christmas day according to Akamai, which supports more than 225 game publishers globally...
US Navy ship Facebook page hijacked to stream video games
The official Facebook page of the US Navy’s destroyer-class warship, USS Kidd, has been hijacked. According to Task & Purpose, who first reported on the incident, the account has done nothing but stream Age of Empires, an award-winning, history-based real-time strategy RTS video game wherein...