Highly anticipated: FromSoftware president Hidetaka Miyazaki recently said that the company had no plans for a sequel to the enormously successful Elden Ring. Of course, that doesn't rule out other projects related to the IP. A trailer at The Game Awards revealed that Miyazaki was teasing an upcoming multiplayer spin-off. FromSoftware unveiled Elden Ring Nightreign at the 2024 Game Awards this week. The standalone co-op spin-off of one of the most popular PC games launches in 2025, with a network test scheduled for February.This year's Game Awards hosted several surprising world premiere trailers, but Elden Ring Nightreign might be one of the most unusual. Multiplayer has always been a crucial component of FromSoftware's "Souls" games, but a co-op-focused spin-off is somewhat new for the company and the series.The game has teams of up to three players exploring Limveld, an open-world map in a universe parallel to Elden Ring's setting. Limveld shrinks each night over a three-day cycle, taking inspiration from battle royale games, with a boss appearing each night. The game has eight playable character types.Nightreign might also incorporate roguelike elements. Players can obtain relics and upgrade their characters after dying. Furthermore, the map changes with each session.Players can sign up for the February network test at Namco's website. Pricing details for the test and the finished game remain unclear, but the beta is only available for PlayStation 5 and Xbox Series consoles. The final release will also come to Steam, PlayStation 4, and Xbox One. // Related StoriesThe Game Award revealed various other upcoming titles, as well. CD Projekt Red showed off a gorgeous cinematic trailer for The Witcher 4, pre-rendered using an unidentified Nvidia graphics card, possibly the upcoming flagship GeForce RTX 5090. Sony finally announced an April 3, 2025, release date for the PC conversion of the critically acclaimed The Last of Us Part II. Sony's PC ports have maintained a reasonably good track record regarding performance and features, but TLOU2 continues a worrying trend of requiring a PSN account.Other significant surprises included a new Onimusha game, a sequel to Okami, the first new Virtua Fighter game in almost two decades, the next title from The Last of Us developer Naughty Dog, and much more.

Has it been a year already? Let's be honest. Almost nobody watches Geoff Keighley's The Game Awards because they care about the pat-on-the-back trophy presentations. We're there for the announcements and trailers. It's one of the best annual shows for giving us the latest gaming goodness in the form of a shotgun blast to the face. We sifted through the show and found some of our favorite updates and announcements. It is by no means an exhaustive list, so please forgive us if you don't see your favorite. Better yet, drop your favorite trailer or announcement in the comments for the rest of us to enjoy.We've also sprinkled in some of the award winners for the three people who care about that. So here we go, in no particular order.Intergalactic: The Heretic ProphetThe Last of US maker, Naughty Dog, surprised us with the reveal of a brand new IP. It's a sci-fi adventure with a strong female lead character named Jordan A Mun, played by Tati Gabrielle (Chilling Adventures of Sabrina). Mun is a bounty hunter looking for a criminal on a desolate planet from which nobody has escaped in 600 years. It should be a nice break from the post-apocalyptic zombie-survival series.Best Ongoing Game Hellivers 2, also Best Multiplayer GameThick as ThievesOtherSide Entertainment announced its latest project called Thick as Thieves. It's a multiplayer stealth action game with at least three playable anti-heroes trying to beat each other out of a heist. The game has an impressive production team that includes Deus Ex creator Warren Spector, Looking Glass Studios founder Paul Neurath, and Thief: The Dark Project lead Greg LoPiccolo. So we have high expectations. // Related StoriesBest Independent Game Balatro, also Best Mobile Game and Best Debut Indie GameThe Witcher 4While we knew CD Projekt Red was working on The Witcher 4, we did not really expect it to have any morsels for us this soon. It's only a cinematic trailer, so there isn't much to assume from it without further information. However, it seems Ciri is the star of the show. The trailer shows her as a full-fledged witcher sporting the Wolf School's iconic medium armor, drinking poison, and kicking monster butt. Since we did get to play a short segment of The Witcher 3 as non-witcher Ciri, CDPR likely expanded that idea. Don't be surprised if we get to play both heroes. It's just hard to imagine CDPR pushing out a enumerated Witcher game without Geralt. We shall see.Best Action Game Black Myth: Wukong, also Best Player's VoiceSplit FictionIndie studio Hazelight announced an intriguing title called Split Fiction. It's a co-op adventure that takes place in two worlds simultaneously. The split-world dynamic reminds us a lot of the 2021 split-world game Medium. However, instead of the two worlds being the real world and the spirit realm, Split Fiction worlds are sci-fi and fantasy. Unsurprisingly, it also has partner-game elements similar to Hazelight's It Takes Two. It's a unique idea that puts this one squarely on our radar.Best VR/AR Game Arkham ShadowMafia: The Old CountryWe don't have much to say about this one other than "Yay!" The Mafia franchise started in 2002 with the titular game. Mafia II launched in 2010, and Mafia III came in 2016. The entire series is excellent but should be played in order, as each subsequent title was progressively more polished than the previous. The Old Country is a prequel to the series set in the early 1900s in Sicily rather than America. If 2K Games and developer Hanger 13 continue with the trend set by its predecessors, The Old Country should be a fine addtion to the franchise.Best Community Support Baldur's Gate 3Elden Ring NightreignFollowing on the heels of the stupendously successful Elden Ring and Elden Ring: Shadow of the Erdtree, FromSoftware is taking the Souls-like in a slightly different direction in this co-op action spinoff. The trailer reminds us of other co-op games, notably the Monster Hunter series. Not much else is known about it, so we'll have to keep our earholes open for details.Best Narrative Metaphor: ReFantanzioThe Outer Worlds 2What else is there to say about this one other than "The Outer Worlds 2, Baby!" If you haven't played The Outer Worlds, what are you waiting for? It's a masterpiece from Fallout New Vegas developer Obsidian Entertainment. Many have rightfully described it as Fallout New Vegas in space. If you don't like Fallout New Vegas or The Outer Worlds, we can't be friends. Kidding. Not kidding.Best Score and Music Final Fantasy 7 RebirthBorderlands 4When Gearbox dropped its "NOT ACTUAL GAMEPLAY" teaser for Borderlands 4, it triggered millions of fans' saliva glands. The short clip gave away absolutely nothing, yet it sent folks chomping at the bit for its vague 2025 release. It was even one fan's dying wish to play it early, which Gearbox promised to see what it could do. The Game Awards gave us our first glimpse of gameplay that that fan is probably enjoying right now. Don't expect anything out-of-formula, though four new hunters, gazillions of guns, and plenty of trouble to get into and out of, as the case may be.Game of the Year Astro Bot, also Best Game Direction, Best Action/Adventure Game, Best Family GameThere were plenty of other trailers and Game Awards winners that we didn't have space for, so scrub through the full show (masthead), and let us know what you liked. Also check out our more indepth coverage of The Witcher 4 and Elden Ring Nightreign (queued to go live shortly).

Table of ContentsTable of ContentsDie Hard 2 (1990)Speed (1994)Gladiator (2000)Sometimes, the Christmas season means Christmas action movies on Hulu. Especially if the streamer has Die Hard for the holidays, as it does this year. But since everyone talks about Die Hard as a Christmas film, we decided to go with Die Hard 2 which is also set at Christmas as one of the three action movies on Hulu that you need to watch in December.Our other picks include the film that made Keanu Reeves an action star five years before The Matrix, as well as the movie that gave Russell Crowe his first and to date, only Oscar win for Best Actor.Recommended VideosNeed more recommendations? We also have guides to the best movies on Netflix, the best movies on Hulu, the best movies on Amazon Prime Video, the best movies on Max,andthe best movies on Disney+.Related20th Century StudiosTwo years after the original Die Hard, Fox contrived a reason to bring back most of the cast for Die Hard 2. Even in the film itself, John McClane (Bruce Willis) and his wife, Holly McClane (Bonnie Bedelia), cant believe that theyre both caught up in another hostage situation on Christmas Eve. Its not Johns fault, hes just too observant when he realizes that terrorists have infiltrated the airport in Washington, D.C., as part of a plot to free dictator and drug lord General Ramon Esperanza (Franco Nero).Johns personal stake in this fight is that Holly is among the passengers who cant land at the airport while the terrorists have control. And with a communication blackout in effect, theres no way to warn the pilots that landing could prove to be fatal. John is also hampered by being surrounded by strangers who dont take his warnings seriously until the terrorists plans are already well underway.Watch Die Hard 2 on Hulu.20th Century FoxSpeed had a very audacious premise that made it a hit with audiences. Officer Jack Traven (Keanu Reeves) was warned that there was a bomb on a bus by a madman, Howard Payne (Dennis Hopper). And if the bus drops under 50 miles per hour then it will explode and claim the lives of everyone on board. Director Jan de Bont did a spectacular job of making that an exciting story, and the action is still thrilling three decades later.Once Jack manages to catch up to the bus, it falls to passenger Annie Porter (Sandra Bullock) to keep the vehicle above the bombs speed limit. This turned out to be Bullocks breakthrough movie as well as Reeves first real action role. While they were trapped on the bus, Jacks partner, Detective Harry Temple (Jeff Daniels), attempts to follow the clues that Payne left behind and prevent him from detonating the bus early.Watch Speed on Hulu.DreamWorksGladiator II has done very well in theaters this year, but theres no way its going to match the Oscar glory of the original, which won Best Picture and Best Actor for Russell Crowe. As an action flick, its immaculate. Crowe portrays Maximus, a Roman general who would have been the next leader of the republic, thanks to Emperor Marcus Aurelius (Richard Harris), who loves him like a son.Marcus actual son, Commodus (Joaquin Phoenix), murders his father before this transition can happen. He also condemns Maximus to death, but only succeeds in having his family killed. Maximus survives as both a slave and a gladiator in the arena. However, Maximus warrior skills make him a hit with the Roman people, and that gives him a chance to get his revenge on the new emperor who took everything from him.Watch Gladiator on Hulu.Editors Recommendations

For the holiday season, its a great idea to take advantage of the available phone deals for an upgrade. If youre an Android fan, you should check out this offer from Best Buy for the Google Pixel 9, which was just launched a few months ago. The smartphones 128GB model is on sale with a $150 discount that brings its price down to a more affordable $649 from $799. Youre going to want to hurry with your purchase if youre interested though, as were not sure how much time is remaining before this bargain gets taken down.While the spotlight is shining mostly on its larger and more advanced siblings the Google Pixel 9 Pro and the Google Pixel 9 Pro XL the Google Pixel 9 still makes our list of the best Android phones as the best small Android phone. With a rating of 4.5 out of 5 stars, we described it as one of the best Pixel phones Google has ever made in our review. Its designed to harness the capabilities of Gemini AI, but even if you dont use the technology regularly, the Google Pixel 9 is still a great smartphone.In our Google Pixel 9 versus Google Pixel 8 comparison, the advantages of the Google Pixel 9 are evident. The redesigned frame with flattened edges makes it easier to hold, and the revamped camera bar is a striking feature that holds upgraded sensors. The screen of the Google Pixel 9 also slightly increased in size to 6.3 inches from 6.2 inches, and its much faster with the latest Google Tensor G4 processor and starting RAM of 12GB.RelatedThe Google Pixel 9 is a fantastic Android smartphone, and its an even better purchase if you can get it with Best Buys $150 discount. Instead of $799 for its 128GB model, youll only have to pay $649, which provides excellent value for your money. Theres always high demand for Google Pixel deals, and that will surely be the case for a model in the brands latest generation of smartphones. Before all the stocks that are up for sale get picked up, youre going to want to secure your own Google Pixel 9 by completing your transaction for one as soon as you can.Editors Recommendations

Mark Zuckerbergs company is siding with Elon Musk in a fight against the developer of ChatGPT.

Washington plans rules limiting semiconductor shipments to some countries accused of supplying Beijing.

Cinematic disasters, George Gershwins lyrical brother, the rise of college sports and more.

The seeds of the Wars of the Roses were planted in the reigns of Richard II, Henry IV and Henry V.

Bad case Bird flu jumps from birds to human in Louisiana; patient hospitalized This is the first human case of bird flu in Louisiana. Beth Mole Dec 13, 2024 5:28 pm | 53 Three colorized H5N1 virus particles (rod-shaped; orange) imaged by an electron microscope. With a couple genetic shifts in H5N1, the US variant could evolve into a more virulent and widespread virus. Credit: CDC/NIAID/Flickr Three colorized H5N1 virus particles (rod-shaped; orange) imaged by an electron microscope. With a couple genetic shifts in H5N1, the US variant could evolve into a more virulent and widespread virus. Credit: CDC/NIAID/Flickr Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreA person in Louisiana is hospitalized with H5N1 bird flu after having contact with sick and dying birds suspected of carrying the virus, state health officials announced Friday.It is the first human H5N1 case detected in Louisiana. For now, the case is considered a "presumptive" positive until testing is confirmed by the Centers for Disease Control and Prevention. Health officials say that the risk to the public is low but caution people to stay away from any sick or dead birds.Although the person has been hospitalized, their condition was not immediately reported. It's also unclear what kind of birds the person had contact withwild, backyard, or commercial birds. Ars has reached out to Louisiana's health department and will update this piece with any additional information.The case is just the latest amid H5N1's global and domestic rampage. The virus has been ravaging birds of all sorts in the US since early 2022 and spilling over to a surprisingly wide range of mammals. In March this year, officials detected an unprecedented leap to dairy cows, which has since caused a nationwide outbreak. The virus is currently sweeping through California, the country's largest dairy producer.To date, at least 845 herds across 16 states have contracted the virus since March, including 630 in California, which detected its first dairy infections in late August.Human casesAt least 60 people in the US have been infected amid the viral spread this year. But the new case in Louisiana stands out. To date, nearly all of the human cases have been among poultry and dairy workersunlike the new case in Louisiana and almost all have been mildalso unlike the new case. Most of the cases have involved conjunctivitispink eyeand/or mild respiratory and flu-like symptoms.There was a case in a patient in Missouri who was hospitalized. However, that person had underlying health conditions, and it's unclear if H5N1 was the cause of their hospitalization or merely an incidental finding. It remains unknown how the person contracted the virus. An extensive investigation found no animal or other exposure that could explain the infection.No human-to-human spread of H5N1 has been found in the US.Last month, an otherwise healthy teen in Canada was found to have H5N1 and was hospitalized in critical condition from the infection. It was the first H5N1 human case reported in Canada. Like the case in Missouri, investigators were not able to find an explanation of how the teen contracted the virus. The investigation has since been closed, with no additional cases having been found. Public health officials have stopped providing health updates on the case, citing the closed investigation and patient privacy.Evolving threatInfectious disease experts have recently warned that H5N1 may only need to acquire a small number of mutations to become a greater threat to humans. For example, last week, researchers published a study in Science finding that a single mutation in the H5N1 dairy strain would make it better at latching onto human cells. The more the virus circulates around us, the more opportunities it has to accumulate such mutations and adapt to infect our respiratory tracts and spread from person to person.Influenza viruses are also able to swap genetic segments with each other in a process called reassortment. As flu season begins in the US, a nightmare scenario that experts have raised is if H5N1 swaps segments with the seasonal flu, creating a new, potentially deadly virus with pandemic potential. For this to happen, a person would have to be infected with the two types of influenza viruses at the same timesomething health officials have feared could happen in dairy or poultry workers as the outbreaks continue.While the human cases of H5N1 detected this year have mostly been mild, the virus has a history of more severity. Globally, H5N1 has had a case fatality rate of 49 percent, according to data collected between 2003 and November 2024 by the World Health Organization. Why the US cases have so far been almost entirely mild is an open question.Beth MoleSenior Health ReporterBeth MoleSenior Health Reporter Beth is Ars Technicas Senior Health Reporter. Beth has a Ph.D. in microbiology from the University of North Carolina at Chapel Hill and attended the Science Communication program at the University of California, Santa Cruz. She specializes in covering infectious diseases, public health, and microbes. 53 Comments

EXPLOITING WEAK LINKS Yearlong supply-chain attack targeting security pros steals 390K credentials Multifaceted, high-precision campaign targets malicious and benevolent hackers alike. Dan Goodin Dec 13, 2024 4:46 pm | 9 Credit: Getty Images Credit: Getty Images Story textSizeSmallStandardLargeWidth *StandardWideLinksStandardOrange* Subscribers only Learn moreA sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said.The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. One is through packages that have been available on open source repositories for over a year. They install a professionally developed backdoor that takes pains to conceal its presence. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform.Unusual longevityThe objectives of the threat actors are also multifaceted. One is the collection of SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices every 12 hours. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors. The malware used in the campaign also installs cryptomining software that was present on at least 68 machines as of last month.Its unclear who the threat actors are or what their motives may be. Datadog researchers have designated the group MUT-1244, with MUT short for mysterious unattributed threat.The campaign first came to light when Checkmarx recently discovered @0xengine/xmlrpc, a package that had circulated on the NPM JavaScript repository since October 2023. @0xengine/xmlrpc, began as a benign package offering a JavaScript implementation of the widely used XML-RPC protocol and client implementation for Node.js. A screenshot showing the NPM page were @0xengine/rpcxml was available. Credit: Checkmarx Over time, the package slowly and strategically evolved into the malware it is today. A significant change eventually introduced heavily obfuscated code hidden in one of its components. In its first 12 months, @0xengine/xmlrpc received 16 updates, giving developers the impression it was a benign and legitimate code library that could be trusted in sensitive environments.MUT-1244 complemented @0xengine/xmlrpc with a second package available, which was available on GitHub. Titled yawpp and available at hxxps[:]//github[.]com/hpc20235/yawpp, the package presented itself as a tool for WordPress credential checking and content posting. Theres no malicious code in the code, but because the package requires @0xengine/xmlrpc as a dependencysupposedly because it used @0xengine/xmlrpc for XML-RPC communication with WordPress sites, the malicious package was automatically installed.The combination of regular updates, seemingly legitimate functionality, and strategic dependency placement has contributed to the packages unusual longevity in the NPM ecosystem, far exceeding the typical lifespan of malicious packages that are often detected and removed within days, Checkmarx researcher Yehuda Gelb wrote last month. The malicious functionality of the @0xengine/xmlrpc package was made all the more stealthy by remaining dormant until or unless executed through one of two vectors:Direct package users execute any command with the targets or -t flag. This activation occurs when running the packages validator functionality, which masquerades as an XML-RPC parameter validation feature.Users installing the yawpp WordPress tool from GitHub automatically receive the malicious package as a dependency. The malware activates when running either of yawpps main scripts (checker.js or poster.js), as both require the targets parameter for normal operation. The attack flow as shown in a diagram from Checkmarx. Credit: Checkmarx The malware maintained persistencemeaning the ability to run each time the infected machine was rebootedby disguising itself as a legitimate session authentication service named Xsession.auth. Every 12 hours Xsession.auth would initiate a systematic collection of sensitive system including:SSH keys and configurations from ~/.sshCommand history from ~/.bash_historySystem information and configurationsEnvironment variables and user dataNetwork and IP information through ipinfo.ioThe stolen data would then be uploaded to either an account on Dropbox or file.io. Monitoring the wallet where mined Monero cryptocurrency was deposited indicated the malware was running on machines in the real world. Screenshot showing a graph tracking mining activity. Credit: Checkmarx But wait, theres moreOn Friday, Datadog revealed that MUT-1244 employed additional means for installing its second-stage malware. One was through a collection of at least 49 malicious entries posted to GitHub that contained Trojanized proof-of-concept exploits for security vulnerabilities. These packages help malicious and benevolent security personnel better understand the extent of vulnerabilities, including how they can be exploited or patched in real-life environments.A second major vector for spreading @0xengine/xmlrpc was through phishing emails. Datadog discovered MUT-1244 had left a phishing template, accompanied by 2,758 email addresses scraped from arXiv, a site frequented by professional and academic researchers. A phishing email used in the campaign. Credit: Datadog The email, directed to people who develop or research software for high-performance computing, encouraged them to install a CPU microcode update available that would significantly improve performance. Datadog later determined that the emails had been sent from October 5 through October 21. Additional vectors discovered by Datadog. Credit: Datadog Further adding to the impression of legitimacy, several of the malicious packages are automatically included in legitimate sources, such as Feedly Threat Intelligence and Vulnmon. These sites included the malicious packages in proof-of-concept repositories for the vulnerabilities the packages claimed to exploit."This increases their look of legitimacy and the likelihood that someone will run them," Datadog said.The attackers' use of @0xengine/xmlrpc allowed them to steal some 390,000 credentials from infected machines. Datadog has determined the credentials were for use in logging into administrative accounts for websites that run the WordPress content management system.Taken together, the many facets of the campaignits longevity, its precision, the professional quality of the backdoor, and its multiple infection vectorsindicate that MUT-1244 was a skilled and determined threat actor. The group did, however, err by leaving the phishing email template and addresses in a publicly available account.The ultimate motives of the attackers remain unclear. If the goal were to mine cryptocurrency, there would likely be better populations than security personnel to target. And if the objective was targeting researchersas other recently discovered campaigns have doneits unclear why MUT-1244 would also employ cryptocurrency mining, an activity thats often easy to detect.Reports from both Checkmarx and Datadog include indicators people can use to check if they've been targeted.Dan GoodinSenior Security EditorDan GoodinSenior Security Editor Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82. 9 Comments