Though Resident Evil 2 remake continues to reach new sales milestones, its vastly behind Capcoms best-selling title of all time: Monster Hunter World. In its updated Platinum Titles list, the publisher confirmed 28.10 million units sold as of December 31st, 2024. Its over one million units higher since its previous sales milestone (27 million).Of course, the figure includes Monster Hunter World: Iceborne Master Edition, which bundles the base game and its expansion. The former has sold 21.30 million units on its own while Iceborne is at 14.90 million sales. Meanwhile, Monster Hunter Rise has sold 16.70 million, up from 16 million, while its Sunbreak expansion is at 9.40 million sales.Capcom is currently prepping for the launch of Monster Hunter Wilds on February 28th for Xbox Series X/S, PS5, and PC. A second open beta is scheduled for later this week, though the action RPG will receive 15 minutes of new details on February 4th, 2 PM PT.

Neopets said its comeback gathered steam in 2024. The gaming brands daily active users (DAU) reached a new recent peak of nearly 250,000 and monthly active users (MAU) surpassed 400,000. That reflects three-fold growth since the company rebooted itself in 2023 and became a new independent game studio. The numbers are the highest in the pastRead More

Nintendo to cease foreign payment on digital stores in JapanDecision made to "prevent fraudulent use" of overseas credit cards and PayPal accounts News by Sophie McEvoy Staff Writer Published on Feb. 3, 2025 Nintendo eShop and My Nintendo Store for Japan will stop accepting payments from international credit cards and PayPal accounts from March 25, 2025.In a statement posted to its support page, the decision was made to "prevent fraudulent use.""For customers who have previously used overseas-issued credit cards or PayPal accounts opened overseas, we ask that you please use other payment methods, such as credit cards issued in Japan, from now on," it said.As noted by VGC, users outside of Japan can buy games from the Japanese eShop that aren't available in their own country. The price often differs due to the exchange rate, making some titles cheaper.

Midnight Society shuts downDeadrop developer ran out of funding according to former employeeImage credit: Midnight Society News by Sophie McEvoy Staff Writer Published on Feb. 3, 2025 Deadrop developer Midnight Society has closed down.The studio announced the decision on January 30 in a post on social media, making 55 employees redundant in the process."We are actively seeking other game studios that would be interested in offering employment opportunities to our talented team members," it wrote."We express our sincere gratitude to each and every one of our community members and [are] deeply sorry we were unable to reach our ultimate goal."Level designer Brad Boice shared on LinkedIn that the team [was] given a two-day notice before the news was announced."The team at Midnight Society got our two-day notice that the studio is out of funding and everybody needs to pack up and go home," Boice wrote. "Everyone I worked with at Midnight Society was absolutely amazing at what they do and [are] now jobless. I thought we had much, much more runway with funding."Last September, Midnight Society was affected by a round of layoffs due to of "multiple unexpected challenges in recent months."In June, the developer announced it would be parting ways with co-founder and streamer Guy "Dr Disrespect" Beahm following allegations related to his 2020 Twitch ban relating to messaging a minor in 2017."In order to maintain our principles and standards as a studio and individuals, we needed to act," the studio said. "For this reason, we are immediately terminating our relationship with Guy Beahm."

Composer Winifred Phillips has been awarded a Grammy for her work on Digital Eclipse's historic remake of Wizardry: Proving Grounds of the Mad Overlord.Phillips won out in the 'Best Score Soundtrack for Video Games and Other Interactive Media' category, which was first introduced two years ago to celebrate scores created specifically for video games.Other nominees in the category at the 2025 ceremony included Pinar Toprak (Avatar: Frontiers of Pandora), Bear McCreary (God of War Ragnarok: Valhalla), John Paesano (Marvel's Spider-Man 2), and Wilbert Roget II (Star Wars Outlaws).Speaking after the show, Phillips said she was "blown away" by the win."It was so inspiring to create the music for [the game]. The team at Digital Eclipse were so inspiring to work with," she added."I really didn't expect [the win]. The category was populated with so much brilliance this year, and I have so much deep respect for the other nominees in this category. To have been recognised is just a highlight of my career. It truly is."Since the category was first introduced, Grammys have been awarded to Assassin's Creedcomposer Stephanie Economou and Star Wars Jedi: Survivor maestros Gordy Haab and Stephen Barton.

Sean Lennon (pictured) accepted the Best Rock Performance Grammy award on behalf of The Beatles.The Beatles have won their eighth competitive Grammy award thanks to a little help from artificial intelligence. The 2023 track Now and Then which Billboard reports is the first song knowingly created with AI assistance to earn a Grammy nomination was awarded Best Rock Performance on Sunday, beating out competition from Green Day, Pearl Jam, The Black Keys, Idles, and St. Vincent.The track was pieced together using a demo that John Lennon recorded in the late 1970s, with Paul McCartney, Ringo Starr, and George Harrison later providing their own contributions in the mid-90s, with the aim of including the final song in The Beatles Anthology project. Now and Then wasnt released, however, due to technical limitations at the time preventing Lennons vocals and piano from being separated from the original lo-fi demo.McCartney and Starr later managed to complete the song in 2021 with help from filmmaker Peter Jackson and his sound team, who developed machine-learning technology (a type of AI that uses algorithms to learn from data) capable of isolating and cleaning up different components of Lennons recording. This greatly differs from generative AI tech that can be used to create music that mimics an artists style and vocals, but confusion around AI terminology led to some backlash online when the track was released.To be clear, nothing has been artificially or synthetically created. Its all real and we all play on it, McCartney said in 2023, addressing speculation about AIs role in development. We cleaned up some existing recordings a process which has gone on for years.

The game director of MultiVersus has called out threats to harm developers on the game have received following the announcement of its impending shutdown.Last week, Player First Games announced that Season 5 of the Warner Bros. brawler would be its last, with the MultiVersus servers going dark this May, just one year after it relaunched. Players will still be able to access all earned and purchased content while offline via the local gameplay mode and training mode.While real-money transactions for MultiVersus are no longer available, fans can still use Gleamium and character tokens to access in-game content until support ends on May 30. MultiVersus will also be delisted from the PlayStation Store, Microsoft Store, Steam, and Epic Games Store at this time.Following the announcement, and without word of a refund policy, MultiVersus players who bought the $100 premium Founder's Pack hit out at Warner Bros. and Player First Games, with some saying they felt scammed. Based on online reports, there are a number of disgruntled customers who have character tokens that are now rendered useless, given they had already unlocked all playable characters in the game. Predictably, MultiVersus is also getting review-bombed on Steam.Tony Huynh, co-founder of Player First Games and game director of MultiVersus, tweeted to address player concerns and call out threats of violence directed at the team.Heres Huynhs statement in full:Hey all, I wanted to say a few words as I reflect on the recently announced news about MultiVersus. While I'm sad about the outcome, I will forever be grateful for the opportunity given to us by Warner Bros. Games and to each and every developer on the Player First Games and WB Games teams. Also to every IP holder thank you for entrusting us with your babies, we hope we made the characters true to themselves and felt authentic to your fans. I couldnt be prouder of the work the PFG team did. Their endless creativity and passion never ceased to inspire and amaze me. And of course I wanted to thank every player who has ever played or supported MultiVersus. Delighting and serving players is Player First Games objective.I apologize for not addressing things sooner, theres been a lot going on and Ive been focused on the game and the team, but now more-so the team.Thank you for sending us all the great fan art, character ideas, and personal stories. They were the highlight of every day and always excited the team.Im sorry if we couldnt get to your favorite character. I do think Aquaman and Lola are really cool and I hope you all check them out. Character selection comes down to bunch of things including development time, listening to what the community wants, working with IP holders and approvals, if there is a cross-marketing opportunity available to support, and of course if the team is inspired to make the character. So a lot goes into to it.For instance BananaGuard came about because the team was enthusiastic about making it and on their own produced it over the weekend as a fun, quick-to-make character. When inspiration and enthusiasm spark we want to reward that and we got BananaGuard because of that. It wasnt at the expense of another character. It was because the team was excited about making the character.I dont have the power some you think I do. PFG is a highly collaborative team and ideas are encouraged and can come from anyone and we promote delivering value to playersI also hope that the community notices that we try to listen and act. Like any developer were limited by time and resources.I know that this is painful for everyone, and I know every member of PFG feels it too, but I have to call this out, youre entitled to what you say and think, but when there are threats to harm its crossing the line. I hope that you can take a step back and realize that this is an extremely sad time for the team. I am in deep mourning for the game. Nobody wanted this outcome and it wasnt from lack of caring or effort.I sincerely hope that Season 5 is enjoyed with the time we have left and that you will all continue supporting other platform fighter and fighting games as these games have impacted me in many positive ways. Ive made so many friends and created so many great memories because of these games, and a big reason why we worked so hard at PFG was to share that with you. I hope that we played a small part and that you can look back on MVS and find some joy in the friends you made and the memories you shared.Thank you for allowing this dream to become a reality even if for a briefer time than we would have wanted. I dont know what the future holds for any of all of us, but I just wanted to say thank you. It has been an honor to work alongside the team at PFG to serve our community and players.Player First Games community manager and game developer Angelo Rodriguez Jr. took to X/Twitter to defend Huynh, stressing: Receiving threats of physical harm against him is not and will never be the way.I've legitimately been losing sleep over the past few days watching as all of these has been happening to Tony, he said.The man who would stay up past midnight with us watching streams and listened for fun ideas from the players. The man who took the time to read so many messages and respond to so many people when he didn't have to. The man who spent countless hours working with every department to try and improve things we could in the weeks we had to do it. The man who went out of his way to hire so many of us from the community and gave us a shot at being involved in something so special. Tony is not who he is being painted out to be.I know things aren't the best right now and everyone is looking for answers. Receiving threats of physical harm against him is not and will never be the way.PFG poured their heart into this game and we still hope everyone enjoys season 5. We never stopped pushing for improvements and again you will see 50 pages worth of them this season. I hope everyone can take the time to read through what Tony has to say, and I hope you will all think things through.MultiVersus demise is the latest high-profile failure for Warner Bros. Games, following Suicide Squad: Kill the Justice Leagues disastrous launch last year. Last month, the departure of Warner Bros. Games boss David Haddad was revealed after what had been a troubling 12 months for the company.Parent company Warner Bros. Discovery has said Suicide Squad: Kill the Justice Leagues failure contributed to a $200 million hit to its business, and MultiVersus added another $100 million on top. Warner Bros. Games' only new game release during the third quarter of 2024 was Harry Potter: Quidditch Champions, which failed to make an impression.Speaking in a financial call, Warner Bros. Discovery President and CEO David Zaslav said: "We recognise [the games business] is substantially underperforming its potential right now.Since then, Suicide Squad: Kill the Justice League post-launch content has come to an end with the delivery of its year one roadmap. Warner Bros. has yet to announce Rocksteadys next game, but it is reportedly helping out on a directors cut of Hogwarts Legacy. The legendary British studio has suffered a number of layoffs in recent months.There are also question marks over Mortal Kombat 1s financial performance, although NetherRealm chief Ed Boon recently announced over five million sales and teased future DLC following the release of the T-1000 Terminator guest character.During the same financial call, Zaslav said Warner Bros. was doubling down on four games: Hogwarts Legacy (a sequel is already in the works), Mortal Kombat, Game of Thrones, and DC, "in particular Batman." Warner Bros. recently published the VR game Batman: Arkham Shadow exclusively on the Meta Quest 3, and has a Wonder Woman game in the works at Monolith Productions."We are focusing our development efforts on those core franchises, with proven studios to improve our success ratio," Zaslav added.Wesley is the UK News Editor for IGN. Find him on Twitter at @wyp100. You can reach Wesley at wesley_yinpoole@ign.com or confidentially at wyp100@proton.me.

Over the weekend, Apple announced that it is making Swift Build open source. This is the build engine used by both Xcode and for the companys internal projects.Apple has also made a tiny name change to Swift Playgrounds, the app that helps people learn to code in Swift on iPad and Mac Apple makes Swift Build open sourceApple made the announcement on Saturday.As Swift expands, theres value in investing in matching cross-platform build tools that provide a powerful, consistent, and flexible experience across the ecosystem.As a foundational step in this new chapter of Swift build technologies, today Apple is open sourcingSwift Build, a powerful and extensible build engine that provides a set of build rules for building Swift projects. Swift Build is the engine used by Xcode, which supports millions of apps in the App Store as well as the internal build process for Apples own operating systems.The company said that this would remove the confusion caused by having two different build packages, and pave the way for new features.Compared to the build engine in Xcode, the build engine in Swift Package Manager is fairly simple. On Apple platforms, having two different ways to build packages has also led to user confusion when the two implementations behavior didnt match. Contributing Xcodes build engine to the Swift project and developing it in open source alongside the Swift compiler provides the tools necessary to address these problems and deliver a great builds experience to all Swift users.[This] lays the foundation to enable new features and improvements across all platforms and tools, and unlocks new performance optimizations and developer-facing features.Swift Build is now available on GitHub.Swift Playgrounds becomes Swift PlaygroundJohn Gruber spotted that Apple has also updated Swift Playground, and in the process changed it from plural to singular.Interestingdetailwith the latest update to Apples app for learning and tinkering with Swift: its now named Playground, singular, not Playgrounds, plural. Im not going to argue that much should be made of the name change, but I like it. The app is the playgrounda place for playing with Swiftnot a factory for making playgrounds.Image: AppleAdd 9to5Mac to your Google News feed. FTC: We use income earning auto affiliate links. More.Youre reading 9to5Mac experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Dont know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference. Let's take a closer look at how these efforts are shaping a safer digital world. Threat of the WeekDeepSeek's Popularity Invites Scrutiny The overnight popularity of DeepSeek, an artificial intelligence (AI) platform originating from China, has led to extensive scrutiny of its models, with several analyses finding ways to jailbreak its system and produce malicious or prohibited content. While jailbreaks and prompt injections are a persistent concern in mainstream AI products, the findings also show that the model lacks enough protections to prevent potential abuse by malicious actors. The AI chatbot has also been targeted by what the company said were "large-scale malicious attacks," prompting it to temporarily limit user registrations. The service has since been banned in Italy over data protection concerns. Texas Republican Governor Greg Abbott has also issued a ban on DeepSeek for government-issued devices. Top NewsLaw Enforcement Operation Takes Down Illicit Cybercrime Services A series of law enforcement operations have taken down various online marketplaces such as Cracked, Nulled, Sellix, StarkRDP, and HeartSender that sold hack tools, illegal goods, and crimeware solutions. Millions of users are estimated to have been impacted, earning the threat actors hundreds of thousands of dollars in illegal revenues.Apple Fixed an Actively Exploited Zero-Day Apple released software updates for iOS, iPadOS, macOS, tvOS, visionOS, and watchOS to address a zero-day vulnerability (CVE-2025-24085) that it said has been exploited in the wild. The flaw is a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges. There are currently no details available on how it has been weaponized in real-word attacks, who may have been targeted, and the scale of the attacks.New WhatsApp Spyware Campaign Targets 90 Individuals Meta-owned WhatsApp disclosed it disrupted a campaign that involved the use of spyware owned by an Israeli company named Paragon Solutions to target about 90 journalists and civil society members. The attack chain is said to be zero-click, meaning the deployment of the spyware occurs without requiring any user interaction. The company noted the targets were spread across over two dozen countries, including several in Europe. The development marks the first time Paragon, which claims to provide "ethically based tools" to "disrupt intractable threats," has been linked to spyware misuse.Patched Mitel Flaw Exploited by Aquabot A Mirai botnet variant dubbed Aquabot is actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a rogue network capable of mounting distributed denial-of-service (DDoS) attacks. The flaw (CVE-2024-41710), a command injection vulnerability that allows for arbitrary command execution within the context of the phone, was addressed by Mitel in July 2024.UAC-0063 Uses Stolen Docs to Target Other Victims A hacking group tracked as UAC-0063 has been linked to a series of attacks that involve the use of documents stolen from one victim as lures to target others and infect them with a known loader malware called HATVIBE. The attacks have also involved the deployment of a newly discovered USB data exfiltrator codenamed PyPlunderPlug in at least one incident targeting a German company in mid-January 2023. Trending CVEsYour go-to software could be hiding dangerous security flawsdon't wait until it's too late! Update now and stay ahead of the threats before they catch you off guard.This week's list includes CVE-2025-0626, CVE-2024-12248, CVE-2025-0683 (Contec CMS8000), CVE-2025-22217 (Broadcom VMware Avi Load Balancer), CVE-2025-22218, CVE-2025-22219, CVE-2025-22220, CVE-2025-22221, CVE-2025-22222 (Broadcom VMware Aria Operations and Aria Operations for Logs), CVE-2024-55415, CVE-2024-55416, CVE-2024-55417 (PHP Voyager), CVE-2025-22604 (Cacti), CVE-2024-40891 (Zyxel), CVE-2025-23040 (GitHub Desktop), CVE-2024-52012 (Apache Solr), CVE-2025-0065 (TeamViewer), CVE-2024-12647, CVE-2024-12648, CVE-2024-12649 (Canon Laser Printers and Small Office Multifunctional Printers), CVE-2025-0493 (MultiVendorX plugin), CVE-2024-12822 (Media Manager for UserPro plugin), CVE-2025-0851 (Deep Java Library), CVE-2025-20061, CVE-2025-20014 (mySCADA myPRO), CVE-2024-13448 (ThemeREX Addons plugin), CVE-2025-0357 (WPBookit plugin), CVE-2024-1354 (Bootstrap Ultimate theme), CVE-2024-56404 (One Identity Identity Manager), CVE-2024-53299 (Apache Wicket), and CVE-2024-12857 (AdForest theme). Around the Cyber WorldMicrosoft Previews Scareware Blocker in Edge Microsoft said it's adding a new scareware blocker to its Edge browser to defend against tech support scams that use fake web pages to fool victims into thinking that their systems are infected with malware, and persuade them to either call a fake support number or gain unauthorized access to their systems. "Scareware blocker uses a machine learning model to recognize the tell-tale signs of scareware scams and puts users back in control of their computer," the company said. "The model uses computer vision to compare full screen pages to thousands of sample scams that the scam-fighting community shared with us. The model runs locally, without saving or sending images to the cloud." Last year, the U.S. Federal Trade Commission (FTC) fined two tech support firms Restoro and Reimage $26 million over charges that they lured consumers with fake Microsoft Windows pop-ups, stating their computers were compromised with viruses. The development comes as Microsoft said it's continuing to roll out safeguards against brand impersonation attempts in Teams, a technique adopted by various threat actors for malware propagation.Brazil Bans Tools for Humanity From Paying People for Iris Scans Brazilian data privacy regulators have prohibited Tools for Humanity (TFH), a biometric identity company co-founded by OpenAI CEO Sam Altman, from offering compensation to citizens for iris scans, saying such data collection practice interferes with a person's decision to grant consent for access to sensitive personal data. "Consent for the processing of sensitive personal data, such as biometric data, must be free, informed, unequivocal and provided in a specific and highlighted manner, for specific purposes," the National Data Protection Authority (ANPD) said. TFH told The Record that it follows all laws and regulations in the country. The ban coincided with a complaint filed by the European Consumer Organisation (BEUC), criticizing Meta for its pay or consent policy and for failing to give users a fair choice.New Research Uncovers Intel TDX Vulnerability Intel Trust Domain Extensions (TDX) has become a crucial CPU-level technology aimed at strengthening the isolation and security guarantees of virtual machines to protect sensitive data and applications from unauthorized access. This also means that vulnerabilities discovered in the technology can undermine its confidentiality and integrity objectives by breaching the isolation between the Virtual Machine Manager (VMM) and Trust Domains (TDs). A new study by a group of researchers from the Indian Institute of Technology Kharagpur and Intel has uncovered a critical flaw in TDX's Performance Monitoring Counters (PMC) virtualization that breaks the isolation between the VMM and TD, as well as between different TDs running concurrently on the same system. "In a particular scenario where the VMM and a TD are co-located on the same core, resource contention arises, exposing the TD's computation patterns on PMCs collected by the VMM for its own processes making PMC virtualization ineffective," the study said.Threat Actor Infects Over 18K Devices Using Trojanized RAT Builder An unknown threat actor is going after script kiddies to trick them into downloading a trojanized version of the XWorm RAT builder via GitHub repositories, file-sharing services, Telegram channels, and YouTube videos to compromise over 18,459 devices globally. The top countries impacted include Russia, the U.S., India, Ukraine, and Turkey. "The malware uses Telegram as its command-and-control (C&C) infrastructure, leveraging bot tokens and API calls to issue commands to infected devices and exfiltrate stolen data," CloudSEK researcher Vikas Kundu said. The malicious operation, however, has been disrupted by taking advantage of the malware's kill switch to issue an "/uninstall" command over Telegram. It's worth noting that machines that were not online when the command was sent remain compromised.Researchers Detail Browser Syncjacking Technique A new attack method called Browser Syncjacking shows that it's possible to take control of a victim's device by installing a seemingly innocuous Chrome browser extension, highlighting how add-ons could become lucrative low-hanging fruits for attackers. It involves a series of steps that begins with the adversary creating a malicious Google Workspace domain and setting up several user profiles under it without any security features. The adversary then publishes an extension to the Web Store and tricks victims into installing it using social engineering techniques. Once installed, the extension is used to stealthily log the victim into a Chrome browser profile managed by the attacker using a hidden window, thus enabling the threat actor to push arbitrary Chrome policies on the profile. This includes urging victims to turn on Chrome Sync, allowing the attacker to access all of the victim's secrets via the hijacked profile. The end goal, per SquareX, is to turn the whole browser into a managed browser controlled by the attacker, granting them the ability to enforce custom extensions that can be hosted on private links and don't have to go through the Chrome Web Store vetting process. Installing one of these add-ons could be enough to harvest sensitive data and seize control of the system through a clandestine communication mechanism that makes use of Chrome's Native Messaging API. Separately, recent research undertaken by security researcher Wladimir Palant has found that third-party extension developers are abusing a language translation feature built into the extension description system to push sketchy add-ons users search for legitimate extensions on the Web Store. Also discovered were an additional set of Chrome extensions capable of injecting ads into web pages, tracking website visits, affiliate fraud, and cookie stuffing attacks.Subaru Starlink Flaw Let Hackers Hijack Cars A security vulnerability in Subaru's Starlink connected vehicle service that could have granted unrestricted targeted access to all vehicles and customer accounts in the United States, Canada, and Japan. Using the access provided by the vulnerability, an attacker who only knew the victim's last name and ZIP code, email address, phone number, or license plate could have remotely started, stopped, locked, or unlocked any vehicle. It could also have been abused to retrieve the current location, as well as the history from the past year, accurate to within 5 meters and updated each time the engine starts. The vulnerability could also have allowed access to sensitive personal information, call history, previous ownership details, sales history, and odometer readings. The vulnerability in the web portal was fixed on November 21, 2024, within 24 hours of responsible disclosure by researchers Sam Curry and Shubham Shah. There is no evidence it was ever maliciously exploited in the wild. The flaws are just the latest in a series of vulnerabilities that have affected other carmakers, such as Kia and Mercedes-Benz. Expert WebinarDevOps + Security = The Fast Track to Resilience Tired of security slowing down developmentor risky shortcuts putting you at risk? Join Sarit Tager, VP of Product Management at Palo Alto Networks, in this must-attend webinar to discover how to break the Dev-Sec standoff. Learn how to embed smart, seamless security guardrails into your DevOps pipeline, prioritize code issues with full ecosystem context, and replace "shift left" confusion with the clarity of "start left" success. If speed and security feel like a trade-off, this webinar will show you how to have both. Save your spot now.A Clear Path to Identity Security: Actionable Steps with Okta Experts Struggling with identity security gaps that increase risks and inefficiencies? Join Okta's experts, Karl Henrik Smith and Adam Boucher, to discover how the Secure Identity Assessment (SIA) delivers a clear, actionable roadmap to strengthen your identity posture. Learn to identify high-risk gaps, streamline workflows, and adopt a scalable, phased approach to future-proofing your defenses. Don't let identity debt hold your organization backgain the insights you need to reduce risk, optimize operations, and secure business outcomes.P.S. Know someone who could use these? Share it. Cybersecurity ToolsSniffnet: A free, open-source tool designed to help you easily monitor your Internet traffic. This cross-platform app lets you choose your network adapter, apply filters, and view real-time charts to see exactly what's happening on your connection. Whether you're checking overall stats, spotting unusual activity, or setting up custom alerts, Sniffnet puts clear, actionable insights right at your fingertips.IntelOwl is a powerful open-source tool designed to streamline and speed up threat intelligence management. If you've ever needed to pull data on malware, IP addresses, or domains from multiple sources with a single request, this is the platform for you. By integrating a wide range of advanced malware analysis tools and online analyzers, IntelOwl makes it easy to enhance your threat data while offering a variety of features to automate routine analyst taskssaving time and boosting your response to emerging threats. Tip of the WeekWindows' Simple Ransomware Shield Ransomware attacks can strike fast, but you have a built-in safeguard in Windows. Controlled Folder Access blocks untrusted apps from changing your important files, keeping your data safe. To activate it, open Windows Security, go to Virus & threat protection, click on Manage ransomware protection, and enable Controlled Folder Access. This simple step adds an extra lock on your digital files without needing any extra software.ConclusionAs we wrap up this week's update, think of your digital life as a home that needs constant care. Small actionslike updating your software, using strong passwords, or checking the settings on your appsare like adding extra locks to your door. Every update or fix mentioned this week is a reminder: staying informed and taking simple steps can make a big difference.Take a moment to review your devices and check if any updates are pending. Consider setting aside a few minutes each week to catch up on security news. Ask yourself: What can I do today to make my online space safer? Whether it's using a trusted tool to manage your passwords or double-checking links before clicking, your actions help build a safer digital world for everyone.Thank you for reading, and here's to staying secure and smart in our everyday tech choices.Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

Feb 03, 2025Ravie LakshmananFinancial Security / MalwareBrazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote."Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.The cybersecurity company said it discovered over the past month several Windows Shortcut (LNK) file artifacts that contain PowerShell commands responsible for delivering the malware.Coyote was first documented by Kaspersky in early 2024, detailing its attacks targeting users in the South American nation. It's capable of harvesting sensitive information from over 70 financial applications.In the previous attack chain documented by the Russian cybersecurity firm, a Squirrel installer executable is used to trigger a Node.js application compiled with Electron, that, for its part, runs a Nim-based loader to trigger the execution of the malicious Coyote payload.The latest infection sequence, on the other hand, commences with an LNK file that executes a PowerShell command to retrieve the next-stage from a remote server ("tbet.geontrigame[.]com"), another PowerShell script that launches a loader responsible for executing an interim payload."The injected code leverages Donut, a tool designed to decrypt and execute the final MSIL (Microsoft Intermediate Language) payloads," Lin said. "The decrypted MSIL execution file first establishes persistence by modifying the registry at 'HCKU\Software\Microsoft\Windows\CurrentVersion\Run.'""If found, it removes the existing entry and creates a new one with a randomly generated name. This new registry entry contains a customized PowerShell command pointing to download and execute a Base64-encoded URL, which facilitates the main functions of the Coyote banking trojan."The malware, once launched, gathers basic system information and the list of installed antivirus products on the host, after which the data is Base64-encoded and exfiltrated to a remote server. It also performs various checks to evade detection by sandboxes and virtual environments.A notable change in the latest iteration of Coyote is the expansion of its target list to encompass 1,030 sites and 73 financial agents, such as mercadobitcoin.com.br, bitcointrade.com.br, foxbit.com.br, augustoshotel.com.br, blumenhotelboutique.com.br, and fallshotel.com.br.Should the victim attempt to access any one of the sites in the list, the malware contacts an attacker-controlled server to determine the next course of action, which can range from capturing a screenshot to serving overlays. Some of the other functions include displaying activating a keylogger and manipulating display settings."Coyote's infection process is complex and multi-staged," Lin said. "This attack leveraged an LNK file for initial access, which subsequently led to the discovery of other malicious files. This Trojan poses a significant threat to financial cybersecurity, particularly because it has the potential to expand beyond its initial targets."Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.SHARE