Jun 14, 2025Ravie LakshmananMalware / Threat Intelligence A new malware campaign is exploiting a weakness in Discord's invitation system to deliver an information stealer called Skuld and the AsyncRAT remote access trojan. "Attackers hijacked the links through vanity link registration, allowing them to silently redirect users from trusted sources to malicious servers," Check Point said in a technical report. "The attackers combined the ClickFix phishing technique, multi-stage loaders, and time-based evasions to stealthily deliver AsyncRAT, and a customized Skuld Stealer targeting crypto wallets." The issue with Discord's invite mechanism is that it allows attackers to hijack expired or deleted invite links and secretly redirect unsuspecting users to malicious servers under their control. This also means that a Discord invite link that was once trusted and shared on forums or social media platforms could unwittingly lead users to malicious sites. Details of the campaign come a little over a month after the cybersecurity company revealed another sophisticated phishing campaign that hijacked expired vanity invite links to entice users into joining a Discord server and instruct them to visit a phishing site to verify ownership, only to have their digital assets drained upon connecting their wallets. While users can create temporary, permanent, or custom (vanity) invite links on Discord, the platform prevents other legitimate servers from reclaiming a previously expired or deleted invite. However, Check Point found that creating custom invite links allows the reuse of expired invite codes and even deleted permanent invite codes in some cases. This ability to reuse Discord expired or deleted codes when creating custom vanity invite links opens the door to abuse, allowing attackers to claim it for their malicious server. "This creates a serious risk: Users who follow previously trusted invite links (e.g., on websites, blogs, or forums) can unknowingly be redirected to fake Discord servers created by threat actors," Check Point said. The Discord invite-link hijacking, in a nutshell, involves taking control of invite links originally shared by legitimate communities and then using them to redirect users to the malicious server. Users who fall prey to the scheme and join the server are asked to complete a verification step in order to gain full server access by authorizing a bot, which then leads them to a fake website with a prominent "Verify" button. This is where the attackers take the attack to the next level by incorporating the infamous ClickFix social engineering tactic to trick users into infecting their systems under the pretext of verification. Specifically, clicking the "Verify" button surreptitiously executes JavaScript that copies a PowerShell command to the machine's clipboard, after which the users are urged to launch the Windows Run dialog, paste the already copied "verification string" (i.e., the PowerShell command), and press Enter to authenticate their accounts. But in reality, performing these steps triggers the download of a PowerShell script hosted on Pastebin that subsequently retrieves and executes a first-stage downloader, which is ultimately used to drop AsyncRAT and Skuld Stealer from a remote server and execute them. At the heart of this attack lies a meticulously engineered, multi-stage infection process designed for both precision and stealth, while also taking steps to subvert security protections through sandbox security checks. AsyncRAT, which offers comprehensive remote control capabilities over infected systems, has been found to employ a technique called dead drop resolver to access the actual command-and-control (C2) server by reading a Pastebin file. The other payload is a Golang information stealer that's downloaded from Bitbucket. It's equipped to steal sensitive user data from Discord, various browsers, crypto wallets, and gaming platforms. Skuld is also capable of harvesting crypto wallet seed phrases and passwords from the Exodus and Atomic crypto wallets. It accomplishes this using an approach called wallet injection that replaces legitimate application files with trojanized versions downloaded from GitHub. It's worth noting that a similar technique was recently put to use by a rogue npm package named pdf-to-office. The attack also employs a custom version of an open-source tool known as ChromeKatz to bypass Chrome's app-bound encryption protections. The collected data is exfiltrated to the miscreants via a Discord webhook. The fact that payload delivery and data exfiltration occur via trusted cloud services such as GitHub, Bitbucket, Pastebin, and Discord allows the threat actors to blend in with normal traffic and fly under the radar. Discord has since disabled the malicious bot, effectively breaking the attack chain. Check Point said it also identified another campaign mounted by the same threat actor that distributes the loader as a modified version of a hacktool for unlocking pirated games. The malicious program, also hosted on Bitbucket, has been downloaded 350 times. It has been assessed that the victims of these campaigns are primarily located in the United States, Vietnam, France, Germany, Slovakia, Austria, the Netherlands, and the United Kingdom. The findings represent the latest example of how cybercriminals are targeting the popular social platform, which has had its content delivery network (CDN) abused to host malware in the past. "This campaign illustrates how a subtle feature of Discord's invite system, the ability to reuse expired or deleted invite codes in vanity invite links, can be exploited as a powerful attack vector," the researchers said. "By hijacking legitimate invite links, threat actors silently redirect unsuspecting users to malicious Discord servers." "The choice of payloads, including a powerful stealer specifically targeting cryptocurrency wallets, suggests that the attackers are primarily focused on crypto users and motivated by financial gain." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

As AI faces court challenges from Disney and Universal, legal battles are shaping the industry's future | Opinion Silicon advances and design innovations do still push us forward – but the future landscape of the industry is also being sculpted in courtrooms and parliaments Image credit: Disney / Epic Games Opinion by Rob Fahey Contributing Editor Published on June 13, 2025 In some regards, the past couple of weeks have felt rather reassuring. We've just seen a hugely successful launch for a new Nintendo console, replete with long queues for midnight sales events. Over the next few days, the various summer events and showcases that have sprouted amongst the scattered bones of E3 generated waves of interest and hype for a host of new games. It all feels like old times. It's enough to make you imagine that while change is the only constant, at least it's we're facing change that's fairly well understood, change in the form of faster, cheaper silicon, or bigger, more ambitious games. If only the winds that blow through this industry all came from such well-defined points on the compass. Nestled in amongst the week's headlines, though, was something that's likely to have profound but much harder to understand impacts on this industry and many others over the coming years – a lawsuit being brought by Disney and NBC Universal against Midjourney, operators of the eponymous generative AI image creation tool. In some regards, the lawsuit looks fairly straightforward; the arguments made and considered in reaching its outcome, though, may have a profound impact on both the ability of creatives and media companies (including game studios and publishers) to protect their IP rights from a very new kind of threat, and the ways in which a promising but highly controversial and risky new set of development and creative tools can be used commercially. A more likely tack on Midjourney's side will be the argument that they are not responsible for what their customers create with the tool I say the lawsuit looks straightforward from some angles, but honestly overall it looks fairly open and shut – the media giants accuse Midjourney of replicating their copyrighted characters and material, and of essentially building a machine for churning out limitless copyright violations. The evidence submitted includes screenshot after screenshot of Midjourney generating pages of images of famous copyrighted and trademarked characters ranging from Yoda to Homer Simpson, so "no we didn't" isn't going to be much of a defence strategy here. A more likely tack on Midjourney's side will be the argument that they are not responsible for what their customers create with the tool – you don't sue the manufacturers of oil paints or canvases when artists use them to paint something copyright-infringing, nor does Microsoft get sued when someone writes something libellous in Word, and Midjourney may try to argue that their software belongs in that tool category, with users alone being ultimately responsible for how they use them. If that argument prevails and survives appeals and challenges, it would be a major triumph for the nascent generative AI industry and a hugely damaging blow to IP holders and creatives, since it would seriously undermine their argument that AI companies shouldn't be able to include copyrighted material into training data sets without licensing or compensation. The reason Disney and NBCU are going after Midjourney specifically seems to be partially down to Midjourney being especially reticent to negotiate with them about licensing fees and prompt restrictions; other generative AI firms have started talking, at least, about paying for content licenses for training data, and have imposed various limitations on their software to prevent the most egregious and obvious forms of copyright violation (at least for famous characters belonging to rich companies; if you're an individual or a smaller company, it's entirely the Wild West out there as regards your IP rights). In the process, though, they're essentially risking a court showdown over a set of not-quite-clear legal questions at the heart of this dispute, and if Midjourney were to prevail in that argument, other AI companies would likely back off from engaging with IP holders on this topic. To be clear, though, it seems highly unlikely that Midjourney will win that argument, at least not in the medium to long term. Yet depending on how this case moves forward, losing the argument could have equally dramatic consequences – especially if the courts find themselves compelled to consider the question of how, exactly, a generative AI system reproduces a copyrighted character with such precision without storing copyright-infringing data in some manner. The 2020s are turning out to be the decade in which many key regulatory issues come to a head all at once AI advocates have been trying to handwave around this notion from the outset, but at some point a court is going to have to sit down and confront the fact that the precision with which these systems can replicate copyrighted characters, scenes, and other materials requires that they must have stored that infringing material in some form. That it's stored as a scattered mesh of probabilities across the vertices of a high-dimensional vector array, rather than a straightforward, monolithic media file, is clearly important but may ultimately be considered moot. If the data is in the system and can be replicated on request, how that differs from Napster or The Pirate Bay is arguably just a matter of technical obfuscation. Not having to defend that technical argument in court thus far has been a huge boon to the generative AI field; if it is knocked over in that venue, it will have knock-on effects on every company in the sector and on every business that uses their products. Nobody can be quite sure which of the various rocks and pebbles being kicked on this slope is going to set off the landslide, but there seems to be an increasing consensus that a legal and regulatory reckoning is coming for generative AI. Consequently, a lot of what's happening in that market right now has the feel of companies desperately trying to establish products and lock in revenue streams before that happens, because it'll be harder to regulate a technology that's genuinely integrated into the world's economic systems than it is to impose limits on one that's currently only clocking up relatively paltry sales and revenues. Keeping an eye on this is crucial for any industry that's started experimenting with AI in its workflows – none more than a creative industry like video games, where various forms of AI usage have been posited, although the enthusiasm and buzz so far massively outweighs any tangible benefits from the technology. Regardless of what happens in legal and regulatory contexts, AI is already a double-edged sword for any creative industry. Used judiciously, it might help to speed up development processes and reduce overheads. Applied in a slapdash or thoughtless manner, it can and will end up wreaking havoc on development timelines, filling up storefronts with endless waves of vaguely-copyright-infringing slop, and potentially make creative firms, from the industry's biggest companies to its smallest indie developers, into victims of impossibly large-scale copyright infringement rather than beneficiaries of a new wave of technology-fuelled productivity. The legal threat now hanging over the sector isn't new, merely amplified. We've known for a long time that AI generated artwork, code, and text has significant problems from the perspective of intellectual property rights (you can infringe someone else's copyright with it, but generally can't impose your own copyright on its creations – opening careless companies up to a risk of having key assets in their game being technically public domain and impossible to protect). Even if you're not using AI yourself, however – even if you're vehemently opposed to it on moral and ethical grounds (which is entirely valid given the highly dubious land-grab these companies have done for their training data), the Midjourney judgement and its fallout may well impact the creative work you produce yourself and how it ends up being used and abused by these products in future. This all has huge ramifications for the games business and will shape everything from how games are created to how IP can be protected for many years to come – a wind of change that's very different and vastly more unpredictable than those we're accustomed to. It's a reminder of just how much of the industry's future is currently being shaped not in development studios and semiconductor labs, but rather in courtrooms and parliamentary committees. The ways in which generative AI can be used and how copyright can persist in the face of it will be fundamentally shaped in courts and parliaments, but it's far from the only crucially important topic being hashed out in those venues. The ongoing legal turmoil over the opening up of mobile app ecosystems, too, will have huge impacts on the games industry. Meanwhile, the debates over loot boxes, gambling, and various consumer protection aspects related to free-to-play models continue to rumble on in the background. Because the industry moves fast while governments move slow, it's easy to forget that that's still an active topic for as far as governments are concerned, and hammers may come down at any time. Regulation by governments, whether through the passage of new legislation or the interpretation of existing laws in the courts, has always loomed in the background of any major industry, especially one with strong cultural relevance. The games industry is no stranger to that being part of the background heartbeat of the business. The 2020s, however, are turning out to be the decade in which many key regulatory issues come to a head all at once, whether it's AI and copyright, app stores and walled gardens, or loot boxes and IAP-based business models. Rulings on those topics in various different global markets will create a complex new landscape that will shape the winds that blow through the business, and how things look in the 2030s and beyond will be fundamentally impacted by those decisions.

Fake invoices were found being hosted on Google services.

There are very few philosophers who become part of popular culture, and often, if their ideas become influential, people don’t know where they came from.Niccolò Machiavelli, the great 16th-century diplomat and writer, is an exception.I don’t know how many people have actually read Machiavelli, but almost everyone knows the name, and almost everyone thinks they know what the word “Machiavellian” means. It’s someone who’s cunning and shrewd and manipulative. Or as one famous philosopher called him, “the teacher of evil.”But is this fair to Machiavelli, or has he been misunderstood? And if he has been, what are we missing in his work?Erica Benner is a political philosopher and the author of numerous books about Machiavelli including my favorite, Be Like the Fox, which offers a different interpretation of Machiavelli’s most famous work, The Prince.For centuries, The Prince has been popularly viewed as a how-to manual for tyrants. But Benner disagrees. She says it’s actually a veiled, almost satirical critique of authoritarian power. And she argues that Machiavelli is more timely than you might imagine. He wrote about why democracies get sick and die, about the dangers of inequality and partisanship, and even about why appearance and perception matter far more than truth and facts.In another of his seminal works, Discourses on Livy, Machiavelli is also distinctly not authoritarian. In fact, he espouses a deep belief in republicanism (the lowercase-r kind, which affirms representative government).I invited Benner onto The Gray Area to talk about what Machiavelli was up to and why he’s very much a philosopher for our times. As always, there’s much more in the full podcast, so listen and follow The Gray Area on Apple Podcasts, Spotify, Pandora, or wherever you find podcasts. New episodes drop every Monday.This interview has been edited for length and clarity. The popular view of Machiavelli is that he wanted to draw this neat line between morality and politics and that he celebrated ruthless pragmatism. What’s incomplete or wrong about that view?What is true is that he often criticizes the hyper-Christian morality that puts moral judgments into the hands of priests and popes and some abstract kind of God that he may or may not believe in, but in any case doesn’t think is something we can access as humans. If we want to think about morality both on a personal level and in politics, we’ve got to go back to basics. What is the behavior of human beings? What is human nature? What are the drives that propel human beings to do the stuff that we call good or bad? He wants to say that we should see human beings not as fundamentally good or evil. We shouldn’t think that human beings can ever be angels, and we shouldn’t see them as devils when they behave badly.But the basic point is if you want to develop a human morality, you study yourself, you study other humans, you don’t put yourself above other humans because you’re one, too. And then you ask, What kind of politics is going to make such people coexist?I take it you think his most famous book, The Prince, is not well understood?I used to have to teach Machiavelli and I would just say, It’s a handbook for tyrants. But he wrote the Discourses, which is a very, very republican book. So that’s the first thing that sets people off and makes you think, How could he have switched so quickly from writing The Prince to being a super-republican writing the Discourses? So that’s a warning sign. When I started seeing some of the earliest readers of Machiavelli and the earliest comments you get from republican authors, they all see Machiavelli as an ally and they say it. They say he’s a moral writer. Rousseau says, “He has only had superficial and corrupt readers until now.” If you ever pick up The Prince and you read the first four chapters, and most people don’t read them that carefully because they’re kind of boring, the exciting ones are the ones in the middle about morality and immorality and then you come to chapter five, which is about freedom.And up to chapter four, it sounds like a pretty cruel, cold analysis of what you should do. Then you get to chapter five and it’s like, Wow! It’s about how republics fight back, and the whole tone changes. Suddenly republics are fighting back and the prince has to be on his toes because he’s probably not going to survive the wrath of these fiery republics that do not give up.So who is he talking to in the book? Is he counseling future princes or warning future citizens?It’s complicated. You have to remember that he was kicked out of his job and had a big family to support. He had a lot of kids. And he loved his job and was passionate about the republic. He was tortured. He doesn’t know what’s going to happen next. He’s absolutely gutted that Florence’s republican experiment has failed and he can’t speak freely. So what does a guy with a history of writing dramas and satire do to make himself feel better? It’s taking the piss out of the people who have made you and a lot of your friends very miserable, in a low-key way because you can’t be too brutally satirical about it. But I think he’s really writing to expose the ways of tyrants.Would you say that Machiavelli has something like an ideology or is he just a clear-eyed pragmatist?He’s a republican. And again, this is something that, if you just read The Prince, you’re not going to get. But if you read the Discourses, which was written around the same time as The Prince, it’s very, very similar in almost every way except that it praises republics and criticizes tyrants very openly. Whereas The Prince never once uses the words “tyrant” or “tyranny.” So if there’s a guiding political view, whether you call it “ideology” or not, it’s republicanism. And that’s an ideology of shared power. It’s all the people in a city, all the male people in this case. Machiavelli was quite egalitarian. He clearly wanted as broad of a section of the male population to be citizens as possible. He says very clearly, The key to stabilizing your power is to change the constitution and to give everyone their share. Everyone has to have their share. You might want to speak a little bit more for yourself and the rich guys, but in the end, everyone’s got to have a share.Should we treat Machiavelli like a democratic theorist? Do you think of him as someone who would defend what we call democracy today?If you think the main principle of democracy is that power should be shared equally, which is how I understand democracy, then yes. He’d totally agree with that. What kind of institutions would he say a democracy has to have? He’s pretty clear in the Discourses. He says you don’t want a long-term executive. You need to always check power. I realize we exist in a very different world than Machiavelli, but is he a useful guide to understanding contemporary politics, particularly American politics?This is a really Machiavellian moment. If you read The Prince and look not just for those provocative quotes but for the criticisms, and sometimes they’re very subtle, you start to see that he’s exposing a lot of the stuff that we’re seeing today. Chapter nine of The Prince is where he talks about how you can rise to be the ruler of a republic and how much resistance you might face, and he says that people might be quite passive at first and not do very much. But at some point, when they see you start to attack the courts and the magistrates, that’s when you’re going to clash. And he says, That’s when you as a leader — and he’s playing like he’s on the leader’s side — that’s when you’ve got to decide if you’re going to get really, really tough, or are you going to have to find other ways to soften things up a bit?What would he make of Trump?He would put Trump in two categories. He’s got different classifications of princes. He’s got the prince of fortune, somebody who relies on wealth and money and big impressions to get ahead. He would say that Trump has a lot of those qualities, but he’d also call him this word “astutia” — astuteness, which doesn’t really translate in English because we think of that as a good quality, but he means calculating shrewdness. Somebody whose great talent is being able to shrewdly manipulate and find little holes where he can exploit people’s weaknesses and dissatisfactions.This is what he thought the Medici were good at. And his analysis of that is that it can cover you for a long time. People will see the good appearances and hope that you can deliver, but in the long run, people who do that don’t know how to build a solid state. That’s what he would say on a domestic front. I think there’s an unsophisticated way to look at Trump as Machiavellian. There are these lines in The Prince about knowing how to deploy cruelty and knowing when to be ruthless. But to your deeper point, I don’t think Machiavelli ever endorses cruelty for cruelty’s sake, and with Trump — and this is my personal opinion — cruelty is often the point, and that’s not really Machiavellian.Exactly. I wouldn’t say Trump is Machiavellian. Quite honestly, since the beginning of the Trump administration, I’ve often felt like he’s getting advice from people who haven’t really read Machiavelli or put Machiavelli into ChatGPT and got all the wrong pointers, because the ones that they’re picking out are just so crude. But they sound Machiavellian. You’re absolutely right, though. Machiavelli is very, very clear in The Prince that cruelty is not going to get you anywhere in the long term. You’re going to get pure hate. So if you think it’s ever instrumentally useful to be super cruel, think again.This obviously isn’t an endorsement of Trump, but I will say that something I hear often from people is that the system is so broken that we need someone to smash it up in order to save it. We need political dynamite. I bring that up because Machiavelli says repeatedly that politics requires flexibility and maybe even a little practical ruthlessness in order to preserve the republic. Do you think he would say that there’s real danger in clinging to procedural purity if you reach a point where the system seems to have failed?This is a great question. And again, this is one he does address in the Discourses quite a lot. He talks about how the Romans, when their republic started slipping, had “great men” coming up and saying, “I’ll save you,” and there were a lot before Julius Caesar finally “saved” them and then it all went to hell. And Machiavelli says that there are procedures that have to sometimes be wiped out — you have to reform institutions and add new ones. The Romans added new ones, they subtracted some, they changed the terms. He was very, very keen on shortening the terms of various excessively long offices. He also wanted to create emergency institutions where, if you really faced an emergency, that institution gives somebody more power to take executive action to solve the problem. But that institution, the dictatorship as it was called in Rome, it wasn’t as though a random person could come along and do whatever he wanted. The idea was that this dictator would have special executive powers, but he is under strict oversight, very strict oversight, by the Senate and the plebians, so that if he takes one wrong step, there would be serious punishment. So he was very adamant about punishing leaders who took these responsibilities and then abused them.Listen to the rest of the conversation and be sure to follow The Gray Area on Apple Podcasts, Spotify, Pandora, or wherever you listen to podcasts.See More:

Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

It’s been nearly 20 years since I built my first PC. Those first attempts were shaky, scary, and of course, very budget-oriented, but I was immediately hooked. But PC building is an expensive hobby, so in my chase for the best graphics cards and top-shelf processors, I always neglected my peripherals. Years later, I’ve learned my lesson, and I know now that finding some balance between loading up on components and ignoring them in favor of expensive peripherals is important. Here are the three upgrades I splurged on in the last couple of years, and why I think you should do the same. Recommended Videos High-quality gaming mouse Monica J. White / Digital Trends Before I ever entertained the idea of building my own PC, I was already a gamer. I started gaming when I was just a few years old, and that was mostly on the SNES. Despite that fact, I never really played games that relied heavily on having a good mouse. My early PC gaming memories include titles like RollerCoaster Tycoon, Pharaoh, Civilization, The Sims, and Diablo 2. (I bet you can guess my age based on that information.) I later moved on to World of Warcraft and got hooked for, well, a very long time. A mouse was needed, sure, but it was never a make it or break it kind of situation. I never got into first-person shooters or MOBAs, so I didn’t need a speedy mouse; I just needed something that worked. The result? I continuously bought $5 to $10 mice that lasted a mere few months before needing to be replaced. I thought that was good enough, but boy, was I wrong. The concept of the Razer Naga mouse was always intriguing to me. As I often play MMOs and games that require a bunch of keybinds, assigning different combinations of Shift or Control was getting annoying. I never had the budget to support getting a better mouse, though, so I ignored the hunch for years — until I finally decided to take the plunge and get myself the Razer Naga V2 Pro. Getting a proper mouse was an eye-opening experience. The feel, the speed, the accuracy, and the addition of so many extra buttons really transformed my gaming experience. This mouse wasn’t cheap, and I tried out a few midrange mice before it, but ultimately, I got stuck on this one — and I love it. My only regret? I don’t think I’ll ever be able to use a super cheap mouse again without wishing I had something better. I might just stick to various iterations of the Naga as long as they’re being produced. Mechanical keyboard Bill Roberson / Digital Trends I’ve always abused my keyboards — anyone who types as much as I do does the same thing. I don’t just use my keyboard for games, I use it for work and for fun (I like to write in my spare time, too, who would’ve thought). As such, I went through keyboards the same way I went through mice: Very, very quickly. Being on a tight budget for many of my PC builds, I always just bought any sort of keyboard. The kind that’s just called “gaming keyboard” and barely even mentions the manufacturer. I eyed the big brands with some jealousy, but I always settled for those $10 to $20 no-name alternatives. Funnily enough, reading articles right here on Digital Trends convinced me to reconsider my stance on expensive keyboards. One of my colleagues covered a lot of mechanical keyboards and curated a list of the best gaming keyboards. Reading about them convinced me to give it a go, and wow, am I glad that I did. If you’re a little skeptical like I was, let me tell you: Mechanical keyboards are not just an unnecessary expense. If you like a click-y type of keyboard that really responds to everything you type, as well as a keyboard you can fully customize, you really should just try one. Me? I owned my mechanical keyboard for all of five minutes before declaring that I’d never ever go back to membrane. It’s just way too good. Decent monitors (that actually match) Monica J. White / Digital Trends I’m one of those people who are still holding on to their dual monitor setups instead of switching to ultrawides. What can I say — my neck hates it, but I can’t imagine scaling back to just one monitor. Both for gaming and for work, I use my second monitor nearly constantly, and sometimes, I almost wish I had three. (I’m talking myself out of it, I promise.) But, much like keyboards and mice, I always just prioritized my displays a lot lower than my actual PC. I’d spend more of my budget on components and then tell myself that I’d maybe get a better monitor one day. Then, once I saved up, I’d instead be tempted by something like more storage, RAM, or a better GPU. When I upgraded my PC last year, I chose to balance things out a bit more. The truth is that having a great PC and low-quality displays is a waste; a monitor needs to be good enough to keep up with your GPU, after all. As a result, I finally upgraded to 1440p monitors with 165Hz refresh rates. Those monitors are kind of the standard now, but I used 1080p 60Hz for years. It’s like night and day. The refresh rates are almost a necessity with a decent PC, and more screen real estate, thanks to the higher resolution, is super welcome, too. Again, I ruined budget monitors for myself, and I can’t imagine going back. Balance is important Kunal Khullar / Digital Trends It’s entirely possible to get by with low-quality peripherals. I did it for years, and I still had a blast using each and every PC I’ve ever built — no complaints. I knew that it wasn’t optimal. Having a cheap monitor with a high-end PC doesn’t make much sense, but then, I mostly had mainstream PCs that couldn’t aim higher than 1080p anyway. When you’re trying to stay within a certain budget, it’s easy to focus on the one thing you know is going to be a huge upgrade, such as pushing for more RAM or a better processor. It’s true that my pricier (although not super high-end) peripherals don’t increase my frame rates in games, but they certainly boost the enjoyment I get from using my PC. I love every single keystroke on my mechanical keyboard; my mouse (kind of) makes me play better (sometimes); my monitors finally feel right and can keep up with my GPU. Gaming experience doesn’t always need to equal frame rates. It took me too long to realize that, but from now on, I know I’ll always balance it out. If you’re in the same boat, treat yourself to a better keyboard or a new headset when you can — you’ll love it in a whole new way.

Memorial Day is more than just an excuse to get out the grill. It’s also a day designed to honor those we’ve lost in combat, an important hallmark of the wars America has fought over its history. In that context, we’ve pulled together three action movies that all focus on what it means to be a soldier in one way or another. Some of these movies are more serious than others, but each one should resonate on this particular long weekend. Recommended Videos We also have guides to the best movies on Netflix, the best movies on Hulu, the best movies on Amazon Prime Video, the best movies on Max, and the best movies on Disney+. Black Hawk Down (2001) One of the best war movies of the past 25 years, Ridley Scott’s Black Hawk Down Black Hawk Down is filled with young actors who would eventually become stars, but what really makes the movie work is the fact that none of those actors are more important than the relentless pace of the story being told. You can watch Black Hawk Down on Netflix. Da 5 Bloods (2020) A brilliant examination of the Vietnam War and its aftermath, Da 5 Bloods As they argue about the state of modern America and discuss how they were abused by the country they call home, the men also find themselves forced to fight for their right to leave with the gold. Anchored by a remarkable central performance from Delroy Lindo, Da 5 Bloods is one of Spike Lee’s more impressive and exciting efforts of the past decade. You can watch Da 5 Bloods on Netflix. The Great Escape (1963) The Great Escape is an action movie that strikes an impressive tonal balance between comedy and drama. Set in a Nazi prisoner-of-war camp, it follows a group of imprisoned soldiers who see it as their obligation to attempt to escape from the camp. As they slowly dig a tunnel to escape, a rogue amongst them keeps trying to break out in more reckless ways. Although it might minimize some of the horror of living in a Nazi prison camp, The Great Escape is an effective, action-oriented depiction of how much soldiers can fight even after they’ve already been captured. You can watch The Great Escape on Amazon Prime Video.

US President Donald Trump signed into law legislation on Monday nicknamed the Take It Down Act, which requires platforms to remove nonconsensual instances of “intimate visual depiction” within 48 hours of receiving a request. Companies that take longer or don’t comply at all could be subject to penalties of roughly $50,000 per violation.The law received support from tech firms like Google, Meta, and Microsoft and will go into effect within the next year. Enforcement will be left up to the Federal Trade Commission, which has the power to penalize companies for what it deems unfair and deceptive business practices. Other countries, including India, have enacted similar regulations requiring swift removals of sexually explicit photos or deepfakes. Delays can lead to content spreading uncontrollably across the web; Microsoft, for example, took months to act in one high-profile case.But free speech advocates are concerned that a lack of guardrails in the Take It Down Act could allow bad actors to weaponize the policy to force tech companies to unjustly censor online content. The new law is modeled on the Digital Millennium Copyright Act, which requires internet service providers to expeditiously remove material that someone claims is infringing on their copyright. Companies can be held financially liable for ignoring valid requests, which has motivated many firms to err on the side of caution and preemptively remove content before a copyright dispute has been resolved.For years, fraudsters have abused the DMCA takedown process to get content censored for reasons that have nothing to do with copyright infringements. In some cases, the information is unflattering or belongs to industry competitors that they want to harm. The DMCA does include provisions that allow fraudsters to be held financially liable when they make false claims. Last year, for example, Google secured a default judgment against two individuals accused of orchestrating a scheme to suppress competitors in the T-shirt industry by filing frivolous requests to remove hundreds of thousands of search results.Fraudsters who may have feared the penalties of abusing DMCA could find Take It Down a less risky pathway. The Take It Down Act doesn’t include a robust deterrence provision, requiring only that takedown requestors exercise “good faith,” without specifying penalties for acting in bad faith. Unlike the DMCA, the new law also doesn’t outline an appeals process for alleged perpetrators to challenge what they consider erroneous removals. Critics of the regulation say it should have exempted certain content, including material that can be viewed as being in the public’s interest to remain online.Another concern is that the 48-hour deadline specified in the Take It Down Act may limit how much companies can vet requests before making a decision about whether to approve them. Free speech groups contend that could lead to the erasure of content well beyond nonconsensual “visually intimate depictions,” and invite abuse by the same kinds of fraudsters who took advantage of the DMCA.

Slayven Never read a comic in his life Moderator Oct 25, 2017 102,377 First things i turn off, even before i start playing. They are distracting at best, and a waste of GPU/CPU cycles at worst.   Kyrios Member Oct 27, 2017 19,085 Film grain is one of the first things I look for in the Options to turn off, if available lol   Bonefish Member Oct 28, 2017 5,099 all dogshit. also that dumb lens effect they did in star wars outlaws and MHworld (im sure buncha others had it). At least Outlaws patched a way to turn that off.   ann3nova. Member Oct 27, 2017 2,546 I'm cool with motion blur.   Shoichi Member Jan 10, 2018 12,489 I turn all those off the moment I have access to visual options in any game I play   RoKKeR Member Oct 25, 2017 17,115 Motion blur when done right = 100% yes. The others (+chromatic aberration) = no.   Grenlento Member Dec 6, 2023 1,822 They aren't that taxing on resources nowadays right? But yeah, I also turn all that stuff off if I can. I'm also a monster & turn off AA if I can lol  Lylo Member Oct 25, 2017 3,582 No, no and no. Edit: also, the biggest of "no's" for chromatic aberration.  Vincent Grayson Member Oct 27, 2017 7,382 Mount Airy, MD Motion blur seems like the odd one out here, IMO. Film grain just adds absolutely nothing. Bloom might be good in theory but it sure seems like we've improved on what "bloom" was doing at this point. But motion blur makes total sense to me.   MR2 Member Apr 14, 2022 1,367 I'm not bothered enough to turn them off.   xir Member Oct 27, 2017 15,383 Los Angeles, CA Yes No Yes  texhnolyze Shinra Employee Member Oct 25, 2017 26,488 Indonesia No to motion blur and film grain, I always turn them off. Bloom, in the other hand, depends on the implementation and its intensity. Modern bloom is much better than what we saw in PS360 era.  OP OP Slayven Never read a comic in his life Moderator Oct 25, 2017 102,377 RoKKeR said: Motion blur when done right = 100% yes. The others (+chromatic aberration) = no. Click to expand... Click to shrink... i knew i was missing one   Duxxy3 Member Oct 27, 2017 24,801 USA I generally turn off motion blur as a start. Film grain and bloom I typically leave alone, unless it really looks wrong   Hasney One Winged Slayer The Fallen Oct 25, 2017 23,266 Immediately turning them all off when I can, as well as Chromatic Abberation   Wrexis Member Nov 4, 2017 29,482 The last time I left film grain on in a game was Mass Effect 2007.   Outtrigger888 Member Oct 27, 2017 2,664 I shut off chromatic aberration and film grain. I'm cool with motion blur though.   platypotamus Member Oct 25, 2017 10,052 I just have my PC autodetect if I'm on there, and if I'm on a console I dont even look at visual settings unless I need some colorblind fix and didnt find it elsewhere. Tbh I dunno what bloom even is.   RedSwirl Member Oct 25, 2017 10,729 I don't even mind chromatic aberration unless it's really egregious. And I actually prefer leaving motion blur on, especially if it's per-object motion blur.   Sadnarav Member Nov 6, 2019 994 I usually turn them off when I have the option, specially after I bought Final Fantasy Type-0 HD on launch and it had such intense motion blur that moving the camera gave me headaches, so I've never played it past the very start   Rizific Member Oct 27, 2017 6,322 All turned off before starting the game. Really not a fan of purposely shitting up my image quality.   Reinhard Member Oct 27, 2017 7,200 Never with chromatic aberration and film grain. Motion blur is good when per object motion blur, but I don't like motion blur in general.   Roubjon Member Oct 25, 2017 3,089 I like all of it, yeah.   LossAversion The Merchant of ERA Member Oct 28, 2017 11,696 Motion blur can really help at 30fps if it's implemented well but even at 40fps it becomes way less appealing. At 60fps or higher it hurts more than it helps. Film grain... I don't know, I usually just turn it off because it's either not noticeable at all or too noticeable. I have a soft spot for bloom. It can be really effective at adding a bit of whimsy like with the original Oblivion. Chromatic aberration is usually not my cup of tea but there are some games where it worked for me. Sue me, I liked it in Bloodborne. I cannot fucking stand vignettes and it actually killed my desire to play The Witcher 3 because the PS4 version got patched at some point to make the vignetting super dark and distracting with no way to turn it off.  MinerArcaniner Uncle Works at Nintendo Member Oct 29, 2017 7,451 Motion blur is case-by-case. Bloom and film grain can fuck off into the sun.  blazinglazers Prophet of Truth Member Oct 27, 2017 304 Los Angeles As a console player, yeah I fucking love it. Well done motion blur helps the "feel" of 30fps dramatically. Subtle film grain and lens effects can add up to an immersive "cinematic" aesthetic. Of course, all of these things can be abused... but that goes for everything.  Rippa Member Feb 15, 2018 1,343 I'm all for artist vision. If it's on then I don't mind it. If it's off, I won't turn it on.  Uhyve Member Oct 25, 2017 1,290 I stream alot of games from my gaming PC to my bedroom media-ish PC, so I usually disable film grain because I assume it'd hurt compression. Not sure if that's a real thing though, wonder if they do the same by default on streaming services. Otherwise, assuming they aren't horrible implementations, I don't mind any of those effects.  nolifebr Member Sep 1, 2018 12,633 Curitiba/BR No problem with any of those.   SoftTaur Member Oct 25, 2017 688 A very small amount of motion blur can be fine. Everything else is distracting at best.   selfnoise Member Oct 25, 2017 1,555 I don't think I have ever actually seen film grain in a game, I can't tell the difference on or off. Motion blur CAN be good, but it seems like it's always implemented in a stupid way. Bloom feels like kind of a last-gen thing? I guess Veilguard had it. It's fine.  UraMallas Member Nov 1, 2017 24,478 United States Roubjon said: I like all of it, yeah. Click to expand... Click to shrink... At the very least I don't mind it.   hydruxo ▲ Legend ▲ Member Oct 25, 2017 22,739 Motion blur is alright sometimes, but I turn off bloom and film grain immediately   RPGsandFGCs Member Jun 30, 2024 1,095 California I sometimes leave bloom on, but motion blur is off 100% of the time and film grain is off 95% of the time. I don't fuck with motion blur.  Bear Member Oct 25, 2017 12,314 They're all going off instantly.   Spaggy Member Oct 26, 2017 778 I kinda like film grain, but I'll turn it down to 50% or so if possible. It depends on the game and the look they're going for, but usually I'll turn down those visual settings rather than completely off. Same with camera bob/sway - I'll turn that down to 20% if I can.   secretanchitman One Winged Slayer Member Oct 25, 2017 9,901 Chicago, IL Hate all of those annoying post-processing effects and I turn (or mod) them off instantly. Give me a clean and native image every time!  J75 Member Sep 29, 2018 7,880 Digital Foundry does lol   Lant_War Classic Anus Game The Fallen Jul 14, 2018 25,288 I like motion blur if well implemented. If you're playing at 60fps or under it helps a fair bit to smooth out the image. CA and film grain depends on the implementation and what the game is going for. Generally I leave them on though unless it's absurdly intrusive  Boopers Member Nov 1, 2020 4,354 Vermont usa I think it's neat!   AppleMIX Prophet of Truth Member Oct 27, 2017 1,851 Nope, auto turn off. Same with chromatic aberration.   contextura Member May 27, 2023 15 Depends on the look the game is going for I guess. Like something like the last of us 2 just looks kind of plain without that added post-processing to give it that filmic look it's going for. But if I'm playing something more inherently gamey then I'll turn them off if they're too obtrusive (also motion blur has to be turned off if I'm using frame gen which creates a kind of motion blur of its own).   RaySpencer Member Oct 27, 2017 5,795 I love them all of they are used well for artistic style. What I hate is all the dithering I see from upscaling in all these games.  TeenageFBI One Winged Slayer Member Oct 25, 2017 11,332 RoKKeR said: Motion blur when done right = 100% yes. The others (+chromatic aberration) = no. Click to expand... Click to shrink... Chromatic aberration can absolutely be done right, but very few devs show that kind of restraint. It's a good effect to use when taking damage in certain games. Or it could show up when simulating a shitty security camera readout. Or maybe it could only appear as you approach a dangerous/lethal area. I always liked the effect in Teleglitch: View: https://www.youtube.com/watch?v=FLycSlqVQIU  pioneer Member May 31, 2022 7,297 I love film grain when it's done well. Blue and bloom I don't feel strongly about, but generally some is nice but often I find them overdone.   IceBear Member Nov 20, 2017 1,297 I tend to keep bloom and film grain on as I assumed those are part of the artists' intended vision on how a game should look like. As for motion blur, it depends. It stays on for console 30fps and off if I can hit 60fps on PC.   Eidan AVALANCHE Avenger Oct 30, 2017 9,860 I have no problem with any of them.   inkblot Member Mar 27, 2024 1,091 ✅ Motion Blur ❌ Film Grain  srtrestre One Winged Slayer Member Oct 25, 2017 19,503 I turn all these off. Also throw in chromatic aberration somewhere in there   Dest Has seen more 10s than EA ever will Coward Jun 4, 2018 16,048 Work motion blur is the first thing i turn off in a game, if i can. the other stuff.... depends on the implementation. can be good.  

May 22, 2025Ravie LakshmananEnterprise Security / Malware A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 (CVSS score: 5.3) and CVE-2025-4428 (CVSS score: 7.2), could be chained to execute arbitrary code on a vulnerable device without requiring any authentication. They were addressed by Ivanti last week. Now, according to a report from EclecticIQ, the vulnerability chain has been abused by UNC5221, a Chinese cyber espionage group known for its targeting of edge network appliances since at least 2023. Most recently, the hacking crew was also attributed to exploitation efforts targeting SAP NetWeaver instances susceptible to CVE-2025-31324. The Dutch cybersecurity company said the earliest exploitation activity dates back to May 15, 2025, with the attacks targeting healthcare, telecommunications, aviation, municipal government, finance, and defense sectors. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," security researcher Arda Büyükkaya said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." The attack sequence involves targeting the "/mifs/rs/api/v2/" endpoint to obtain an interactive reverse shell and remotely execute arbitrary commands on Ivanti EPMM deployments. This is followed by the deployment of KrustyLoader, a known Rust-based loader attributed to UNC5221 that enables the delivery of additional payloads like Sliver. The threat actors have also been observed targeting the mifs database by making use of hard-coded MySQL database credentials stored in /mi/files/system/.mifpp to obtain unauthorized access to the database and exfiltrating sensitive data that could grant them visibility into managed mobile devices, LDAP users, and Office 365 refresh and access tokens. Furthermore, the incidents are characterized by the use of obfuscated shell commands for host reconnaissance before dropping KrustyLoader from an AWS S3 bucket and Fast Reverse Proxy (FRP) to facilitate network reconnaissance and lateral movement. It's worth mentioning here that FRP is an open-source tool widely shared among Chinese hacking groups. EclecticIQ said it also identified a command-and-control (C2) server associated with Auto-Color, a Linux backdoor that was documented by Palo Alto Networks Unit 42 as used in attacks aimed at universities and government organizations in North America and Asia between November and December 2024. "The IP address 146.70.87[.]67:45020, previously associated with Auto-Color command-and-control infrastructure, was seen issuing outbound connectivity tests via curl immediately after exploitation of Ivanti EPMM servers," Büyükkaya pointed out. "This behaviour is consistent with Auto-Color's staging and beaconing patterns. Taken together, these indicators very likely link to China-nexus activity." The disclosure comes as threat intelligence firm GreyNoise noted that it had witnessed a significant spike in scanning activity targeting Ivanti Connect Secure and Pulse Secure products prior to the disclosure of CVE-2025-4427 and CVE-2025-4428. "While the scanning we observed was not directly tied to EPMM, the timeline underscores a critical reality: scanning activity often precedes the public emergence of zero-day vulnerabilities," the company said. "It's a leading indicator — a signal that attackers are probing critical systems, potentially in preparation for future exploitation." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    