Create a game combat sequence with NetherRealm Studios' Brad Faucheux's animation masterclass for The Gnomon Workshop.

Others may disagree, but I’ve decided Equilibrious Beast is the hardest boss fight in Elden Ring Nightreign. He’s fast, has a bunch of different attacks, and uses lots of hard to block magic. In addition to dodging incoming threats, you also have to

No hacen ruido. No cifran archivos. No exigen un rescate en Bitcoin ni envían mensajes amenazantes. Pero los ataques DDoS siguen ahí, creciendo en número, potencia y sofisticación, como una marejada invisible que no deja de golpear los cimientos de

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authentication (MFA) for all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed

Start SlideshowStart SlideshowImage: The Pokémon Company, Arrowhead Game Studios, Blizzard, The Pokémon Company, Screenshot: Capcom / Samuel Moreno / Kotaku, Bethesda / Brandon Morgan / Kotaku, Nintendo, Bethesda / Brandon Morgan / Kotaku, Capcom / Samuel Moreno / KotakuYou know what we all need sometimes? A little advice. How do I plan for a future that’s so uncertain? Will AI take my job? If I go back to school and use AI to cheat, will I graduate and work for an AI boss? We can’t help you with any of that. But what we can do is provide some tips for Helldivers 2, Monster Hunter Wilds, Oblivion Remastered, and other great games. So, read on for that stuff, and maybe ask ChatGPT about those other things.Previous SlideNext SlideList slidesDon’t Rely On Ex Pokémon In Pokémon TCG Pocket AnymoreImage: The Pokémon CompanyDuring the initial months of Pokémon TCG Pocket, ex monsters dominated the competitive landscape. These monsters are (usually) stronger than their non-ex counterparts, and they can come with game-changing abilities that determine how your entire deck plays. In the past, players could create frustratingly fearsome decks consisting of two ex Pokémon supported by trainer and item cards. However, unless you pair together very specific ex Pokémon, you’ll now find yourself losing nearly every game you play. - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesPlease, For The Love Of God, Defeat All Illuminate Stingrays In Helldivers 2Image: Arrowhead Game StudiosYou know what? Screw the Illuminate. I played round after round trying to get the Stingrays, also known as an Interloper, to spawn at least once, and those damn Overseers and Harvesters kept walking up and rocking me. In the end, I was victorious. A Stingray approached the airspace with reckless abandon, swooping in with practiced ease as it unloaded a barrage of molten death beams upon my head, and you know what happened? I died. A few times. But eventually, I managed to pop a shot off and I quickly discovered how to defeat Illuminate Stingrays in Helldivers 2. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDefeating Monster Hunter Wilds’ Demi Elder Dragon Might Be The Game’s Hardest Challenge So FarScreenshot: Capcom / Samuel Moreno / KotakuAlthough Zoh Shia is the thematic boss of Monster Hunter Wilds, other beasts can put up a tougher fight. Gore Magala (and especially its Tempered version) are easily in contention for being the most deadly enemies in the game. Not much is more threatening than their high mobility, powerful attacks, and unique Frenzy ailment that forms the basis for your Corrupted Mantle. - Samuel Moreno Read MorePrevious SlideNext SlideList slidesDon’t Forget To Play ‘The Shivering Isles’ Expansion In Oblivion RemasteredScreenshot: Bethesda / Brandon Morgan / KotakuWhether you’ve played the original Oblivion or not, chances are you’ve heard tales of the oddities awaiting you in the Shivering Isles. This expansion—the largest one for the open-world RPG—features a land of madness under the unyielding control of Sheogorath. It’s a beautiful world, yet so immensely wrong. But that’s why this DLC is one of the best in the franchise, so no matter how many hours you may have already put into the main story and the main world, you don’t want to miss this expansion. - Brandon Morgan Read MorePrevious SlideNext SlideList slidesHow Long Of A Ride Is Mario Kart World?Screenshot: NintendoThe Mario Kart franchise has been entertaining us all for decades—even with sibling fights and fits of rage over losing a race from a blue shell at the last second—but Mario Kart World is the first game to go open world. There hasn’t been a truly new entry in the series since 2014's Mario Kart 8, so being stoked to dive into this exciting adventure is perfectly reasonable. Equally reasonable, especially given the game’s controversial price tag, is to wonder how long it’ll take to beat and what type of replayability it offers. Let’s talk about it. - Billy Givens Read MorePrevious SlideNext SlideList slidesMario Kart World Players Are Exploiting Free Roam To Quickly Farm CoinsGif: Nintendo / FannaWuck / KotakuMario Kart World is full of cool stunts and lots of things to unlock, like new characters, costumes, and vehicles. The last of those requires accumulating a certain number of coins during your time with the Switch 2 exclusive, and while you could do that the normal way by just playing tons of races, you can also use the latest entry’s open world to farm coins faster or even while being completely AFK. - Ethan Gach Read MorePrevious SlideNext SlideList slidesOblivion Remastered’s Best Side Quest Is A World Within A WorldScreenshot: Bethesda / Brandon Morgan / KotakuIt’s been a long time since I kept a spreadsheet for a video game, or even notes beyond what I need for work. I had one for the original Oblivion run back in my school days. Back then, I knew where to find every side quest in the game. There were over 250. Still are, but now they’re enhanced, beautified for the modern gamer. One side quest retains its crown as the best, despite the game’s age. “A Brush With Death” is Oblivion Remastered’s best side quest by far, and here’s how to find and beat it! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesDiablo IV: How To Power Level Your Way To Season 8's EndgameImage: BlizzardWhether you’re running a new build, trying out a new class, or returning to Diablo IV after an extended break, (a break in which you were likely playing Path of Exile 2, right? I know I wasn’t alone in farming Exalted Orbs!) Whatever the case, learning how to level up fast in Diablo IV should help you check out everything new this season, along with hitting endgame so that your friends don’t cruelly make fun of you! - Brandon Morgan Read MorePrevious SlideNext SlideList slidesThe 5 Strongest Non-Ex Pokémon To Use In Pokémon TCG PocketImage: The Pokémon CompanyIt’s official: ex Pokémon no longer rule unchallenged Pokémon TCG Pocket. While these powerful cards are still prevalent in the competitive landscape, the rise of ex-specific counters have made many of these monsters risky to bring. It’s never been more vital to find strong Pokémon that are unburdened by the ex label, but who should you use? - Timothy Monbleau Read MorePrevious SlideNext SlideList slidesSome Of The Coolest Monster Hunter Wilds Armor Can Be Yours If You Collect Enough CoinsScreenshot: Capcom / Samuel Moreno / KotakuIt goes without saying that Monster Hunter Wilds has a lot of equipment materials to keep track of. The Title 1 Update increased the amount with the likes of Mizutsune parts and the somewhat obscurely named Pinnacle Coins. While it’s easy to know what the monster parts can be used for, the same can’t be said for a coin. Making things more complicated is that the related equipment isn’t unlocked all at once. - Samuel Moreno Read More

Starving bacteria (cyan) use a microscopic harpoon—called the Type VI secretion system—to stab and kill neighboring cells (magenta). The prey burst, turning spherical and leaking nutrients, which the killers then use to survive and grow. (Image Credit: Glen D'Souza/ASU/Screen shot from video)NewsletterSign up for our email newsletter for the latest science newsBacteria are bad neighbors. And we’re not talking noisy, never-take-out-the-trash bad neighbors. We’re talking has-a-harpoon-gun-and-points-it-at-you bad neighbors. According to a new study in Science, some bacteria hunt nearby bacterial species when they’re hungry. Using a special weapon system called the Type VI Secretion System (T6SS), these bacteria shoot, spill, and then absorb the nutrients from the microbes they harpoon. “The punchline is: When things get tough, you eat your neighbors,” said Glen D’Souza, a study author and an assistant professor at Arizona State University, according to a press release. “We’ve known bacteria kill each other, that’s textbook. But what we’re seeing is that it’s not just important that the bacteria have weapons to kill, but they are controlling when they use those weapons specifically for situations to eat others where they can’t grow themselves.” According to the study authors, the research doesn’t just have implications for bacterial neighborhoods; it also has implications for human health and medicine. By harnessing these bacterial weapons, it may be possible to build better targeted antibiotics, designed to overcome antibiotic resistance. Ruthless Bacteria Use HarpoonsResearchers have long known that some bacteria can be ruthless, using weapons like the T6SS to clear out their competition. A nasty tool, the T6SS is essentially a tiny harpoon gun with a poison-tipped needle. When a bacterium shoots the weapon into another bacterium from a separate species, the needle pierces the microbe without killing it. Then, it injects toxins into the microbe that cause its internal nutrients to spill out.Up until now, researchers thought that this weapon helped bacteria eliminate their competition for space and for food, but after watching bacteria use the T6SS to attack their neighbors when food was scarce, the study authors concluded that these tiny harpooners use the weapon not only to remove rivals, but also to consume their competitors’ leaked nutrients.“Watching these cells in action really drives home how resourceful bacteria can be,” said Astrid Stubbusch, another study author and a researcher who worked on the study while at ETH Zurich, according to the press release. “By slowly releasing nutrients from their neighbors, they maximize their nutrient harvesting when every molecule counts.” Absorbing Food From NeighborsTo show that the bacteria used this system to eat when there was no food around, the study authors compared their attacks in both nutrient-rich and nutrient-poor environments. When supplied with ample resources, the bacteria used their harpoons to kill their neighbors quickly, with the released nutrients leaking out and dissolving immediately. But when resources were few and far between, they used their harpoons to kill their neighbors slowly, with the nutrients seeping out and sticking around. “This difference in dissolution time could mean that the killer cells load their spears with different toxins,” D’Souza said in another press release. While one toxin could eliminate the competition for space and for food when nutrients are available, another could create a food source, allowing bacteria to “absorb as many nutrients as possible” when sustenance is in short supply.Because of all this, this weapon system is more than ruthless; it’s also smart, and important to some species’ survival. When genetically unedited T6SS bacteria were put in an environment without food, they survived on spilled nutrients. But when genetically edited T6SS bacteria were placed in a similar environment, they died, because their ability to find food in their neighbors had been “turned off.”Harnessing Bacterial HarpoonsAccording to the study authors, the T6SS system is widely used by bacteria, both in and outside the lab. “It’s present in many different environments,” D’Souza said in one of the press releases. “It’s operational and happening in nature, from the oceans to the human gut.” The study authors add that their research could change the way we think about bacteria and could help in our fight against antibiotic resistance. In fact, the T6SS could one day serve as a foundation for targeted drug delivery systems, which could mitigate the development of broader bacterial resistance to antibiotics. But before that can happen, however, researchers have to learn more about bacterial harpoons, and about when and how bacteria use them, both to beat and eat their neighbors.Article SourcesOur writers at Discovermagazine.com use peer-reviewed studies and high-quality sources for our articles, and our editors review for scientific accuracy and editorial standards. Review the sources used below for this article:Sam Walters is a journalist covering archaeology, paleontology, ecology, and evolution for Discover, along with an assortment of other topics. Before joining the Discover team as an assistant editor in 2022, Sam studied journalism at Northwestern University in Evanston, Illinois.1 free article leftWant More? Get unlimited access for as low as $1.99/monthSubscribeAlready a subscriber?Register or Log In1 free articleSubscribeWant more?Keep reading for as low as $1.99!SubscribeAlready a subscriber?Register or Log In

Daniel Pearson , CEO, KnownHostJune 12, 20253 Min ReadBusiness success concept. Cubes with arrows and target on the top.Cyber incidents are expected to cost the US $639 billion in 2025. According to the latest estimates, this dynamic will continue to rise, reaching approximately 1.82 trillion US dollars in cybercrime costs by 2028. These figures highlight the crucial importance of strong cybersecurity strategies, which businesses must build to reduce the likelihood of risks. As technology evolves at a dramatic pace, businesses are increasingly dependent on utilizing digital infrastructure, exposing themselves to threats such as ransomware, accidental data loss, and corruption.  Despite the 3-2-1 backup rule being invented in 2009, this strategy has stayed relevant for businesses over the years, ensuring that the loss of data is minimized under threat, and will be a crucial method in the upcoming years to prevent major data loss.   What Is the 3-2-1 Backup Rule? The 3-2-1 backup rule is a popular backup strategy that ensures resilience against data loss. The setup consists of keeping your original data and two backups.  The data also needs to be stored in two different locations, such as the cloud or a local drive.  The one in the 3-2-1 backup rule represents storing a copy of your data off site, and this completes the setup.  This setup has been considered a gold standard in IT security, as it minimizes points of failure and increases the chance of successful data recovery in the event of a cyber-attack.  Related:Why Is This Rule Relevant in the Modern Cyber Threat Landscape? Statistics show that in 2024, 80% of companies have seen an increase in the frequency of cloud attacks.  Although many businesses assume that storing data in the cloud is enough, it is certainly not failsafe, and businesses are in bigger danger than ever due to the vast development of technology and AI capabilities attackers can manipulate and use.  As the cloud infrastructure has seen a similar speed of growth, cyber criminals are actively targeting these, leaving businesses with no clear recovery option. Therefore, more than ever, businesses need to invest in immutable backup solutions.  Common Backup Mistakes Businesses Make A common misstep is keeping all backups on the same physical network. If malware gets in, it can quickly spread and encrypt both the primary data and the backups, wiping out everything in one go. Another issue is the lack of offline or air-gapped backups. Many businesses rely entirely on cloud-based or on-premises storage that's always connected, which means their recovery options could be compromised during an attack. Related:Finally, one of the most overlooked yet crucial steps is testing backup restoration. A backup is only useful if it can actually be restored. Too often, companies skip regular testing. This can lead to a harsh reality check when they discover, too late, that their backup data is either corrupted or completely inaccessible after a breach. How to Implement the 3-2-1 Backup Rule? To successfully implement the 3-2-1 backup strategy as part of a robust cybersecurity framework, organizations should start by diversifying their storage methods. A resilient approach typically includes a mix of local storage, cloud-based solutions, and physical media such as external hard drives.  From there, it's essential to incorporate technologies that support write-once, read-many functionalities. This means backups cannot be modified or deleted, even by administrators, providing an extra layer of protection against threats. To further enhance resilience, organizations should make use of automation and AI-driven tools. These technologies can offer real-time monitoring, detect anomalies, and apply predictive analytics to maintain the integrity of backup data and flag any unusual activity or failures in the process. Lastly, it's crucial to ensure your backup strategy aligns with relevant regulatory requirements, such as GDPR in the UK or CCPA in the US. Compliance not only mitigates legal risk but also reinforces your commitment to data protection and operational continuity. Related:By blending the time-tested 3-2-1 rule with modern advances like immutable storage and intelligent monitoring, organizations can build a highly resilient backup architecture that strengthens their overall cybersecurity posture. About the AuthorDaniel Pearson CEO, KnownHostDaniel Pearson is the CEO of KnownHost, a managed web hosting service provider. Pearson also serves as a dedicated board member and supporter of the AlmaLinux OS Foundation, a non-profit organization focused on advancing the AlmaLinux OS -- an open-source operating system derived from RHEL. His passion for technology extends beyond his professional endeavors, as he actively promotes digital literacy and empowerment. Pearson's entrepreneurial drive and extensive industry knowledge have solidified his reputation as a respected figure in the tech community. See more from Daniel Pearson ReportsMore ReportsNever Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.SIGN-UPYou May Also Like

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    