Who are the best teams in College Football 26? You don't have to wonder anymore, as the publisher has revealed the answer.EA Sports' College Football series came soaring back last year, following a hiatus of more than a decade. It became the best-selling sports game of all time, surpassing a record previously held by a COVID-era NBA 2K entry. This year's game is coming soon, and EA is surely hoping to keep its winning streak going.With just a few weeks separating players from the launch of the game, which is even sooner if you preorder, today the publisher has unveiled the game's 10 best teams.Naturally, the list is full of some major programs, though you'll notice they're all of a similar stature, as a few schools have built up major contenders that now stand toe to toe with the legacy giants of the sport.A list like this is partly meant to generate hype, but EA surely knows it'll also unavoidably lead to controversy even when the rankings are determined in good faith. Don't ever let reasonable arguments come between you and your favorite sports teams, right?With that in mind, take a look at the best teams in College Football 26, including several from the Lone Star State, the defending champions, and all four teams from last year's semi-finals. 1. Alabama - 89 OVR 2. Texas - 88 OVR 3. Ohio State - 88 OVR 4. Penn State - 88 OVR 5. Notre Dame - 88 OVR 6. Georgia - 88 OVR 7. Clemson - 88 OVR 8. Texas A&M - 88 OVR 9. Oregon - 86 OVR 10. LSU - 86 OVR

The best roguelike games offer a serious but rewarding commitment, inviting you to lose time and time again until you reach new heights. And then you get to repeat the process while retaining knowledge that shapes your future sessions, improving your skills with each subsequent run.The best roguelike games follow the philosophy of randomizing existing game elements and providing a different experience every time you start a new run, with the condition that a game over screen means restarting from scratch. The roguelite distinction is similar, but it involves permanent progression, be it in the form of story, unlockable paths, items, and so on.Our selection of the best roguelike games has something for every player, regardless of platform and subgenre of choice. Our picks intersect with rhythm, deckbuilding, platforming, puzzle, and shooter games, to name a few. The roguelike and roguelite genres keep gaining more ground as pillars for design choices, meaning that some of the games on this list will ring familiar with the selections in our best PS5 games and best PC game lists. You'll also find some overlap with our recommendations for the best indie games to play right now.As the middle of 2025 draws near, choosing the best roguelike games becomes tougher with each passing day. The likes of Nuclear Throne, The Binding of Isaac, and Enter the Gungeon progressively marked their place in the genre years ago. Now, roguelikes and roguelites are in abundance, with game developers coming up with novel spins and pushing the genre forward.Whether you're looking for something more traditional or a unique take on a genre that is brimming with creativity, our best roguelike games list is bound to add a few new experiences to have on your radar. BalatroDeveloper: LocalThunkRelease Date: February 20, 2024Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCIf you've seen your loved ones spending way too much time on their phones during the past year, it's likely due to LocalThunk's engrossing take on poker. Balatro is deceptively simple: Look at your hand, think of the combination that will net you the most points, and see the numbers go up.As you slowly make your way to tougher levels, gaining additional cards that multiply said score while granting an array of often absurd bonuses, you'll immediately understand the appeal. Balatro is not about poker, nor is it just a roguelike. It's a numbers game where you can rig the rules in your favor. Its challenges are hypnotizing, but once you achieve victory for the first time, it'll take you a while to play anything else. See at Amazon Pacific DriveDeveloper: Ironwood StudiosRelease Date: February 22, 2024Platforms: PlayStation 5, PCPacific Drive is not technically a roguelite, even if it shares quite a few similarities in how you navigate its world, picking up key items and tackling objectives as you escape from weather anomalies from the inside of your car. The Endless Expeditions update, however, does push the game toward that direction.Released on April 3 of this year, Expeditions takes you outside of the campaign and into a randomized map with modifiers and rewards, the latter including cosmetics and unique tools. The trick is that you won't be able to stock up on resources, as you're forced to scavenge and build your inventory from scratch each time.Expeditions only end once you've collected enough anchors on a map. The longer this takes, however, the harder the task will become, with anomalies gearing up in difficulty. If you're looking for an extra challenge or an interesting twist on the Pacific Drive formula, Expeditions is the answer.Fanatical and GameSpot are both owned by Fandom. See at Fanatical Dead CellsDeveloper: Motion TwinRelease Date: August 6, 2018Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCDead Cells is one of the pioneers of the new wave of roguelites of the past few years. Ever since its conception, developer Motion Twin set out to build an ambitious foundation--prioritizing a breakneck rhythm and flow in movement and attacks, rewarding fast reflexes and improvisation on the spot.The team continued to work on the game over the years, delivering a total of 35 major updates, expanding and ironing out possibly every element inside out. If at some point you think the base game doesn't have enough to offer, there are five DLCs (one of them free), including the Return to Castlevania expansion. As it stands, there might never be another game like Dead Cells, and that's okay. We'll still be playing it for years to come, while also witnessing the team trying out new ideas, such as the co-op roguelite Windblown, which is an early access game to watch. See at Fanatical Deep Rock Galactic: SurvivorDeveloper: Funday GamesRelease Date: February 14, 2024Platforms: PCIf you're a Left 4 Dead 2 fan, chances are that you've heard of Deep Rock Galactic, which takes the structure of the zombie-driven shooter and takes it in a different direction, featuring dwarves in space, alien monsters, and destructible environments. Deep Rock Galactic: Survivor, however, takes things even further.Released in Steam early access back on February 14, 2024, you're taken onto increasingly harder levels where your dwarf of choice attacks automatically. The Survivor-like is presented in a top-down perspective, with the mining mechanic taking center stage to unlock upgrades during runs and improve your chances.There have been four sizable updates, but even in its infancy, developer Funday Games struck gold when mining for resources. The combination of its existing setting with the roguelike genre is an enticing one. See at Steam Hades 2Developer: Supergiant GamesRelease Date: May 6, 2024Platforms: PCDeveloper Supergiant Games has famously never done sequels before--until Hades 2. The sequel follows the events of the first game, in which Zagreus, son of the Greek god of the underworld, fought his way to the surface. Now, his sister Melinöe is tasked with defeating Chronos, the god of time itself, who's posing a threat unknown to everyone to this point.The roguelite is similar in nature to its predecessor, advancing the story with each victorious or failed run, gradually uncovering layer upon layer of new characters, powers to combine and grow stronger with, and even more features to further customize your experience. Hades 2 is still in early access, but there's a ridiculous amount of story and challenges to go through. Plus, the sequel is one of the first games confirmed for the Nintendo Switch 2. The 1.0 release date is yet to be confirmed, but Supergiant is targeting 2025. See at Steam Darkest Dungeon 2Developer: Red Hook StudiosRelease Date: May 8, 2024Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCDarkest Dungeon 2 entered early access in October 2021, with the full launch taking place on May 8. It had a tall order--surpassing the inimitable Darkest Dungeon, a tough roguelike centered around stress as a mechanic, with characters being driven mad or, on occasion, becoming inspired by the embrace of darkness and presence of heinous monsters.The sequel moves away from the structure of its predecessor, where you explored different biomes while managing resources and upgrading a home base. Now, it follows a structure similar to modern roguelite conventions, where you choose from different paths that are labeled with the rewards and challenges awaiting on the roads.While the combat shares some similarities, many new features shake up previous foundations, from playable origin stories for each hero to the affinity system, which takes the stress mechanic of the first game and adds a communal element to it by leading to different relationship archetypes between party members. Despite the change in presentation with more bells and whistles, Darkest Dungeon 2 retains the spirit of the first game--it's a visceral, tough-as-nails adventure that demands patience to overcome. See at Fanatical Rogue Legacy 2Developer: Cellar Door GamesRelease Date: April 28, 2022Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCWhen the original Rogue Legacy launched in 2013, its combination of metroidvania with roguelite elements was already promising. Yet, it pushed things further with a genius feature where, each time you die, one of your children succeeds you. The trick? Everybody has unique traits, from gigantism and baldness to color blindness and dyslexia, which would have gameplay impacts from the beneficial to the hilarious.Rogue Legacy 2 pushes the novelty with even more traits and classes, including a bard and a dragon lancer. The metroidvania aspect has also been improved with the addition of unique items that permanently unlock abilities to further explore the world and unveil its secrets. It's a sequel that successfully ticks every box a sequel must, and does so with a familiar grace and humor that still has a lot to offer over a decade later. See at Steam Spelunky 2Developer: Mossmouth and BlitWorksRelease Date: September 29, 2020Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCSpelunky is the classic go-to recommendation for a roguelike with ironclad design. The platformer with an Indiana Jones spirit made for one of the most challenging roguelites out there, requiring patience and the willingness to study every possible enemy pattern, trap, and miscalculation that can end your run, and then memorize it all for the next attempt.Spelunky 2 is a showcase of refinement upon refinement. Sure, it's touted with a bigger world with new areas to study, multiple routes to find and take advantage of, and an assortment of features meant to subvert long-standing fans' expectations. The sequel's greatest trick, however, is once again proving that meticulously thought design can elevate good ideas to admirable heights. The only way to improve is to keep trying, over and over, until surpassing the obstacles in your way becomes second nature. And then you get to do it all over again in the following area. See at Steam Slay the SpireDeveloper: Mega CritRelease Date: January 23, 2019Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCDeck-building has become a popular marriage candidate for roguelites, and Slay the Spire might be one of the games responsible for its popularity. The premise is simple: You pick a character who has a predefined card deck and jump into a procedurally generated run. The rewards, obstacles, and challenges roaming your chosen paths are always different, demanding different strategies.As you make your way through a game session, you'll collect more cards for your deck, slowly customizing the options available to fit different playstyles and adapt yourself to the danger at hand. Do you invest in dealing as much damage as possible, neglecting your defense? Do you try to come up with different synergies to create a jack-of-all-trades card deck? There's always something to learn and discover, and the number of combinations available to experiment with is seducingly daunting. The best part? There's a sequel in the works, slated for 2025. See at Steam Risk of Rain 2Developer: Hopoo GamesRelease Date: August 11, 2020Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCRisk of Rain 2 is one of the few roguelites that explored the idea of taking the often pixel art, 2D-driven presentations of the genre and experimenting with 3D instead. Taking the elements that made its predecessor great, from enemy design to the different survivors you control, the change of perspective led to a breath of fresh air in the genre, and one of the most entertaining online games out there.The 1.0 release on August 11, 2020 has been followed up with hefty updates and paid DLC since. You can spend hours just fooling around with friends and seeing how far you can go. Once you get invested in the game's most intricate secrets and mechanics, however, you'll find out that the thrill comes down to becoming an unstoppable force challenged by a dynamic difficulty meter that's constantly keeping you on your toes. The use of 3D, then, isn't a mere novelty--it literally shines a new light on what roguelites can achieve when looked at from a different perspective, adding a different sense of movement and scale to the usual roguelite chaos. See at Steam Crypt of the NecrodancerDeveloper: Brace Yourself GamesRelease Date: April 23, 2015Platforms: PlayStation 4, Xbox One, Nintendo Switch, Android, iOS, PCCrypt of the Necrodancer might be one of the oldest picks of our best roguelike games list, but the reason is simple: No other roguelite has managed to combine the genre conventions with the mechanics of a rhythm game to such success. Every movement and action in the game is tied to the beat of the soundtrack blasting in the background.Enemies have different patterns that you must learn, all while carefully moving on tiles as if you were tapping the floor with your foot following a song. Even if you're not rhythm game savvy, the mix of both genres is accommodating enough to make you a believer--right until you meet a dragon for the first time, that is. After the original release, Cadence of Hyrule followed up on the concept, with the studio collaborating with Nintendo for a different take on The Legend of Zelda. But Crypt of the Necrodancer remains a worthy rogue classic. See at Steam Into the BreachDeveloper: Subset GamesRelease Date: February 27, 2018Platforms: Nintendo Switch, Android, iOS, PCThe alien invasion grows in numbers. You must assemble a squad of a handful of units and try to beat the odds. When you inevitably meet your demise, the last person standing creates a rift and travels to a different timeline. Time to start again.Into the Breach has a steep learning curve. Its design conventions, however, make it worth the effort to learn how to best use the space given to you and how your units can counterattack the alien push. The game is clear about the consequences of your movements on each map grid--whether or not you'll be able to land an attack, if one of your mechs will be caught in a tidal wave or an enemy projectile, and so on.Often, playing the strategy roguelike feels like a series of elaborate board games, where you carefully move pieces and spend your time thinking of the best possible plan. When it all comes together, the satisfaction is unparalleled. But even when you fail and you're sent to another timeline to commence anew, there's a thrill in knowing that next time might be the one if you take the time to analyze your movements and execute with care.Into the Breach is also the rare game to receive a 10/10 from GameSpot. See at Steam Loop HeroDeveloper: Four QuartersRelease Date: March 4, 2021Platforms: Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCThe concept of loops and the repetitive nature of roguelites are a natural pairing. Loop Hero not only understands it, but extends it further by turning you into a dungeon master of sorts. You're given the choice of a hero and a map layout, as well as a deck of cards. You can place different types of terrain and structures, each having its own pros and cons. But you also need to place enemies, slowly making each loop--where the character walks a full cycle of the map--more intricate to navigate.The randomized nature of roguelites is heightened by giving you agency over the dangers that your hero will have to overcome. With a large number of unlockables to pursue after each session, as well as a captivating presentation, Loop Hero is one of the most inventive roguelites out there. See at Fanatical ReturnalDeveloper: HousemarqueRelease Date: April 30, 2021Platforms: PlayStation 5, PCHousemarque's expertise lies in games with an arcade nature, from Resogun to Nex Machina. At first glance, Returnal seems different--its presentation is powered by a level of production that screams AAA game. Initially introduced as a PlayStation 5 exclusive, the third-person shooter makes an interesting use of the roguelite concept, intertwining story events with each death. Similarly to Hades, meeting your demise rarely means taking a step back.Don't let its prestigious look deceive you, though--Returnal is the living proof of a modern arcade game, taking cues from the bullet hell genre. This means that you must be in constant movement, carefully timing dodges and narrow jumps to avoid a barrage of projectiles coming your way from all directions. A sequel is slated for 2026, but the first game deserves all of your attention. It's one of the best games in the PlayStation catalog, and a thrilling showcase of how a roguelite structure can inform a story, blending into one coexisting vehicle for a narrative that wouldn't work elsewhere. See at Fanatical Shogun ShowdownDeveloper: RoboatinoRelease Date: September 5, 2024Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCDeveloper Roboatino saw the synergy of roguelike and deck-building elements and decided to add turn-based combat to the mix. You command a lone hero who must take positioning and time into consideration to defeat multiple enemies and make it out unscathed.Using an inventive mechanic regarding the tiles you set foot on, Shogun Showdown hides a surprising level of depth, which you gradually uncover the more time you spend with it. You can upgrade and sacrifice different movements and skills in between battles, and as you die, you'll unlock new characters and attacks to experiment with. If you want to test the game's combat by yourself, there's a free prologue available on PC. See at Fanatical Blue PrinceDeveloper: DogubombRelease Date: April 10, 2025Platforms: PlayStation 5, Xbox Series X|S, PCIn Blue Prince, you're a fourteen-year-old boy next in line for an inheritance. The catch is that you first need to explore a manor that changes its inner structure each day, hiding access to the elusive room 46 somewhere within its bowels. Dogubomb's title is part puzzle game, part roguelite, part investigative game.When you start a new day, you're given a number of steps that you can take inside the manor. Upon interacting with a door, the game grants you a random selection of rooms, each containing a puzzle, resource items, or a clue to a larger mystery. Sometimes all three of them. The deeper you plunge into Blue Prince, the higher the chances of becoming engrossed by the sheer amount of layers upon layers of puzzles to solve. See at Fanatical Caves of QudDeveloper: Freehold GamesRelease Date: December 5, 2024Platforms: PCDevelopment for Caves of Qud began back in 2007, with the first public beta being released to the world in 2010. Then, after almost a decade in Steam early access, the game was fully launched on December 5, 2024. The science-fantasy roguelike is brimming with emergent stories, offering a deeply simulated world where you can shape the environment as you see fit, join one of over 70 factions, or simply get lost in the overwhelming number of possible actions and outcomes available.In Caves of Qud, every NPC and monster is as fully simulated as you, meaning that they all have their own skills, equipment, body parts, and levels. The body parts are important, as there are multiple mutations at play, from two heads to the power of cloning oneself. The sandbox nature and painstaking level of detail have added an unmatched identity to the roguelike over its long lifespan. Now, there's never been a better time to take a plunge and become a part of its labyrinthine systems and intricate synergies that are happening in the game without your input. See at Steam FTL: Faster Than LightDeveloper: Subset GamesRelease Date: September 14, 2021Platforms: iOS, PCCommanding a party is a classic go-to for roguelites. Being the captain of a spaceship where you must attend to your crew and rooms individually, however, is an idea that is still novel to this day. Before Into the Breach, developer Subset Games came up with a different adventure in outer space.Presented with randomly generated galaxies, you must pick different paths to warp to, taking care and managing your spaceship in your ventures. Everything from the state of the hull to the level of oxygen must be accounted for. While you might be lucky with the galaxy destinations you pick, your crew will inevitably have to confront other ships.It's during these moments that FTL: Faster Than Light showcases its exhilarating mix of mechanics, forcing you to act fast by putting up fires, deciding which rooms to open and which ones to close, and sending crew members to repair the ship, all while using similar strategies on the enemy at hand. There's no other game like FTL. See at Steam InscryptionDeveloper: Daniel Mullins GamesRelease Date: October 19, 2021Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCThe creator of the eerie Pony Island took a stab at the roguelike genre in 2021 with Inscryption. At first, you don't know where you are--all you can see is the inside of a dark cabin, and a strange figure that invites you to play a card game. The creepiness sets in more and more over time, as you use cards depicting animals that seem to be alive, trying to make progress in the game while also looking for an opportunity to try and figure out how to escape the cabin.Inscription has multiple twists that are best left as a secret. If you want a general indication of what to expect, however, this roguelike pulls you into an obscure setting that becomes darker the more time you spend with it, subverting existing genre conventions and familiar mechanics with a horror twist. See at Fanatical Dome KeeperDeveloper: BippinbitsRelease Date: September 27, 2022Platforms: PCDome Keeper is a great game for people who enjoy multitasking. As the name implies, you must protect a dome from enemy attacks. In order to do so, you must dig underneath the surface to search for resources and artifacts, which are used to choose upgrades and different ways to defend your base.Enemies won't just sit and wait, however. You only have a limited time to dig in between attack waves. Picking your upgrades carefully will make or break your chances of survival to gain another chance at plunging through the surface and build better defenses. Dome Keeper is an ambitious survival game that takes cue from roguelikes and tower defense games to create a different kind of challenge to overcome. See at Fanatical Monster TrainDeveloper: Shiny ShoeRelease Date: May 20, 2020Platforms: PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, iOS, PCMonster Train is the distant cousin of Slay the Spire. You're given a deck of cards that you slowly grow during runs, as well as different paths to choose from. The twist is how combat encounters are structured, turning elements like positioning and card strategies on their head.Whenever you face enemies, you're presented with a large vertical structure that has three play fields. You must carefully plan where to place your cards to defend the train's core. It's an idea that's pushed to its limit time and time again with the cards available and the ways in which enemies can also strategize around your defenses. Monster Train is a prime example of how much innovation is still in the genre. See at Fanatical Vampire SurvivorsDeveloper: PoncleRelease Date: October 20, 2022Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCTaking inspiration from a mobile game called Magic Survival, in which the main character attacked automatically without the player's input, developer Poncle leaned on a fascination for Castlevania's aesthetic to iterate on the concept. The simple idea led to an absurd amount of characters, levels, and items to unlock--including, of course, an official collaboration with Konami to include more than just indirect references to the Castlevania series.Playing a Vampire Survivors stage can last anything from 15 to 20 or 30 minutes--if you can survive long enough with the items you've acquired. Even if you fail, however, you're constantly unlocking items, characters, and stages to explore in subsequent runs. It's a game that's best described as a Pandora's Box equivalent. Especially considering the chaos that it will likely inflict on your schedule. See at Steam Hitman World of Assassination: Freelancer ModeDeveloper: IO InteractiveRelease Date: January 26, 2023Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, PCThe Hitman series has always excelled in presenting puzzle boxes that double down as playgrounds to blend in, follow your target, and take them down in increasingly ridiculous ways. Freelancer Mode, introduced to Hitman World of Assassination on January 26, 2023, adds a different spin to the premise with a persistent and highly replayable experience.In this mode, targets are always random, and you're given access to different bonus objectives. Making use of a hub exclusive to Freelancer, Agent 47 must choose a crime syndicate to pursue, which sets the mood of the campaign, and then get started without any equipment or weapons. If you've already mastered the classic Hitman levels or you just want a different, ridiculously polished roguelike experience, Freelancer Mode is a distinct and ambitious take on the genre. Worth mentioning that Hitman World of Assassination is also slated to launch on Nintendo Switch 2. See at Steam InkboundDeveloper: Shiny ShoeRelease Date: April 9, 2024Platforms: PCFrom the makers of Monster Train comes Inkbound, a turn-based tactical roguelike that offers co-op, and synergies that are heightened by coordinating with others online. Players can move freely and act simultaneously in multiplayer, picking from eight different classes to try out different combinations.There's also a deck-building element of sorts involved in the vein of draftable abilities, upgrades, and an array of items to use in-game. It's an intriguing blend of genres that might take some time to get used to. Once things click, however, you and the rest of the party will be working in tandem to see how far you can push your strategies. See at Steam God of War Ragnarok: ValhallaDeveloper: Santa Monica StudiosRelease Date: December 12, 2023Platforms: PlayStation 4, PlayStation 5, PCGod of War Ragnarok is a behemoth of an action-RPG, featuring a lengthy campaign across open areas with side quests, collectibles, and dozens of corners to explore. If you're looking for a break from the main story or just want to try a new roguelite that elevates some of the game's strengths in a different structure, the free Valhalla DLC is a must play.Taking place after the events of the main story (although you can jump into it at any point from the main menu without worrying about spoilers of the main campaign), Valhalla has Kratos going through a series of punishing trials, which slowly serve as a therapy session of sorts as he reminiscences of the events that happened during the original trilogy of God of War games.The bite-sized rendition of combat encounters shines a different light on combat mechanics that you may already be familiar with. And, taking cues from the likes of Hades and Returnal, each death pushes the story forward in meaningful ways. Valhalla is a rare combination of genres that shouldn't work as well as they do, and it deserves your time before the next adventure of Kratos inevitably rolls in. See at Fanatical NoitaDeveloper: Nolla GamesRelease Date: October 15, 2020Platforms: PCAfter a short early access period in 2019, Noita was fully released in October 2020, and provided an escape from the horrors of that year with, well, more horrors. Its punishing difficulty and procedurally-generated worlds provide deep and engaging gameplay. Noita places you in the shoes of a wand-wielding alchemist navigating a deadly, destructible world. The seemingly simple pixel art style leads to complexity where water flows, acid burns, fire spreads, and cave-ins can be triggered by a single misplaced explosive.Unlike many roguelikes that focus on stat-based progression, Noita appeals to player creativity and experimentation. The game's wand crafting system is a particular highlight, allowing you to mix and match spells, modifiers, and triggers to create devastating effects or strange contraptions that alter the way the game plays with every decision. The fun of Noita is learning how to break it in delightfully chaotic ways. This customization means each run feels unique, not just because of the randomized levels, but because the tools at your disposal and the way you choose to implement them define each playthrough. Noita is deeper than it first appears, with plenty of secrets and mysteries to uncover. Its expansive hidden world and lore begs to be uncovered, and the community engagement and conversation around it continues even half a decade on from its release. Experiment with fire, mess around with slime, and Noita will reward your curiosity. You'll find that, most of the time, death in Noita stems from your own creation, giving the game a cruel sense of irony and punishment. Despite that, or perhaps even because of that, Noita is a beautiful experience. See at Steam

You never forget your first love.

ActuGaming.net Où trouver du sable farine sur Arrakis ? | Dune Awakening Dune Awakening est un MMORPG axé sur la survie prenant place sur Arrakis, une planète […] L'article Où trouver du sable farine sur Arrakis ? | Dune Awakening est disponib

Autodesk bouleverse le monde de l’animation avec le lancement de MotionMaker, un nouvel outil intégré à Autodesk Maya, alimenté par l’intelligence artificielle, qui promet de révolutionner la manière dont les animateurs vont animer leurs personnages.

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Microsoft 365 security in the spotlight after Washington Post hack Paul Hill Neowin @ziks_99 · Jun 16, 2025 03:36 EDT The Washington Post has come under cyberattack which saw Microsoft email accounts of several journalists get compromised. The attack, which was discovered last Thursday, is believed to have been conducted by a foreign government due to the topics the journalists cover, including national security, economic policy, and China. Following the hack, the passwords on the affected accounts were reset to prevent access. The fact that a Microsoft work email account was potentially hacked strongly suggests The Washington Post utilizes Microsoft 365, which makes us question the security of Microsoft’s widely used enterprise services. Given that Microsoft 365 is very popular, it is a hot target for attackers. Microsoft's enterprise security offerings and challenges As the investigation into the cyberattack is still ongoing, just how attackers gained access to the accounts of the journalists is unknown, however, Microsoft 365 does have multiple layers of protection that ought to keep journalists safe. One of the security tools is Microsoft Defender for Office 365. If the hackers tried to gain access with malicious links, Defender provides protection against any malicious attachments, links, or email-based phishing attempts with the Advanced Threat Protection feature. Defender also helps to protect against malware that could be used to target journalists at The Washington Post. Another security measure in place is Entra ID which helps enterprises defend against identity-based attacks. Some key features of Entra ID include multi-factor authentication which protects accounts even if a password is compromised, and there are granular access policies that help to limit logins from outside certain locations, unknown devices, or limit which apps can be used. While Microsoft does offer plenty of security technologies with M365, hacks can still take place due to misconfiguration, user-error, or through the exploitation of zero-day vulnerabilities. Essentially, it requires efforts from both Microsoft and the customer to maintain security. Lessons for organizations using Microsoft 365 The incident over at The Washington Post serves as a stark reminder that all organizations, not just news organizations, should audit and strengthen their security setups. Some of the most important security measures you can put in place include mandatory multi-factor authentication (MFA) for all users, especially for privileged accounts; strong password rules such as using letters, numbers, and symbols; regular security awareness training; and installing any security updates in a timely manner. Many of the cyberattacks that we learn about from companies like Microsoft involve hackers taking advantage of the human in the equation, such as being tricked into sharing passwords or sharing sensitive information due to trickery on behalf of the hackers. This highlights that employee training is crucial in protecting systems and that Microsoft’s technologies, as advanced as they are, can’t mitigate all attacks 100 percent of the time. Tags Report a problem with article Follow @NeowinFeed

show some love for the losers Delightfully irreverent Underdogs isn’t your parents’ nature docuseries Ryan Reynolds narrates NatGeo's new series highlighting nature's much less cool and majestic creatures Jennifer Ouellette – Jun 15, 2025 3:11 pm | 5 The indestructible honey badger is just one of nature's "benchwarmers" featured in Underdogs Credit: National Geographic/Doug Parker The indestructible honey badger is just one of nature's "benchwarmers" featured in Underdogs Credit: National Geographic/Doug Parker Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Narrator Ryan Reynolds celebrates nature's outcasts in the new NatGeo docuseries Underdogs. Most of us have seen a nature documentary or two (or three) at some point in our lives, so it's a familiar format: sweeping majestic footage of impressively regal animals accompanied by reverently high-toned narration (preferably with a tony British accent). Underdogs, a new docuseries from National Geographic, takes a decidedly different and unconventional approach. Narrated by with hilarious irreverence by Ryan Reynolds, the five-part series highlights nature's less cool and majestic creatures: the outcasts and benchwarmers, more noteworthy for their "unconventional hygiene choices" and "unsavory courtship rituals." It's like The Suicide Squad or Thunderbolts*, except these creatures actually exist. Per the official premise, "Underdogs features a range of never-before-filmed scenes, including the first time a film crew has ever entered a special cave in New Zealand—a huge cavern that glows brighter than a bachelor pad under a black light thanks to the glowing butts of millions of mucus-coated grubs. All over the world, overlooked superstars like this are out there 24/7, giving it maximum effort and keeping the natural world in working order for all those showboating polar bears, sharks and gorillas." It's rated PG-13 thanks to the odd bit of scatalogical humor and shots of Nature Sexy Time Each of the five episodes is built around a specific genre. "Superheroes" highlights the surprising superpowers of the honey badger, pistol shrimp, and the invisible glass frog, among others, augmented with comic book graphics; "Sexy Beasts" focuses on bizarre mating habits and follows the format of a romantic advice column; "Terrible Parents" highlights nature's worst practices, following the outline of a parenting guide; "Total Grossout" is exactly what it sounds like; and "The Unusual Suspects" is a heist tale, documenting the supposed efforts of a macaque to put together the ultimate team of masters of deception and disguise (an inside man, a decoy, a fall guy, etc.).  Green Day even wrote and recorded a special theme song for the opening credits. Co-creators Mark Linfield and Vanessa Berlowitz of Wildstar Films are longtime producers of award-winning wildlife films, most notably Frozen Planet, Planet Earth and David Attenborough's Life of Mammals—you know, the kind of prestige nature documentaries that have become a mainstay for National Geographic and the BBC, among others. They're justly proud of that work, but this time around the duo wanted to try something different. Madagascar's aye-aye: "as if fear and panic had a baby and rolled it in dog hair" National Geographic/Eleanor Paish Madagascar's aye-aye: "as if fear and panic had a baby and rolled it in dog hair" National Geographic/Eleanor Paish An emerald jewel wasp emerges from a cockroach. National Geographic/Simon De Glanville An emerald jewel wasp emerges from a cockroach. National Geographic/Simon De Glanville A pack of African hunting dogs is no match for the honey badger's thick hide. National Geographic/Tom Walker A pack of African hunting dogs is no match for the honey badger's thick hide. National Geographic/Tom Walker An emerald jewel wasp emerges from a cockroach. National Geographic/Simon De Glanville A pack of African hunting dogs is no match for the honey badger's thick hide. National Geographic/Tom Walker A fireworm is hit by a cavitation bubble shot from the claw of a pistol shrimp defending its home. National Geographic/Hugh Miller As it grows and molts, the mad hatterpillar stacks old head casings on top of its head. Scientists think it is used as a decoy against would-be predators and parasites, and when needed, it can also be used as a weapon. National Geographic/Katherine Hannaford Worst parents ever? A young barnacle goose chick prepares t make the 800-foot jump from its nest to the ground. National Geographic An adult pearlfish reverses into a sea cucumber's butt to hide. National Geographic A vulture sticks its head inside an elephant carcass to eat. National Geographic A manatee releases flatulence while swimming to lose the buoyancy build up of gas inside its stomach, and descend down the water column. National Geographic/Karl Davies "There is a sense after awhile that you're playing the same animals to the same people, and the shows are starting to look the same and so is your audience," Linfield told Ars. "We thought, okay, how can we do something absolutely the opposite? We've gone through our careers collecting stories of these weird and crazy creatures that don't end up in the script because they're not big or sexy and they live under a rock. But they often have the best life histories and the craziest superpowers." Case in point: the velvet worm featured in the "Superheroes" episode, which creeps up on unsuspecting prey before squirting disgusting slime all over their food. (It's a handy defense mechanism, too, against predators like the wolf spider.) Once Linfield and Berlowitz decided to focus on nature's underdogs and to take a more humorous approach, Ryan Reynolds became their top choice for a narrator—the anti-Richard Attenborough. As luck would have it, the pair shared an agent with the mega-star. So even though they thought there was no way Reynolds would agree to the project, they put together a sizzle reel, complete with a "fake Canadian Ryan Reynolds sound-alike" doing the narration. Reynolds was on set when he received the reel, and loved it so much he recoded his own narration for the footage and sent it back. "From that moment he was in," said Linfield, and Wildstar Films worked closely with Reynolds and his company to develop the final series. "We've never worked that way on a series before, a joint collaboration from day one," Berlowitz admitted. But it worked: the end result strikes the perfect balance between scientific revelation and accurate natural history, and an edgy comic tone. That tone is quintessential Reynolds, and while he did mostly follow the script (which his team helped write), Linfield and Berlowitz admit there was also a fair amount of improvisation—not all of it PG-13.  "What we hadn't appreciated is that he's an incredible improv performer," said Berlowitz. "He can't help himself. He gets into character and starts riffing off [the footage]. There are some takes that we definitely couldn't use, that potentially would fit a slightly more Hulu audience."  Some of the ad-libs made it into the final episodes, however—like Reynolds describing an Aye-Aye as "if fear and panic had a baby and rolled it in dog hair"—even though it meant going back and doing a bit of recutting to get the new lines to fit. Cinematographer Tom Beldam films a long-tailed macaque who stole his smart phone minutes later. National Geographic/Laura Pennafort Cinematographer Tom Beldam films a long-tailed macaque who stole his smart phone minutes later. National Geographic/Laura Pennafort The macaque agrees to trade ithe stolen phone for a piece of food. National Geographic The macaque agrees to trade ithe stolen phone for a piece of food. National Geographic A family of tortoise beetles defend themselves from a carnivorous ant by wafting baby poop in its direction. National Geographic A family of tortoise beetles defend themselves from a carnivorous ant by wafting baby poop in its direction. National Geographic The macaque agrees to trade ithe stolen phone for a piece of food. National Geographic A family of tortoise beetles defend themselves from a carnivorous ant by wafting baby poop in its direction. National Geographic A male hippo sprays his feces at another male who is threatening to take over his patch. National Geographic A male proboscis monkey flaunts his large nose. The noses of these males are used to amplify their calls in the vast forest. National Geographic Dream girl: A blood-soaked female hyena looks across the African savanna. National Geographic A male bowerbird presents one of the finest items in his collection to a female in his bower. National Geographic The male nursery web spider presents his nuptial gift to the female. National Geographic Cue the Barry White mood music: Two leopard slugs suspend themselves on a rope of mucus as they entwine their bodies to mate with one another. National Geographic Despite their years of collective experience, Linfield and Berlowitz were initially skeptical when the crew told them about the pearl fish, which hides from predators in a sea cucumber's butt (along with many other species). "It had never been filmed so we said, 'You're going to have to prove it to us,'" said Berlowitz. "They came back with this fantastic, hilarious sequence of a pearl fish reverse parking [in a sea cucumber's anus)." The film crew experienced a few heart-pounding moments, most notably while filming the cliffside nests of barnacle geese for the "Terrible Parents" episode. A melting glacier caused a watery avalanche while the crew was filming the geese, and they had to quickly grab a few shots and run to safety. Less dramatic: cinematographer Tom Beldam had his smartphone stolen by a long-tailed macaque mere minutes after he finished capturing the animal on film. If all goes well and Underdogs finds its target audience, we may even get a follow-up. "We are slightly plowing new territory but the science is as true as it's ever been and the stories are good. That aspect of the natural history is still there," said Linfield. "I think what we really hope for is that people who don't normally watch natural history will watch it. If people have as much fun watching it as we had making it, then the metrics should be good enough for another season." Verdict: Underdogs is positively addictive; I binged all five episodes in a single day. (For his part, Reynolds said in a statement that he was thrilled to "finally watch a project of ours with my children. Technically they saw Deadpool and Wolverine but I don't think they absorbed much while covering their eyes and ears and screaming for two hours.") Underdogs premieres June 15, 2025, at 9 PM/8 PM Central on National Geographic (simulcast on ABC) and will be available for streaming on Disney+ and Hulu the following day.  You should watch it, if only to get that second season. Jennifer Ouellette Senior Writer Jennifer Ouellette Senior Writer Jennifer is a senior writer at Ars Technica with a particular focus on where science meets culture, covering everything from physics and related interdisciplinary topics to her favorite films and TV series. Jennifer lives in Baltimore with her spouse, physicist Sean M. Carroll, and their two cats, Ariel and Caliban. 5 Comments

There has been a new update to the ongoing Stratasys v. Bambu Lab patent infringement lawsuit.  Both parties have agreed to consolidate the lead and member cases (2:24-CV-00644-JRG and 2:24-CV-00645-JRG) into a single case under Case No. 2:25-cv-00465-JRG.  Industrial 3D printing OEM Stratasys filed the request late last month. According to an official court document, Shenzhen-based Bambu Lab did not oppose the motion. Stratasys argued that this non-opposition amounted to the defendants waiving their right to challenge the request under U.S. patent law 35 U.S.C. § 299(a). On June 2, the U.S. District Court for the Eastern District of Texas, Marshall Division, ordered Bambu Lab to confirm in writing whether it agreed to the proposed case consolidation. The court took this step out of an “abundance of caution” to ensure both parties consented to the procedure before moving forward. Bambu Lab submitted its response on June 12, agreeing to the consolidation. The company, along with co-defendants Shenzhen Tuozhu Technology Co., Ltd., Shanghai Lunkuo Technology Co., Ltd., and Tuozhu Technology Limited, waived its rights under 35 U.S.C. § 299(a). The court will now decide whether to merge the cases. This followed U.S. District Judge Rodney Gilstrap’s decision last month to deny Bambu Lab’s motion to dismiss the lawsuits.  The Chinese desktop 3D printer manufacturer filed the motion in February 2025, arguing the cases were invalid because its US-based subsidiary, Bambu Lab USA, was not named in the original litigation. However, it agreed that the lawsuit could continue in the Austin division of the Western District of Texas, where a parallel case was filed last year.  Judge Gilstrap denied the motion, ruling that the cases properly target the named defendants. He concluded that Bambu Lab USA isn’t essential to the dispute, and that any misnaming should be addressed in summary judgment, not dismissal.        A Stratasys Fortus 450mc (left) and a Bambu Lab X1C (right). Image by 3D Printing industry. Another twist in the Stratasys v. Bambu Lab lawsuit  Stratasys filed the two lawsuits against Bambu Lab in the Eastern District of Texas, Marshall Division, in August 2024. The company claims that Bambu Lab’s X1C, X1E, P1S, P1P, A1, and A1 mini 3D printers violate ten of its patents. These patents cover common 3D printing features, including purge towers, heated build plates, tool head force detection, and networking capabilities. Stratasys has requested a jury trial. It is seeking a ruling that Bambu Lab infringed its patents, along with financial damages and an injunction to stop Bambu from selling the allegedly infringing 3D printers. Last October, Stratasys dropped charges against two of the originally named defendants in the dispute. Court documents showed that Beijing Tiertime Technology Co., Ltd. and Beijing Yinhua Laser Rapid Prototyping and Mould Technology Co., Ltd were removed. Both defendants represent the company Tiertime, China’s first 3D printer manufacturer. The District Court accepted the dismissal, with all claims dropped without prejudice. It’s unclear why Stratasys named Beijing-based Tiertime as a defendant in the first place, given the lack of an obvious connection to Bambu Lab.  Tiertime and Stratasys have a history of legal disputes over patent issues. In 2013, Stratasys sued Afinia, Tiertime’s U.S. distributor and partner, for patent infringement. Afinia responded by suing uCRobotics, the Chinese distributor of MakerBot 3D printers, also alleging patent violations. Stratasys acquired MakerBot in June 2013. The company later merged with Ultimaker in 2022. In February 2025, Bambu Lab filed a motion to dismiss the original lawsuits. The company argued that Stratasys’ claims, focused on the sale, importation, and distribution of 3D printers in the United States, do not apply to the Shenzhen-based parent company. Bambu Lab contended that the allegations concern its American subsidiary, Bambu Lab USA, which was not named in the complaint filed in the Eastern District of Texas. Bambu Lab filed a motion to dismiss, claiming the case is invalid under Federal Rule of Civil Procedure 19. It argued that any party considered a “primary participant” in the allegations must be included as a defendant.    The court denied the motion on May 29, 2025. In the ruling, Judge Gilstrap explained that Stratasys’ allegations focus on the actions of the named defendants, not Bambu Lab USA. As a result, the official court document called Bambu Lab’s argument “unavailing.” Additionally, the Judge stated that, since Bambu Lab USA and Bambu Lab are both owned by Shenzhen Tuozhu, “the interest of these two entities align,” meaning the original cases are valid.   In the official court document, Judge Gilstrap emphasized that Stratasys can win or lose the lawsuits based solely on the actions of the current defendants, regardless of Bambu Lab USA’s involvement. He added that any potential risk to Bambu Lab USA’s business is too vague or hypothetical to justify making it a required party. Finally, the court noted that even if Stratasys named the wrong defendant, this does not justify dismissal under Rule 12(b)(7). Instead, the judge stated it would be more appropriate for the defendants to raise that argument in a motion for summary judgment. The Bambu Lab X1C 3D printer. Image via Bambu Lab. 3D printing patent battles  The 3D printing industry has seen its fair share of patent infringement disputes over recent months. In May 2025, 3D printer hotend developer Slice Engineering reached an agreement with Creality over a patent non-infringement lawsuit.  The Chinese 3D printer OEM filed the lawsuit in July 2024 in the U.S. District Court for the Northern District of Florida, Gainesville Division. The company claimed that Slice Engineering had falsely accused it of infringing two hotend patents, U.S. Patent Nos. 10,875,244 and 11,660,810. These cover mechanical and thermal features of Slice’s Mosquito 3D printer hotend. Creality requested a jury trial and sought a ruling confirming it had not infringed either patent. Court documents show that Slice Engineering filed a countersuit in December 2024. The Gainesville-based company maintained that Creaility “has infringed and continues to infringe” on both patents. In the filing, the company also denied allegations that it had harassed Creality’s partners, distributors, and customers, and claimed that Creality had refused to negotiate a resolution.   The Creality v. Slice Engineering lawsuit has since been dropped following a mutual resolution. Court documents show that both parties have permanently dismissed all claims and counterclaims, agreeing to cover their own legal fees and costs.  In other news, large-format resin 3D printer manufacturer Intrepid Automation sued 3D Systems over alleged patent infringement. The lawsuit, filed in February 2025, accused 3D Systems of using patented technology in its PSLA 270 industrial resin 3D printer. The filing called the PSLA 270 a “blatant knock off” of Intrepid’s DLP multi-projection “Range” 3D printer.   San Diego-based Intrepid Automation called this alleged infringement the “latest chapter of 3DS’s brazen, anticompetitive scheme to drive a smaller competitor with more advanced technology out of the marketplace.” The lawsuit also accused 3D Systems of corporate espionage, claiming one of its employees stole confidential trade secrets that were later used to develop the PSLA 270 printer. 3D Systems denied the allegations and filed a motion to dismiss the case. The company called the lawsuit “a desperate attempt” by Intrepid to distract from its own alleged theft of 3D Systems’ trade secrets. Who won the 2024 3D Printing Industry Awards? Subscribe to the 3D Printing Industry newsletter to keep up with the latest 3D printing news.You can also follow us on LinkedIn, and subscribe to the 3D Printing Industry Youtube channel to access more exclusive content.Featured image shows a Stratasys Fortus 450mc (left) and a Bambu Lab X1C (right). Image by 3D Printing industry.

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

The Secure Government Email (SGE) Common Implementation Framework New Zealand’s government is introducing a comprehensive email security framework designed to protect official communications from phishing and domain spoofing. This new framework, which will be mandatory for all government agencies by October 2025, establishes clear technical standards to enhance email security and retire the outdated SEEMail service.  Key Takeaways All NZ government agencies must comply with new email security requirements by October 2025. The new framework strengthens trust and security in government communications by preventing spoofing and phishing. The framework mandates TLS 1.2+, SPF, DKIM, DMARC with p=reject, MTA-STS, and DLP controls. EasyDMARC simplifies compliance with our guided setup, monitoring, and automated reporting. Start a Free Trial What is the Secure Government Email Common Implementation Framework? The Secure Government Email (SGE) Common Implementation Framework is a new government-led initiative in New Zealand designed to standardize email security across all government agencies. Its main goal is to secure external email communication, reduce domain spoofing in phishing attacks, and replace the legacy SEEMail service. Why is New Zealand Implementing New Government Email Security Standards? The framework was developed by New Zealand’s Department of Internal Affairs (DIA) as part of its role in managing ICT Common Capabilities. It leverages modern email security controls via the Domain Name System (DNS) to enable the retirement of the legacy SEEMail service and provide: Encryption for transmission security Digital signing for message integrity Basic non-repudiation (by allowing only authorized senders) Domain spoofing protection These improvements apply to all emails, not just those routed through SEEMail, offering broader protection across agency communications. What Email Security Technologies Are Required by the New NZ SGE Framework? The SGE Framework outlines the following key technologies that agencies must implement: TLS 1.2 or higher with implicit TLS enforced TLS-RPT (TLS Reporting) SPF (Sender Policy Framework) DKIM (DomainKeys Identified Mail) DMARC (Domain-based Message Authentication, Reporting, and Conformance) with reporting MTA-STS (Mail Transfer Agent Strict Transport Security) Data Loss Prevention controls These technologies work together to ensure encrypted email transmission, validate sender identity, prevent unauthorized use of domains, and reduce the risk of sensitive data leaks. Get in touch When Do NZ Government Agencies Need to Comply with this Framework? All New Zealand government agencies are expected to fully implement the Secure Government Email (SGE) Common Implementation Framework by October 2025. Agencies should begin their planning and deployment now to ensure full compliance by the deadline. The All of Government Secure Email Common Implementation Framework v1.0 What are the Mandated Requirements for Domains? Below are the exact requirements for all email-enabled domains under the new framework. ControlExact RequirementTLSMinimum TLS 1.2. TLS 1.1, 1.0, SSL, or clear-text not permitted.TLS-RPTAll email-sending domains must have TLS reporting enabled.SPFMust exist and end with -all.DKIMAll outbound email from every sending service must be DKIM-signed at the final hop.DMARCPolicy of p=reject on all email-enabled domains. adkim=s is recommended when not bulk-sending.MTA-STSEnabled and set to enforce.Implicit TLSMust be configured and enforced for every connection.Data Loss PreventionEnforce in line with the New Zealand Information Security Manual (NZISM) and Protective Security Requirements (PSR). Compliance Monitoring and Reporting The All of Government Service Delivery (AoGSD) team will be monitoring compliance with the framework. Monitoring will initially cover SPF, DMARC, and MTA-STS settings and will be expanded to include DKIM. Changes to these settings will be monitored, enabling reporting on email security compliance across all government agencies. Ongoing monitoring will highlight changes to domains, ensure new domains are set up with security in place, and monitor the implementation of future email security technologies.  Should compliance changes occur, such as an agency’s SPF record being changed from -all to ~all, this will be captured so that the AoGSD Security Team can investigate. They will then communicate directly with the agency to determine if an issue exists or if an error has occurred, reviewing each case individually. Deployment Checklist for NZ Government Compliance Enforce TLS 1.2 minimum, implicit TLS, MTA-STS & TLS-RPT SPF with -all DKIM on all outbound email DMARC p=reject  adkim=s where suitable For non-email/parked domains: SPF -all, empty DKIM, DMARC reject strict Compliance dashboard Inbound DMARC evaluation enforced DLP aligned with NZISM Start a Free Trial How EasyDMARC Can Help Government Agencies Comply EasyDMARC provides a comprehensive email security solution that simplifies the deployment and ongoing management of DNS-based email security protocols like SPF, DKIM, and DMARC with reporting. Our platform offers automated checks, real-time monitoring, and a guided setup to help government organizations quickly reach compliance. 1. TLS-RPT / MTA-STS audit EasyDMARC enables you to enable the Managed MTA-STS and TLS-RPT option with a single click. We provide the required DNS records and continuously monitor them for issues, delivering reports on TLS negotiation problems. This helps agencies ensure secure email transmission and quickly detect delivery or encryption failures. Note: In this screenshot, you can see how to deploy MTA-STS and TLS Reporting by adding just three CNAME records provided by EasyDMARC. It’s recommended to start in “testing” mode, evaluate the TLS-RPT reports, and then gradually switch your MTA-STS policy to “enforce”. The process is simple and takes just a few clicks. As shown above, EasyDMARC parses incoming TLS reports into a centralized dashboard, giving you clear visibility into delivery and encryption issues across all sending sources. 2. SPF with “-all”In the EasyDARC platform, you can run the SPF Record Generator to create a compliant record. Publish your v=spf1 record with “-all” to enforce a hard fail for unauthorized senders and prevent spoofed emails from passing SPF checks. This strengthens your domain’s protection against impersonation. Note: It is highly recommended to start adjusting your SPF record only after you begin receiving DMARC reports and identifying your legitimate email sources. As we’ll explain in more detail below, both SPF and DKIM should be adjusted after you gain visibility through reports. Making changes without proper visibility can lead to false positives, misconfigurations, and potential loss of legitimate emails. That’s why the first step should always be setting DMARC to p=none, receiving reports, analyzing them, and then gradually fixing any SPF or DKIM issues. 3. DKIM on all outbound email DKIM must be configured for all email sources sending emails on behalf of your domain. This is critical, as DKIM plays a bigger role than SPF when it comes to building domain reputation, surviving auto-forwarding, mailing lists, and other edge cases. As mentioned above, DMARC reports provide visibility into your email sources, allowing you to implement DKIM accordingly (see first screenshot). If you’re using third-party services like Google Workspace, Microsoft 365, or Mimecast, you’ll need to retrieve the public DKIM key from your provider’s admin interface (see second screenshot). EasyDMARC maintains a backend directory of over 1,400 email sources. We also give you detailed guidance on how to configure SPF and DKIM correctly for major ESPs.  Note: At the end of this article, you’ll find configuration links for well-known ESPs like Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid – helping you avoid common misconfigurations and get aligned with SGE requirements. If you’re using a dedicated MTA (e.g., Postfix), DKIM must be implemented manually. EasyDMARC’s DKIM Record Generator lets you generate both public and private keys for your server. The private key is stored on your MTA, while the public key must be published in your DNS (see third and fourth screenshots). 4. DMARC p=reject rollout As mentioned in previous points, DMARC reporting is the first and most important step on your DMARC enforcement journey. Always start with a p=none policy and configure RUA reports to be sent to EasyDMARC. Use the report insights to identify and fix SPF and DKIM alignment issues, then gradually move to p=quarantine and finally p=reject once all legitimate email sources have been authenticated.  This phased approach ensures full protection against domain spoofing without risking legitimate email delivery. 5. adkim Strict Alignment Check This strict alignment check is not always applicable, especially if you’re using third-party bulk ESPs, such as Sendgrid, that require you to set DKIM on a subdomain level. You can set adkim=s in your DMARC TXT record, or simply enable strict mode in EasyDMARC’s Managed DMARC settings. This ensures that only emails with a DKIM signature that exactly match your domain pass alignment, adding an extra layer of protection against domain spoofing. But only do this if you are NOT a bulk sender. 6. Securing Non-Email Enabled Domains The purpose of deploying email security to non-email-enabled domains, or parked domains, is to prevent messages being spoofed from that domain. This requirement remains even if the root-level domain has SP=reject set within its DMARC record. Under this new framework, you must bulk import and mark parked domains as “Parked.” Crucially, this requires adjusting SPF settings to an empty record, setting DMARC to p=reject, and ensuring an empty DKIM record is in place: • SPF record: “v=spf1 -all”. • Wildcard DKIM record with empty public key.• DMARC record: “v=DMARC1;p=reject;adkim=s;aspf=s;rua=mailto:…”. EasyDMARC allows you to add and label parked domains for free. This is important because it helps you monitor any activity from these domains and ensure they remain protected with a strict DMARC policy of p=reject. 7. Compliance Dashboard Use EasyDMARC’s Domain Scanner to assess the security posture of each domain with a clear compliance score and risk level. The dashboard highlights configuration gaps and guides remediation steps, helping government agencies stay on track toward full compliance with the SGE Framework. 8. Inbound DMARC Evaluation Enforced You don’t need to apply any changes if you’re using Google Workspace, Microsoft 365, or other major mailbox providers. Most of them already enforce DMARC evaluation on incoming emails. However, some legacy Microsoft 365 setups may still quarantine emails that fail DMARC checks, even when the sending domain has a p=reject policy, instead of rejecting them. This behavior can be adjusted directly from your Microsoft Defender portal. Read more about this in our step-by-step guide on how to set up SPF, DKIM, and DMARC from Microsoft Defender. If you’re using a third-party mail provider that doesn’t enforce having a DMARC policy for incoming emails, which is rare, you’ll need to contact their support to request a configuration change. 9. Data Loss Prevention Aligned with NZISM The New Zealand Information Security Manual (NZISM) is the New Zealand Government’s manual on information assurance and information systems security. It includes guidance on data loss prevention (DLP), which must be followed to be aligned with the SEG. Need Help Setting up SPF and DKIM for your Email Provider? Setting up SPF and DKIM for different ESPs often requires specific configurations. Some providers require you to publish SPF and DKIM on a subdomain, while others only require DKIM, or have different formatting rules. We’ve simplified all these steps to help you avoid misconfigurations that could delay your DMARC enforcement, or worse, block legitimate emails from reaching your recipients. Below you’ll find comprehensive setup guides for Google Workspace, Microsoft 365, Zoho Mail, Amazon SES, and SendGrid. You can also explore our full blog section that covers setup instructions for many other well-known ESPs. Remember, all this information is reflected in your DMARC aggregate reports. These reports give you live visibility into your outgoing email ecosystem, helping you analyze and fix any issues specific to a given provider. Here are our step-by-step guides for the most common platforms: Google Workspace Microsoft 365 These guides will help ensure your DNS records are configured correctly as part of the Secure Government Email (SGE) Framework rollout. Meet New Government Email Security Standards With EasyDMARC New Zealand’s SEG Framework sets a clear path for government agencies to enhance their email security by October 2025. With EasyDMARC, you can meet these technical requirements efficiently and with confidence. From protocol setup to continuous monitoring and compliance tracking, EasyDMARC streamlines the entire process, ensuring strong protection against spoofing, phishing, and data loss while simplifying your transition from SEEMail.