When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. Raspberry Pi Imager 1.9.4 released bringing performance improvements, bug fixes and more David Uzondu Neowin · Jun 5, 2025 05:12 EDT Raspberry Pi Imager 1.9.4 is now out, marking the first official release in its 1.9.x series. This application, for anyone new to it, is a tool from the Raspberry Pi Foundation. It first came out in March 2020. Its main job is to make getting an operating system onto a microSD card or USB drive for any Raspberry Pi computer super simple, even if you hate the command line. It handles downloading selected OS images and writing them correctly, cutting out several manual steps that used to trip people up, like finding the right image version or using complicated disk utility tools. This version brings solid user interface improvements for a smoother experience, involving internal tweaks that contribute to a more polished feel. Much work went into global accessibility, adding new Korean and Georgian translations. Updates also cover Chinese, German, Spanish, Italian, and many others. Naturally, a good number of bugs got squashed, including a fix for tricky long filename issues on Windows and an issue with the Escape key in the options popup. Changes specific to operating systems are also clear. Windows users get an installer using Inno Setup. Its program files, installer, and uninstaller are now signed for better Windows security. For macOS, .app file naming in .dmg packages is fixed, and building the software is more reliable. Linux users can now hide system drives from the destination list, a great way to prevent accidentally wiping your main computer drives. The Linux AppImage also disables Wayland support by default. The full list of changes is outlined below: Fixed minor errors in Simplified Chinese translation Updated translations for German, Catalan, Spanish, Slovak, Portuguese, Hebrew, Traditional Chinese, Italian, Korean, and Georgian Explicitly added --tree to lsblk to hide partitions from the top-level output CMake now displays the version as v1.9.1 Added support for quiet uninstallation on Windows Applied regex to match SSH public keys during OS customization Updated dependencies: libarchive (3.7.4 → 3.7.7 → 3.8.0) zlib (removed preconfigured header → updated to 1.4.1.1) cURL (8.8 → 8.11.0 → 8.13.0) nghttp2 (updated to 1.65.0) zstd (updated to 1.5.7) xz/liblzma (updated to 5.8.1) Windows-specific updates: Switched to Inno Setup for the installer Added code signing for binaries, installer, and uninstaller Enabled administrator privileges and NSIS removal support Fixed a bug causing incorrect saving of long filenames macOS-specific updates: Fixed .app naming in .dmg packages Improved build reliability and copyright Linux-specific updates: System drives are now hidden in destination popup Wayland support disabled in AppImage General UI/UX improvements: Fixed OptionsPopup not handling the Esc key Improved QML code structure, accessibility, and linting Made options popup modal Split main UI into component files Added a Style singleton and ImCloseButton component Internationalization (i18n): Made "Recommended" OS string translatable Made "gigabytes" translatable Packaging improvements: Custom AppImage build script with Qt detection Custom Qt build script with unprivileged mode Qt 6.9.0 included Dependencies migrated to FetchContent system Build system: CMake version bumped to 3.22 Various improvements and hardening applied Removed "Show password" checkbox in OS customization settings Reverted unneeded changes in long filename size calculation Internal refactoring and performance improvements in download and extract operations Added support for more archive formats via libarchive Lastly, it's worth noting that the system requirements have changed since version 1.9.0: macOS users will need version 11 or later; Windows users, Windows 10 or newer; Ubuntu users, version 22.04 or newer; and Debian users, Bookworm or later. Tags Report a problem with article Follow @NeowinFeed

How far would you go to keep yourself private online? There’s little doubt that advances in technology over the past three decades have eroded traditional concepts around privacy and security: It was once unthinkable to voluntarily invite big companies to track your every move and decision—now, we happily let them in exchange for the digital goods and services we rely on (or are hopelessly addicted to). Most people these days either tolerate these privacy intrusions or outright don’t care about them. But there’s a growing movement that believes it’s time to claim our privacy back. Some are working piecemeal, blocking trackers and reducing permissions where they can, while not totally ditching modern digital society as a whole. Others, however, are as hardcore as can be—a modern equivalent of "going off the grid."  We put out a call looking for the latter—people who are going to great lengths to protect their privacy in today’s mass surveillance world. We received a number of insightful, fascinating, and unique situations, but for this piece, I want to highlight four specific perspectives: "Ed," "Jane," "Mark," and "Jay."Ed is "ruthless" with app choices and permissionsThe first respondent, I’ll call Ed, since their privacy journey began with the Edward Snowden leaks: “I'd known something was likely up…as early as 2006[.] I remember headlines about AT&T possibly spying, but high school me didn't take it too seriously at the time. The Snowden leaks, when I was in college, really opened my eyes. Ever since, I've taken steps to protect my privacy.”Ed says the biggest step they’ve taken towards a digitally private life has been their Proton account. If you’re not aware, Proton is a company that offers apps designed for privacy. Their email service, Proton Mail, is the most famous of the company’s products, but Proton makes other apps as well. Ed uses many of them, including Proton VPN, Proton Calendar, and Proton Drive. Ed pays for Proton Ultimate, which costs them nearly $200 every two years (a new account is now billed yearly at $119.88). You don’t have to pay for Proton, but your experience is much more limited. That’s not totally dissimilar to Google’s offers, which gives you more features if you pay, but most people can definitely get by with a free Google Account. I'm not so sure the reverse is true. Speaking of Google, Ed does have a Google Account, but rarely logs into it. They don’t keep anything attached to it, however—Ed stores all files, for example, in Proton Drive or Tresoirt (another end-to-end encrypted service).Ed uses SimpleLogin for throwaway email addresses. That’s not just for the times Ed wants to avoid giving their email address to someone. According to them, they use an alias anytime an organization asks for their email, and frequently delete it when it’s no longer useful. Each online purchase gets its own alias, and that alias is deleted once the purchase is complete. Whenever Ed travels, they use an alias for any flights, hotels, and rental cars they use. Once the trip is up, they delete the alias. If one of those aliases receives a spam message, they delete it as well.Ed’s smartphone of choice is iPhone, and although Apple arguably has the best reputation for privacy in big tech, Ed is no fan: “Apple is no bastion of privacy of course, but they seem to be the least-worst of the big tech companies.” Ed doesn’t use iCloud for any backups: Any iPhone files are kept in Tresorit. That iPhone, of course, contains apps. But each app is there for a reason, and no app gets access to permissions unless it requires it: “I'm ruthless about apps and app permissions. If I'm not going to use the app regularly, I uninstall it. I grant only those permissions I think the app reasonably needs.” Ed protects his mobile internet traffic with Proton VPN, and only accesses the web via Firefox Focus, a special version of Firefox designed for privacy. Location services are always off on Ed’s iPhone, unless they’re using Apple Maps for navigation. Once they arrive at their destination, Ed disables location services again. They also have an interesting trick for getting back home without revealing their actual address:  “Additionally, when I'm navigating home, I don't enter my home address. I enter the address down the street just as an extra layer so I'm not entering my actual home address…I'll end navigation and turn off location while still driving…if I know the rest of the way home myself."Most of us deal regularly (if not daily) with spam calls. Not Ed: They use the “Silence Unknown Callers” setting on iOS to send all numbers not in the Contacts app to voicemail. They then review all voicemails, and if they didn’t leave a message, they block the number. Our initial call out for this piece referenced how using a VPN can sometimes block incoming phone calls, but Ed isn’t bothered by that: “Since most calls these days are scams or telemarketing, and most people I do want to talk to aren't going to call me anyway, I see this as more of a feature than a bug.” For their desktop computing needs, Ed uses Windows. They admit they aren’t privacy experts when it comes to Microsoft’s OS, but they do what they can, including changing all privacy settings and uninstalling all programs they don’t use. (That includes OneDrive and Edge.) They also run a clean version of Windows 11 after following Lifehacker’s guide. Firefox is their go-to PC browser, and they use a variety of extensions, including:ClearURLs: removes trackers from links.Decentraleyes: blocks data requests from third-party networks. Disconnect: blocks trackers from "thousands" of third-party sites.Firefox Multi-Account Containers: separates your browsing into siloed "containers" to isolate each session from one another.PopUpOFF: blocks pop-ups, overlays, and cookie alerts.Privacy Badger: blocks invisible trackers.Proton VPN: Proton's Firefox add-on for its VPN.uBlock Origin: popular content blocker.Ed didn’t say how much of an impact this array of extensions and settings has on their browsing, save for YouTube, which they admit does sometimes give them trouble. However, Ed has workarounds: “When YouTube wants me to 'sign in to confirm you're not a bot,' changing VPN servers usually does the trick.” Ed also uses the audible clues for ReCAPTCHA prompts, rather than the pictures, since they don’t want to help train Google’s “braindead AI.”Ed deleted all their social media accounts, including Facebook, X, Instagram, and LinkedIn. Though they’ve never had TikTok installed on their phone, they will watch it in Firefox when a friend sends them a video. Jane uses an open-source smartphone OS designed for privacyWhile Edward Snowden may have kicked off Ed’s interest in personal privacy, "Jane" has many strong beliefs motivating their desire for privacy. They are concerned about data brokers and Meta’s practices of tracking internet activity, and how these companies build profiles based on that data to sell to third-parties; they’re concerned about the possibility of telecommunication companies tracking our locations via cellular towers; they worry about US law enforcement and agencies reviewing citizens’ social media accounts accounts and tracking people. Their focus on privacy is fueled by true concern for their own well-being, not only the value of privacy as a concept.      Jane uses a VPN on all of their devices. Instead of Proton, however, Jane opts for Mullvad. They enable ad and tracker blocking, as well as a kill switch, which blocks your internet if you lose connection with the VPN—thus protecting your connection from being leaked out of the secure network.I’m a big advocate for strong and unique passwords and proper password management, but Jane definitely beats me when it comes to secure credentials. Jane uses six to eight-word passphrases generated by diceware, a tactic that chooses words based on dice rolls. Something like this diceware generator will roll a die five times, then find a word in a bank based on that five-digit number. You can repeat this as many times as you want to come up with a passphrase built up with random words. Jane saves all of their passphrases to a password manager, except for the ones for important accounts, like their bank. They commit those to memory, just in case someone breaches their password manager.     Like Ed, Jane uses Mullvad, but instead of just using their VPN, they opt for the web browser, which has those protections built in. Mullvad’s strict privacy settings break persistent logins on websites, so any sites Jane wants to stay logged in on are kept in Brave browser. For both Mullvad and Brave, Jane uses uBlock Origin.“From time-to-time I do run into sites that will block access due to being on a VPN or blocking ads and trackers. Instead of disabling [my] VPN completely, switching my connection to one of Mullvad's rented servers instead of ones they own usually helps. Barring that, I occasionally go into [uBlock Origin] and temporarily whitelist a needed [URL] ([ReCAPTCHA] etc). This works for me to get around site blocks most of the time.”  Jane uses a Mac, and configured macOS based on various privacy guides. But instead of an iPhone, Jane opts for a Google Pixel. That might surprise readers who assumed hardcore privacy enthusiasts would break away from Google entirely. But X doesn’t run Android: Instead, they installed GrapheneOS on their Pixel, an open-source OS designed for privacy. Following a restart, Jane configured the Pixel to only unlock with a seven-word dice passphrase—for general use, they use a fingerprint scan and a six-digit PIN. If the don’t unlock their Pixel for a while, their phone automatically reboots to put it back into this “First Unlock” state. They also keep airplane mode on at all times to disable the phone’s radio communications, but maintain a wifi connection with timed automatic Bluetooth and wireless disabling. Jane also deleted all their social media accounts after downloading all data associated with those platforms.Mark uses phone and credit card masks“Mark” is perhaps the least hardcore of the respondents in this story, but that makes their experience both interesting and relatable. Unlike most of the people we spoke to, Mark is still on Facebook and Instagram. That’s due to their job, which requires them to be on the platform, but they’ve been “systematically” deleting everything they can over their 19-year Facebook history and saving the data to an external hard drive. Mark doesn’t follow anything that isn’t relevant to their job, and only uses Facebook and Instagram inside the DuckDuckGo browser. They don’t react to posts they see, and following their privacy tactics, Facebook doesn’t show them relevant ads anymore. “If there is an ad I'm actually interested in I'll search it up in a different browser rather than click it.”Mark has had four Google Accounts in their time online, and has deleted two so far. Like Facebook, they have to use Google for their job, but they delegate all their work to Chrome. All other browsing runs through Firefox, DuckDuckGo, or Tor. The latter is perhaps best known for being the browser of choice for browsing the dark web, but what makes it great for that is also what makes it a great choice for private browsing.Unlike others in this story, Mark hasn’t de-Googled themselves completely. In addition to using Chrome for work, Mark has a phone mask through Google, and has their contacts, calendar, and maps tied to the company—though they are moving away from Google as much as they can. They've been running through their old emails to find and delete outdated accounts they no longer use. Any accounts they do need now use an email mask that forwards to a Mailfence account, an encrypted email service.   Mark was the only respondent to talk about entertainment in relation to privacy: “I've also been switching to physical media over streaming, so buying CDs and DVDs, locally as much as possible. I'm lucky to have a local music store and a local bookstore...one of the owners of our bookstore wrote a book on how to resist Amazon and why. Any book I want, I can either order through them or on Alibris. For music, I use our local record store and Discogs.”When shopping online, Mark uses a credit card mask, but still uses the card itself when shopping in person. They want to start using a credit card mask in retail locations like Janet Vertesi, an associate professor of sociology at Princeton University, but they haven’t quite gotten there yet.   What really piqued my interest most about Mark, however, wasn’t their perspective on their own privacy concerns, but the concerns around the privacy of their kids: “They each have a Gmail, two of them have Snapchat. Their schools use Gaggle and Google to spy on them. I don't even know how to start disconnecting them from all this...I was a kid during the wild west of the internet and this feels like getting back to my roots. My kids are end users who understand apps and touchscreens, not torrenting their music or coding a basic website. (Is this my version of "I drank out of the garden hose"?) I feel like Big Data has its grip on the kids already and I don't have a guidebook on navigating that as a parent.”  Mark’s current focus on their kids’ privacy includes deleting their health data from their local health system. That’s in part due to a data breach impacting the health system, but also the language about autism from Robert F. Kennedy Jr., the current Secretary of Health and Human Services.Jay de-googled their life and uses a VoIP phone number"Jay's" origin story with personal privacy dates back to 2017. That year, Equifax suffered a major hack, where nearly 148 million Americans had sensitive data stolen and weren’t notified about the breach for months. Jay was frustrated: You don’t choose to give your data to Equifax, or any credit bureau, and yet so many people lost their data. They also felt that companies were not properly held responsible for these events, and lawmakers were simply too out of touch to do what was necessary to protect citizens’ privacy, so they took it upon themselves to protect their own data. Ever since this incident, Jay freezes their credit: “It was frustratingly difficult back then, but nowadays, it is very easy (it just requires an account, which I use a burner email for)...The freeze will not allow anyone to pull credit for large purchases in your name, even if they have your social security number (and because of the data breach, someone probably does). I decided I wanted to pursue some privacy for the things I do have a choice over.”  From here, Jay de-googled their life, including both Google Search as well as YouTube. They’ve found no issue with using alternative search engines, and, in fact, sees Google getting worse, as it tries to show you results based on what it thinks it knows about you, not what is most relevant to your actual query: “The internet was supposed to be a place you went to find information, not where you became the information that companies take instead."Jay uses tools to prevent fingerprinting, where companies identify you and track you across the internet, but worries that going too far with things like ad blockers puts a target on your back as well. Jay chooses to pick “a couple of effective tools,” and runs with those.For their smartphone needs, Jay goes with Apple. Like Ed, Jay doesn’t believe Apple is perfect, and even considers their privacy policies a bit of a gimmick, but sees them as the better alternative to Android. Jay likes the security of the App Store, and the array of privacy features in both Safari and Apple Accounts as a whole. They highlight Safari’s “Advanced Tracking and Fingerprinting Protection” feature, which helps block trackers as you browse the web; iCloud’s Private Relay, which hides your IP address; and “Hide My Email,” which generates email aliases you can share with others without giving your true email address away.Most of us are plagued with spam calls, but following the Robinhood data breach in 2021, Jay started receiving a flood of them. They decided to change their phone number and made a point of never sharing it with businesses. For the times they need to give out their number to parties they don’t trust, they use a number generated by My Sudo, which, for $20 per year, gives them a VoIP (Voice over Internet Protocol) phone number. It works with most services that rely on SMS, but it won’t function for two-factor authentication. (Which is fine, seeing as SMS-based 2FA is the weakest form of secondary authentication.) My Sudo lets you change your number for an additional $1, so if Jay’s number ever was compromised or started receiving too much spam, they could swap it.        Jay, like many respondents, deleted all social media services: “It has its place in society for a lot of people, and is no doubt a great way to connect. However, I found that the fear of deleting it was a lot worse than actually deleting it. The people you care about won’t forget you exist.” That said, Jay doesn't mind any of the obstacles this lifestyle does throw their way: “It is a challenging topic, as most people consider you a little bit 'out there' if you take steps to make your life a little less convenient, but more private. The modern world sells you convenience, while pretending it is free, and harvesting your data for so much more than you actually get out of your relationship to them.”      What it takes to be private on the modern internetThere's no one way to tackle personal privacy. Every one of the respondents to our query had something unique about their approach, and many had different motivations behind why they were so concerned about their privacy.There are plenty of common through lines, of course. Most privacy people love Proton, which makes sense. Proton seems to be the only company that offers a suite of apps most closely resembling Google's while also prioritizing privacy. If you want your email, calendar, word processor, and even your VPN all tied up nicely under one privacy-focused umbrella, that's Proton. But not everyone wants an ecosystem, either. That's why you see respondents using other VPNs, like Mullvad, or other private storage options, like Tresorit. These apps and services exist—they might just not be owned by one company, like Apple or Google (or Proton).Google and Meta are more commonalities, in that most privacy enthusiasts ditch them entirely. Some, like Mark, haven't been able to fully shake off these data-hungry companies. In Mark's case, that's because they need these platforms for work. But while most hardcore privacy people delete their Google and Meta accounts, most of us have trouble de-Googling and de-Metaing our digital lives. In general, though, the keys to privacy success include the following: Use a VPN to protect your internet traffic; prioritize privacy in your web browser, both through the browser itself, as well as extensions that block ads and protect your traffic; shield your sensitive information whenever possible, by using email aliases, alternate phone numbers, or credit card masks; use strong and unique passwords for all accounts, and store those passwords in a secure password manager; use two-factor authentication whenever possible (perhaps passkeys, when available); and stick to end-to-end encrypted chat apps to communicate with others. While there's always more you can do, that's the perfect storm to keep your digital life as private as reasonably possible. Some might read through the examples here and see steps that are too much effort to be worth it. It might seem out of reach to ditch Gmail and Instagram, break certain websites, and force your friends and family to learn new numbers and email addresses to protect your privacy, especially if you don't feel your privacy has that much of an impact on your life. But even if you aren't sold on the concept of privacy itself, there are real-world results from sticking with these methods. Jay no longer receives spam calls and texts; Mark no longer sees ads that are freakishly relevant to their likes. It's a lifestyle change, to be sure, but it's not just to serve some concept of privacy. You can see results by changing the way you interact with the internet, all without having to actually disconnect from the internet, and, by extension, the world at large.

May 31, 2025Ravie LakshmananVulnerability / Linux Two information disclosure flaws have been identified in apport and systemd-coredump, the core dump handlers in Ubuntu, Red Hat Enterprise Linux, and Fedora, according to the Qualys Threat Research Unit (TRU). Tracked as CVE-2025-5054 and CVE-2025-4598, both vulnerabilities are race condition bugs that could enable a local attacker to obtain access to access sensitive information. Tools like Apport and systemd-coredump are designed to handle crash reporting and core dumps in Linux systems. "These race conditions allow a local attacker to exploit a SUID program and gain read access to the resulting core dump," Saeed Abbasi, manager of product at Qualys TRU, said. A brief description of the two flaws is below - CVE-2025-5054 (CVSS score: 4.7) - A race condition in Canonical apport package up to and including 2.32.0 that allows a local attacker to leak sensitive information via PID-reuse by leveraging namespaces CVE-2025-4598 (CVSS score: 4.7) - A race condition in systemd-coredump that allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content, loaded by the original process SUID, short for Set User ID, is a special file permission that allows a user to execute a program with the privileges of its owner, rather than their own permissions. "When analyzing application crashes, apport attempts to detect if the crashing process was running inside a container before performing consistency checks on it," Canonical's Octavio Galland said. "This means that if a local attacker manages to induce a crash in a privileged process and quickly replaces it with another one with the same process ID that resides inside a mount and pid namespace, apport will attempt to forward the core dump (which might contain sensitive information belonging to the original, privileged process) into the namespace." Red Hat said CVE-2025-4598 has been rated Moderate in severity owing to the high complexity in pulling an exploit for the vulnerability, noting that the attacker has to first the race condition and be in possession of an unprivileged local account. As mitigations, Red Hat said users can run the command "echo 0 > /proc/sys/fs/suid_dumpable" as a root user to disable the ability of a system to generate a core dump for SUID binaries. The "/proc/sys/fs/suid_dumpable" parameter essentially controls whether SUID programs can produce core dumps on the crash. By setting it to zero, it disables core dumps for all SUID programs and prevents them from being analyzed in the event of a crash. "While this mitigates this vulnerability while it's not possible to update the systemd package, it disables the capability of analyzing crashes for such binaries," Red Hat said. Similar advisories have been issued by Amazon Linux, Debian, and Gentoo. It's worth noting that Debian systems aren't susceptible to CVE-2025-4598 by default, since they don't include any core dump handler unless the systemd-coredump package is manually installed. CVE-2025-4598 does not affect Ubuntu releases. Qualys has also developed proof-of-concept (PoC) code for both vulnerabilities, demonstrating how a local attacker can exploit the coredump of a crashed unix_chkpwd process, which is used to verify the validity of a user's password, to obtain password hashes from the /etc/shadow file. Canonical, in an alert of its own, said the impact of CVE-2025-5054 is restricted to the confidentiality of the memory space of invoked SUID executables and that the PoC exploit can leak hashed user passwords has limited real-world impact. "The exploitation of vulnerabilities in Apport and systemd-coredump can severely compromise the confidentiality at high risk, as attackers could extract sensitive data, like passwords, encryption keys, or customer information from core dumps," Abbasi said. "The fallout includes operational downtime, reputational damage, and potential non-compliance with regulations. To mitigate these multifaceted risks effectively, enterprises should adopt proactive security measures by prioritizing patches and mitigations, enforcing robust monitoring, and tightening access controls." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Published May 29, 2025 10:00am EDT close Windows Defender Security Center scam: How to protect your computer from fake pop-ups Tech expert Kurt "CyberGuy" Knutsson says a tech support scam used a fake Windows Defender pop-up, tricking the victim to call and download software. All modern Windows PCs come with Microsoft Defender built in. For the unaware, this tool is Windows’ native antivirus. Over time, it has matured into a reliable security tool capable of blocking a wide range of threats. However, a tool called Defendnot can shut down Microsoft Defender completely, without exploiting a bug or using malware. It simply convinces Windows that another antivirus is already running.The implications are serious. This tool does not break into the system or use advanced code injection. It uses Windows features the way they were designed to be used. And that makes the problem harder to detect and harder to fix. Windows software on a PC (Kurt "CyberGuy" Knutsson)The tool works by pretending to be an antivirusWindows is built to avoid running multiple antivirus products at once. When a third-party antivirus registers itself, Windows disables Microsoft Defender to prevent conflicts. Defendnot exploits this system using an undocumented API that security software uses to communicate with the Windows Security Center.The tool registers a fake antivirus that appears legitimate to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating inside this signed process, Defendnot avoids signature checks and permission blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without warning or confirmation.WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLENo security alert is shown to the user. No visible changes are made to indicate that the system is unprotected. Unless someone checks manually, the machine remains open to attacks with no real-time protection running.The tool also includes options to set a custom antivirus name, enable logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the user logs in. Windows software on a laptop (Kurt "CyberGuy" Knutsson)From GitHub takedown to a fresh buildDefendnot is based on an earlier project called No-Defender. That project used code from an actual antivirus product to fake registration. It gained attention quickly and was removed after a copyright complaint from the vendor whose code had been reused. The developer took the project down and walked away from it.With Defendnot, the creator rebuilt the core features using original code. This version avoids copyright issues and uses a new method to achieve the same effect. It does not rely on another antivirus or third-party binaries. It was written from scratch to demonstrate how simple it is to manipulate Windows security from inside the system.Microsoft Defender currently flags the tool as a threat. It detects and quarantines it under the name Win32/Sabsik.FL.!ml. However, the fact that it works at all points to a weakness in how Windows handles antivirus registration and trust.WHAT IS ARTIFICIAL INTELLIGENCE (AI)? Windows laptop showing the home screen (Kurt "CyberGuy" Knutsson)6 ways to protect yourself from malicious programsWhile Defendnot is a research project, there’s a chance that similar tools are already out there and could be used to compromise your PC. Here are a few tips to help you stay safe:1. Use strong antivirus software: Even with regular updates, Windows systems can be left exposed by tools like Defendnot that silently disable built-in defenses. A strong third-party antivirus with real-time protection and frequent updates provides essential backup security. Look for solutions with real-time protection and frequent updates to tackle emerging threats. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.2. Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features (like Microsoft Edge or Chrome with Safe Browsing enabled).3. Avoid running unexpected commands: Never paste or run commands (like PowerShell scripts) you don’t understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way.4. Keep your software updated: Regularly update your operating system, browsers and all software applications. Updates often include patches for security vulnerabilities that malware can exploit.5. Use two-factor authentication (2FA): Enable 2FA on all your accounts. This adds an extra layer of security by requiring a second form of verification, making it harder for attackers to gain access even if they have your password.6. Invest in personal data removal services: Even with strong device security, your personal information may still be exposed online through data brokers and people-finder sites. These services collect and publish details like your name, address and phone number, making you an easier target for identity theft or phishing. Automated data removal services track down these sites and submit removal requests on your behalf, helping to reduce your digital footprint and increase your online anonymity. While they can't erase every trace of your information, they make it significantly harder for attackers to find and exploit your personal data, which saves you time and reduces unwanted spam in the process.While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.Kurt’s key takeawayDefendnot points to a bigger issue with how Windows handles security. It takes a feature meant to prevent software conflicts and turns it into a way to completely disable protection. The system assumes any registered antivirus is legitimate, so if attackers can fake that, they get in without much resistance.We often think of security as blocking the bad and trusting the good. But this case shows what happens when that trust is misplaced. Defendnot doesn’t sneak past Windows defenses. It walks right in using valid credentials. The solution isn’t just more patches or stronger malware signatures. What we need is a smarter way for systems to tell what is actually safe.CLICK HERE TO GET THE FOX NEWS APPDo you think companies like Microsoft need to rethink how Windows handles antivirus registration and trust, given that tools like Defendnot can so easily disable built-in protections without using malware or exploiting a bug? Let us know by writing us at Cyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

May 26, 2025Ravie LakshmananCybersecurity / Cryptocurrency As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time script that's triggered during npm install, Socket security researcher Kirill Boychenko said in a report published last week. The libraries have been collectively downloaded over 3,000 times. "The script targets Windows, macOS, or Linux systems, and includes basic sandbox‑evasion checks, making every infected workstation or continuous‑integration node a potential source of valuable reconnaissance," the software supply chain security firm said. The names of the three accounts, each of which published 20 packages within an 11-day time period, are listed below. The accounts no longer exist on npm - bbbb335656 cdsfdfafd1232436437, and sdsds656565 The malicious code, per Socket, is explicitly designed to fingerprint every machine that installs the package, while also aborting the execution if it detects that it's running in a virtualized environment associated with Amazon, Google, and others. The harvested information, which includes host details, system DNS servers, network interface card (NIC) information, and internal and external IP addresses, is then transmitted to a Discord webhook. "By harvesting internal and external IP addresses, DNS servers, usernames, and project paths, it enables a threat actor to chart the network and identify high‑value targets for future campaigns," Boychenko said. The disclosure follows another set of eight npm packages that masquerade as helper libraries for widely-used JavaScript frameworks including React, Vue.js, Vite, Node.js, and the open-source Quill Editor, but deploy destructive payloads once installed. They have been downloaded more than 6,200 times and are still available for download from the repository - vite-plugin-vue-extend quill-image-downloader js-hood js-bomb vue-plugin-bomb vite-plugin-bomb vite-plugin-bomb-extend, and vite-plugin-react-extend "Masquerading as legitimate plugins and utilities while secretly containing destructive payloads designed to corrupt data, delete critical files, and crash systems, these packages remained undetected," Socket security researcher Kush Pandya said. Some of the identified packages have been found to execute automatically once developers invoke them in their projects, enabling recursive deletion of files related to Vue.js, React, and Vite. Others are designed to either corrupt fundamental JavaScript methods or tamper with browser storage mechanisms like localStorage, sessionStorage, and cookies. Another package of note is js-bomb, which goes beyond deleting Vue.js framework files by also initiating a system shutdown based on the current time of the execution. The activity has been traced to a threat actor named xuxingfeng, who has also published five legitimate, non-malicious packages that work as intended. Some of the rogue packages were published in 2023. "This dual approach of releasing both harmful and helpful packages creates a facade of legitimacy that makes malicious packages more likely to be trusted and installed," Pandya said. The findings also follow the discovery of a novel attack campaign that combines traditional email phishing with JavaScript code that's part of a malicious npm package disguised as a benign open-source library. "Once communication was established, the package loaded and delivered a second-stage script that customized phishing links using the victim's email address, leading them to a fake Office 365 login page designed to steal their credentials," Fortra researcher Israel Cerda said. The starting point of the attack is a phishing email containing a malicious .HTM file, which includes encrypted JavaScript code hosted on jsDelivr and associated with a now-removed npm package named citiycar8. Once installed, the JavaScript payload embedded within the package is used to initiate a URL redirection chain that eventually leads the user to a bogus landing page designed to capture their credentials. "This phishing attack demonstrates a high level of sophistication, with threat actors linking technologies such as AES encryption, npm packages delivered through a CDN, and multiple redirections to mask their malicious intentions," Cerda said. "The attack not only illustrates the creative ways that attackers attempt to evade detection but also highlights the importance of vigilance in the ever-evolving landscape of cybersecurity threats." The abuse of open-source repositories for malware distribution has become a tried-and-tested approach for conducting supply chain attacks at scale. In recent weeks, malicious data-stealing extensions have also been uncovered in Microsoft's Visual Studio Code (VS Code) Marketplace that are engineered to siphon cryptocurrency wallet credentials by targeting Solidity developers on Windows. The activity has been attributed by Datadog Security Research to a threat actor it tracks as MUT-9332. The names of the extensions are as follows - solaibot among-eth, and blankebesxstnion "The extensions disguise themselves as legitimate, concealing harmful code within genuine features, and use command and control domains that appear relevant to Solidity and that would not typically be flagged as malicious," Datadog researchers said. "All three extensions employ complex infection chains that involve multiple stages of obfuscated malware, including one that uses a payload hidden inside an image file hosted on the Internet Archive." Specifically, the extensions were advertised as offering syntax scanning and vulnerability detection for Solidity developers. While they offer genuine functionality, the extensions are also designed to deliver malicious payloads that steal cryptocurrency wallet credentials from victim Windows systems. The three extensions have since been taken down. The end goal of the VS Code extension is to slip a malicious Chromium-based browser extension that's capable of plundering Ethereum wallets and leaking them to a command-and-control (C2) endpoint. It's also equipped to install a separate executable that disables Windows Defender scanning, scans application data directories for Discord, Chromium-based browsers, cryptocurrency wallets, and Electron applications, and retrieves and executes an additional payload from a remote server. MUT-9332 is also assessed to be behind a recently disclosed campaign that involved the use of 10 malicious VS Code extensions to install an XMRig cryptominer by passing off as coding or artificial intelligence (AI) tools. "This campaign demonstrates the surprising and creative lengths to which MUT-9332 is willing to go when it comes to concealing their malicious intentions," Datadog said. "These payload updates suggest that this campaign will likely continue, and the detection and removal of this first batch of malicious VS Code extensions may prompt MUT-9332 to change tactics in subsequent ones." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Who owns what? Why console makers can legally brick your game console "If the ability [to brick a console] is there, someone will want to 'see how it goes.'" Kyle Orland – May 22, 2025 6:09 pm | 13 The martial artist is a console maker. The brick is your console. Credit: Getty Images The martial artist is a console maker. The brick is your console. Credit: Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Earlier this month, Nintendo received a lot of negative attention for an end-user license agreement (EULA) update granting the company the claimed right to render Switch consoles "permanently unusable in whole or in part" for violations such as suspected hacking or piracy. As it turns out, though, Nintendo isn't the only console manufacturer that threatens to remotely brick systems in response to rule violations. And attorneys tell Ars Technica that they're probably well within their legal rights to do so. Sony's System Software License Agreement on the PS5, for instance, contains the following paragraph of "remedies" it can take for "violations" such as use of modified hardware or pirated software (emphasis added). If SIE Inc determines that you have violated this Agreement's terms, SIE Inc may itself or may procure the taking of any action to protect its interests such as disabling access to or use of some or all System Software, disabling use of this PS5 system online or offline, termination of your access to PlayStation Network, denial of any warranty, repair or other services provided for your PS5 system, implementation of automatic or mandatory updates or devices intended to discontinue unauthorized use, or reliance on any other remedial efforts as reasonably necessary to prevent the use of modified or unpermitted use of System Software. The same exact clause appears in the PlayStation 4 EULA as well. The PlayStation 3 EULA was missing the "disabling use... online or offline" clause, but it does still warn that Sony can take steps to "discontinue unauthorized use" or "prevent the use of a modified PS3 system, or any pirated material or equipment." Microsoft, if anything, is even more straightforward in its Xbox Software License Agreement. Efforts to "install Unauthorized Software" or "defeat or circumvent any... technical limitation, security, or anti-piracy system" can mean that "your Xbox Console, Kinect Sensor or Authorized Accessory may stop working permanently at that time or after a later Xbox Software update," the company writes. While it's unclear how far back in history this legal clause goes, the mention of the now-defunct Kinect sensor suggests it dates back at least to the Xbox One era. A prototype SX Core device soldered to a Nintendo Switch motherboard. Credit: Team Xeceuter A prototype SX Core device soldered to a Nintendo Switch motherboard. Credit: Team Xeceuter While console makers routinely ban players and consoles from online play and services, remotely bricking a game console's offline capabilities for EULA violations seems exceedingly rare in practice. Even when cases of public console hacking have led to protracted legal fights—such as George Hotz's saga with the PS3 or Team Xecuter's Switch jailbreaks—console makers don't seem to have used technical means to completely disable offline functions for specific consoles. In 2015, Microsoft even went so far as to actively deny reports that it had bricked a console associated with a leak of an early Gears of War beta. "To be clear, if a console is suspended from Xbox Live for a violation of the Terms of Use, it can still be used offline," Microsoft said at the time. "Microsoft enforcement action does not result in a console becoming unusable." That said, it appears console makers sometimes take steps to remotely brick consoles after they've been reported stolen. It's not hard to find online reports of people buying used consoles only to find that they had been rendered entirely useless due to a prior theft. As always with secondhand hardware, let the buyer beware. They have the (legal) power Just because the major console makers don't tend to make use of the "brick switch" on their hardware doesn't mean they don't have the legal right to do so. "Although users own the hardware, the software that's needed to run it is subject to a license agreement," attorney Jon Loiterman told Ars. "If you violate the license terms, Nintendo has the right to revoke your access to that software. It's less common for software makers to revoke access to software in a way that disables hardware you bought from them, but the principle is the same." While these kinds of "bricking" clauses haven't been tested in court, lawyers who spoke to Ars felt they would probably hold up to judicial review. That's especially true if the facts of the "bricking" case centered around software piracy or some other method of getting around digital rights protections baked into the console itself. Consoles like these may get banned from Nintendo's online services, but they tend to still work offline. Credit: Kate Temkin / ReSwitched Consoles like these may get banned from Nintendo's online services, but they tend to still work offline. Credit: Kate Temkin / ReSwitched "Unfortunately, 'bricking' personal devices to limit users’ rights and control their behavior is nothing new," Electronic Frontier Foundation attorney Victoria Noble told Ars Technica. "It would likely take selective enforcement to rise to a problematic level [in court]," attorney Richard Hoeg said. Last year, a collection of 17 consumer groups urged the Federal Trade Commission to take a look at the way companies use the so-called practice of "software tethering" to control a device's hardware features after purchase. Thus far, though, the federal consumer watchdog has shown little interest in enforcing complaints against companies that do so. "Companies should not use EULAs to strip people of rights that we normally associate with ownership, like the right to tinker with or modify their own personal devices," Noble told Ars. "[Console] owners deserve the right to make otherwise legal modifications to their own devices without fear that a company will punish them by remotely bricking their [systems]." The court of public opinion In the end, these kinds of draconian bricking clauses may be doing their job even if the console makers involved don't invoke them. "In practice, I expect this kind of thing is more about scaring people away from jailbreaking and modifying their systems and that Nintendo is unlikely to go about bricking large volumes of devices, even if they technically have the right to," Loiterman said. "Just because they put a remedy in the EULA doesn’t mean they will certainly use it either," attorney Mark Methenitis said. "My suspicion is this is to go after the people who eventually succeeded in jailbreaking the original Switch and try to prevent that for the Switch 2." The threat of public backlash could also hold the console makers back from limiting the offline functionality of any hacked consoles. After citing public scrutiny that companies like Tesla, Keurig, and John Deere faced for limiting hardware via software updates, Methenitis said that he "would imagine Nintendo would suffer similar bad publicity if they push things too far." That said, legal capacities can sometimes tend to invite their own use. "If the ability is there, someone will want to 'see how it goes.'" Hoeg said. Kyle Orland Senior Gaming Editor Kyle Orland Senior Gaming Editor Kyle Orland has been the Senior Gaming Editor at Ars Technica since 2012, writing primarily about the business, tech, and culture behind video games. He has journalism and computer science degrees from University of Maryland. He once wrote a whole book about Minesweeper. 13 Comments

Worried that Microsoft Recall might take screenshots of your Signal chats? Don’t be. Signal has introduced a new “Screen security” setting for its Windows 11 app that will give users a black screen every time you or the system attempts to take a screenshot. You might be familiar with the outcome if you have attempted screenshotting shows or movies on Netflix. The feature arrives just a month after Microsoft officially rolled out its controversial Recall feature, which takes screenshots at regular intervals to create a history of everything you have seen or done on your PC. Though announced in May last year, the launch was delayed due to privacy concerns.Explaining the reason behind the feature, Signal said that “although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that’s displayed within privacy-preserving apps like Signal at risk.”Recommended by Our EditorsAdditionally, the press release notes that Microsoft has yet to provide an API for the feature that would allow app developers to opt out of it.“We hope that the AI teams building systems like Recall will think through these implications more carefully in the future,” Signal says. “Apps like Signal shouldn’t have to implement “one weird trick” in order to maintain the privacy and integrity of their services without proper developer tools.”Screen security for Signal is now rolling out to Windows 11 PCs. Users who aren’t worried about Recall or are willing to let it store screenshots of their Signal activity can disable the new feature by going to Signal Settings > Privacy > Screen security.

Throwing your shield at demons is the bread and butter of Doom: The Dark Ages. However, Wolf Statues are also valuable targets to aim your shield at. In each chapter of Doom: The Dark Ages, there are many secrets to discover. Maps may hide little toys in underground tunnels or Nightmare skins in platforms that seem impossible to reach. Finding all of them is not mandatory, but some rewards — like Gold, Rubies and, Wraithsones — are fundamental if you plan on upgrading your weapons. Wolf Statues can offer you these materials as rewards — but only if you can find them! Below, we’ll show you where to find all Wolf Statues we’ve found so far in Doom: The Dark Ages, plus the rewards you get from them. Where to find Wolf Statues in Doom: The Dark Ages Wolf Statues are guardians of unique treasures, and each of them are linked to other Wolf Statues, which are hidden around each level and will break if you throw your shield at them. The barrier protecting the item only disappears after all the statues in a given level are destroyed. You can know how many statues you must find by counting how many are around the barrier. To identify the ones you must break, just look for wolf statues that are glowing red. As you eliminate Wolf Statues around the map, the translucent statues around the barrier turn into stone. So far, we’ve found Wolf Statues in two levels in Doom: The Dark Ages: The Siege – Part 1 (Chapter 6) Ancestral Forge (Chapter 9) The Siege – Part 1 (Chapter 6)    There are three Wolf Statues in Chapter 6 guarding a Ruby, and while this map might be a little bit byzantine, finding all three statues is not too much trouble. To find the statues, turn right from the main gate. Go ahead for a while, destroy a massive tank and then look to your left. You will see, a little higher from where you are, the three translucent wolves around the Ruby. Now, the ones you need to break are considerably close. The first one is right beside the area where the Ruby is. You need to first kill all the enemies — which involves defeating a Vagary — in the area to disable the force field around it. The second statue is hidden inside a small cave next to the ruby as well. You can easily see the statue from where the Ruby is. The final statue is in the opposite direction from the Ruby. When facing the statue holding the Ruby, turn around and you will see the Wolf Statue.  Ancestral Forge (Chapter 9) While you try to make the Ancestral Forge work again, you can look for the three Wolf Statues hidden in Chapter 9. You will receive a Wraithstone once you find all of them, the only material that unlocks a weapon’s final upgrade. The Wraithstone and the three Wolf Statues are located on the left side of the map. You can find the first Wolf Statue by turning right to where the altar is. Before you even start looking for the second statue, you should get the Purple Key. To find it, you want to leave the main gate, turn right and head toward the red zone in this direction. You need to first defeat the leader in this zone, but once you’re done, you can look for the entrance to the corridor to the left side of the arena that will take you to the key. Break it with your shield and you can get the Purple Key. Go back to where you started in this chapter and you will find a Purple Gate. Open it with the key to find the second Wolf Statue.  Now, you can find the third and last statue by going to the opposite side of the map from where the Wraithstone is. You will find it in an area between the two remaining red zones. It is protected by some enemies, but killing them disables the barrier around it. Check back soon for more Wolf Statues in Doom: The Dark Ages!

The internet is not a private place. Every time you connect to a website, ads and beacons—both visible and invisible—attempt to follow your every move. They'll even take the anonymized information they collect and build a profile that other trackers can use to identify you as you surf the web. It's pretty bleak. Luckily, modern browsers are fighting back. While there are certainly better options than others, most browsers have privacy protections built in. If you know what you're doing, you can max out these protections and install some third-party boosters to retain some (if not most) of your privacy across the internet.If you're curious how your browser stacks up to the competition, check out Cover Your Tracks. I gave it a shot, and was surprised to find out that my super-private setup wasn't as anonymous as I thought.What is Cover Your Tracks?Cover Your Tracks is a project created by the Electronic Frontier Foundation (EFF), a non-profit digital rights group, and aims to educate users on two key metrics: how unique their browser is, and how effective their tracker blockers are. The site pretends to load a series of trackers on your browser, and measures which trackers are actually able to load. If your protections are strong, more trackers will fail to load. If they're not, well, trackers galore. The site will load fake trackers like the following:https://trackersimulator.org/?action=tracking_tally&ad_url=123456 https://eviltracker.net/?action=tracking_tally&trackingserver=123456 https://do-not-tracker.org/?action=tracking_tally&random=123456 The first link acts like an ad you might encounter on any random website. If your browser blocks the "ad," it passes that test. The second link pretends to be an invisible beacon (or tracker). If you browser blocks the "beacon," it passes. Finally, the third link acts like a domain that respects the EFF's Do Not Track Policy. If your browser unblocks the domain's scripts, it passes. (Why unblock the scripts at all? According to the EFF, so few sites choose to voluntarily abstain from tracking visitors, that it's worth unblocking ads on these sites to reward them.) Partial credit is awarded to browsers that allow the ad or beacon to load, but block their respective cookies: Allowing the ad or tracker means you can be followed, but blocking cookies means the tracker likely can ID you. Those trackers are only effective if they have a sense of the profile they're following. That's where browser uniqueness comes in: Cover Your Tracks takes a look at your browser fingerprint and compares it against its database of recently scanned browsers. It then generates a uniqueness score—the more unique your fingerprint, the more difficult it is to track you across sites. Cover Your Tracks anonymously collects and stores browser data like your timezone, screen resolution, system language, and system platform, among other data points, to compare against other users' browsers. How did I score?I'm not necessarily a hardcore privacy enthusiastic, but I do enjoy protecting my privacy wherever I can online. As such, I use Safari whenever possible, with all of the privacy settings I can enable. That includes hiding my IP address from trackers and websites, as well as preventing cross-site tracking. I combine that with an ad blocker (I'm using AdGuard, but would love if uBlock Origin would make a Safari extension) for a private, ad-free web experience. Those minimal steps do appear to have paid off—at least according to Cover Your Tracks. After processing my browser, the site concluded I have strong protection against web tracking. The tests confirmed my browser blocks tracking ads and invisible trackers, which is reassuring. The bad news, though, is that my current setup isn't protecting me against fingerprinting—a practice where trackers build a profile to make it easier to identify you across the web. Cover Your Tracks said my browser had a unique fingerprint among the more than 250,000 browsers they had tested over the past 45 days, which means I stick out like a sore thumb on the internet. While the trackers my browser blocks won't be able to see me, the ones my browser misses will, and they'll know it's my browser reading that article or watching that video.I'm actually pretty surprised by this: Safari has "advanced tracking and fingerprinting protection," which I keep enabled for all browsing. The fact Cover Your Tracks thinks I have a totally unique browser profile is a bit concerning to say the least. When I tried the test in my Firefox browser—with all of its privacy protections enabled, coupled with uBlock Origin—it scored the same, save for the fingerprinting test. Unlike Safari, my Firefox browser is nearly unique: one in 125,883 browsers have the same fingerprint as mine, which, to my eyes, means my Firefox browser is twice as anonymous as my Safari browser, though that isn't saying all that much. How can you avoid fingerprinting on the web?So, it turns out that any trackers that do break through my browsers defenses are able to see me in full view. That's not great. Where do you go from here?Unfortunately, this is tough. Fingerprinting is pretty difficult to avoid, because the more trackers you disable, the worse the web becomes. As the EFF explains, it's a bit of a paradox, but after a certain point, you stop blocking the trackers that exist to track you, and you start to block elements that make websites work. If you disable JavaScript, you might stop a website from tracking you, but you might not be able to use it at all. On the flip side, using too many protections may actually inadvertently identify you, as trackers and sites see that you're the only one constantly blocking everything all of the time. There's far from one way to be totally private on the web, but according to the EFF, the simplest way to attack fingerprinting includes the following: Using Tor for your browsing, as the browser has a number of advanced anti-tracking features Using a hardcore privacy extension (EFF recommends Privacy Badger and Disconnect, or NoScript if you're using Firefox. Sadly, none are compatible with Safari.)That all said, I did attempt the test using Tor with "Safer" privacy settings enabled, and earned the same unique browser score I did with Safari. So, I cranked up the settings to "Safest," which, among other things, disables JavaScript on all websites. I tried to run the test again, and broke the website. Perhaps you really do need to give up a little privacy in order to use the internet at all.

As we creep up to the May 15 release date for DOOM: The Dark Ages, developer id Software has revealed a host of known issues that might plague the PC and console versions of the game. In its post, the company has stated that many of these issues are dependent on new drivers being released by GPU makers. It has also provided a list of temporary solutions until more permanet fixes can arrive through driver updates. Check out the full list of known issues below. As part of a pre-launch FAQ, id Software has also confirmed that players using Nvidia RTX graphics cards should make sure that they are running on driver version 576.40 or newer, while AMD Radeon GPU users should ensure that their driver version is 25.5.1 or later. Interestingly, the company has confirmed that there isn’t official support for running DOOM: The Dark Ages on the Steam Deck because the handheld system falls beneath the minimum hardware spec requried by the game. Intel Arc GPU users might also be out of luck when it comes to official support. However, those with GPUs sporting more than 8 GB of VRAM might be able to play using the latest drivers. DOOM: The Dark Ages is coming to PC, PS5 and Xbox Series X/S. Those that grabbed the Premium Edition of the game can already start playing. For those that haven’t yet, check out our review while you wait for the game’s release later this week. List of known issues for DOOM: The Dark Ages by platform: PC Issue: If you are playing on an RTX 50 series GPU and enable G-Sync (supported display required) or V-Sync plus Multi Frame Generation through NVIDIA Control Panel you can crash the game. Resolution: Until a driver fix is available, the workaround for this issue is to either disable one of these options in the NVIDIA control panel or if you want both enabled, set them in-game. Issue: If you are playing on an RTX 40 or 50 series GPU and enable Multi Frame Generation or FrameGen, V-Sync still shows as enabled. Resolution: This is a minor cosmetic issue – the game disables V-Sync under the hood in these cases. Issue: Users with NVIDIA GPUs may find that Alt-Tabbing while launching the game can cause the game to launch in the background and not be accessible. Resolution: This is a known driver issue. Until a fix is available in a driver update, to avert this issue, avoid Alt-Tabbing during game launch. If encountered, it can be resolved by restarting your PC. Issue: Users with NVIDIA 50 series GPUs may experience TDRs or system hangs when starting gameplay recording using Shadowplay with MultiFrameGen set to 3x or 4x. Resolution: To avoid this issue, either do not use the noted MFG settings or record gameplay with a different application. Issue: If capturing with OBS, game visuals may freeze when Alt-tabbing from Fullscreen Resolution: Until there is an update from OBS, the workaround for the issue is to capture in Windowed or Borderless mode. Issue: The game can lock up when manually resizing the game window with FSR FrameGen enabled. Resolution: To avoid this issue, do not manually resize the game window with FSR FrameGen enabled. Issue: Users who unplug a 2nd monitor during gameplay may notice that the game has frozen. Resolution: To avoid this issue, do not unplug any monitors while playing the game. Issue: Players running the game with the MSI Afterburner or RivaTuner overlays enabled may experience stability issues. Resolution: To avoid this issue, do not run the game with either application running in the background. Issue: In rare cases, players running DOOM: The Dark Ages on a supported PC spec at appropriate settings, who have the latest GPU drivers installed and also have an intel CPU model number that starts with the number 13 or 14 can run into persistent crashing. Resolution: In such cases, you may have a corrupted CPU. Please contact intel Customer Support at https://www.intel.com/content/www/us/en/support/contact.html All Platforms/General Gameplay Issue: FOV changes do not carry over into Cinematics or interactive events, such as shield bashing through walls. Resolution: This is by design but we are evaluating a possible change to make FOV changes global in a post-launch update. Issue: Changes on the FOV slider after Cinematics or Wall Shield Bashes may not affect display. Resolution: This is a temporary issue that will reset when changing levels, loading checkpoints, or returning to the Main Menu. Issue: In rare cases, the Vagary in Ancestral Forge may disappear and block access to the collectible item placed at the wolf statue. Resolution: If you encounter this issue, the workaround is to reload the checkpoint. Issue: The “Barrel Stuffer” and “Super Barrel Stuffer” Mastery challenges may not appear to increment when expected. Resolution: Per the challenge descriptions, every pellet must hit demons, and this can be difficult if the demon is too small or dies before all pellets hit. Try on Heavy and Super-Heavy Demons for more consistent progress. Issue: You may maneuver the Slayer onto geometry or objects outside of intended, navigable space, and then become stuck. Resolution: If this occurs, and the object is not destructible, the workaround is to reload the checkpoint. Issue: In Siege – Part 1, the combat encounter in front of a cave to one of the Hell Portals in the swamp side of the map may not spawn under very specific conditions, blocking the player from continuing. Resolution: The current work around is to Reload the Checkpoint, which resolves the issue. Rare reports where this has occurred involve saving this Hell Portal for last, so approaching this encounter earlier may also avoid the issue. Issue: If you defeat a demon with a Melee attack while the Shield Saw is still embedded, the Shield may appear invisible in the hands for some time. Resolution: The Shield Saw will reappear after multiple uses. Issue: Some users may find that an additional button press is required to input actions when first opening the Dossier. Resolution: We are investigating a fix for a future patch. In the meantime, if you experience this issue, press your first input twice as a workaround. Issue: Some users may find that the amount of Gold in their inventory doesn’t change after purchasing an upgrade. Resolution: We are investigating a fix for a future patch. In the meantime, please be aware that this issue is purely cosmetic and that the Gold in your inventory will update after backing out of the Sentinel Shrine UI. Issue: In some cases, users may experience icons not appearing correctly after button actions have been remapped. Resolution: Remapped buttons will appear correctly after backing out of and re-entering the Inputs menu. ASUS ROG Ally and Lenovo Legion Go Issue: Users attempting to run the game on the ASUA ROG Ally or Lenovo Legion GO will experience poor performance and stability issues. Resolution: There are known driver issues on both devices which we are working with manufacturers to resolve.