Hundreds of millions of users could be exposed in "largest breach ever" against Chinese victims.

BadBox malware has been menacing low-cost Android devices for nearly a decade.

Email authentication protocols like SPF, DKIM, and DMARC play a critical role in protecting domains from spoofing and phishing. However, when SEGs are introduced into the email path, the interaction with these protocols becomes more complex. Security gateways(SEGs) are a core part of many organizations’ email infrastructure. They act as intermediaries between the public internet and internal mail systems, inspecting, filtering, and routing messages. This blog examines how security gateways handle SPF, DKIM, and DMARC, with real-world examples from popular gateways such as Proofpoint, Mimecast, and Avanan. We’ll also cover best practices for maintaining authentication integrity and avoiding misconfigurations that can compromise email authentication or lead to false DMARC failures. Security gateways often sit at the boundary between your organization and the internet, managing both inbound and outbound email traffic. Their role affects how email authentication protocols behave. An inbound SEG examines emails coming into your organization. It checks SPF, DKIM, and DMARC to determine if the message is authentic and safe before passing it to your internal mail servers. An outbound SEG handles emails sent from your domain. It may modify headers, rewrite envelope addresses, or even apply DKIM signing. All of these can impact SPF,  DKIM, or DMARC validation on the recipient’s side. Understanding how SEGs influence these flows is crucial to maintaining proper authentication and avoiding unexpected DMARC failures. Inbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When an email comes into your organization, your security gateway is the first to inspect it. It checks whether the message is real, trustworthy, and properly authenticated. Let’s look at how different SEGs handle these checks. Avanan (by Check Point) SPF: Avanan verifies whether the sending server is authorized to send emails for the domain by checking the SPF record. DKIM: It verifies if the message was signed by the sending domain and if that signature is valid. DMARC: It uses the results of the SPF and DKIM check to evaluate DMARC. However, final enforcement usually depends on how DMARC is handled by Microsoft 365 or Gmail, as Avanan integrates directly with them. Avanan offers two methods of integration:1. API integration: Avanan connects via APIs, no change in MX, usually Monitor or Detect modes.2. Inline integration: Avanan is placed inline in the mail flow (MX records changed), actively blocking or remediating threats. Proofpoint Email Protection SPF: Proofpoint checks SPF to confirm the sender’s IP is authorized to send on behalf of the domain. You can set custom rules (e.g. treat “softfail” as “fail”). DKIM: It verifies DKIM signatures and shows clear pass/fail results in logs. DMARC: It fully evaluates DMARC by combining SPF and DKIM results with alignment checks. Administrators can configure how to handle messages that fail DMARC, such as rejecting, quarantining, or delivering them. Additionally, Proofpoint allows whitelisting specific senders you trust, even if their emails fail authentication checks. Integration Methods Inline Mode: In this traditional deployment, Proofpoint is positioned directly in the email flow by modifying MX records. Emails are routed through Proofpoint’s infrastructure, allowing it to inspect and filter messages before they reach the recipient’s inbox. This mode provides pre-delivery protection and is commonly used in on-premises or hybrid environments. API-Based (Integrated Cloud Email Security – ICES) Mode: Proofpoint offers API-based integration, particularly with cloud email platforms like Microsoft 365 and Google Workspace. In this mode, Proofpoint connects to the email platform via APIs, enabling it to monitor and remediate threats post-delivery without altering the email flow. This approach allows for rapid deployment and seamless integration with existing cloud email services. Mimecast SPF: Mimecast performs SPF checks to verify whether the sending server is authorized by the domain’s SPF record. Administrators can configure actions for SPF failures, including block, quarantine, permit, or tag with a warning. This gives flexibility in balancing security with business needs. DKIM: It validates DKIM signatures by checking that the message was correctly signed by the sending domain and that the content hasn’t been tampered with. If the signature fails, Mimecast can take actions based on your configured policies. DMARC: It fully evaluates DMARC by combining the results of SPF and DKIM with domain alignment checks. You can choose to honor the sending domain’s DMARC policy (none, quarantine, reject) or apply custom rules, for example, quarantining or tagging messages that fail DMARC regardless of the published policy. This allows more granular control for businesses that want to override external domain policies based on specific contexts. Integration Methods Inline Deployment: Mimecast is typically deployed as a cloud-based secure email gateway. Organizations update their domain’s MX records to point to Mimecast, so all inbound (and optionally outbound) emails pass through it first. This allows Mimecast to inspect, filter, and process emails before delivery, providing robust protection. API Integrations: Mimecast also offers API-based services through its Mimecast API platform, primarily for management, archival, continuity, and threat intelligence purposes. However, API-only email protection is not Mimecast’s core model. Instead, the APIs are used to enhance the inline deployment, not replace it. Barracuda Email Security Gateway SPF: Barracuda checks the sender’s IP against the domain’s published SPF record. If the check fails, you can configure the system to block, quarantine, tag, or allow the message, depending on your policy preferences. DKIM: It validates whether the incoming message includes a valid DKIM signature. The outcome is logged and used to inform further policy decisions or DMARC evaluations. DMARC: It combines SPF and DKIM results, checks for domain alignment, and applies the DMARC policy defined by the sender. Administrators can also choose to override the DMARC policy, allowing messages to pass or be treated differently based on organizational needs (e.g., trusted senders or internal exceptions). Integration Methods Inline mode (more common and straightforward): Barracuda Email Security Gateway is commonly deployed inline by updating your domain’s MX records to point to Barracuda’s cloud or on-premises gateway. This ensures that all inbound emails pass through Barracuda first for filtering and SPF, DKIM, and DMARC validation before being delivered to your mail servers. Deployment Behind the Corporate Firewall: Alternatively, Barracuda can be deployed in transparent or bridge mode without modifying MX records. In this setup, the gateway is placed inline at the network level, such as behind a firewall, and intercepts mail traffic transparently. This method is typically used in complex on-premises environments where changing DNS records is not feasible. Cisco Secure Email (formerly IronPort) Cisco Secure Email acts as an inline gateway for inbound email, usually requiring your domain’s MX records to point to the Cisco Email Security Appliance or cloud service. SPF: Cisco Secure Email verifies whether the sending server is authorized in the sender domain’s SPF record. Administrators can set detailed policies on how to handle SPF failures. DKIM: It validates the DKIM signature on incoming emails and logs whether the signature is valid or has failed. DMARC: It evaluates DMARC by combining SPF and DKIM results along with domain alignment checks. Admins can configure specific actions, such as quarantine, reject, or tag, based on different failure scenarios or trusted sender exceptions. Integration methods On-premises Email Security Appliance (ESA): You deploy Cisco’s hardware or virtual appliance inline, updating MX records to route mail through it for filtering. Cisco Cloud Email Security: Cisco offers a cloud-based email security service where MX records are pointed to Cisco’s cloud infrastructure, which filters and processes inbound mail. Cisco Secure Email also offers advanced, rule-based filtering capabilities and integrates with Cisco’s broader threat protection ecosystem, enabling comprehensive inbound email security. Outbound Handling of SPF, DKIM, and DMARC by Common Security Gateways When your organization sends emails, security gateways can play an active role in processing and authenticating those messages. Depending on the configuration, a gateway might rewrite headers, re-sign messages, or route them through different IPs – all actions that can help or hurt the authentication process. Let’s look at how major SEGs handle outbound email flow. Avanan – Outbound Handling and Integration Methods Outbound Logic Avanan analyzes outbound emails primarily to detect data loss, malware, and policy violations. In API-based integration, emails are sent directly by the original mail server (e.g., Microsoft 365 or Google Workspace), so SPF and DKIM signatures remain intact. Avanan does not alter the message or reroute traffic, which helps maintain full DMARC alignment and domain reputation. Integration Methods 1. API Integration: Connects to Microsoft 365 or Google Workspace via API. No MX changes are needed. Emails are scanned after they are sent, with no modification to SPF, DKIM, or the delivery path.  How it works: Microsoft Graph API or Google Workspace APIs are used to monitor and intervene in outbound emails. Protection level: Despite no MX changes, it can offer inline-like protection, meaning it can block, quarantine, or encrypt emails before they are delivered externally. SPF/DKIM/DMARC impact: Preserves original headers and signatures since mail is sent directly from Microsoft/Google servers. 2. Inline Integration: Requires changing MX records to route email through Avanan. In this mode, Avanan can intercept and inspect outbound emails before delivery. Depending on the configuration, this may affect SPF or DKIM if not properly handled. How it works: Requires adding Avanan’s Protection level: Traditional inline security with full visibility and control, including encryption, DLP, policy enforcement, and advanced threat protection. SPF/DKIM/DMARC impact: SPF configuration is needed by adding Avanan’s include mechanism to the sending domain’s SPF record. The DKIM record of the original sending source is preserved. For configurations, you can refer to the steps in this blog. Proofpoint – Outbound Handling and Integration Methods Outbound Logic Proofpoint analyzes outbound emails to detect and prevent data loss (DLP), to identify advanced threats (malware, phishing, BEC) originating from compromised internal accounts, and to ensure compliance. Their API integration provides crucial visibility and powerful remediation capabilities, while their traditional gateway (MX record) deployment delivers true inline, pre-delivery blocking for outbound traffic. Integration methods 1. API Integration: No MX record changes are required for this deployment method. Integration is done with Microsoft 365 or Google Workspace. How it works: Through its API integration, Proofpoint gains deep visibility into outbound emails and provides layered security and response features, including: Detect and alert: Identifies sensitive content (Data Loss Prevention violations), malicious attachments, or suspicious links in outbound emails. Post-delivery remediation (TRAP): A key capability of the API model is Threat Response Auto-Pull (TRAP), which enables Proofpoint to automatically recall, quarantine, or delete emails after delivery. This is particularly useful for internally sent messages or those forwarded to other users. Enhanced visibility: Aggregates message metadata and logs into Proofpoint’s threat intelligence platform, giving security teams a centralized view of outbound risks and user behavior. Protection level: API-based integration provides strong post-delivery detection and response, as well as visibility into DLP incidents and suspicious behavior.  SPF/DKIM/DMARC impact: Proofpoint does not alter SPF, DKIM, or DMARC because emails are sent directly through Microsoft or Google servers. Since Proofpoint’s servers are not involved in the actual sending process, the original authentication headers remain intact. 2. Gateway Integration (MX Record/Smart Host): This method requires updating MX records or routing outbound mail through Proofpoint via a smart host. How it works: Proofpoint acts as an inline gateway, inspecting emails before delivery. Inbound mail is filtered via MX changes; outbound mail is relayed through Proofpoint’s servers. Threat and DLP filtering: Scans outbound messages for sensitive content, malware, and policy violations. Real-time enforcement: Blocks, encrypts, or quarantines emails before they’re delivered. Policy controls: Applies rules based on content, recipient, or behavior. Protection level: Provides strong, real-time protection for outbound traffic with pre-delivery enforcement, DLP, and encryption. SPF/DKIM/DMARC impact: Proofpoint becomes the sending server: SPF: You need to configure ProofPoint’s SPF. DKIM: Can sign messages; requires DKIM setup. DMARC: DMARC passes if SPF and DKIM are set up properly. Please refer to this article to configure SPF and DKIM for ProofPoint. Mimecast – Outbound Handling and Integration Methods Outbound Logic Mimecast inspects outbound emails to prevent data loss (DLP), detect internal threats such as malware and impersonation, and ensure regulatory compliance. It primarily functions as a Secure Email Gateway (SEG), meaning it sits directly in the outbound email flow. While Mimecast offers APIs, its core outbound protection is built around this inline gateway model. Integration Methods 1. Gateway Integration (MX Record change required) This is Mimecast’s primary method for outbound email protection. Organizations route their outbound traffic through Mimecast by configuring their email server (e.g., Microsoft 365, Google Workspace, etc.) to use Mimecast as a smart host. This enables Mimecast to inspect and enforce policies on all outgoing emails in real time. How it works: Updating outbound routing in your email system (smart host settings), or Using Mimecast SMTP relay to direct messages through their infrastructure. Mimecast then scans, filters, and applies policies before the email reaches the final recipient. Protection level: Advanced DLP: Identifies and prevents sensitive data leaks. Impersonation and Threat Protection: Blocks malware, phishing, and abuse from compromised internal accounts. Email Encryption and Secure Messaging: Applies encryption policies or routes messages via secure portals. Regulatory Compliance: Enforces outbound compliance rules based on content, recipient, or metadata. SPF/DKIM/DMARC impact: SPF: Your SPF record must include Mimecast’s SPF mechanism based on your region to avoid SPF failures. DKIM: A new DKIM record should be configured to make sure your emails are DKIM signed when routing through Mimecast. DMARC: With correct SPF and DKIM setup, Mimecast ensures DMARC alignment, maintaining your domain’s sending reputation. Please refer to the steps in this detailed article to set up SPF and DKIM for Mimecast. 2. API Integration (Complementary to Gateway) Mimecast’s APIs complement the main gateway by providing automation, reporting, and management tools rather than handling live outbound mail flow. They allow you to manage policies, export logs, search archived emails, and sync users. APIs enhance visibility and operational tasks but do not provide real-time filtering or blocking of outbound messages. Since APIs don’t process live mail, they have no direct effect on SPF, DKIM, or DMARC; those depend on your gateway (smart host) setup. Barracuda – Outbound Handling and Integration Methods Outbound Logic Barracuda analyzes outbound emails to prevent data loss (DLP), block malware, stop phishing/impersonation attempts from compromised internal accounts, and ensure compliance. Barracuda offers flexible deployment options, including both traditional gateway (MX record) and API-based integrations. While both contribute to outbound security, their roles are distinct. Integration Methods 1. Gateway Integration (MX Record / Smart Host) — Primary Inline Security How it works: All outbound emails pass through Barracuda’s security stack for real-time inspection, threat blocking, and policy enforcement before delivery. Protection level: Comprehensive DLP (blocking, encrypting, or quarantining sensitive content)  Outbound spam and virus filtering  Enforcement of compliance and content policies This approach offers a high level of control and immediate threat mitigation on outbound mail flow. SPF/DKIM/DMARC impact: SPF: Update SPF records to include Barracuda’s sending IPs or SPF include mechanism. DKIM: Currently, no explicit setup is needed; DKIM of the main sending source is preserved. Refer to this article for more comprehensive guidance on Barracuda SEG configuration. 2. API Integration (Complementary & Advanced Threat Focus) How it works: The API accesses cloud email environments to analyze historical and real-time data, learning normal communication patterns to detect anomalies in outbound emails. It also supports post-delivery remediation, enabling the removal of malicious emails from internal mailboxes after sending. Protection level: Advanced AI-driven detection and near real-time blocking of outbound threats, plus strong post-delivery cleanup capabilities. SPF/DKIM/DMARC impact: Since mail is sent directly by the original mail server (e.g., Microsoft 365), SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. Cisco Secure Email (formerly IronPort) – Outbound Handling and Integration Methods Outbound Logic Cisco Secure Email protects outbound email by preventing data loss (DLP), blocking spam and malware from internal accounts, stopping business email compromise (BEC) and impersonation attacks, and ensuring compliance. Cisco provides both traditional gateway appliances/cloud gateways and modern API-based solutions for layered outbound security. Integration Methods 1. Gateway Integration (MX Record / Smart Host) – Cisco Secure Email Gateway (ESA) How it works: Organizations update MX records to route mail through the Cisco Secure Email Gateway or configure their mail server (e.g., Microsoft 365, Exchange) to smart host outbound email via the gateway. All outbound mail is inspected and policies enforced before delivery. Protection level: Granular DLP (blocking, encrypting, quarantining sensitive content) Outbound spam and malware filtering to protect IP reputation Email encryption for sensitive outbound messages Comprehensive content and attachment policy enforcement SPF: Check this article for comprehensive guidance on Cisco SPF settings. DKIM: Refer to this article for detailed guidance on Cisco DKIM settings. 2. API Integration – Cisco Secure Email Threat Defense How it works: Integrates directly via API with Microsoft 365 (and potentially Google Workspace), continuously monitoring email metadata, content, and user behavior across inbound, outbound, and internal messages. Leverages Cisco’s threat intelligence and AI to detect anomalous outbound activity linked to BEC, account takeover, and phishing. Post-Delivery Remediation: Automates the removal or quarantine of malicious or policy-violating emails from mailboxes even after sending. Protection level: Advanced, AI-driven detection of sophisticated outbound threats with real-time monitoring and automated remediation. Complements gateway filtering by adding cloud-native visibility and swift post-send action. SPF/DKIM/DMARC impact: Since emails are sent directly by the original mail server, SPF and DKIM signatures remain intact, preserving DMARC alignment and domain reputation. If you have any questions or need assistance, feel free to reach out to EasyDMARC technical support.

Mario Kart World – is it a backwards step? (Nintendo) The Friday letters page is surprised the Sony State of Play didn’t go down better with more people, as readers share images of the Switch 2 midnight launches. To join in with the discussions yourself email gamecentral@metro.co.uk Initial experience I’ve spent a few hours playing Mario Kart World in single and multiplayer, and my first impression is that it’s a bit… boring.The free roam aspect of the game seemed like it had heaps of potential but, for the most part, it feels aimless. Sure, there are things to collect and discover, but in-between there’s just driving. Lots and lots of driving. It’s not exactly a world brimming with things to do in the same way as the sandbox areas in Super Mario Odyssey, for example. As for the races, in principle it makes sense that the tracks need to be wider to accommodate 24 racers. However, the races themselves don’t generally feel any busier because you’re still, generally, just competing against those closest to your level of ability. Consequently, I felt the game lacks the chaotic energy of jostling your rivals to get ahead because there’s so much space on the otherwise well-designed courses. I know it’s unfair to compare Mario Kart World to Mario Kart 8 at this point, given the latter spanned two consoles, with a plethora of content reflecting that. But it’s hard not to feel that while the free roam section is a solid demonstration of technical advancement (even if the inability to integrate it with Grand Prix mode seems like a missed opportunity), the core gameplay is consistent, at best. In some respects, I’d say it’s more of a step backwards, if anything. That being said, I don’t think this is the same version of Mario Kart World we’ll be playing five years from now. Free roam mode feels like a playground in which Nintendo can experiment, and I fully expect them to do so. There’ll undoubtedly be a slew of DLC and perhaps better integration of the various modes into one seamless experience. Expert, exclusive gaming analysis Sign up to the GameCentral newsletter for a unique take on the week in gaming, alongside the latest reviews and more. Delivered to your inbox every Saturday morning. In the unlikely event that this is the final iteration of Mario Kart World, it’s currently a six or (generous) seven out of 10 and probably the least enthralled I’ve ever been with a new Mario Kart title. But I’ll give Nintendo the benefit of the doubt for now because this doesn’t feel like a game that’s even close to being finished.Needlemouse Just add SonyFirstly, I’m surprised by the relatively lukewarm response to the State of Play from some people; I thought it was one of the best in recent memory and there were only a few games that I personally had little interest in. The main reason for writing in is the recent addition of Destiny 2: The Final Shape to PS Plus subscription. In short, I played a lot of Destiny 2 back in the day but have subsequently not played any of the most recent DLCs/additions. Can The Final Shape be played as a standalone? (both logistically and in terms of the story)?John GC: We think people were upset that Sony themselves had nothing to show from their first parties, even though we agree it was overall a good show. As far as we understand, you don’t need any other expansions to play The Final Shape. Only one Just a quick heads up for anyone buying digital content on either a Switch or Switch 2 console, if you are Switch online subscriber you can purchase a voucher for £84 that lets you purchase any two titles from a list of games.This reduces each game to a reasonable £42 and the vouchers are valid for a year. I didn’t get an alert about this until after I’d purchased Super Smash Bros. Ultimate, which I paid £59.99 for. I did at least then go on to buy a voucher for £84 and redeemed each token for Super Mario Bros. Wonder and Super Mario 3D Land + Bowser’s Fury.Charlie H. GC: It’s important to note these can’t be used for Switch 2 exclusive games. Email your comments to: gamecentral@metro.co.uk Midnight gathering I’ve seen a lot of pictures from the Switch 2 launch, so I thought I’d send you a picture of the queue at Smyth’s in Dublin city centre, a couple of minutes after midnight.I think there were a couple of hundred people there when I arrived. if I’d known then that I wouldn’t get out of the store until 2:30am, I might have gone home and tried again in the morning. But in the end, I’m glad I waited. I’ve just been tinkering with it so far, hooked it up to the TV, and played a little bit of Mario Kart World and Cyberpunk 2077, so I can’t really give any conclusions. But when my (dedicated non-gamer) wife saw it, her reaction was, ‘Oh, it looks much better! Can I play it?’ So I think Nintendo are on to another winner.Mickah Night-time rendezvous (Mickah) American retail I was on my way down to Smyths Leeds to collect my Switch 2 Mario Kart bundle, that I had pre-ordered a month ago.I called in at Costco on the way and was surprised to find they had the Mario Kart bundle for £419.99, so I decided to get one from there. It was late afternoon Thursday and they looked to have plenty left. It is limited to one per customer. I will let my pre-order lapse so it will cancel in two days.Martin GC: We had no idea Costco existed in the UK. Maybe we’re not the only ones and that’s why they have so many left. C’mon DoreenSomebody (not me, don’t know how) should start a petition to get Squirrel Girl in that Marvel game for you guys. How good did it all look? How good was that showcase? What have Sony been up too? That’s what. Mortal Kombat: Legacy Kollection is already on my wishlist. That surfing sword game wasn’t bad either. With Nintendo too, great times ahead.Indiegaz (PSN ID) GC: At least she’s in Marvel Rivals. Autumnal purchase So I won’t be buying the Nintendo Switch 2 at launch. I’ll be instead visiting Tenerife in August. But I do hope the system reviews well and those who have purchased it are zooming around on Mario Kart World. I’ll be hopefully purchasing the device before autumn of this year. But you never know what could happen.So my sister paid for my ticket and it of course must be paid back. A debt is a debt. Which is quite fitting, since I just finished my playthrough of Red Dead Redemption and just as John Marston paid his debt to a life of crime and Edgar Ross paid his debt to a vengeful son. I’ll be hopefully paid up in less than three months, then I’ll be purchasing the Switch 2 and with more information on the games, reviews, and what’s to come for the future. For now however, I look towards a week spent in the beaches of Spain and my focus on the remainder of my maths course. Also, a playthrough of Resident Evil 3 remake. Only six hours long. Can’t complain.Shahzaib Sadiq Free for all Borderlands 2 and Hellslave are currently free on Steam on PC. Hellslave is available for free until Sunday, 15th June. Also, Deathloop is currently free on Epic Games Store.I hope everyone who gets a Switch 2 enjoys it. I will have to probably get one next year now, as I need to buy a new gaming computer because my current gaming PC will not upgrade to Windows 11, unfortunately.Andrew J. Old reliable Just writing this after a couple of hours with the Switch 2. I always end up with whatever Nintendo’s latest console is at some point in its lifetime (going back to the Game Boy Advance) but for the first time I decided to jump onboard day one.The price rises for the PlayStation 5 and Xbox Series X have shown that the assumption consoles will get cheaper in the medium term isn’t a guarantee, and the feature list for the Switch 2 ticked pretty much every box I wanted from an upgrade to the original. Bump in specs, sturdier Joy-Con, and a new interface with the mouse controls. What I’ve not seen many people comment on yet is the set-up experience. It isn’t always a given with Nintendo that this is going to be smooth, but I found that the transfer from my original to Switch 2 was seamless. I had one error message in setting up GameChat, but restarting the process fixed that, and now I can settle into at least another few years of Nintendo gaming joy. As I approach the business end of 40 years old, it’s a comfort to know that the likes of Mario, Yoshi, and the other inhabitants of the Mushroom Kingdom are still karting away 30-odd years after the SNES original.Electric Crocosaurus GC: That’s a cool name. Inbox also-rans Yes! My Switch 2 has turned up and have the rest of the week off, and it’s Summer Game Fest on Friday night. Now that is what I call eating well for games fans!LemptonAs promised, here is the pic from the queue at Smyths toy store at midnight. Sorry I couldn’t get one from inside but they were only letting two at a time in. Not a bad turn out. I had about 20 people behind me too.woz_007 (NN ID) The way launches used to be (woz_007) Email your comments to: gamecentral@metro.co.uk More Trending The small printNew Inbox updates appear every weekday morning, with special Hot Topic Inboxes at the weekend. Readers’ letters are used on merit and may be edited for length and content. You can also submit your own 500 to 600-word Reader’s Feature at any time via email or our Submit Stuff page, which if used will be shown in the next available weekend slot. You can also leave your comments below and don’t forget to follow us on Twitter. GameCentral Sign up for exclusive analysis, latest releases, and bonus community content. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Your information will be used in line with our Privacy Policy

Geoff Keighley has promised a record-breaking number of publishers at Summer Game Fest this year, so we’ve rounded up what we think we’ll be playing in the coming monthsTech23:00, 05 Jun 2025We're so ready to step into Samus' boots againE3 might be long gone, but Summer Game Fest has replaced it. While Nintendo Switch 2 has just launched, and Sony has held its own State of Play event, tonight’s show is about as unpredictable as you can get. So, naturally, we’re trying to predict what we’ll be seeing.With everyone from PlayStation to SEGA, Xbox and even Nintendo making an appearance, we’re expecting big things from the showcase, which will be packed with titles for 2025 and beyond.‌While some are known quantities, like Borderlands 4, Little Nightmares 3, and the upcoming Bond game from Hitman developer IO Interactive, we’re still expecting plenty of surprises. Here’s everything we’re predicting for Summer Game Fest 2025.‌There are plenty of big namesWith Geoff Keighley’s events in both the Summer and December being key fixtures on the gaming events calendar, he’s able to pull off plenty of surprises. The Game Awards 2023 revealed Monster Hunter Wilds, while the following year showcased the first gameplay of Slay The Spire 2 and Split Fiction, as well as Elden Ring Nightreign and Intergalactic: The Heretic Prophet.As for Summer Game Fest itself, the show last year featured Dragon Ball: Sparking Zero, Kingdom Come: Deliverance II and Warhammer 40,000: Space Marine 2 - all games which were released since then.Article continues belowWe’ve heard rumblings that Capcom’s Pragmata, revealed alongside the PS5 in June 2020, could be shown at the event following an indefinite delay in 2023. It’s just as well, since we have no idea what the game really is yet.We’re also very curious about what Nintendo could show. The Switch 2 is out, but only as of yesterday, so we’d expect a sizzle reel to show what the console is capable of, as well as another look at Donkey Kong Bananza.‌PlayStation is probably easier to predict since the company is launching Hideo Kojima’s Death Stranding 2: On The Beach in just a few short weeks, and Geoff Keighley will likely find some way of getting the man himself on stage.SEGA has plenty to show, too. Sonic Racing CrossWorlds is still due this year, while the company has an ambitious plan to resurrect classic titles starting with Shinobi: Art of Vengeance and leading into Streets of Rage and Crazy Taxi.We tipped a Final Fantasy 7 Remake Part 3 announcement for Sony’s State of Play, but we’re still waiting for more news on Kingdom Hearts 4.‌Pearl Abyss is still aiming to launch Crimson Desert this year (supposedly), but we’re without a release date as yet, while the company is also working on its colourful DokeV which has been MIA for years at this point.While Microsoft is expected to appear, the company has its own showcase just two days later with a big focus on The Outer Worlds 2. As a result, we might just get a sneak peek at this year’s Call of Duty with more to come on Sunday.With Bungie’s Marathon hit by plagiarism accusations, Embark Studios has a great chance to get players onto Arc Raiders as an alternative. Speaking of Bungie, expect a gameplay trailer for Destiny 2: Edge of Fate.‌Elden Ring is coming to Switch 2(Image: FromSoftware, Inc.)Call us crazy, but we want a bunch of Switch 2 news. We want to see From Software’s Duskbloods, get a release date for Elden Ring: Tarnished Edition, and maybe even a Metroid Prime 4 release date from Nintendo itself.Given the history of Monster Hunter on portable consoles, we’ve got everything crossed for the series to come to Switch 2, but coming off of the excellent Wilds, it’s perhaps unlikely.‌Naturally, we’ve always got our fingers crossed that we’ll see Silksong, but rumours have suggested that Team Cherry’s long-awaited Hollow Knight follow-up would be announced at Microsoft’s event if at all.As we said in our State of Play predictions, we’re also expecting to hear more about Resident Evil 9 by the end of this week, in some way, shape, or form.With The Division 2 getting what’s likely its final DLC recently, here’s hoping for The Division 3, which has been rumoured for a while. Or, maybe Ubisoft will finally share something about the Splinter Cell title it has in development.Article continues belowDid we get any correct? Find out with us, with the show kicking off at 10PM BST on Friday night.For the latest breaking news and stories from across the globe from the Daily Star, sign up for our newsletters.‌‌‌

A significant cyber breach at His Majesty’s Revenue and Customs (HMRC) that saw scammers cheat the public purse out of approximately £47m has been met with dismay from security experts thanks to the sheer simplicity of the attack, which originated via account takeover attempts on legitimate taxpayers. HMRC disclosed the breach to a Treasury Select Committee this week, revealing that hackers accessed the online accounts of about 100,000 people via phishing attacks and managed to claim a significant amount of money in tax rebates before being stopped. It is understood that those individuals affected have been contacted by HMRC – they have not personally lost any money and are not themselves in any trouble. Arrests in the case have already been made. During proceedings, HMRC also came in for criticism by the committee’s chair Meg Hillier, who had learned about the via an earlier news report on the matter, over the length of time taken to come clean over the incident. With phishing emails sent to unwitting taxpayers identified as the initial attack vector for the scammers, HMRC might feel relieved that it has dodged full blame for the incident. But according to Will Richmond-Coggan, a partner specialising in data and cyber disputes at law firm Freeths, even though the tax office had gone to pains to stress its own systems were never actually compromised, the incident underscored just how widespread the consequences of cyber attacks can be – snowballing from simple origins into a multimillion pound loss. “It is clear from HMRC's explanation that the crime against HMRC was only possible because of earlier data breaches and cyber attacks,” said Richmond-Coggan. “Those earlier attacks put personal data in the hands of the criminals which enabled them to impersonate tax payers and apply successfully to claim back tax.” Meanwhile, Gerasim Hovhannisyan, CEO of EasyDMARC, an email security provider, pointed out that phishing against both private individuals and businesses and other organisations had long ago moved beyond the domain of scammers chancing their luck. While this type of scattergun fraud remains a potent threat, particularly to consumers who may not be informed about cyber security matters – the scale of the HMRC phish surely suggests a targeted operation, likely using carefully crafted email purporting to represent HMRC itself, designed to lure self-assessment taxpayers into handing over their accounts. Not only that, but generative artificial intelligence (GenAI) means targeted phishing operations have become exponentially more dangerous in a very short space of time, added Hovhannisyan. “[It] has made [phishing] scalable, polished, and dangerously convincing, often indistinguishable from legitimate communication. And while many organisations have strengthened their security perimeters, email remains the most consistently exploited and underestimated attack vector,” he said. “These scams exploit human trust, using urgency, authority, and increasingly realistic impersonation tactics. If HMRC can be phished, anyone can.” Added Hovhannisyan: “What’s more alarming is that the Treasury Select Committee only learned of the breach through the news. When £47m is stolen through impersonation, institutions can’t afford to stay quiet. Delayed disclosure erodes trust, stalls response, and gives attackers room to manoeuvre.” Once again a service’s end-users have turned out to be the source of a cyber attack and as such, whether they are internal or – as in this case – external, are often considered an organisation’s first line of defence. However, it is not always wise to take this approach, and for an organisation like HMRC daily engaging with members of the public, it is also not really possible. Security education is a difficult proposition at the best of times and although the UK’s National Cyber Security Centre (NCSC) provides extensive advice and guidance on spotting and dealing with phishing emails for consumers – it also operates a phishing reporting service that as of April 2025 has received over 41 million scam reports – bodies like HMRC cannot rely on everybody having visited the NCSC’s website. As such, Mike Britton, chief information officer (CIO) at Abnormal AI, a specialist in phishing, social engineering and account takeover prevention, argued that HMRC could and should have done more from a technical perspective. “Governments will always be a high tier target for cyber criminals due to the valuable information they hold. In fact, attacks against this sector are rising,” he said. “In this case, it looks like criminals utilised account take over to conduct fraud. To combat this, multifactor authentication (MFA) is key, but as attacks grow more sophisticated, further steps must be taken.” Britton said organisations like HMRC really needed to consider adopting more layered security strategies, not only including MFA but also incorporating wider visibility and unified controls across its IT systems. Account takeover attacks such as the ones seen in this incident can unfold quickly, he added, so its cyber function should also be equipped with the tools to identify and remediate compromised accounts on the fly. Read more about trends in phishing Quishing, meaning QR code phishing, is an offputting term for an on-the-rise attack method. Learn how to defend against it. A healthy dose of judicious skepticism is crucial to preventing phishing attacks, said David Fine, supervisory special agent at the FBI, during a presentation at a HIMSS event. Exchange admins got a boost from Microsoft when it improved how it handles DMARC authentication failures to help organisations fight back from email-based attacks on their users.

Some people reported an unwelcome surprise after picking up their Nintendo Switch 2 preorders at GameStop: staples used to attach receipts to Switch 2 boxes ended up damaging the screens on the console, as reported by IGN. However, GameStop says this was an issue that was “isolated” to a single store and that it has already offered replacements. When you open the box for the Switch 2, the tablet / screen part of the device is just under the top flap of the packaging. The tablet’s proximity to the top of the box possibly explains how staples could get through and poke holes in the screen — especially if the person using the stapler gave it a solid push. Reports started trickling in overnight as people got their preorders. In this post on X, for example, you can see photos of two dots on the box, a bag, and the screen. View Link To IGN, a GameStop spokesperson said that it was “investigating the matter” and promised to “make customers whole.” And on Thursday, one Reddit user affected by the problem said that they spoke with a GameStop manager who said they would be able to exchange their damaged unit. “We’ve addressed a unique case of staples damaging Switch 2 screens – isolated to one store,” GameStop says in a post on X. “Replacements have been offered. Staplers have been confiscated.”

It's finally here. Credit: Nintendo Best places to buy the Switch 2 online Buy the Switch 2 at Walmart Switch 2 console $449 at Walmart Buy the Switch 2 Mario Kart World bundle at Walmart Nintendo Switch 2 + Mario Kart World Bundle $499 at Nintendo Buy the Switch 2 at Best Buy Switch 2 console $449.99 at Best Buy Buy the Switch 2 Mario Kart bundle at GameStop Nintendo Switch 2 + Mario Kart World Bundle $499.99 at GameStop Eight years after the launch of the original, the Nintendo Switch 2 is finally being released in midnight launch events around the country. At the same time, gamers around the United States are checking retailers like Walmart, Target, Best Buy, GameStop, and even Costco in search of the next-generation console.On social media platforms like X, Reddit, and YouTube, gamers are sharing photos and videos of long lines and excited crowds outside stores like GameStop and Target. And some lucky gamers are already showing off their successful purchases. While there are dozens of Switch 2 games and accessories available for purchase, gamers looking for the console itself have two options: Get the base Switch 2 console for $449.99 or opt for the Nintendo Switch 2 + Mario Kart World Bundle for $499.99. Of course, both are in short supply, even as Nintendo forecasts selling 20 million units in the next 12 months. You May Also Like The first customers to get their hands on Switch 2 consoles were the lucky players who placed a preorder through GameStop or Best Buy. Both retailers hosted midnight ET launch events around the country, which gave people the chance to pick up their preorders in person. In addition, these retailers will be selling limited supplies of consoles on a first-come, first-served basis, according to their websites. Mashable recently received a Switch 2 review unit, and we'll be sharing more first impressions soon. Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up! However, even though the Switch 2 has been officially released, that doesn't mean online inventory will be available right away. Nintendo is only allowing purchases for customers with active, paid Switch Online memberships. And Target previously announced that it wouldn't start selling the console online until Friday (June 6). However, retailers like Best Buy and Walmart promised to start selling the console online promptly at midnight.When preorders officially went live on April 24, gamers promptly crashed retailer websites, and history may repeat itself for launch day. But if you want to try your luck at placing an online order, head to the retailers and start smashing that refresh button like you're playing Super Smash Bros. Related Stories You can check the latest Switch 2 stock at the following online stores:If those links don't work, you can also look for the Nintendo Switch 2 + Mario Kart World Bundle at Walmart, GameStop, Best Buy, Costco, and Staples. Timothy Beck Werth Tech Editor Timothy Beck Werth is the Tech Editor at Mashable, where he leads coverage and assignments for the Tech and Shopping verticals. Tim has over 15 years of experience as a journalist and editor, and he has particular experience covering and testing consumer technology, smart home gadgets, and men’s grooming and style products. Previously, he was the Managing Editor and then Site Director of SPY.com, a men's product review and lifestyle website. As a writer for GQ, he covered everything from bull-riding competitions to the best Legos for adults, and he’s also contributed to publications such as The Daily Beast, Gear Patrol, and The Awl.Tim studied print journalism at the University of Southern California. He currently splits his time between Brooklyn, NY and Charleston, SC. He's currently working on his second novel, a science-fiction book.

It’s easy to look at President Donald Trump’s second term and conclude that the less power and reach the federal government has, the better. After all, a smaller government might provide Trump or someone like him with fewer opportunities to disrupt people’s lives, leaving America less vulnerable to the whims of an aspiring autocrat. Weaker law-enforcement agencies could lack the capacity to enforce draconian policies. The president would have less say in how universities like Columbia conduct their business if they weren’t so dependent on federal funding. And he would have fewer resources to fundamentally change the American way of life.Trump’s presidency has the potential to reshape an age-old debate between the left and the right: Is it better to have a big government or a small one? The left, which has long advocated for bigger government as a solution to society’s problems, might be inclined to think that in the age of Trump, a strong government may be too risky. Say the United States had a single-payer universal health care system, for example. As my colleague Kelsey Piper pointed out, the government would have a lot of power to decide what sorts of medical treatments should and shouldn’t be covered, and certain forms of care that the right doesn’t support — like abortion or transgender health — would likely get cut when they’re in power. That’s certainly a valid concern. But the dangers Trump poses do not ultimately make the case for a small or weak government because the principal problem with the Trump presidency is not that he or the federal government has too much power. It’s that there’s not enough oversight.Reducing the power of the government wouldn’t necessarily protect us. In fact, “making government smaller” is one of the ways that Trump might be consolidating power.First things first: What is “big government”?When Americans are polled about how they feel about “big government” programs — policies like universal health care, Social Security, welfare for the poor — the majority of people tend to support them. Nearly two-thirds of Americans believe the government should be responsible for ensuring everyone has health coverage. But when you ask Americans whether they support “big government” in the abstract, a solid majority say they view it as a threat.That might sound like a story of contradictions. But it also makes sense because “big government” can have many different meanings. It can be a police state that surveils its citizens, an expansive regulatory state that establishes and enforces rules for the private sector, a social welfare state that directly provides a decent standard of living for everyone, or some combination of the three. In the United States, the debate over “big government” can also include arguments about federalism, or how much power the federal government should have over states. All these distinctions complicate the debate over the size of government: Because while someone might support a robust welfare system, they might simultaneously be opposed to being governed by a surveillance state or having the federal government involved in state and local affairs.As much as Americans like to fantasize about small government, the reality is that the wealthiest economies in the world have all been a product of big government, and the United States is no exception. That form of government includes providing a baseline social safety net, funding basic services, and regulating commerce. It also includes a government that has the capacity to enforce its rules and regulations.A robust state that caters to the needs of its people, that is able to respond quickly in times of crisis, is essential. Take the Covid-19 pandemic. The US government, under both the Trump and Biden administrations, was able to inject trillions of dollars into the economy to avert a sustained economic downturn. As a result, people were able to withstand the economic shocks, and poverty actually declined. Stripping the state of the basic powers it needs to improve the lives of its citizens will only make it less effective and erode people’s faith in it as a central institution, making people less likely to participate in the democratic process, comply with government policies, or even accept election outcomes.A constrained government does not mean a small governmentBut what happens when the people in power have no respect for democracy? The argument for a weaker and smaller government often suggests that a smaller government would be more constrained in the harm it can cause, while big government is more unrestrained. In this case, the argument is that if the US had a smaller government, then Trump could not effectively use the power of the state — by, say, deploying federal law enforcement agencies or withholding federal funds — to deport thousands of immigrants, bully universities, and assault fundamental rights like the freedom of speech. But advocating for bigger government does not mean you believe in handing the state unlimited power to do as it pleases. Ultimately, the most important way to constrain government has less to do with its size and scope and more to do with its checks and balances. In fact, one of the biggest checks on Trump’s power so far has been the structure of the US government, not its size. Trump’s most dangerous examples of overreach — his attempts to conduct mass deportations, eliminate birthright citizenship, and revoke student visas and green cards based on political views — have been an example of how proper oversight has the potential to limit government overreach. To be sure, Trump’s policies have already upended people’s lives, chilled speech, and undermined the principle of due process. But while Trump has pushed through some of his agenda, he hasn’t been able to deliver at the scale he promised. But that’s not because the federal government lacks the capacity to do those things. It’s because we have three equal branches of government, and the judicial branch, for all of its shortcomings in the Trump era, is still doing its most basic job to keep the executive branch in check. Reforms should include more oversight, not shrinking governmentThe biggest lesson from Trump’s first term was that America’s system of checks and balances — rules and regulations, norms, and the separate branches of government — wasn’t strong enough. As it turned out, a lot of potential oversight mechanisms did not have enough teeth to meaningfully restrain the president from abusing his power. Trump incited an assault on the US Capitol in an effort to overturn the 2020 election, and Congress ultimately failed in its duty to convict him for his actions. Twice, impeachment was shown to be a useless tool to keep a president in check.But again that’s a problem of oversight, not of the size and power of government. Still, oversight mechanisms need to be baked into big government programs to insulate them from petty politics or volatile changes from one administration to the next. Take the example of the hypothetical single-payer universal health care system. Laws dictating which treatments should be covered should be designed to ensure that changes to them aren’t dictated by the president alone, but through some degree of consensus that involves regulatory boards, Congress, and the courts. Ultimately, social programs should have mechanisms that allow for change so that laws don’t become outdated, as they do now. And while it’s impossible to guarantee that those changes will always be good, the current system of employer-sponsored health insurance is hardly a stable alternative.By contrast, shrinking government in the way that Republicans often talk about only makes people more vulnerable. Bigger governments — and more bureaucracy — can also insulate public institutions from the whims of an erratic president. For instance, Trump has tried to shutter the Consumer Financial Protection Bureau (CFPB), a regulatory agency that gets in the way of his and his allies’ business. This assault allows Trump to serve his own interests by pleasing his donors.In other words, Trump is currently trying to make government smaller — by shrinking or eliminating agencies that get in his way — to consolidate power. “Despite Donald Trump’s rhetoric about the size or inefficiency of government, what he has done is eradicate agencies that directly served people,” said Julie Margetta Morgan, president of the Century Foundation who served as an associate director at the CFPB. “He may use the language of ‘government inefficiency’ to accomplish his goals, but I think what we’re seeing is that the goals are in fact to open up more lanes for big businesses to run roughshod over the American people.” The problem for small-government advocates is that the alternative to big government is not just small government. It’s also big business because fewer services, rules, and regulations open up the door to privatization and monopolization. And while the government, however big, has to answer to the public, businesses are far less accountable. One example of how business can replace government programs is the Republicans’ effort to overhaul student loan programs in the latest reconciliation bill the House passed, which includes eliminating subsidized loans and limiting the amount of aid students receive. The idea is that if students can’t get enough federal loans to cover the cost of school, they’ll turn to private lenders instead. “It’s not only cutting Pell Grants and the affordability of student loan programs in order to fund tax cuts to the wealthy, but it’s also creating a gap where [private lenders] are all too happy to come in,” Margetta Morgan said. “This is the small government alternative: It’s cutting back on programs that provided direct services for people — that made their lives better and more affordable — and replacing it with companies that will use that gap as an opportunity for extraction and, in some cases, for predatory services.”Even with flawed oversight, a bigger and more powerful government is still preferable because it can address people’s most basic needs, whereas small government and the privatization of public services often lead to worse outcomes.So while small government might sound like a nice alternative when would-be tyrants rise to power, the alternative to big government would only be more corrosive to democracy, consolidating power in the hands of even fewer people (and businesses). And ultimately, there’s one big way for Trump to succeed at destroying democracy, and that’s not by expanding government but by eliminating the parts of government that get in his way.See More:

PERFORMANCE ART With technical improvements, Pokemon Scarlet & Violet are utterly transformed on Nintendo Switch 2 What a difference a frame rate makes. On more powerful hardware, Pokemon Scarlet & Violet are practically different games Article by Alex Donaldson Assistant Editor Published on June 4, 2025 I can scarcely think of a game as hampered by its performance as the original Nintendo Switch release of Pokemon Scarlet & Violet. I can think of loads of games that perform worse, of course - broken, shattered releases - but I struggle to think of a great game so thoroughly compromised just from how it runs. That was the log behind my 2022 review of the games, where I called the games a “super-effective new vision” for the series but bemoaned how it ran. The game became famous for stop-motion windmills and distant cliffsides that looked like they’d fallen out of a Nintendo 64 game. The truth is, Scarlet & Violet’s brilliant design and peppy attitude deserved better. Now, three years on from release, Scarlet & Violet is about to get better with a Switch 2 update that I’m going to go ahead and call a total I was invited by The Pokemon Company to take an early look at the patched Switch 2 version of the game - which is always a sign of confidence, given I was quite a noisy detractor of the original game’s performance. I’m honestly not sure what to say other than: wow, what a difference. It is absolute night and day stuff. To the sort of people who say that frame rate doesn’t really matter, I challenge them to play Scarlet & Violet on Switch 2 and then go back to the original. I dare you. As friend of the site Joe says in Serebii's video preview embedded below, it ain’t doable. Watch on YouTube With a crisp presentation at a higher resolution and with a frame rate that as far as I can tell sits at a rock solid 60fps for the vast majority of the time, this is a world apart from the stomach-turning rollercoaster highs and lows of the original release. Distant Pokemon and world elements are no longer slideshows - yes, those infamous windmills are fixed! This isn’t just about technical bragging rights. The difference in how this game now runs is profound enough that it changes the flow and feel of the game. Scarlet & Violet were by design the most footloose and expansive Pokemon games of all time, channeling the open world chops of everything from Skyrim to Breath of the Wild into a Pokemon setting and setup. The performance was a drag on that - if the frame rate tanks every time you whip the camera around to see a nearby approaching threat or take in a distant vista, you’re ripped right out of the game. By stabilising everything, the performance is utterly transformed. Aside from the nebulous concept of ‘game feel’ being improved by the technical advancements, there are also real boons in terms of gameplay. Wild Pokemon spawn in and swarm across the rolling fields and the like in greater numbers. The subtle delay that you’d perceive, that hitch when encountering a wild Pokemon, is eliminated. Menus that were sluggish are now snappier and more responsive. Pokemon Box sprite icons now spring to life instantly. These are small quality of life changes that add up to something greater. Perhaps most importantly battles are now less plodding in their pace, which was frequently obliterated by certain move animations could send the frame rate crashing. It has to be said, it’s not all perfect. The level of detail settings remain pretty aggressive - which means as you’re galloping along at a glorious 60 frames atop your trusty Poke-steed, flowers and other micro detail pop in around you. It’s not ideal. Also, to be honest, the game now being technically accomplished does help to expose the art style for what it is - which is in need of a bit of tightening, I feel. The addition of HDR does really help the colorful exuberance of Paldea to shine, though. In all it’s a triumph, anyway. This is the game Scarlet & Violet should’ve been. Moreover, it feels like the most technically accomplished main-line Pokemon game… possibly ever? Certainly of the 3D era. As with 120fps mouselook Metroid, playing 3D Pokemon at 60fps feels like you’re doing something illegal, frankly. But this is now the way to play these excellent games - and with good-performing Pokemon games now on the table, my excitement for this year’s Pokemon Legends Z-A has skyrocketed.