The best roguelike games offer a serious but rewarding commitment, inviting you to lose time and time again until you reach new heights. And then you get to repeat the process while retaining knowledge that shapes your future sessions, improving your skills with each subsequent run.The best roguelike games follow the philosophy of randomizing existing game elements and providing a different experience every time you start a new run, with the condition that a game over screen means restarting from scratch. The roguelite distinction is similar, but it involves permanent progression, be it in the form of story, unlockable paths, items, and so on.Our selection of the best roguelike games has something for every player, regardless of platform and subgenre of choice. Our picks intersect with rhythm, deckbuilding, platforming, puzzle, and shooter games, to name a few. The roguelike and roguelite genres keep gaining more ground as pillars for design choices, meaning that some of the games on this list will ring familiar with the selections in our best PS5 games and best PC game lists. You'll also find some overlap with our recommendations for the best indie games to play right now.As the middle of 2025 draws near, choosing the best roguelike games becomes tougher with each passing day. The likes of Nuclear Throne, The Binding of Isaac, and Enter the Gungeon progressively marked their place in the genre years ago. Now, roguelikes and roguelites are in abundance, with game developers coming up with novel spins and pushing the genre forward.Whether you're looking for something more traditional or a unique take on a genre that is brimming with creativity, our best roguelike games list is bound to add a few new experiences to have on your radar. BalatroDeveloper: LocalThunkRelease Date: February 20, 2024Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCIf you've seen your loved ones spending way too much time on their phones during the past year, it's likely due to LocalThunk's engrossing take on poker. Balatro is deceptively simple: Look at your hand, think of the combination that will net you the most points, and see the numbers go up.As you slowly make your way to tougher levels, gaining additional cards that multiply said score while granting an array of often absurd bonuses, you'll immediately understand the appeal. Balatro is not about poker, nor is it just a roguelike. It's a numbers game where you can rig the rules in your favor. Its challenges are hypnotizing, but once you achieve victory for the first time, it'll take you a while to play anything else. See at Amazon Pacific DriveDeveloper: Ironwood StudiosRelease Date: February 22, 2024Platforms: PlayStation 5, PCPacific Drive is not technically a roguelite, even if it shares quite a few similarities in how you navigate its world, picking up key items and tackling objectives as you escape from weather anomalies from the inside of your car. The Endless Expeditions update, however, does push the game toward that direction.Released on April 3 of this year, Expeditions takes you outside of the campaign and into a randomized map with modifiers and rewards, the latter including cosmetics and unique tools. The trick is that you won't be able to stock up on resources, as you're forced to scavenge and build your inventory from scratch each time.Expeditions only end once you've collected enough anchors on a map. The longer this takes, however, the harder the task will become, with anomalies gearing up in difficulty. If you're looking for an extra challenge or an interesting twist on the Pacific Drive formula, Expeditions is the answer.Fanatical and GameSpot are both owned by Fandom. See at Fanatical Dead CellsDeveloper: Motion TwinRelease Date: August 6, 2018Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCDead Cells is one of the pioneers of the new wave of roguelites of the past few years. Ever since its conception, developer Motion Twin set out to build an ambitious foundation--prioritizing a breakneck rhythm and flow in movement and attacks, rewarding fast reflexes and improvisation on the spot.The team continued to work on the game over the years, delivering a total of 35 major updates, expanding and ironing out possibly every element inside out. If at some point you think the base game doesn't have enough to offer, there are five DLCs (one of them free), including the Return to Castlevania expansion. As it stands, there might never be another game like Dead Cells, and that's okay. We'll still be playing it for years to come, while also witnessing the team trying out new ideas, such as the co-op roguelite Windblown, which is an early access game to watch. See at Fanatical Deep Rock Galactic: SurvivorDeveloper: Funday GamesRelease Date: February 14, 2024Platforms: PCIf you're a Left 4 Dead 2 fan, chances are that you've heard of Deep Rock Galactic, which takes the structure of the zombie-driven shooter and takes it in a different direction, featuring dwarves in space, alien monsters, and destructible environments. Deep Rock Galactic: Survivor, however, takes things even further.Released in Steam early access back on February 14, 2024, you're taken onto increasingly harder levels where your dwarf of choice attacks automatically. The Survivor-like is presented in a top-down perspective, with the mining mechanic taking center stage to unlock upgrades during runs and improve your chances.There have been four sizable updates, but even in its infancy, developer Funday Games struck gold when mining for resources. The combination of its existing setting with the roguelike genre is an enticing one. See at Steam Hades 2Developer: Supergiant GamesRelease Date: May 6, 2024Platforms: PCDeveloper Supergiant Games has famously never done sequels before--until Hades 2. The sequel follows the events of the first game, in which Zagreus, son of the Greek god of the underworld, fought his way to the surface. Now, his sister Melinöe is tasked with defeating Chronos, the god of time itself, who's posing a threat unknown to everyone to this point.The roguelite is similar in nature to its predecessor, advancing the story with each victorious or failed run, gradually uncovering layer upon layer of new characters, powers to combine and grow stronger with, and even more features to further customize your experience. Hades 2 is still in early access, but there's a ridiculous amount of story and challenges to go through. Plus, the sequel is one of the first games confirmed for the Nintendo Switch 2. The 1.0 release date is yet to be confirmed, but Supergiant is targeting 2025. See at Steam Darkest Dungeon 2Developer: Red Hook StudiosRelease Date: May 8, 2024Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCDarkest Dungeon 2 entered early access in October 2021, with the full launch taking place on May 8. It had a tall order--surpassing the inimitable Darkest Dungeon, a tough roguelike centered around stress as a mechanic, with characters being driven mad or, on occasion, becoming inspired by the embrace of darkness and presence of heinous monsters.The sequel moves away from the structure of its predecessor, where you explored different biomes while managing resources and upgrading a home base. Now, it follows a structure similar to modern roguelite conventions, where you choose from different paths that are labeled with the rewards and challenges awaiting on the roads.While the combat shares some similarities, many new features shake up previous foundations, from playable origin stories for each hero to the affinity system, which takes the stress mechanic of the first game and adds a communal element to it by leading to different relationship archetypes between party members. Despite the change in presentation with more bells and whistles, Darkest Dungeon 2 retains the spirit of the first game--it's a visceral, tough-as-nails adventure that demands patience to overcome. See at Fanatical Rogue Legacy 2Developer: Cellar Door GamesRelease Date: April 28, 2022Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCWhen the original Rogue Legacy launched in 2013, its combination of metroidvania with roguelite elements was already promising. Yet, it pushed things further with a genius feature where, each time you die, one of your children succeeds you. The trick? Everybody has unique traits, from gigantism and baldness to color blindness and dyslexia, which would have gameplay impacts from the beneficial to the hilarious.Rogue Legacy 2 pushes the novelty with even more traits and classes, including a bard and a dragon lancer. The metroidvania aspect has also been improved with the addition of unique items that permanently unlock abilities to further explore the world and unveil its secrets. It's a sequel that successfully ticks every box a sequel must, and does so with a familiar grace and humor that still has a lot to offer over a decade later. See at Steam Spelunky 2Developer: Mossmouth and BlitWorksRelease Date: September 29, 2020Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCSpelunky is the classic go-to recommendation for a roguelike with ironclad design. The platformer with an Indiana Jones spirit made for one of the most challenging roguelites out there, requiring patience and the willingness to study every possible enemy pattern, trap, and miscalculation that can end your run, and then memorize it all for the next attempt.Spelunky 2 is a showcase of refinement upon refinement. Sure, it's touted with a bigger world with new areas to study, multiple routes to find and take advantage of, and an assortment of features meant to subvert long-standing fans' expectations. The sequel's greatest trick, however, is once again proving that meticulously thought design can elevate good ideas to admirable heights. The only way to improve is to keep trying, over and over, until surpassing the obstacles in your way becomes second nature. And then you get to do it all over again in the following area. See at Steam Slay the SpireDeveloper: Mega CritRelease Date: January 23, 2019Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCDeck-building has become a popular marriage candidate for roguelites, and Slay the Spire might be one of the games responsible for its popularity. The premise is simple: You pick a character who has a predefined card deck and jump into a procedurally generated run. The rewards, obstacles, and challenges roaming your chosen paths are always different, demanding different strategies.As you make your way through a game session, you'll collect more cards for your deck, slowly customizing the options available to fit different playstyles and adapt yourself to the danger at hand. Do you invest in dealing as much damage as possible, neglecting your defense? Do you try to come up with different synergies to create a jack-of-all-trades card deck? There's always something to learn and discover, and the number of combinations available to experiment with is seducingly daunting. The best part? There's a sequel in the works, slated for 2025. See at Steam Risk of Rain 2Developer: Hopoo GamesRelease Date: August 11, 2020Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCRisk of Rain 2 is one of the few roguelites that explored the idea of taking the often pixel art, 2D-driven presentations of the genre and experimenting with 3D instead. Taking the elements that made its predecessor great, from enemy design to the different survivors you control, the change of perspective led to a breath of fresh air in the genre, and one of the most entertaining online games out there.The 1.0 release on August 11, 2020 has been followed up with hefty updates and paid DLC since. You can spend hours just fooling around with friends and seeing how far you can go. Once you get invested in the game's most intricate secrets and mechanics, however, you'll find out that the thrill comes down to becoming an unstoppable force challenged by a dynamic difficulty meter that's constantly keeping you on your toes. The use of 3D, then, isn't a mere novelty--it literally shines a new light on what roguelites can achieve when looked at from a different perspective, adding a different sense of movement and scale to the usual roguelite chaos. See at Steam Crypt of the NecrodancerDeveloper: Brace Yourself GamesRelease Date: April 23, 2015Platforms: PlayStation 4, Xbox One, Nintendo Switch, Android, iOS, PCCrypt of the Necrodancer might be one of the oldest picks of our best roguelike games list, but the reason is simple: No other roguelite has managed to combine the genre conventions with the mechanics of a rhythm game to such success. Every movement and action in the game is tied to the beat of the soundtrack blasting in the background.Enemies have different patterns that you must learn, all while carefully moving on tiles as if you were tapping the floor with your foot following a song. Even if you're not rhythm game savvy, the mix of both genres is accommodating enough to make you a believer--right until you meet a dragon for the first time, that is. After the original release, Cadence of Hyrule followed up on the concept, with the studio collaborating with Nintendo for a different take on The Legend of Zelda. But Crypt of the Necrodancer remains a worthy rogue classic. See at Steam Into the BreachDeveloper: Subset GamesRelease Date: February 27, 2018Platforms: Nintendo Switch, Android, iOS, PCThe alien invasion grows in numbers. You must assemble a squad of a handful of units and try to beat the odds. When you inevitably meet your demise, the last person standing creates a rift and travels to a different timeline. Time to start again.Into the Breach has a steep learning curve. Its design conventions, however, make it worth the effort to learn how to best use the space given to you and how your units can counterattack the alien push. The game is clear about the consequences of your movements on each map grid--whether or not you'll be able to land an attack, if one of your mechs will be caught in a tidal wave or an enemy projectile, and so on.Often, playing the strategy roguelike feels like a series of elaborate board games, where you carefully move pieces and spend your time thinking of the best possible plan. When it all comes together, the satisfaction is unparalleled. But even when you fail and you're sent to another timeline to commence anew, there's a thrill in knowing that next time might be the one if you take the time to analyze your movements and execute with care.Into the Breach is also the rare game to receive a 10/10 from GameSpot. See at Steam Loop HeroDeveloper: Four QuartersRelease Date: March 4, 2021Platforms: Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCThe concept of loops and the repetitive nature of roguelites are a natural pairing. Loop Hero not only understands it, but extends it further by turning you into a dungeon master of sorts. You're given the choice of a hero and a map layout, as well as a deck of cards. You can place different types of terrain and structures, each having its own pros and cons. But you also need to place enemies, slowly making each loop--where the character walks a full cycle of the map--more intricate to navigate.The randomized nature of roguelites is heightened by giving you agency over the dangers that your hero will have to overcome. With a large number of unlockables to pursue after each session, as well as a captivating presentation, Loop Hero is one of the most inventive roguelites out there. See at Fanatical ReturnalDeveloper: HousemarqueRelease Date: April 30, 2021Platforms: PlayStation 5, PCHousemarque's expertise lies in games with an arcade nature, from Resogun to Nex Machina. At first glance, Returnal seems different--its presentation is powered by a level of production that screams AAA game. Initially introduced as a PlayStation 5 exclusive, the third-person shooter makes an interesting use of the roguelite concept, intertwining story events with each death. Similarly to Hades, meeting your demise rarely means taking a step back.Don't let its prestigious look deceive you, though--Returnal is the living proof of a modern arcade game, taking cues from the bullet hell genre. This means that you must be in constant movement, carefully timing dodges and narrow jumps to avoid a barrage of projectiles coming your way from all directions. A sequel is slated for 2026, but the first game deserves all of your attention. It's one of the best games in the PlayStation catalog, and a thrilling showcase of how a roguelite structure can inform a story, blending into one coexisting vehicle for a narrative that wouldn't work elsewhere. See at Fanatical Shogun ShowdownDeveloper: RoboatinoRelease Date: September 5, 2024Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCDeveloper Roboatino saw the synergy of roguelike and deck-building elements and decided to add turn-based combat to the mix. You command a lone hero who must take positioning and time into consideration to defeat multiple enemies and make it out unscathed.Using an inventive mechanic regarding the tiles you set foot on, Shogun Showdown hides a surprising level of depth, which you gradually uncover the more time you spend with it. You can upgrade and sacrifice different movements and skills in between battles, and as you die, you'll unlock new characters and attacks to experiment with. If you want to test the game's combat by yourself, there's a free prologue available on PC. See at Fanatical Blue PrinceDeveloper: DogubombRelease Date: April 10, 2025Platforms: PlayStation 5, Xbox Series X|S, PCIn Blue Prince, you're a fourteen-year-old boy next in line for an inheritance. The catch is that you first need to explore a manor that changes its inner structure each day, hiding access to the elusive room 46 somewhere within its bowels. Dogubomb's title is part puzzle game, part roguelite, part investigative game.When you start a new day, you're given a number of steps that you can take inside the manor. Upon interacting with a door, the game grants you a random selection of rooms, each containing a puzzle, resource items, or a clue to a larger mystery. Sometimes all three of them. The deeper you plunge into Blue Prince, the higher the chances of becoming engrossed by the sheer amount of layers upon layers of puzzles to solve. See at Fanatical Caves of QudDeveloper: Freehold GamesRelease Date: December 5, 2024Platforms: PCDevelopment for Caves of Qud began back in 2007, with the first public beta being released to the world in 2010. Then, after almost a decade in Steam early access, the game was fully launched on December 5, 2024. The science-fantasy roguelike is brimming with emergent stories, offering a deeply simulated world where you can shape the environment as you see fit, join one of over 70 factions, or simply get lost in the overwhelming number of possible actions and outcomes available.In Caves of Qud, every NPC and monster is as fully simulated as you, meaning that they all have their own skills, equipment, body parts, and levels. The body parts are important, as there are multiple mutations at play, from two heads to the power of cloning oneself. The sandbox nature and painstaking level of detail have added an unmatched identity to the roguelike over its long lifespan. Now, there's never been a better time to take a plunge and become a part of its labyrinthine systems and intricate synergies that are happening in the game without your input. See at Steam FTL: Faster Than LightDeveloper: Subset GamesRelease Date: September 14, 2021Platforms: iOS, PCCommanding a party is a classic go-to for roguelites. Being the captain of a spaceship where you must attend to your crew and rooms individually, however, is an idea that is still novel to this day. Before Into the Breach, developer Subset Games came up with a different adventure in outer space.Presented with randomly generated galaxies, you must pick different paths to warp to, taking care and managing your spaceship in your ventures. Everything from the state of the hull to the level of oxygen must be accounted for. While you might be lucky with the galaxy destinations you pick, your crew will inevitably have to confront other ships.It's during these moments that FTL: Faster Than Light showcases its exhilarating mix of mechanics, forcing you to act fast by putting up fires, deciding which rooms to open and which ones to close, and sending crew members to repair the ship, all while using similar strategies on the enemy at hand. There's no other game like FTL. See at Steam InscryptionDeveloper: Daniel Mullins GamesRelease Date: October 19, 2021Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, PCThe creator of the eerie Pony Island took a stab at the roguelike genre in 2021 with Inscryption. At first, you don't know where you are--all you can see is the inside of a dark cabin, and a strange figure that invites you to play a card game. The creepiness sets in more and more over time, as you use cards depicting animals that seem to be alive, trying to make progress in the game while also looking for an opportunity to try and figure out how to escape the cabin.Inscription has multiple twists that are best left as a secret. If you want a general indication of what to expect, however, this roguelike pulls you into an obscure setting that becomes darker the more time you spend with it, subverting existing genre conventions and familiar mechanics with a horror twist. See at Fanatical Dome KeeperDeveloper: BippinbitsRelease Date: September 27, 2022Platforms: PCDome Keeper is a great game for people who enjoy multitasking. As the name implies, you must protect a dome from enemy attacks. In order to do so, you must dig underneath the surface to search for resources and artifacts, which are used to choose upgrades and different ways to defend your base.Enemies won't just sit and wait, however. You only have a limited time to dig in between attack waves. Picking your upgrades carefully will make or break your chances of survival to gain another chance at plunging through the surface and build better defenses. Dome Keeper is an ambitious survival game that takes cue from roguelikes and tower defense games to create a different kind of challenge to overcome. See at Fanatical Monster TrainDeveloper: Shiny ShoeRelease Date: May 20, 2020Platforms: PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, iOS, PCMonster Train is the distant cousin of Slay the Spire. You're given a deck of cards that you slowly grow during runs, as well as different paths to choose from. The twist is how combat encounters are structured, turning elements like positioning and card strategies on their head.Whenever you face enemies, you're presented with a large vertical structure that has three play fields. You must carefully plan where to place your cards to defend the train's core. It's an idea that's pushed to its limit time and time again with the cards available and the ways in which enemies can also strategize around your defenses. Monster Train is a prime example of how much innovation is still in the genre. See at Fanatical Vampire SurvivorsDeveloper: PoncleRelease Date: October 20, 2022Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, Nintendo Switch, Android, iOS, PCTaking inspiration from a mobile game called Magic Survival, in which the main character attacked automatically without the player's input, developer Poncle leaned on a fascination for Castlevania's aesthetic to iterate on the concept. The simple idea led to an absurd amount of characters, levels, and items to unlock--including, of course, an official collaboration with Konami to include more than just indirect references to the Castlevania series.Playing a Vampire Survivors stage can last anything from 15 to 20 or 30 minutes--if you can survive long enough with the items you've acquired. Even if you fail, however, you're constantly unlocking items, characters, and stages to explore in subsequent runs. It's a game that's best described as a Pandora's Box equivalent. Especially considering the chaos that it will likely inflict on your schedule. See at Steam Hitman World of Assassination: Freelancer ModeDeveloper: IO InteractiveRelease Date: January 26, 2023Platforms: PlayStation 4, PlayStation 5, Xbox One, Xbox Series X|S, PCThe Hitman series has always excelled in presenting puzzle boxes that double down as playgrounds to blend in, follow your target, and take them down in increasingly ridiculous ways. Freelancer Mode, introduced to Hitman World of Assassination on January 26, 2023, adds a different spin to the premise with a persistent and highly replayable experience.In this mode, targets are always random, and you're given access to different bonus objectives. Making use of a hub exclusive to Freelancer, Agent 47 must choose a crime syndicate to pursue, which sets the mood of the campaign, and then get started without any equipment or weapons. If you've already mastered the classic Hitman levels or you just want a different, ridiculously polished roguelike experience, Freelancer Mode is a distinct and ambitious take on the genre. Worth mentioning that Hitman World of Assassination is also slated to launch on Nintendo Switch 2. See at Steam InkboundDeveloper: Shiny ShoeRelease Date: April 9, 2024Platforms: PCFrom the makers of Monster Train comes Inkbound, a turn-based tactical roguelike that offers co-op, and synergies that are heightened by coordinating with others online. Players can move freely and act simultaneously in multiplayer, picking from eight different classes to try out different combinations.There's also a deck-building element of sorts involved in the vein of draftable abilities, upgrades, and an array of items to use in-game. It's an intriguing blend of genres that might take some time to get used to. Once things click, however, you and the rest of the party will be working in tandem to see how far you can push your strategies. See at Steam God of War Ragnarok: ValhallaDeveloper: Santa Monica StudiosRelease Date: December 12, 2023Platforms: PlayStation 4, PlayStation 5, PCGod of War Ragnarok is a behemoth of an action-RPG, featuring a lengthy campaign across open areas with side quests, collectibles, and dozens of corners to explore. If you're looking for a break from the main story or just want to try a new roguelite that elevates some of the game's strengths in a different structure, the free Valhalla DLC is a must play.Taking place after the events of the main story (although you can jump into it at any point from the main menu without worrying about spoilers of the main campaign), Valhalla has Kratos going through a series of punishing trials, which slowly serve as a therapy session of sorts as he reminiscences of the events that happened during the original trilogy of God of War games.The bite-sized rendition of combat encounters shines a different light on combat mechanics that you may already be familiar with. And, taking cues from the likes of Hades and Returnal, each death pushes the story forward in meaningful ways. Valhalla is a rare combination of genres that shouldn't work as well as they do, and it deserves your time before the next adventure of Kratos inevitably rolls in. See at Fanatical NoitaDeveloper: Nolla GamesRelease Date: October 15, 2020Platforms: PCAfter a short early access period in 2019, Noita was fully released in October 2020, and provided an escape from the horrors of that year with, well, more horrors. Its punishing difficulty and procedurally-generated worlds provide deep and engaging gameplay. Noita places you in the shoes of a wand-wielding alchemist navigating a deadly, destructible world. The seemingly simple pixel art style leads to complexity where water flows, acid burns, fire spreads, and cave-ins can be triggered by a single misplaced explosive.Unlike many roguelikes that focus on stat-based progression, Noita appeals to player creativity and experimentation. The game's wand crafting system is a particular highlight, allowing you to mix and match spells, modifiers, and triggers to create devastating effects or strange contraptions that alter the way the game plays with every decision. The fun of Noita is learning how to break it in delightfully chaotic ways. This customization means each run feels unique, not just because of the randomized levels, but because the tools at your disposal and the way you choose to implement them define each playthrough. Noita is deeper than it first appears, with plenty of secrets and mysteries to uncover. Its expansive hidden world and lore begs to be uncovered, and the community engagement and conversation around it continues even half a decade on from its release. Experiment with fire, mess around with slime, and Noita will reward your curiosity. You'll find that, most of the time, death in Noita stems from your own creation, giving the game a cruel sense of irony and punishment. Despite that, or perhaps even because of that, Noita is a beautiful experience. See at Steam

Published June 15, 2025 10:00am EDT close IPhone users instructed to take immediate action to avoid data breach: 'Urgent threat' Kurt 'The CyberGuy' Knutsson discusses Elon Musk's possible priorities as he exits his role with the White House and explains the urgent warning for iPhone users to update devices after a 'massive security gap.' NEWYou can now listen to Fox News articles! In the past decade, healthcare data has become one of the most sought-after targets in cybercrime. From insurers to clinics, every player in the ecosystem handles some form of sensitive information. However, breaches do not always originate from hospitals or health apps. Increasingly, patient data is managed by third-party vendors offering digital services such as scheduling, billing and marketing. One such breach at a digital marketing agency serving dental practices recently exposed approximately 2.7 million patient profiles and more than 8.8 million appointment records.Sign up for my FREE CyberGuy ReportGet my best tech tips, urgent security alerts, and exclusive deals delivered straight to your inbox. Plus, you’ll get instant access to my Ultimate Scam Survival Guide — free when you join. Illustration of a hacker at work   (Kurt "CyberGuy" Knutsson)Massive healthcare data leak exposes millions: What you need to knowCybernews researchers have discovered a misconfigured MongoDB database exposing 2.7 million patient profiles and 8.8 million appointment records. The database was publicly accessible online, unprotected by passwords or authentication protocols. Anyone with basic knowledge of database scanning tools could have accessed it.The exposed data included names, birthdates, addresses, emails, phone numbers, gender, chart IDs, language preferences and billing classifications. Appointment records also contained metadata such as timestamps and institutional identifiers.MASSIVE DATA BREACH EXPOSES 184 MILLION PASSWORDS AND LOGINSClues within the data structure point toward Gargle, a Utah-based company that builds websites and offers marketing tools for dental practices. While not a confirmed source, several internal references and system details suggest a strong connection. Gargle provides appointment scheduling, form submission and patient communication services. These functions require access to patient information, making the firm a likely link in the exposure.After the issue was reported, the database was secured. The duration of the exposure remains unknown, and there is no public evidence indicating whether the data was downloaded by malicious actors before being locked down.We reached out to Gargle for a comment but did not hear back before our deadline. A healthcare professional viewing heath data      (Kurt "CyberGuy" Knutsson)How healthcare data breaches lead to identity theft and insurance fraudThe exposed data presents a broad risk profile. On its own, a phone number or billing record might seem limited in scope. Combined, however, the dataset forms a complete profile that could be exploited for identity theft, insurance fraud and targeted phishing campaigns.Medical identity theft allows attackers to impersonate patients and access services under a false identity. Victims often remain unaware until significant damage is done, ranging from incorrect medical records to unpaid bills in their names. The leak also opens the door to insurance fraud, with actors using institutional references and chart data to submit false claims.This type of breach raises questions about compliance with the Health Insurance Portability and Accountability Act, which mandates strong security protections for entities handling patient data. Although Gargle is not a healthcare provider, its access to patient-facing infrastructure could place it under the scope of that regulation as a business associate. A healthcare professional working on a laptop   (Kurt "CyberGuy" Knutsson)5 ways you can stay safe from healthcare data breachesIf your information was part of the healthcare breach or any similar one, it’s worth taking a few steps to protect yourself.1. Consider identity theft protection services: Since the healthcare data breach exposed personal and financial information, it’s crucial to stay proactive against identity theft. Identity theft protection services offer continuous monitoring of your credit reports, Social Security number and even the dark web to detect if your information is being misused. These services send you real-time alerts about suspicious activity, such as new credit inquiries or attempts to open accounts in your name, helping you act quickly before serious damage occurs. Beyond monitoring, many identity theft protection companies provide dedicated recovery specialists who assist you in resolving fraud issues, disputing unauthorized charges and restoring your identity if it’s compromised. See my tips and best picks on how to protect yourself from identity theft.2. Use personal data removal services: The healthcare data breach leaks loads of information about you, and all this could end up in the public domain, which essentially gives anyone an opportunity to scam you.  One proactive step is to consider personal data removal services, which specialize in continuously monitoring and removing your information from various online databases and websites. While no service promises to remove all your data from the internet, having a removal service is great if you want to constantly monitor and automate the process of removing your information from hundreds of sites continuously over a longer period of time. Check out my top picks for data removal services here. GET FOX BUSINESS ON THE GO BY CLICKING HEREGet a free scan to find out if your personal information is already out on the web3. Have strong antivirus software: Hackers have people’s email addresses and full names, which makes it easy for them to send you a phishing link that installs malware and steals all your data. These messages are socially engineered to catch them, and catching them is nearly impossible if you’re not careful. However, you’re not without defenses.The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.4. Enable two-factor authentication: While passwords weren’t part of the data breach, you still need to enable two-factor authentication (2FA). It gives you an extra layer of security on all your important accounts, including email, banking and social media. 2FA requires you to provide a second piece of information, such as a code sent to your phone, in addition to your password when logging in. This makes it significantly harder for hackers to access your accounts, even if they have your password. Enabling 2FA can greatly reduce the risk of unauthorized access and protect your sensitive data.5. Be wary of mailbox communications: Bad actors may also try to scam you through snail mail. The data leak gives them access to your address. They may impersonate people or brands you know and use themes that require urgent attention, such as missed deliveries, account suspensions and security alerts. Kurt’s key takeawayIf nothing else, this latest leak shows just how poorly patient data is being handled today. More and more, non-medical vendors are getting access to sensitive information without facing the same rules or oversight as hospitals and clinics. These third-party services are now a regular part of how patients book appointments, pay bills or fill out forms. But when something goes wrong, the fallout is just as serious. Even though the database was taken offline, the bigger problem hasn't gone away. Your data is only as safe as the least careful company that gets access to it.CLICK HERE TO GET THE FOX NEWS APPDo you think healthcare companies are investing enough in their cybersecurity infrastructure? Let us know by writing us at Cyberguy.com/ContactFor more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/NewsletterAsk Kurt a question or let us know what stories you'd like us to coverFollow Kurt on his social channelsAnswers to the most asked CyberGuy questions:New from Kurt:Copyright 2025 CyberGuy.com.  All rights reserved.   Kurt "CyberGuy" Knutsson is an award-winning tech journalist who has a deep love of technology, gear and gadgets that make life better with his contributions for Fox News & FOX Business beginning mornings on "FOX & Friends." Got a tech question? Get Kurt’s free CyberGuy Newsletter, share your voice, a story idea or comment at CyberGuy.com.

Jun 16, 2025Ravie LakshmananMalware / DevOps Cybersecurity researchers have discovered a malicious package on the Python Package Index (PyPI) repository that's capable of harvesting sensitive developer-related information, such as credentials, configuration data, and environment variables, among others. The package, named chimera-sandbox-extensions, attracted 143 downloads and likely targets users of a service called Chimera Sandbox, which was released by Singaporean tech company Grab last August to facilitate "experimentation and development of [machine learning] solutions." The package masquerades as a helper module for Chimera Sandbox, but "aims to steal credentials and other sensitive information such as Jamf configuration, CI/CD environment variables, AWS tokens, and more," JFrog security researcher Guy Korolevski said in a report published last week. Once installed, it attempts to connect to an external domain whose domain name is generated using a domain generation algorithm (DGA) in order to download and execute a next-stage payload. Specifically, the malware acquires from the domain an authentication token, which is then used to send a request to the same domain and retrieve the Python-based information stealer. The stealer malware is equipped to siphon a wide range of data from infected machines. This includes - JAMF receipts, which are records of software packages installed by Jamf Pro on managed computers Pod sandbox environment authentication tokens and git information CI/CD information from environment variables Zscaler host configuration Amazon Web Services account information and tokens Public IP address General platform, user, and host information The kind of data gathered by the malware shows that it's mainly geared towards corporate and cloud infrastructure. In addition, the extraction of JAMF receipts indicates that it's also capable of targeting Apple macOS systems. The collected information is sent via a POST request back to the same domain, after which the server assesses if the machine is a worthy target for further exploitation. However, JFrog said it was unable to obtain the payload at the time of analysis. "The targeted approach employed by this malware, along with the complexity of its multi-stage targeted payload, distinguishes it from the more generic open-source malware threats we have encountered thus far, highlighting the advancements that malicious packages have made recently," Jonathan Sar Shalom, director of threat research at JFrog Security Research team, said. "This new sophistication of malware underscores why development teams remain vigilant with updates—alongside proactive security research – to defend against emerging threats and maintain software integrity." The disclosure comes as SafeDep and Veracode detailed a number of malware-laced npm packages that are designed to execute remote code and download additional payloads. The packages in question are listed below - eslint-config-airbnb-compat (676 Downloads) ts-runtime-compat-check (1,588 Downloads) solders (983 Downloads) @mediawave/lib (386 Downloads) All the identified npm packages have since been taken down from npm, but not before they were downloaded hundreds of times from the package registry. SafeDep's analysis of eslint-config-airbnb-compat found that the JavaScript library has ts-runtime-compat-check listed as a dependency, which, in turn, contacts an external server defined in the former package ("proxy.eslint-proxy[.]site") to retrieve and execute a Base64-encoded string. The exact nature of the payload is unknown. "It implements a multi-stage remote code execution attack using a transitive dependency to hide the malicious code," SafeDep researcher Kunal Singh said. Solders, on the other hand, has been found to incorporate a post-install script in its package.json, causing the malicious code to be automatically executed as soon as the package is installed. "At first glance, it's hard to believe that this is actually valid JavaScript," the Veracode Threat Research team said. "It looks like a seemingly random collection of Japanese symbols. It turns out that this particular obfuscation scheme uses the Unicode characters as variable names and a sophisticated chain of dynamic code generation to work." Decoding the script reveals an extra layer of obfuscation, unpacking which reveals its main function: Check if the compromised machine is Windows, and if so, run a PowerShell command to retrieve a next-stage payload from a remote server ("firewall[.]tel"). This second-stage PowerShell script, also obscured, is designed to fetch a Windows batch script from another domain ("cdn.audiowave[.]org") and configures a Windows Defender Antivirus exclusion list to avoid detection. The batch script then paves the way for the execution of a .NET DLL that reaches out to a PNG image hosted on ImgBB ("i.ibb[.]co"). "[The DLL] is grabbing the last two pixels from this image and then looping through some data contained elsewhere in it," Veracode said. "It ultimately builds up in memory YET ANOTHER .NET DLL." Furthermore, the DLL is equipped to create task scheduler entries and features the ability to bypass user account control (UAC) using a combination of FodHelper.exe and programmatic identifiers (ProgIDs) to evade defenses and avoid triggering any security alerts to the user. The newly-downloaded DLL is Pulsar RAT, a "free, open-source Remote Administration Tool for Windows" and a variant of the Quasar RAT. "From a wall of Japanese characters to a RAT hidden within the pixels of a PNG file, the attacker went to extraordinary lengths to conceal their payload, nesting it a dozen layers deep to evade detection," Veracode said. "While the attacker's ultimate objective for deploying the Pulsar RAT remains unclear, the sheer complexity of this delivery mechanism is a powerful indicator of malicious intent." Crypto Malware in the Open-Source Supply Chain The findings also coincide with a report from Socket that identified credential stealers, cryptocurrency drainers, cryptojackers, and clippers as the main types of threats targeting the cryptocurrency and blockchain development ecosystem. Some of the examples of these packages include - express-dompurify and pumptoolforvolumeandcomment, which are capable of harvesting browser credentials and cryptocurrency wallet keys bs58js, which drains a victim's wallet and uses multi-hop transfers to obscure theft and frustrate forensic tracing. lsjglsjdv, asyncaiosignal, and raydium-sdk-liquidity-init, which functions as a clipper to monitor the system clipboard for cryptocurrency wallet strings and replace them with threat actor‑controlled addresses to reroute transactions to the attackers "As Web3 development converges with mainstream software engineering, the attack surface for blockchain-focused projects is expanding in both scale and complexity," Socket security researcher Kirill Boychenko said. "Financially motivated threat actors and state-sponsored groups are rapidly evolving their tactics to exploit systemic weaknesses in the software supply chain. These campaigns are iterative, persistent, and increasingly tailored to high-value targets." AI and Slopsquatting The rise of artificial intelligence (AI)-assisted coding, also called vibe coding, has unleashed another novel threat in the form of slopsquatting, where large language models (LLMs) can hallucinate non-existent but plausible package names that bad actors can weaponize to conduct supply chain attacks. Trend Micro, in a report last week, said it observed an unnamed advanced agent "confidently" cooking up a phantom Python package named starlette-reverse-proxy, only for the build process to crash with the error "module not found." However, should an adversary upload a package with the same name on the repository, it can have serious security consequences. Furthermore, the cybersecurity company noted that advanced coding agents and workflows such as Claude Code CLI, OpenAI Codex CLI, and Cursor AI with Model Context Protocol (MCP)-backed validation can help reduce, but not completely eliminate, the risk of slopsquatting. "When agents hallucinate dependencies or install unverified packages, they create an opportunity for slopsquatting attacks, in which malicious actors pre-register those same hallucinated names on public registries," security researcher Sean Park said. "While reasoning-enhanced agents can reduce the rate of phantom suggestions by approximately half, they do not eliminate them entirely. Even the vibe-coding workflow augmented with live MCP validations achieves the lowest rates of slip-through, but still misses edge cases." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

While IO Interactive may be heavily focused on its inaugural James Bond game, 2026’s 007 First Light, it’s still providing ambitious new levels and updates for Hitman: World of Assassination and its new science fiction action game MindsEye. To continue to build hype for First Light and IOI’s growing partnership with the James Bond brand, the latest World of Assassination level is a Bond crossover, as Hitman protagonist Agent 47 targets Le Chiffre, the main villain of the 2006 movie Casino Royale. Available through July 6, 2025, the Le Chiffre event in World of Assassination features actor Mads Mikkelsen reprising his fan-favorite Bond villain role, not only providing his likeness but voicing the character as he confronts the contract killer in France. Den of Geek attended the first-ever in-person IO Interactive Showcase, a partner event with Summer Game Fest held at The Roosevelt Hotel in Hollywood. Mikkelsen and the developers shared insight on the surprise new World of Assassination level, with the level itself playable in its entirety to attendees on the Nintendo Switch 2 and PlayStation Portal. The developers also included an extended gameplay preview for MindsEye, ahead of its June 10 launch, while sharing some details about the techno-thriller. Matching his background from Casino Royale, Le Chiffre is a terrorist financier who manipulates the stock market by any means necessary to benefit himself and his clients. After an investment deal goes wrong, Le Chiffre tries to recoup a brutal client’s losses through a high-stakes poker game in France, with Agent 47 hired to assassinate the criminal mastermind on behalf of an unidentified backer. The level opens with 47 infiltrating a high society gala linked to the poker game, with the contract killer entering under his oft-used assumed name of Tobias Rieper, a facade that Le Chiffre immediately sees through. At the IO Interactive Showcase panel, Mikkelsen observed that the character of Le Chiffre is always one that he enjoyed and held a special place for him and his career. Reprising his villainous role also gave Mikkelsen the chance to reunite with longtime Agent 47 voice actor David Bateson since their ‘90s short film Tom Merritt, though both actors recorded their respective lines separately. Mikkelsen enjoyed that Le Chiffre’s appearance in World of Assassination gave him a more physical role than he had in Casino Royale, rather than largely placing him at a poker table. Of course, like most Hitman levels, there are multiple different ways that players can accomplish their main objective of killing Le Chiffre and escaping the premises. The game certainly gives players multiple avenues to confront the evil financier over a game of poker before closing in for the kill, but it’s by no means the only way to successfully assassinate him. We won’t give away how we ultimately pulled off the assassination, but rest assured that it took multiple tries, careful plotting, and with all the usual trial-and-error that comes from playing one of Hitman’s more difficult and immersively involved levels. Moving away from its more grounded action titles, IO Interactive also provided a deeper look at its new sci-fi game MindsEye, developed by Build a Rocket Boy. Set in the fictional Redrock City, the extended gameplay sneak peek at the showcase featured protagonist Adam Diaz fighting shadowy enemies in the futuristic city’s largely abandoned streets. While there were no hands-on demos at the showcase itself, the preview demonstrated Diaz using his abilities and equipment, including an accompanying drone, to navigate the city from a third-person perspective and use an array of weapons to dispatch those trying to hunt him down. MindsEye marks the first game published through IOI Partners, an initiative that has IOI publish games from smaller, external developers. The game did not have a hands-on demo at the showcase and, given its bug-heavy and poorly-received launch, this distinction is not particularly surprising. Build a Robot Boy has since pledged to support the game through June to fix its technical issues but, given the game’s hands-on access at the IOI Showcase, there were already red flags surrounding the game’s performance. With that in mind, most of the buzz at the showcase was unsurprisingly centered around 007 First Light and updates to Hitman: World of Assassination, and IO Interactive did not disappoint in that regard. Even with Hitman: World of Assassination over four years old now, the game continues to receive impressive post-release support from IO Interactive, both in bringing the title to the Nintendo Switch 2 and with additional DLC. At the showcase, IOI hinted at additional special levels for World of Assassintation with high-profile guest targets like Le Chiffre, without identifying who or if they’re also explicitly tied to the James Bond franchise. But with 007 First Light slated for its eagerly anticipated launch next year, it’s a safe bet that IOI has further plans to hype its own role in building out the James Bond legacy for the foreseeable future. The Hitman: World of Assassination special Le Chiffre level is available now through July 6, 2025 on all the game’s major platforms, including the Nintendo Switch 2. MindsEye is now on sale for PlayStation 5, Xbox Series X|S, and PC.

Whether you’re an advertiser or a publisher, partnering up with the right programmatic video advertising platform is one of the most important business decisions you can make. More than half of U.S. marketing budgets are now devoted to programmatically purchased media, and there’s no indication that trend will reverse any time soon.Everybody wants to find the solution that’s best for their bottom line. However, the specific considerations that should go into choosing the right video programmatic advertising solution differ depending on whether you have supply to sell or are looking for an audience for your advertisements. This article will break down key factors for both mobile advertisers and mobile publishers to keep in mind as they search for a programmatic video advertising platform.Before we get into the specifics on either end, let’s recap the basic concepts.What is a programmatic video advertising platform?A programmatic video advertising platform combines tools, processes, and marketplaces to place video ads from advertising partners in ad placements furnished by publishing partners. The “programmatic” part of the term means that it’s all done procedurally via automated tools, integrating with demand side platforms and supply side platforms to allow advertising placements to be bid upon, selected, and displayed in fractions of a second.If a mobile game has ever offered you extra rewards for watching a video and you found yourself watching an ad for a related game a split second later, you’ve likely been on the user side of an advertising programmatic transaction. Now let’s take a look at what considerations make for the ideal programmatic video advertising platform for the other two main parties involved.4 points to help advertisers choose the best programmatic platformLooking for the best way to leverage your video demand side platform? These are four key points for advertisers to consider when trying to find the right programmatic video advertising platform.A large, engaged audienceOne of the most important things a programmatic video advertising platform can do for advertisers is put their creative content in front of as many people as possible. However, it’s not enough to just pass your content in front of the most eyeballs. It’s equally important for the platform to give you access to engaged audiences who are more likely to convert so you can make the most of your advertising dollar.Full-screen videos to grab attentionYou need every advantage you can get when you’re grappling for the attention of a busy mobile user. Your video demand side platform should prioritize full-screen takeovers when and where they make sense, making sure your content isn’t just playing unnoticed on the far side of the screen.A range of ad options that are easy to testYour video programmatic advertising partner should be able to offer a broad variety of creative and placement options, including interstitial and rewarded ads. It should also enable you to test, iterate, and optimize ads as soon as they’re put into rotation, ensuring your ad spend is meeting your targets and allowing for fast and flexible changes if needed.Simple access to supplyEven the most powerful programmatic video advertising platform is no good if it’s impractical to get running. Look for partners that allows instant access to supply through tried-and-true platforms like Google Display & Video 360, Magnite, and others. On top of that, you should seek out a private exchange to ensure access to premium inventory.4 points for publishers in search of the best programmatic platformYou work hard to make the best apps for your users, and you deserve to partner up with a programmatic video advertising platform that works hard too. Serving video ads that both keep users engaged and your profits rising can be a tricky needle to thread, but the right platform should make your part of the process simple and effective.A large selection of advertisersEncountering the same ads over and over again can get old fast — and diminish engagement. On top of that, a small selection of advertisers means fewer chances for your users to connect with an ad and convert — which means less revenue, too. The ideal programmatic video advertising platform will partner with thousands of advertisers to fill your placements with fresh, engaging content.Rewarded videos and offerwallsInterstitial video ads aren’t likely to disappear any time soon, but players strongly prefer other means of advertisement. In fact, 76% of US mobile gamers say they prefer rewarded videos over interstitial ads. Giving players the choice of when to watch ads, with the inducement of in-game rewards, can be very powerful — and an offerwall is another powerful way to put the ball in your player’s court.Easy supply-side SDK integrationThe time your developers spend integrating a new video programmatic advertising solution into your apps is time they could have spent making those apps more engaging for users. While any backend adjustment will naturally take some time to implement, your new programmatic partner should offer a powerful, industry-standard SDK to make the process fast and non-disruptive.Support for programmatic mediationMediators such as LevelPlay by ironSource automatically prioritize ad demand from multiple third-party networks, optimizing your cash flow and reducing work on your end. Your programmatic video advertising platform should seamlessly integrate with mediators to make the most of each ad placement, every time.Pick a powerful programmatic partnerThankfully, advertisers and publishers alike can choose one solution that checks all the above boxes and more. For advertisers, the ironSource Programmatic Marketplace will connect you with targeted audiences in thousands of apps that gel with your brand. For publishers, ironSource’s marketplace means a massive selection of ads that your users and your bottom line will love.

Outdated coding practices and memory-unsafe languages like C are putting software, including cryptographic libraries, at risk. Fortunately, memory-safe languages like Rust, along with formal verification tools, are now mature enough to be used at scale, helping prevent issues like crashes, data corruption, flawed implementation, and side-channel attacks. To address these vulnerabilities and improve memory safety, we’re rewriting SymCrypt (opens in new tab)—Microsoft’s open-source cryptographic library—in Rust. We’re also incorporating formal verification methods. SymCrypt is used in Windows, Azure Linux, Xbox, and other platforms. Currently, SymCrypt is primarily written in cross-platform C, with limited use of hardware-specific optimizations through intrinsics (compiler-provided low-level functions) and assembly language (direct processor instructions). It provides a wide range of algorithms, including AES-GCM, SHA, ECDSA, and the more recent post-quantum algorithms ML-KEM and ML-DSA.  Formal verification will confirm that implementations behave as intended and don’t deviate from algorithm specifications, critical for preventing attacks. We’ll also analyze compiled code to detect side-channel leaks caused by timing or hardware-level behavior. Proving Rust program properties with Aeneas Program verification is the process of proving that a piece of code will always satisfy a given property, no matter the input. Rust’s type system profoundly improves the prospects for program verification by providing strong ownership guarantees, by construction, using a discipline known as “aliasing xor mutability”. For example, reasoning about C code often requires proving that two non-const pointers are live and non-overlapping, a property that can depend on external client code. In contrast, Rust’s type system guarantees this property for any two mutably borrowed references. As a result, new tools have emerged specifically for verifying Rust code. We chose Aeneas (opens in new tab) because it helps provide a clean separation between code and proofs. Developed by Microsoft Azure Research in partnership with Inria, the French National Institute for Research in Digital Science and Technology, Aeneas connects to proof assistants like Lean (opens in new tab), allowing us to draw on a large body of mathematical proofs—especially valuable given the mathematical nature of cryptographic algorithms—and benefit from Lean’s active user community. Compiling Rust to C supports backward compatibility   We recognize that switching to Rust isn’t feasible for all use cases, so we’ll continue to support, extend, and certify C-based APIs as long as users need them. Users won’t see any changes, as Rust runs underneath the existing C APIs. Some users compile our C code directly and may rely on specific toolchains or compiler features that complicate the adoption of Rust code. To address this, we will use Eurydice (opens in new tab), a Rust-to-C compiler developed by Microsoft Azure Research, to replace handwritten C code with C generated from formally verified Rust. Eurydice (opens in new tab) compiles directly from Rust’s MIR intermediate language, and the resulting C code will be checked into the SymCrypt repository alongside the original Rust source code. As more users adopt Rust, we’ll continue supporting this compilation path for those who build SymCrypt from source code but aren’t ready to use the Rust compiler. In the long term, we hope to transition users to either use precompiled SymCrypt binaries (via C or Rust APIs), or compile from source code in Rust, at which point the Rust-to-C compilation path will no longer be needed. Microsoft research podcast Ideas: AI and democracy with Madeleine Daepp and Robert Osazuwa Ness As the “biggest election year in history” comes to an end, researchers Madeleine Daepp and Robert Osazuwa Ness and Democracy Forward GM Ginny Badanes discuss AI’s impact on democracy, including the tech’s use in Taiwan and India. Listen now Opens in a new tab Timing analysis with Revizor  Even software that has been verified for functional correctness can remain vulnerable to low-level security threats, such as side channels caused by timing leaks or speculative execution. These threats operate at the hardware level and can leak private information, such as memory load addresses, branch targets, or division operands, even when the source code is provably correct.  To address this, we’re extending Revizor (opens in new tab), a tool developed by Microsoft Azure Research, to more effectively analyze SymCrypt binaries. Revizor models microarchitectural leakage and uses fuzzing techniques to systematically uncover instructions that may expose private information through known hardware-level effects.   Earlier cryptographic libraries relied on constant-time programming to avoid operations on secret data. However, recent research has shown that this alone is insufficient with today’s CPUs, where every new optimization may open a new side channel.  By analyzing binary code for specific compilers and platforms, our extended Revizor tool enables deeper scrutiny of vulnerabilities that aren’t visible in the source code. Verified Rust implementations begin with ML-KEM This long-term effort is in alignment with the Microsoft Secure Future Initiative and brings together experts across Microsoft, building on decades of Microsoft Research investment in program verification and security tooling. A preliminary version of ML-KEM in Rust is now available on the preview feature/verifiedcrypto (opens in new tab) branch of the SymCrypt repository. We encourage users to try the Rust build and share feedback (opens in new tab). Looking ahead, we plan to support direct use of the same cryptographic library in Rust without requiring C bindings.  Over the coming months, we plan to rewrite, verify, and ship several algorithms in Rust as part of SymCrypt. As our investment in Rust deepens, we expect to gain new insights into how to best leverage the language for high-assurance cryptographic implementations with low-level optimizations.  As performance is key to scalability and sustainability, we’re holding new implementations to a high bar using our benchmarking tools to match or exceed existing systems. Looking forward  This is a pivotal moment for high-assurance software. Microsoft’s investment in Rust and formal verification presents a rare opportunity to advance one of our key libraries. We’re excited to scale this work and ultimately deliver an industrial-grade, Rust-based, FIPS-certified cryptographic library. Opens in a new tab

In a nutshell: As nations set ever more ambitious targets for renewable energy and electrification, the humble high-voltage cable has emerged as a linchpin – and a potential chokepoint – in the race to decarbonize the global economy. A Bloomberg interview with Claes Westerlind, CEO of NKT, a leading cable manufacturer based in Denmark, explains why. A global surge in demand for high-voltage electricity cables is threatening to stall the clean energy revolution, as the world's ability to build new wind farms, solar plants, and cross-border power links increasingly hinges on a supply chain bottleneck few outside the industry have considered. At the center of this challenge is the complex, capital-intensive process of manufacturing the giant cables that transport electricity across hundreds of miles, both over land and under the sea. Despite soaring demand, cable manufacturers remain cautious about expanding capacity, raising questions about whether the pace of electrification can keep up with climate ambitions, geopolitical tensions, and the practical realities of industrial investment. High-voltage cables are the arteries of modern power grids, carrying electrons from remote wind farms or hydroelectric dams to the cities and industries that need them. Unlike the thin wires that run through a home's walls, these cables are engineering marvels – sometimes as thick as a person's torso, armored to withstand the crushing pressure of the ocean floor, and designed to last for decades under extreme electrical and environmental stress. "If you look at the very high voltage direct current cable, able to carry roughly two gigawatts through two pairs of cables – that means that the equivalent of one nuclear power reactor is flowing through one cable," Westerlind told Bloomberg. The process of making these cables is as specialized as it is demanding. At the core is a conductor, typically made of copper or aluminum, twisted together like a rope for flexibility and strength. Around this, manufacturers apply multiple layers of insulation in towering vertical factories to ensure the cable remains perfectly round and can safely contain the immense voltages involved. Any impurity in the insulation, even something as small as an eyelash, can cause catastrophic failure, potentially knocking out power to entire cities. // Related Stories As the world rushes to harness new sources of renewable energy, the demand for high-voltage direct current (HVDC) cables has skyrocketed. HVDC technology, initially pioneered by NKT in the 1950s, has become the backbone of long-distance power transmission, particularly for offshore wind farms and intercontinental links. In recent years, approximately 80 to 90 percent of new large-scale cable projects have utilized HVDC, reflecting its efficiency in transmitting electricity over vast distances with minimal losses. But this surge in demand has led to a critical bottleneck. Factories that produce these cables are booked out for years, Westerlind reports, and every project requires custom engineering to match the power needs, geography, and environmental conditions of its route. According to the International Energy Agency, meeting global clean energy goals will require building the equivalent of 80 million kilometers (around 49.7 million miles) of new grid infrastructure by 2040 – essentially doubling what has been constructed over the past century, but in just 15 years. Despite the clear need, cable makers have been slow to add capacity due to reasons that are as much economic and political as technical. Building a new cable factory can cost upwards of a billion euros, and manufacturers are wary of making such investments without long-term commitments from utilities or governments. "For a company like us to do investments in the realm of €1 or 2 billion, it's a massive commitment... but it's also a massive amount of demand that is needed for this investment to actually make financial sense over the next not five years, not 10 years, but over the next 20 to 30 years," Westerlind said. The industry still bears scars from a decade ago, when anticipated demand failed to materialize and expensive new facilities sat underused. Some governments and transmission system operators are trying to break the logjam by making "anticipatory investments" – committing to buy cable capacity even before specific projects are finalized. This approach, backed by regulators, gives manufacturers the confidence to expand, but it remains the exception rather than the rule. Meanwhile, the industry's structure itself creates barriers to rapid expansion, according to Westerlind. The expertise, technology, and infrastructure required to make high-voltage cables are concentrated in a handful of companies, creating what analysts describe as a "deep moat" that is difficult for new entrants to cross. Geopolitical tensions add another layer of complexity. China has built more HVDC lines than any other country, although Western manufacturers, such as NKT, maintain a technical edge in the most advanced cable systems. Still, there is growing concern in Europe and the US about becoming dependent on foreign suppliers for such critical infrastructure, especially in light of recent global conflicts and trade disputes. "Strategic autonomy is very important when it comes to the core parts and the fundamental parts of your society, where the grid backbone is one," Westerlind noted. The stakes are high. Without a rapid and coordinated push to expand cable manufacturing, the world's clean energy transition could be slowed not by a lack of wind or sun but by a shortage of the cables needed to connect them to the grid. As Westerlind put it, "We all know it has to be done... These are large investments. They are very expensive investments. So also the governments have to have a part in enabling these anticipatory investments, and making it possible for the TSOs to actually carry forward with them."

Solar air heating is among the most cost-effective applications of solar thermal energy. These systems are used for space heating and preheating fresh air for ventilation, typically using glazed or unglazed perforated solar collectors. The collectors draw in outside air, heat it using solar energy, and then distribute it through ductwork to meet building heating and fresh air needs. In 2024, Canada led again the world for the at least seventh year in a row in solar air heating adoption. The four key suppliers – Trigo Energies, Conserval Engineering, Matrix Energy, and Aéronergie – reported a combined 26,203 m2 (282,046 ft2) of collector area sold last year. Several of these providers are optimistic about the growing demand. These findings come from the newly released Canadian Solar Thermal Market Survey 2024, commissioned by Natural Resources Canada. Canada is the global leader in solar air heating. The market is driven by a strong network of experienced system suppliers, optimized technologies, and a few small favorable funding programs – especially in the province of Quebec. Architects and developers are increasingly turning to these cost-effective, façade-integrated systems as a practical solution for reducing onsite natural gas consumption. Despite its cold climate, Canada benefits from strong solar potential with solar irradiance in many areas rivaling or even exceeding that of parts of Europe. This makes solar air heating not only viable, but especially valuable in buildings with high fresh air requirements including schools, hospitals, and offices. The projects highlighted in this article showcase the versatility and relevance of solar air heating across a range of building types, from new constructions to retrofits. Figure 1: Preheating air for industrial buildings: 2,750 m2 (29,600 ft2) of Calento SL solar air collectors cover all south-west and south-east facing facades of the FAB3R factory in Trois-Rivières, Quebec. The hourly unitary flow rate is set at 41 m3/m2 or 2.23 cfm/ft2 of collector area, at the lower range because only a limited number of intake fans was close enough to the solar façade to avoid long ventilation ductwork. Photo: Trigo Energies Quebec’s solar air heating boom: the Trigo Energies story Trigo Energies makes almost 90 per cent of its sales in Quebec. “We profit from great subsidies, as solar air systems are supported by several organizations in our province – the electricity utility Hydro Quebec, the gas utility Energir and the Ministry of Natural Resources,” explained Christian Vachon, Vice President Technologies and R&D at Trigo Energies. Trigo Energies currently has nine employees directly involved in planning, engineering and installing solar air heating systems and teams up with several partner contractors to install mostly retrofit projects. “A high degree of engineering is required to fit a solar heating system into an existing factory,” emphasized Vachon. “Knowledge about HVAC engineering is as important as experience with solar thermal and architecture.” One recent Trigo installation is at the FAB3R factory in Trois-Rivières. FAB3R specializes in manufacturing, repairing, and refurbishing large industrial equipment. Its air heating and ventilation system needed urgent renovation because of leakages and discomfort for the workers. “Due to many positive references he had from industries in the area, the owner of FAB3R contacted us,” explained Vachon. “The existence of subsidies helped the client to go for a retrofitting project including solar façade at once instead of fixing the problems one bit at a time.” Approximately 50 per cent of the investment costs for both the solar air heating and the renovation of the indoor ventilation system were covered by grants and subsidies. FAB3R profited from an Energir grant targeted at solar preheating, plus an investment subsidy from the Government of Quebec’s EcoPerformance Programme.   Blue or black, but always efficient: the advanced absorber coating In October 2024, the majority of the new 2,750 m² (29,600 ft2) solar façade at FAB3R began operation (see figure 1). According to Vachon, the system is expected to cover approximately 13 per cent of the factory’s annual heating demand, which is otherwise met by natural gas. Trigo Energies equipped the façade with its high-performance Calento SL collectors, featuring a notable innovation: a selective, low-emissivity coating that withstands outdoor conditions. Introduced by Trigo in 2019 and manufactured by Almeco Group from Italy, this advanced coating is engineered to maximize solar absorption while minimizing heat loss via infrared emission, enhancing the overall efficiency of the system. The high efficiency coating is now standard in Trigo’s air heating systems. According to the manufacturer, the improved collector design shows a 25 to 35 per cent increase in yield over the former generation of solar air collectors with black paint. Testing conducted at Queen’s University confirms this performance advantage. Researchers measured the performance of transpired solar air collectors both with and without a selective coating, mounted side-by-side on a south-facing vertical wall. The results showed that the collectors with the selective coating produced 1.3 to 1.5 times more energy than those without it. In 2024, the monitoring results were jointly published by Queen’s University and Canmat Energy in a paper titled Performance Comparison of a Transpired Air Solar Collector with Low-E Surface Coating. Selective coating, also used on other solar thermal technologies including glazed flat plate or vacuum tube collectors, has a distinctive blue color. Trigo customers can, however, choose between blue and black finishes. “By going from the normal blue selective coating to black selective coating, which Almeco is specially producing for Trigo, we lose about 1 per cent in solar efficiency,” explained Vachon. Figure 2: Building-integrated solar air heating façade with MatrixAir collectors at the firehall building in Mont Saint Hilaire, south of Montreal. The 190 m2 (2,045 ft2) south-facing wall preheats the fresh air, reducing natural gas consumption by 18 per cent compared to the conventional make-up system. Architect: Leclerc Architecture. Photo: Matrix Energy Matrix Energy: collaborating with architects and engineers in new builds The key target customer group of Matrix Energy are public buildings – mainly new construction. “Since the pandemic, schools are more conscious about fresh air, and solar preheating of the incoming fresh air has a positive impact over the entire school year,” noted Brian Wilkinson, President of Matrix Energy. Matrix Energy supplies systems across Canada, working with local partners to source and process the metal sheets used in their MatrixAir collectors. These metal sheets are perforated and then formed into architectural cladding profiles. The company exclusively offers unglazed, single-stage collectors, citing fire safety concerns associated with polymeric covers. “We have strong relationships with many architects and engineers who appreciate the simplicity and cost-effectiveness of transpired solar air heating systems,” said President Brian Wilkinson, describing the company’s sales approach. “Matrix handles system design and supplies the necessary materials, while installation is carried out by specialized cladding and HVAC contractors overseen by on-site architects and engineers,” Wilkinson added. Finding the right flow: the importance of unitary airflow rates One of the key design factors in solar air heating systems is the amount of air that passes through each square meter of the perforated metal absorber,  known as the unitary airflow rate. The principle is straightforward: higher airflow rates deliver more total heat to the building, while lower flow rates result in higher outlet air temperatures. Striking the right balance between air volume and temperature gain is essential for efficient system performance. For unglazed collectors mounted on building façades, typical hourly flow rates should range between 120 and 170 (m3/h/m2), or 6.6 to 9.4 cfm/ft2. However, Wilkinson suggests that an hourly airflow rate of around 130 m³/h/m² (7.2 cfm/ft2) offers the best cost-benefit balance for building owners. If the airflow is lower, the system will deliver higher air temperatures, but it would then need a much larger collector area to achieve the same air volume and optimum performance, he explained. It’s also crucial for the flow rate to overcome external wind pressure. As wind passes over the absorber, air flow through the collector’s perforations is reduced, resulting in heat losses to the environment. This effect becomes even more pronounced in taller buildings, where wind exposure is greater. To ensure the system performs well even in these conditions, higher hourly airflow rates typically between 150 and 170 m³/m² (8.3 to 9.4 cfm/ft2)  are necessary. Figure 3: One of three apartment blocks of the Maple House in Toronto’s Canary District. Around 160 m2 (1,722 ft2) of SolarWall collectors clad the two-storey mechanical penthouse on the roof. The rental flats have been occupied since the beginning of 2024. Collaborators: architects-Alliance, Claude Cormier et Associés, Thornton Tomasetti, RWDI, Cole Engineering, DesignAgency, MVShore, BA Group, EllisDon. Photo: Conserval Engineering Solar air heating systems support LEED-certified building designs Solar air collectors are also well-suited for use in multi-unit residential buildings. A prime example is the Canary District in Toronto (see Figure 3), where single-stage SolarWall collectors from Conserval Engineering have been installed on several MURBs to clad the mechanical penthouses. “These penthouses are an ideal location for our air heating collectors, as they contain the make-up air units that supply corridor ventilation throughout the building,” explained Victoria Hollick, Vice President of Conserval Engineering. “The walls are typically finished with metal façades, which can be seamlessly replaced with a SolarWall system – maintaining the architectural language without disruption.” To date, nine solar air heating systems have been commissioned in the Canary District, covering a total collector area of over 1,000 m² (10,764 ft2). “Our customers have many motivations to integrate SolarWall technology into their new construction or retrofit projects, either carbon reduction, ESG, or green building certification targets,” explained Hollick. The use of solar air collectors in the Canary District was proposed by architects from the Danish firm Cobe. The black-colored SolarWall system preheats incoming air before it is distributed to the building’s corridors and common areas, reducing reliance on natural gas heating and supporting the pursuit of LEED Gold certification. Hollick estimates the amount of gas saved between 10 to 20 per cent of the total heating load for the corridor ventilation of the multi-unit residential buildings. Additional energy-saving strategies include a 50/50 window-to-wall ratio with high-performance glazing, green roofs, high-efficiency mechanical systems, LED lighting, and Energy Star-certified appliances. The ideal orientation for a SolarWall system is due south. However, the systems can be built at any orientation up to 90° east and west, explained Hollick. A SolarWall at 90° would have approximately 60 per cent of the energy production of the same area facing south.Canada’s expertise in solar air heating continues to set a global benchmark, driven by supporting R&D, by innovative technologies, strategic partnerships, and a growing portfolio of high-impact projects. With strong policy support and proven performance, solar air heating is poised to play a key role in the country’s energy-efficient building future. Figure 4: Claude-Bechard Building in Quebec is a showcase project for sustainable architecture with a 72 m2 (775 ft2) Lubi solar air heating wall from Aéronergie. It serves as a regional administrative center. Architectural firm: Goulet et Lebel Architectes. Photo: Art Massif Bärbel Epp is the general manager of the German Agency solrico, whose focus is on solar market research and international communication. The post Op-ed: Canada’s leadership in solar air heating—Innovation and flagship projects appeared first on Canadian Architect.

PlayStation Studios boss Hermen Hulst has insisted that Bungie's upcoming live service shooter Marathon won't make the same mistakes as Concord.Discussing the company's live service ambitions during a fireside chat aimed at investors, Hulst said the market remains a "great opportunity" for PlayStation despite the company having a decidedly patchy track record when it comes to live service offerings.Last year, the company launched and swiftly scrapped live service hero shooter Concord after it failed to hit the ground running. It shuttered developer Firewalk weeks later after conceding the title "did not hit our targets."Sony scrapped two more live services titles in development at internal studios Bluepoint Games and Bend Studios in January this year. Earlier this week, it confirmed an undisclosed number of workers at Bend had been laid off as the studio transitions to its next project.Hulst said the company has learned hard lessons from those failures, and believes Marathon is well positioned to succeed as a result. "There are som unique challenges associated [with live service titles]. We've had some early successes as with Helldivers II. We've also faced some challenges, as with the release of Concord," said Hulst."I think that some really good work went into that title. Some really big efforts. But ultimately that title entered into a hyper-competitive segment of the market. I think it was insufficiently differentiated to be able to resonate with players. So we have reviewed our processes in light of this to deeply understand how and why that title failed to meet expectations—and to ensure that we are not going to make the same mistakes again."Related:PlayStation Studios boss claims the demise of Concord presented a learning opportunityHulst said PlayStation Studios has now implemented more rigorous processes for validating and revalidating its creative, commercial, and development assumptions and hypothesis. "We do that on a much more ongoing basis," he added. "That's the plan that will ensure we're investing in the right opportunities at the right time, all while maintaining much more predictable timelines for Marathon."The upcoming shooter is set to be the first new Bungie title in over a decade—and the first project outside of Destiny the studio has worked on since it was acquired by PlayStation in 2022.Hulst said the aim is to release a "very bold, very innovative, and deeply engaging title." He explained Marathon is currently navigating test cycles that have yielded "varied" feedback, but said those mixed impressions have been "super useful."Related:"That's why you do these tests. The constant testing and constant revalidation of assumptions that we just talked about, to me, is so valuable to iterate and to constantly improves the title," he added. "So when launch comes we're going to give the title the optimal chance of success."Hulst might be exuding confidence, but a recent report from Forbes claimed morale is in "free fall" at Bungie after the studio admitted to using stolen art assets in Marathon. That "varied" player feedback has also reportedly caused concern internally ahead of Marathon's proposed September 23 launch date.The studio was also made to ensure layoffs earlier this year, with Sony cutting 220 roles after exceeding "financial safety margins."