“Can you try a game I made?” Fake game sites lead to information stealers
A new, malicious campaign is making the rounds online and it starts simple: Unwitting targets receive a direct message (DM) on a Discord server asking about their interest in beta testing a new videogame (targets can also receive a text message or an email). Often, the message comes from the “developer” themselves, as asking whether you can try a game that they personally made is a common method to lure victims. If interested, the victim will receive a download link and a password for the archive containing the promised installer.
Windows 10 users urged to upgrade to avoid “security fiasco”
Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a “security fiasco” as the 10-year-old operating system nears the end of support in October 2025. “It’s five minutes to twelve to avoid a security fiasco for 2025,” explains ESET security expert Thorsten Urbanski. “We strongly advise all users not to wait until October, but to switch to Windows 11 immediately or choose an alternative operating system if their device cannot be updated to the latest Windows operating system. Otherwise, users expose themselves to considerable security risks and make themselves vulnerable to dangerous cyber attacks and data loss.”
UK Government to Ban Creation of Explicit Deepfakes
The British government has announced plans to criminalize the creation of sexually explicit deepfakes, with perpetrators facing up to two years behind bars if found guilty. It is already an offense to share or threaten to share intimate images, including deepfakes, following amendments to the Sexual Offences Act 2003 that were made by the Online Safety Act 2023. However, the government plans to additionally criminalize the creation of such deepfakes, as well as the taking or recording of an intimate photograph or film without consent – whether the intent is sexual gratification or “to cause alarm, distress, or humiliation.”
The US just added Tencent — which backs US startups — to its list of ‘Chinese military’ companies
While the Chinese internet giant Tencent is best known for its super app WeChat, it’s also a major investor in U.S. tech companies and startups. Some of its most notable and still active investments include Reddit, Snap, and Fortnite creator Epic Games. Things might get a little awkward, though, because Tencent was designated a “Chinese military company” by the U.S. Department of Defense on Monday. The listing serves as a warning from the U.S. about companies it claims are involved in Chinese “military-civil fusion” efforts, according to a 2022 DoD press release. The listing has no legal consequences beyond barring U.S. government contractors from doing business with Tencent starting in 2026, according to U.S. law.
New EAGERBEE Variant Targets ISPs and Governments with Advanced Backdoor Capabilities
Internet service providers (ISPs) and governmental entities in the Middle East have been targeted using an updated variant of the EAGERBEE malware framework. The new variant of EAGERBEE (aka Thumtais) comes fitted with various components that allow the backdoor to deploy additional payloads, enumerate file systems, and execute commands shells, demonstrating a significant evolution. “The key plugins can be categorized in terms of their functionality into the following groups: Plugin Orchestrator, File System Manipulation, Remote Access Manager, Process Exploration, Network Connection Listing, and Service Management,” Kaspersky researchers Saurabh Sharma and Vasily Berdnikov said in an analysis.