GameDev Pulse
A dude with a made-up role is complaining that people aren't buying his crap... #Microsoft@GameDEV #AI@GameDEV
LMAO, do you know that Microsoft found out and confirmed, that AI helpers tend to install you malware and turn off your security?
(If they get special commands from reading your emails with Cross-Prompt Injection or XPIA)
https://www.youtube.com/watch?v=sXz3Ftlyp44
#Security@GameDEV
#AI@GameDEV
(If they get special commands from reading your emails with Cross-Prompt Injection or XPIA)
https://www.youtube.com/watch?v=sXz3Ftlyp44
#Security@GameDEV
#AI@GameDEV
YouTube
Does anyone want an 'agentic' Windows?
Black Friday Mega Sale — Get the Wolfbox MF200 Air Duster and Save Up to 30%!(Nov 20–Dec 2)
Amazon |Code:WBMFSAVE5→ https://www.amazon.com/dp/B0FPMPBSLL?maas=maas_adg_878555AC7868C23FC40829F0744AE48D_afap_abs&ref_=aa_maas&tag=maas
Official Site | Code: WBBESTGEAR…
Amazon |Code:WBMFSAVE5→ https://www.amazon.com/dp/B0FPMPBSLL?maas=maas_adg_878555AC7868C23FC40829F0744AE48D_afap_abs&ref_=aa_maas&tag=maas
Official Site | Code: WBBESTGEAR…
✍6😁1🌚1
There's a CVE-2025-55182:
Pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
But that's not the crazy part: hackers created several forked tools for fake CVE inspection, that actually steals the data of users and loads you malware.
Do not launch GitHub repos mindlessly!
#Hackers@GameDEV
#Security@GameDEV
Pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.
But that's not the crazy part: hackers created several forked tools for fake CVE inspection, that actually steals the data of users and loads you malware.
Do not launch GitHub repos mindlessly!
#Hackers@GameDEV
#Security@GameDEV
✍6😁3
Okay, a new way to fight cheaters in your game: STOP SELLING IT!
#VR@GameDEV
#Security@GameDEV
#WTF@GameDEV
#VR@GameDEV
#Security@GameDEV
#WTF@GameDEV
😁20
Rainbow Six Siege has been hacked in several attempts by different groups.
First ones got access to the game server admin panel: they banned people and gave away $300m+ worth of goods for free. It seems that hackers banned Ubisoft employees while Ubisoft banned "people with suspicious amounts of currency". Most of these bans are rolled back now.
Then a few more groups seemingly got the full access to all the sources of the game. This still has to be confirmed, since Ubisoft is only discussing the admin access. They temporarily shut down the marketplace and secondary ban system that has been breached.
The security issue is not coming from Ubisoft, it's MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847), affecting millions of servers worldwide.
#Ubisoft@GameDEV
#Security@GameDEV
#Hackers@GameDEV
First ones got access to the game server admin panel: they banned people and gave away $300m+ worth of goods for free. It seems that hackers banned Ubisoft employees while Ubisoft banned "people with suspicious amounts of currency". Most of these bans are rolled back now.
Then a few more groups seemingly got the full access to all the sources of the game. This still has to be confirmed, since Ubisoft is only discussing the admin access. They temporarily shut down the marketplace and secondary ban system that has been breached.
The security issue is not coming from Ubisoft, it's MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847), affecting millions of servers worldwide.
#Ubisoft@GameDEV
#Security@GameDEV
#Hackers@GameDEV
1🫡8😁4😱2🔥1
GameDev Pulse
Rainbow Six Siege has been hacked in several attempts by different groups. First ones got access to the game server admin panel: they banned people and gave away $300m+ worth of goods for free. It seems that hackers banned Ubisoft employees while Ubisoft…
The same exploit seemingly allowed hackers to wipe Escape From Tarkov accounts, including some media people, who lost their data while streaming.
#Security@GameDEV
#Hackers@GameDEV
#Security@GameDEV
#Hackers@GameDEV
🫡8🔥1
If you are making a game on a custom engine or modified one, it will not pass Windows Smart Screen. The signature can be obtained by releasing it to MS Store or Steam, but do you know you can simply send your game to Microsoft?
https://www.microsoft.com/en-us/wdsi/filesubmission — it will take months, usually, but still better than nothing.
#Security@GameDEV
#Microsoft@GameDEV
https://www.microsoft.com/en-us/wdsi/filesubmission — it will take months, usually, but still better than nothing.
#Security@GameDEV
#Microsoft@GameDEV
👍12🤔3🍌1
Notepad++ update mechanism has been hacked in a way that under certain conditions hackers can replace the update system of the app and redirect users traffic to make people install custom version and any additional apps with it.
If you have NP++ on your machine and you have updated it since June 2025: backup data, remove NP++, check any oddities, and install the new safe NP++. Do not update your app via the app itself, since it can be compromised.
It seems that the whole thing was not random and was not targeting casual users, but high-end companies and state-related facilities. But anyway, you know.
#Hackers@GameDEV
#Security@GameDEV
If you have NP++ on your machine and you have updated it since June 2025: backup data, remove NP++, check any oddities, and install the new safe NP++. Do not update your app via the app itself, since it can be compromised.
It seems that the whole thing was not random and was not targeting casual users, but high-end companies and state-related facilities. But anyway, you know.
#Hackers@GameDEV
#Security@GameDEV
😱14😁3
During the last few weeks I've got several "job offers" where "you can earn up to €650 a day remotely". But the workflow is slightly new:
They pretend to be an alternative App Store, which is a legit business. But you as a tester suppose to install tons of random apps on your phone every day. At first they will drop you random game APKs, then viruses to steal your data and money.
I'm pretty sure a lot of people will fall for it. The process looks chill and "reasonable" for a tester to install apps.
#Security@GameDEV
#Scam@GameDEV
They pretend to be an alternative App Store, which is a legit business. But you as a tester suppose to install tons of random apps on your phone every day. At first they will drop you random game APKs, then viruses to steal your data and money.
I'm pretty sure a lot of people will fall for it. The process looks chill and "reasonable" for a tester to install apps.
#Security@GameDEV
#Scam@GameDEV
😁12😱3✍2
Be careful, a relatively new scam: dozens if not hundreds of medium-size repos were infected by fake CVE warning, telling that Visual Studio Code is affected. These updates are often seen in the feed and via email notifications.
So you have to urgently download the fix (which is obviously a malware). They push to fear and urgency so a lot of people fell for it.
#Security@GameDEV
So you have to urgently download the fix (which is obviously a malware). They push to fear and urgency so a lot of people fell for it.
#Security@GameDEV
❤9🍌4😱1
Apparently, CPU-Z has been hacked for at least a day and the script was randomly sending users to get a legit app + a hacked DLL.
The same already happened to Notepad++ (but on a way longer scale, they hijacked the update server). A lot of other companies were affected over the years (MSI Afterburner, FileZilla, even fake Blender installers were common a few years ago). But usually they at least make a fake website.
#Security@GameDEV
#Hackers@GameDEV
The same already happened to Notepad++ (but on a way longer scale, they hijacked the update server). A lot of other companies were affected over the years (MSI Afterburner, FileZilla, even fake Blender installers were common a few years ago). But usually they at least make a fake website.
#Security@GameDEV
#Hackers@GameDEV
😱7
Holy crap, I missed this drama completely and apparently all the software to control fan speeds is using a system hack that (if active) sets your whole PC at risk...
WinRing0 is a driver that all monitoring apps and fan tuning apps were using to get deep access to sensors.
The problem? You definitely need this driver to run such apps for handhelds and laptops. On some models without this access the fans will spin at 100% all the time.
https://www.youtube.com/watch?v=H_O5JtBqODA
#Security@GameDEV
#WTF@GameDEV
#Windows@GameDEV
WinRing0 is a driver that all monitoring apps and fan tuning apps were using to get deep access to sensors.
The problem? You definitely need this driver to run such apps for handhelds and laptops. On some models without this access the fans will spin at 100% all the time.
https://www.youtube.com/watch?v=H_O5JtBqODA
#Security@GameDEV
#WTF@GameDEV
#Windows@GameDEV
YouTube
Insecure Code vs. the Entire RGB Industry | WinRing 0 Driver, ft. Wendell of Level1 Techs
Sponsor: ID-Cooling Frozn A720 Black on Amazon https://geni.us/VDnou4Y
This video is about the WinRing 0 driver (not to be confused with Security Ring 0, but related in this story) and how it has propped-up the fan control and RGB industry for over a decade…
This video is about the WinRing 0 driver (not to be confused with Security Ring 0, but related in this story) and how it has propped-up the fan control and RGB industry for over a decade…
🫡5😱1😢1
Holy cow (via)
A quick summary: the attacker has to be a local Linux user on your system and then he can escalate the privileges with a very simple script.
#Linux@GameDEV
#Security@GameDEV
A quick summary: the attacker has to be a local Linux user on your system and then he can escalate the privileges with a very simple script.
#Linux@GameDEV
#Security@GameDEV
😱11🫡4❤1😁1
Do not install suspicious free games on Steam. It's the 20th time the game was packed with malware!
This one was called Beyond the Dark and the issue has been discovered by Eric Parker.
It was using a fake Unity DLL that booted a custom virus, depends on the system (which browser the user had, which antivirus, etc).
#Security@GameDEV
#Steam@GameDEV
This one was called Beyond the Dark and the issue has been discovered by Eric Parker.
It was using a fake Unity DLL that booted a custom virus, depends on the system (which browser the user had, which antivirus, etc).
#Security@GameDEV
#Steam@GameDEV
💔10👍2