LMAO, do you know that Microsoft found out and confirmed, that AI helpers tend to install you malware and turn off your security?

(If they get special commands from reading your emails with Cross-Prompt Injection or XPIA)

https://www.youtube.com/watch?v=sXz3Ftlyp44
#Security@GameDEV
#AI@GameDEV

#meme@GameDEV
#Security@GameDEV

There's a CVE-2025-55182:

Pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints.

But that's not the crazy part: hackers created several forked tools for fake CVE inspection, that actually steals the data of users and loads you malware.

Do not launch GitHub repos mindlessly!

#Hackers@GameDEV
#Security@GameDEV

Yeah, can you imagine?

#Internet@GameDEV
#Security@GameDEV

Okay, a new way to fight cheaters in your game: STOP SELLING IT!

#VR@GameDEV
#Security@GameDEV
#WTF@GameDEV

Rainbow Six Siege has been hacked in several attempts by different groups.

First ones got access to the game server admin panel: they banned people and gave away $300m+ worth of goods for free. It seems that hackers banned Ubisoft employees while Ubisoft banned "people with suspicious amounts of currency". Most of these bans are rolled back now.

Then a few more groups seemingly got the full access to all the sources of the game. This still has to be confirmed, since Ubisoft is only discussing the admin access. They temporarily shut down the marketplace and secondary ban system that has been breached.

The security issue is not coming from Ubisoft, it's MongoBleed: MongoDB Zlib Vulnerability (CVE-2025-14847), affecting millions of servers worldwide.

#Ubisoft@GameDEV
#Security@GameDEV
#Hackers@GameDEV

The same exploit seemingly allowed hackers to wipe Escape From Tarkov accounts, including some media people, who lost their data while streaming.

#Security@GameDEV
#Hackers@GameDEV

If you are making a game on a custom engine or modified one, it will not pass Windows Smart Screen. The signature can be obtained by releasing it to MS Store or Steam, but do you know you can simply send your game to Microsoft?

https://www.microsoft.com/en-us/wdsi/filesubmission — it will take months, usually, but still better than nothing.

#Security@GameDEV
#Microsoft@GameDEV

Notepad++ update mechanism has been hacked in a way that under certain conditions hackers can replace the update system of the app and redirect users traffic to make people install custom version and any additional apps with it.

If you have NP++ on your machine and you have updated it since June 2025: backup data, remove NP++, check any oddities, and install the new safe NP++. Do not update your app via the app itself, since it can be compromised.

It seems that the whole thing was not random and was not targeting casual users, but high-end companies and state-related facilities. But anyway, you know.

#Hackers@GameDEV
#Security@GameDEV

During the last few weeks I've got several "job offers" where "you can earn up to €650 a day remotely". But the workflow is slightly new:

They pretend to be an alternative App Store, which is a legit business. But you as a tester suppose to install tons of random apps on your phone every day. At first they will drop you random game APKs, then viruses to steal your data and money.

I'm pretty sure a lot of people will fall for it. The process looks chill and "reasonable" for a tester to install apps.

#Security@GameDEV
#Scam@GameDEV

Be careful, a relatively new scam: dozens if not hundreds of medium-size repos were infected by fake CVE warning, telling that Visual Studio Code is affected. These updates are often seen in the feed and via email notifications.

So you have to urgently download the fix (which is obviously a malware). They push to fear and urgency so a lot of people fell for it.

#Security@GameDEV