Hack / Data Breach

Microsoft's June 9 Patch Tuesday is the final deployment window before 2011 Secure Boot certificates begin expiring on June 24. Unpatched devices lose security protection.

A researcher has chained two unpatched flaws in the Creative Sound Blaster Katana V2X to remotely flash custom firmware over Bluetooth and inject keystrokes into the host PC — all this with no pairing required. Creative refuses to issue a fix.

CVE-2026-41089, a critical Windows Netlogon flaw rated CVSS 9.8, is now actively exploited. Unpatched domain controllers face full SYSTEM-level compromise with no credentials needed.

Charter Communications confirmed a data breach after ShinyHunters published records on 13 million Spectrum customers when a May 27 ransom deadline passed.

Jagex’s intensified anti-bot measures have reshaped Old School RuneScape in 2026, with over 6.2 million accounts banned and once-crowded farming areas now largely empty. Player reports and creator analyses suggest the crackdown has stabilized key parts of the in-game economy, though remaining bot activity indicates the fight is not over.

A popular GTA 5 cheat service called Atlas Menu has suffered a major data breach, exposing email addresses, usernames, IP addresses, support tickets, and passwords of over 60,000 users.

Carnival Corporation confirms nearly 6 million customers had personal data stolen in an April breach claimed by ShinyHunters. Passport numbers and license details were exposed.

CISA's June 3 deadline for the two Nightmare Eclipse Defender zero-days is 48 hours away. YellowKey, GreenPlasma, and MiniPlasma remain unpatched, with GreenPlasma and MiniPlasma carrying no CVE assignment.

Microsoft's threat to criminally prosecute Nightmare Eclipse has drawn sharp criticism from security veterans, with three Windows zero-days still unpatched.

YouTuber James Channel transformed a broken PS2 Slim into the “JamesStation 2,” a duct-taped portable handheld with salvaged controller parts, a GPS screen, rewired ports, and an exposed spinning disc drive. Despite its crude and hazardous construction, the DIY console reportedly runs demanding PS2 games for up to five hours on a 10,000 mAh battery, outlasting the Steam Deck.

Nightmare Eclipse has been removed from GitHub and GitLab within days and is threatening a new Windows exploit release on Patch Tuesday, July 14, 2026.

Panic has added Crankboy to the Playdate Catalogue, bringing full-speed Game Boy emulation to the crank-equipped handheld for $10, with four bundled homebrew titles and support for legally imported ROMs.

TrapDoor plants 34 malicious packages across npm, PyPI, and Crates.io targeting crypto and AI developers to steal wallets, SSH keys, and cloud credentials.

Riot Games’ latest Vanguard anti-cheat update has reportedly neutralized high-end DMA PCIe cheating devices used in Valorant, prompting the developer to mock affected users by calling their $6,000 hardware “paperweights.” The patch uses IOMMU-based restrictions to block cheat firmware, escalating Riot’s fight for competitive integrity while raising debate over the legality and limits of disabling hardware tied to cheating.

A modder has transformed an original Game Boy Advance into a functional Nintendo Switch controller using a GBA link cable, a microcontroller adapter, and his open-source Joypad OS firmware.

Subnautica 2’s early access launch has drawn strong player numbers but renewed criticism from fans frustrated by the sequel’s lack of lethal weapons against hostile sea creatures. Unknown Worlds has defended the pacifist design as central to the series’ identity, prompting debate over whether the sandbox should prioritize the developers’ survival philosophy or broader player choice.

Microsoft issued out-of-band patches for two actively exploited Defender zero-days, RedSun and UnDefend, after Huntress confirmed real-world use in attacks.

A poisoned VS Code extension linked to the TanStack supply chain attack breached GitHub, OpenAI, and Mistral AI, exposing 3,800 internal repositories and developer credentials.

The PlayStation account of Colin Moriarty was hacked recently, and his co-host was also reportedly targeted. Because of how the PlayStation support and account authentication system is set up, hacking a PlayStation account is quite easy.

Playground Games has confirmed that a pre-release build of Forza Horizon 6 leaked online, denying claims of a Steam preload error and warning players against accessing or sharing the unauthorized version. The studio says offenders could face franchise-wide and hardware bans, while SteamDB suggests the leak likely came from someone with early access, possibly a reviewer.

Nintendo Switch 2 users briefly accessed YouTube through a hidden browser triggered by Super Animal Royale, filling the gap left by the console’s continued lack of an official YouTube or streaming app. The workaround was reportedly blocked within hours, underscoring frustration over Nintendo and Google’s slow progress nearly a year after the console’s launch.

Anyone currently shopping for a discounted ZimaCube system could easily fall for a tempting offer. The website zimaproducts.com lists several Zima systems at prices far below market value — but according to manufacturer IceWhale, the site is a scam. What makes it especially concerning: the fake store apparently uses real product images and familiar Zima branding.

ShinyHunters claimed it had accessed Nvidia’s GeForce Now systems and obtained a “full database leak” containing user account and personal information. Nvidia says its investigation found no impact on Nvidia-operated services, stating the incident is confined to databases run by its Armenia-based third-party partner GFN.am, which has begun notifying affected users, and reports indicate passwords were not leaked.

The largest home security company in the United States, ADT, confirmed it suffered a data breach on April 20. This breach involved the compromise of customers' personally identifying information. A hacker group known as ShinyHunters has claimed responsibility and issued a ransom threat.

Shortly after an accidental source code leak, a critical vulnerability was discovered in the AI coding agent called Claude Code. It potentially allows attackers to bypass security safeguards and steal sensitive data from developers.

Anthropic’s fight over the leaked 'Claude Code' source code was conducted so aggressively that even official repositories were deleted via DMCA requests. Analysis of the code reveals that the issue involves more than just protected algorithms; it concerns the monitoring of user emotions and concealment.

For about four hours, Nicholas Carlini worked on FreeBSD supported by Anthropic’s Claude. Carlini states that Claude performed a large part of the work autonomously, from identifying the vulnerability to the finished exploit.

A PC modder, “kryptonfly,” used Claude AI-assisted BIOS rewriting to inject missing microcode and get Intel’s OEM-only Core 9-273PQE Bartlett Lake CPU to reach POST on an Asus Z790 motherboard, with the BIOS correctly identifying the processor. The system still fails to boot past POST with a black screen and errors, underscoring that full Bartlett Lake support remains unofficial and could be closed off by future Intel or Asus firmware updates.

Secret of Mana: Reborn version 2.5 resurrects two long-cut locations from the 1993 SNES classic, letting players traverse the original Water Palace-to-Neko route and an early Moogle Village reconstructed from pre-release magazine screenshots.

Wavelet Lab’s xSDR is a tiny M.2 2230 A+E-key software-defined radio (SDR) module built to plug straight into laptops, tablets, embedded PCs, and other compact systems. Just drop this tiny card into a spare M.2 slot, and turn it into a portable cellular network analyzer or penetration testing tool.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after a cyberattack targeted renewable energy facilities in Poland. The incident shows security weaknesses in internet-connected systems used in energy infrastructure and has prompted global agencies to advise operators to improve their cybersecurity protections.

Discord will soon force all users to complete ID verification or be shut out from age-restricted servers and features. In March, chatters must upload a video showing their faces or other qualified IDs. The company outlined privacy protections following an attempted October 2025 data breach.

Despite several name changes, OpenClaw remains one of the most hyped AI tools. After all, it turns a PC into a fully autonomous AI agent. However, the tool can easily burn through hundreds of dollars in API tokens per day. Even worse, serious security flaws have been discovered.

Madhu Gottumukkala, Acting Director of the Cybersecurity and Infrastructure Security Agency, triggered internal security alerts by uploading sensitive documents to ChatGPT. The incident raises questions about data security at CISA.

Two years of work lost with a single click—that is how Professor Marcel Bucher describes his experience in an article in Nature. He concludes that ChatGPT is a threat to consistent productivity. However, the chatbot offers a backup function that the researcher apparently failed to utilize.

While Apple and Google stress that they cannot unlock customer devices, the situation is different with Windows encryption: Microsoft routinely hands over BitLocker keys from the cloud to law enforcement agencies.

Researchers from Vienna have discovered a massive security vulnerability in WhatsApp, enabling them to identify 3.5 billion users. The lack of query limits allowed for the large-scale collection of usernames, profile pictures and status messages.

In an ironic turn of events, a notorious hacking forum was hacked, resulting in a breach compromising roughly 324,000 accounts. Some of these accounts had public IP addresses tied to them, meaning that law enforcement could use this information to catch malicious actors.

Malwarebytes has confirmed a massive data leak exposing personal information from 17.5 million Instagram accounts. The leaked data could be used for phishing and account takeovers, and users are urged to enable 2FA and stay alert for fake Meta messages.

Reports are spreading that Microsoft Defender is blocking the popular community tool MAS, flagging it as a fake. In contrast, our own tests demonstrate that the script works flawlessly. Have affected users perhaps fallen victim to DNS tampering?

Anyone who has entrusted their darkest secrets to ChatGPT might want to flinch nervously, because a US court is forcing OpenAI to hand over 20 million user logs to the opposing side in a major copyright dispute.

Rainbow Six Siege has reportedly been hacked again. This time, hackers are banning players and writing custom messages inside the game.

Together with Ben Edelman, YouTuber MegaLag proves a systematic obfuscation tactic that deliberately deceives testers and redirects commissions unnoticed. The "dieselgate" principle is applied: honey identifies testers and disables manipulative features.

A leaked set of PlayStation 5 BootROM keys, published online at the end of 2025, has exposed core hardware-level security secrets that researchers say Sony cannot simply patch on existing consoles. While the breach does not enable an immediate jailbreak, experts warn it significantly lowers the bar for future exploits, potentially paving the way for permanent hacks, homebrew software, and widespread piracy risks.

PC players are finally getting an early taste of Bloodborne’s online features on computers, as the rapidly advancing ShadPS4 emulator now supports asynchronous elements and limited co-op play. While the experience remains unstable and incomplete, the breakthrough marks a major step toward full-featured PS4 emulation and a long-awaited unofficial PC option for FromSoftware’s classic.

Once again, several high-profile crimes have taken place during this year's holidays. Hackers pulled off a major coup with a supply chain attack on Trust Wallet, which apparently involved up to $7 million in cryptocurrencies.

A talk at 39C3 has revealed serious security flaws in Xplora smartwatches. Researchers from a German university show how a universal key provides access to the communication of all kids with Xplora watches, and why the manufacturer's previous updates haven’t fixed this.

Hackers may use multiple methods to steal accounts in Ubisoft games like Rainbow Six Siege. A cybersecurity resource describes how the publisher’s help desk has been a liability. Bribery and social engineering have been popular routes to compromise customer support agents.

Servers for Ubisoft’s popular first-person shooter game are currently offline on consoles and PC. A suspected hack granted some Rainbow Six Siege players huge bundles of in-game currency. Other players have witnessed mass bans, prompting Ubisoft to take action while investigating.

A writer for a French website is urging gamers to keep all PlayStation Network details private. An ID number was all a hacker needed to log in twice to the journalist’s account. Even with 2FA active, PSN support requires minimal information to grant strangers access.