Software>Security - Softonic English

The FBI warns that certain Steam games contain malware that could harm your computer

The FBI has issued an alarming warning regarding the presence of hidden malware in certain video games available on Steam, one of the most popular digital game distribution platforms in the world. The agency has identified several titles that could jeopardize user security, including BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova. The investigation focuses on detecting victims who downloaded these games during a period between May 2024 and January 2026. An investigation that demonstrates the danger of neglecting cybersecurity The most notable case is that of BlockBlasters, […]

The FBI has issued an alarming warning regarding the presence of hidden malware in certain video games available on Steam, one of the most popular digital game distribution platforms in the world. The agency has identified several titles that could jeopardize user security, including BlockBlasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova. The investigation focuses on detecting victims who downloaded these games during a period from May 2024 to January 2026.

A research study that demonstrates the danger of neglecting cybersecurity

The most notable case is that of BlockBlasters, launched in late July 2025. The developers of this game managed to steal approximately $150,000 by incorporating a .bat file that disabled the user’s antivirus and searched for sensitive information, including cryptocurrency wallet data and passwords stored on the system. This incident has raised concerns, as despite Steam’s reputation as a safe space, users may be exposed to fraud and malware.

The FBI has urged victims to reach out through a form available on their website for information gathering. Additionally, the agency has provided an email to report incidents, with the aim of delving deeper into this issue that has garnered the attention of the gaming community.

Despite the perception that the current browsing experience is relatively safe thanks to official platforms, users must be aware of the risks that can arise even in established environments like Steam. It is strongly advised that players only download games from trusted publishers to avoid malware infections and protect their devices from online scams. Therefore, vigilance and caution should remain priorities in the digital gaming experience.

Steam DOWNLOAD

10.5 million people are affected by a massive data breach on the Internet

More than 10.5 million individuals were affected by a significant data breach at Conduent Business Services, an incident that has highlighted the growing concern over cybersecurity in the business sector. The leak, which occurred in 2024, has underscored the magnitude of the problem, prompting a wave of criticism towards the company’s data security practices. One of the largest breaches in business history. Notifications to customers about this incident were issued in October 2025, leaving many users in a state of uncertainty regarding protection […]

One of the largest gaps in business history

Notifications to customers about this incident were issued in October 2025, leaving many users in a state of uncertainty regarding the protection of their personal information. The repercussions of this breach are not only limited to the exposure of sensitive data, but also generate widespread distrust towards companies that manage critical information.

The incident has caught the attention of cybersecurity experts, who warn that the number of data breaches continues to rise. The situation underscores the urgency for companies to implement more robust security measures to prevent similar events from occurring in the future. Lax data handling practices can result not only in financial damage but also in a lasting impact on the reputation of the companies involved.

The scandal has sparked a broader debate about the responsibility of organizations towards their customers regarding cybersecurity. With a significant number of people affected, the need for stricter regulation seems to be on the agenda, prompting lawmakers to consider new laws that protect consumers’ personal information. While the current situation is alarming, it may initiate a necessary conversation about data protection in an increasingly digitalized world.

Avast Free Antivirus DOWNLOAD

A vulnerability in Google Chrome has exposed millions of users

The vulnerability CVE-2025-2783, which has a CVSS score of 8.3, has been actively exploited in a campaign called Operation ForumTroll, targeting organizations in Russia. According to research by Kaspersky, this vulnerability, which allows sandbox escape in Google Chrome, was used to distribute the spyware LeetAgent, developed by Memento Labs. A spyware with great potential to cause harm The operation involved sending phishing emails with customized links that, when opened in Google Chrome or Chromium-based browsers, triggered the exploitation of the vulnerability. These attacks were targeted […]

A spyware with great potential to cause harm

The operation involved sending phishing emails with customized links that, when opened in Google Chrome or Chromium-based browsers, triggered the exploitation of the vulnerability. These attacks were directed at media outlets, universities, research centers, and governments, with the main objective of carrying out espionage activities.

Memento Labs, an Italian technology and IT services company, has been under the radar since its formation in 2019, following the merger of InTheCyber Group and HackingTeam. The latter, known for selling intrusion and surveillance capabilities to governments, had suffered a hack in 2015 that exposed multiple tools and exploits.

The APT group ForumTroll, which appears to be linked to another actor known as TaxOff, shows proficiency in Russian, although not all attackers are native speakers. This suggests a targeted and not indiscriminate approach in their operations. It has been observed that the spyware Dante, which replaces RCS, is used within this chain of attacks, offering advanced protections against analysis.

Although the full extent of these attacks has not yet been completely determined, it is evident that the use of phishing techniques, as well as the connection between different tools and groups, raises serious concerns about cybersecurity in the region. Experts suggest that this is just the latest of several incidents associated with these malicious actors.

Avast Free Antivirus DOWNLOAD

A security vulnerability in Microsoft opens the door to threats from China

A recent investigation has revealed that threat actors with links to China have exploited the security vulnerability ToolShell (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America. A more serious problem than it seems According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-corrected authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet […]

A recent investigation has revealed that threat actors with links to China have exploited the ToolShell security vulnerability (CVE-2025-53770) in Microsoft SharePoint. This flaw, which was disclosed and patched in July 2025, allowed significant infiltrations in critical sectors, including a major telecommunications company in the Middle East and various government institutions in Africa and South America.

A problem more serious than it seems

According to the threat research team at Symantec of Broadcom, CVE-2025-53770, a now-patched authentication bypass, was exploited by several Chinese cyber-espionage groups, notably Linen Typhoon, Violet Typhoon, and Storm-2603. These groups have been responsible for sophisticated and diversified attacks, using tools like Zingdoor, ShadowPad, and KrustyLoader to carry out their incursions.

The attacks were not restricted to a single sector, as incidents were reported at a university in the U.S., as well as a government agency in an African country and a financial agency in Europe. The multifaceted approach of these operations suggests a strategic interest on the part of threat actors in stealing credentials and establishing persistent and stealthy access to their victims’ networks.

Additionally, it has been documented that some of the attackers also used additional vulnerabilities and DLL side-loading techniques to deliver their malicious payloads. Among these techniques is the exploitation of CVE-2021-36942, an exploit known for its privilege escalation capability, which reinforces the sophistication of their approach.

The findings of the report suggest that, while there is an overlap in the types of victims and tools used, these activities have not been definitively attributed to a specific group. However, all evidence points to the fact that behind these operations are threat actors based in China.

Windows 11 DOWNLOAD

North Korean hackers discover a way to steal cryptocurrencies through the blockchain

North Korean hackers have developed new cyberattack techniques that compromise cybersecurity, according to a recent report from Google. These tactics, which employ sophisticated methods, represent a concerning evolution in the way threat actors carry out their operations in cyberspace. Your money is also not safe in the blockchain One of the most alarming strategies identified is the use of EtherHiding, a blockchain-based technique. This method allows for the concealment of malware delivery through the use of transactions on Ethereum, making detection by security systems more difficult.

North Korean hackers have developed new cyberattack techniques that compromise computer security, according to a recent report from Google. These tactics, which employ sophisticated methods, represent a concerning evolution in the way threat actors carry out their operations in cyberspace.

Your money is not safe on the blockchain either

One of the most concerning strategies identified is the use of EtherHiding, a technique based on blockchain. This method allows for the concealment of malware delivery through the use of transactions on Ethereum, making it difficult for security systems to detect. By hiding the malware within legitimate blockchain traffic, attackers can bypass conventional protective measures and increase their chances of success.

The main objective of these attacks is the theft of cryptocurrencies from users. Using this technique, hackers take advantage of the growing popularity of cryptocurrencies and the lack of experience of some users in digital security. The malware, once delivered, can steal confidential information, such as private keys and access data to digital wallets, thus facilitating access to the victims’ funds.

This finding highlights the urgent need for cryptocurrency users to adopt stricter security measures, such as two-factor authentication and regular reviews of their financial activities. Meanwhile, cryptocurrency exchange platforms are advised to be vigilant against such threats and to improve their security protocols to protect their users.

While it has been confirmed that North Korean hackers are using these advanced techniques, they can be expected to continue adapting and evolving in response to cyber defenses. The cybersecurity community will need to remain vigilant to counter this new wave of attacks.

ChatGPT DOWNLOAD

Be careful if you use WhatsApp Web, because you could be a victim of spam

Cybersecurity researchers have discovered a coordinated campaign that employs 131 cloned WhatsApp Web automation extensions to spam users in Brazil. According to supply chain security company Socket, all these extensions share the same code, design patterns, and infrastructure, and have approximately 20,905 active users. These extensions are not malicious, but they can cause harm. The extensions, which are not malware in the classic sense, are considered high risk due to their ability to abuse platform rules by injecting code directly into the WhatsApp Web page. […]

Cybersecurity researchers have discovered a coordinated campaign that uses 131 cloned WhatsApp Web automation extensions to spam users in Brazil. According to supply chain security company Socket, all of these extensions share the same code, design patterns, and infrastructure, and have approximately 20,905 active users.

Some extensions that are not malicious, but can do harm

Extensions, which are not malware in the classical sense, are considered high risk due to their ability to abuse platform rules by injecting code directly into the WhatsApp Web page. This allows for the automation of mass message sending without user confirmation, with the aim of evading rate limits and WhatsApp’s anti-spam controls. The activity has been ongoing for at least nine months, with recent updates observed on October 17, 2025.

Investigations reveal that most of the extensions have been published by “WL Extensão,” suggesting that the differences in names and logos are linked to a franchise model. This model allows affiliates to flood the Chrome Web Store with various copies of the original extension offered by DBX Tecnologia. These extensions have the marketing of customer relationship management (CRM) tools, promoting sales optimization through WhatsApp Web.

DBX Tecnologia, the company behind these extensions, offers a white label program that promises affiliates significant recurring income by investing R$12,000. However, this procedure violates the spam and abuse policies of Google’s Chrome Web Store, which prohibits the publication of duplicate extensions. It has been observed that DBX Tecnologia even produces videos on YouTube about how to bypass WhatsApp’s anti-spam algorithms, indicating a conscious approach towards these practices.

It can be suspected that this cloning and spam ecosystem has just begun to attract the attention of security companies, in a context where a large-scale campaign related to a WhatsApp worm distributing a banking Trojan known as Maverick has also been identified.

WhatsApp DOWNLOAD

Europol dismantles a cybercrime platform that managed to defraud more than 5 million euros

Europol announced on Friday the dismantling of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a “SIM farm,” providing its clients with a wide range of crimes, from phishing to investment fraud. This operation, called Operation SIMCARTEL, involved 26 raids in several European countries, resulting in the arrest of seven suspects and the seizure of 1,200 SIM box devices containing 40,000 active SIM cards. A sophisticated criminal operation Among those arrested, five are of Latvian nationality. In addition, five servers were dismantled and two websites, gogetsms.com and apisim.com, that advertised the service were taken down to replace them […]

Europol announced on Friday the dismantling of a sophisticated cybercrime-as-a-service (CaaS) platform that operated a “SIM farm”, providing its clients with a wide range of crimes, from phishing to investment fraud. This operation, called Operation SIMCARTEL, involved 26 searches in several European countries, resulting in the arrest of seven suspects and the seizure of 1,200 SIM box devices containing 40,000 active SIM cards.

A sophisticated criminal operation

Among those arrested, five are of Latvian nationality. In addition, five servers were dismantled and two websites, gogetsms.com and apisim.com, that advertised the service were taken down and replaced with a seizure banner on October 10, 2025. The authorities also confiscated four luxury vehicles and froze €431,000 ($502,000) in the suspects’ bank accounts, as well as €266,000 ($310,000) in cryptocurrency accounts.

The operation involved law enforcement forces from Austria, Estonia, Finland, and Latvia, in collaboration with Europol and Eurojust. Europol attributes to this criminal network more than 1,700 individual cases of cyber fraud in Austria and 1,500 in Latvia, causing significant losses totaling around €4.5 million ($5.25 million) in Austria and €420,000 ($489,000) in Latvia.

The platform’s infrastructure allowed criminals to create more than 49 million online accounts, which were used to carry out phishing and smishing attacks and to deceive victims into investing money in fraudulent investment schemes. According to reports, some crimes of this organization included extortion, human smuggling, and the distribution of child sexual abuse material (CSAM).

GoGetSMS, one of the involved platforms, was marketed as a solution to obtain “fast and secure temporary phone numbers”, although users on Trustpilot have expressed their dissatisfaction with the lack of response from support and issues with the functionality of the service.

Avast Free Antivirus DOWNLOAD

Windows remains the main cause of credential theft according to a recent investigation

Recent research by the cybersecurity company Resecurity has revealed that legacy Windows protocols remain a significant vector for credential theft within organizations. Despite advancements in digital security, many companies continue to use these outdated systems, making them easy targets for cyber attackers. Your operating system is the weakest part of your organization. Systems that use these old protocols have vulnerabilities that can be exploited by cybercriminals to gain unauthorized access to corporate networks. Resecurity has highlighted that attack methods […]

Recent research by the cybersecurity company Resecurity has revealed that legacy Windows protocols remain a significant vector for credential theft within organizations. Despite advancements in digital security, many companies continue to use these outdated systems, making them easy targets for cyber attackers.

Your operating system is the weakest part of your organization

Systems that use these old protocols have vulnerabilities that can be exploited by cybercriminals to gain unauthorized access to corporate networks. Resecurity has highlighted that the attack methods are varied, including password manipulation and the exploitation of authentication flaws. This situation is exacerbated by the fact that many organizations are unaware of the risks associated with using these systems, which were designed in an era when cyber threats were much less sophisticated.

The research has highlighted the urgent need to modernize IT infrastructures. Recommendations include the implementation of more secure authentication systems and the use of current protocols that are more resistant to attacks. Resecurity has also emphasized the importance of ongoing education for employees in security matters, as the human factor remains one of the biggest vulnerabilities in cybersecurity.

Additionally, it has been mentioned that some organizations may be driven to adopt new technologies and security practices in response to this type of threat, which could lead to a significant change in the way companies manage their digital operations. However, the risk persists as long as legacy protocols remain, and experts warn that the protection of data and critical infrastructure depends on a prompt adaptation to best practices in cybersecurity.

Windows 11 DOWNLOAD

Windows 10 has reached the end of its support, but that doesn't mean you have to switch to Windows 11

The next update of Windows 11, known as version 24H2, is set to take over once its predecessor, version 23H2, stops receiving security updates on November 11, 2025. From that date, users who remain on version 23H2 will stop receiving monthly patches that protect their systems from new threats and software bugs, thus increasing their vulnerability to potential cyberattacks. For current Windows 11 users, upgrading to version 24H2 will be a free and straightforward process. To check the current version of the system, the […]

The next update of Windows 11, known as version 24H2, is set to take over once its predecessor, version 23H2, stops receiving security updates on November 11, 2025. From that date, users who remain on version 23H2 will stop receiving monthly patches that protect their systems from new threats and software bugs, thus increasing their vulnerability to potential cyber attacks.

For current Windows 11 users, upgrading to version 24H2 will be a free and straightforward process. To check the current version of the system, users should go to “Settings,” then “System,” and click on “About”. There, they can confirm if they are using 23H2, which will require them to upgrade to stay protected.

However, for those still operating on Windows 10, the landscape is different. Starting October 14, 2025, this system will stop receiving free updates. Users will need to choose to upgrade to Windows 11 at no cost, pay for the Extended Security Updates program, or accept the security risks that come with remaining on an obsolete system. It is crucial for those interested in upgrading to check that their devices meet the minimum requirements for Windows 11, such as TPM 2.0 and UEFI firmware.

Although you can alleviate the impact, you cannot avoid it

Staying on an outdated version significantly increases the risk of being targeted by cybercriminals, who often focus on unpatched systems. The only way to ensure system security is by updating to the latest versions of Windows. If your device cannot support Windows 11, purchasing a new device may be the most viable solution to keep up with security updates.

Windows 11 DOWNLOAD

Discord knows no rest and begins to distribute a new trojan through direct messages

Cybersecurity researchers have reported on a new Rust-based trojan called ChaosBot, initially detected in September 2025 in a financial services environment. This malware allows operators to execute remote commands on compromised systems and has been observed interacting through Discord profiles. Users associated with this activity are ‘chaos_00019’ and ‘lovebb0024’. Never open files from unknown profiles or suspicious messages ChaosBot is predominantly distributed through phishing messages that include a malicious Windows shortcut. When a user opens the file, a PowerShell command is executed that downloads […]

Cybersecurity researchers have reported on a new Rust-based Trojan called ChaosBot, initially detected in September 2025 in a financial services environment. This malware allows operators to execute remote commands on compromised systems and has been observed interacting through Discord profiles. Users associated with this activity are ‘chaos_00019’ and ‘lovebb0024’.

Never open files from unknown profiles or suspicious messages

ChaosBot is predominantly distributed through phishing messages that include a malicious Windows shortcut. When a user opens the file, a PowerShell command is executed that downloads the malware. This disguises itself as a malicious DLL file and seeks to establish a persistent access tunnel to the compromised network through a reverse proxy. During its operation, the malware can receive additional instructions through the Discord channel set up by the attackers, enhancing its command and control capabilities.

In addition, a variant of ransomware associated with Chaos has been identified that is distinguished by deleting files instead of encrypting them. This variant also employs techniques to manipulate the clipboard, with the aim of redirecting cryptocurrency transfers, thereby increasing its danger and complexity. This dual approach of destructive extortion and financial theft reflects a shift towards more aggressive and multifaceted tactics by malicious actors.

ChaosBot has proven to be difficult to detect, using techniques to evade tracking on Windows systems, such as modifying functions and checking MAC addresses associated with virtual machines. Analysts warn that this malware not only poses a direct threat to the security of systems but also to the finances of users, affecting cryptocurrency platforms.

Discord DOWNLOAD