CyberSecurityBoard
Sponsor Register Login

Steam and Microsoft warn of Unity flaw exposing gamers to attacks

A critical security vulnerability in the Unity game engine has been identified, prompting warnings from major companies like Steam and Microsoft. This flaw exposes gamers to potential cyberattacks, including data theft and unauthorized access. Unity, widely used for game development, has issued patches to address the issue, but users are urged to update their software immediately to mitigate risks. The vulnerability highlights the increasing importance of cybersecurity in the gaming industry, where millions of users could be affected. Experts recommend vigilance and prompt updates to protect personal information and gaming assets from exploitation by malicious actors. This incident underscores the need for continuous security assessments in game development platforms to prevent future threats.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 06 Oct 2025 14:00:19 +0000


Cyber News related to Steam and Microsoft warn of Unity flaw exposing gamers to attacks

Steam drops support for Windows 7 and 8.1 to boost security - Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system. The gaming company warned last year that the Steam client would be unsupported in the New ...
1 year ago Bleepingcomputer.com
Browser-in-the-Browser attacks target CS2 players' Steam accounts - A new phishing campaign targets Counter-Strike 2 players utilizing Browser-in-the-Browser (BitB) attacks that display a realistic window that mimics Steam's login page. Basically, this phishing technique creates fake browser windows within real ...
6 months ago Bleepingcomputer.com
Malicious PirateFi game infects Steam users with Vidar malware - Malware infiltrating the Steam store is not common, but it's not unprecedented either. In February 2023, Steam users were targeted by malicious Dota 2 game modes that leveraged a Chrome n-day exploit to perform remote code execution on the ...
7 months ago Bleepingcomputer.com
Game mod on Steam breached to push password-stealing malware - Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised ...
1 year ago Bleepingcomputer.com
Steam game mod breached to push password-stealing malware - Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system. As developer Michael Mayhem told BleepingComputer, the compromised ...
1 year ago Bleepingcomputer.com
Steam and Microsoft warn of Unity flaw exposing gamers to attacks - A critical security vulnerability in the Unity game engine has been identified, prompting warnings from major companies like Steam and Microsoft. This flaw exposes gamers to potential cyberattacks, including data theft and unauthorized access. Unity, ...
1 day ago Bleepingcomputer.com CVE-2023-3519
Fake CS2 tournament streams used to steal crypto, Steam accounts - The channels that promote these scams are hijacked legitimate YouTube accounts, which the scammers rebrand as needed to impersonate professional players. The security firm warns that the threat actors impersonate professional CS2 players like s1mple, ...
7 months ago Bleepingcomputer.com
Hackers Breach Steam Discord Accounts, Launch Malware - On Christmas Day, the popular indie strategy game Slay the Spire's fan expansion, Downfall, was compromised, allowing Epsilon information stealer malware to be distributed over the Steam update system. Developer Michael Mayhem revealed that the ...
1 year ago Cysecurity.news
Here's How to Make Your Gaming Experience Safer - Over 1 billion people worldwide regularly play online games. The emergence of high-quality games, multiple gaming mediums, and online communities has prompted gamers to overlook the dark side of online gaming. If you play games online on your ...
1 year ago Cybersecurity-insiders.com
Microsoft Incident Response lessons on preventing cloud identity compromise - Microsoft Incident Response is often engaged in cases where organizations have lost control of their Microsoft Entra ID tenant, due to a combination of misconfiguration, administrative oversight, exclusions to security policies, or insufficient ...
1 year ago Microsoft.com
Hacker sneaks infostealer malware into early access Steam game - A threat actor called EncryptHub has compromised a game on Steam to distribute info-stealing malware to unsuspecting users downloading the title. “The compromised executable appears legitimate to users downloading from Steam, creating an ...
2 months ago Bleepingcomputer.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
New Phishing Attack Using Browser-In-The-Browser Technique To Attack Gamers - This attack method creates a convincing fake browser pop-up window that tricks users into entering their Steam credentials, allowing cybercriminals to steal valuable gaming accounts and virtual items. Silent Push researchers noted this attack in ...
6 months ago Cybersecuritynews.com
Steam will stop running on Windows 32-bit in January 2026 - Valve has announced that its popular gaming platform, Steam, will cease support for Windows 32-bit operating systems starting January 2026. This decision impacts millions of users who still operate on 32-bit Windows versions, requiring them to ...
2 weeks ago Bleepingcomputer.com
Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws - Microsoft says that this remote code execution vulnerability is caused by an integer overflow or wraparound in Windows Fast FAT Driver that, when exploited, allows an attacker to execute code. Microsoft says that this remote code execution ...
6 months ago Bleepingcomputer.com
Valve Enhances Steam Security With SMS Verification - Valve is bolstering the security of its Steamworks platform by introducing SMS verification for developers, aiming to prevent future incidents of hackers infiltrating developer accounts. The move comes in response to previous breaches where ...
1 year ago Infosecurity-magazine.com Lazarus Group
Steam pulls game demo infecting Windows with info-stealing malware - Valve has removed from its Steam store the game title 'Sniper: Phantom's Resolution' following multiple users reporting that the demo installer infected their systems with information stealing malware. Users that installed the game have likely ...
6 months ago Bleepingcomputer.com
New Microsoft Incident Response guides help security teams analyze suspicious activity - Today Microsoft Incident Response are proud to introduce two one-page guides to help security teams investigate suspicious activity in Microsoft 365 and Microsoft Entra. These guides contain the artifacts that Microsoft Incident Response hunts for ...
1 year ago Microsoft.com
10 of the biggest zero-day attacks of 2023 - Here are 10 of the biggest zero-day attacks of 2023 in chronological order. Zero-day attacks started strong in 2023 with CVE-2023-0669, a pre-authentication command injection vulnerability in Fortra's GoAnywhere managed file transfer product. ...
1 year ago Techtarget.com CVE-2023-0669 CVE-2023-34362 CVE-2023-36884 CVE-2023-4863 CVE-2023-41992 CVE-2023-41991 CVE-2023-41993 CVE-2023-22515
How to manage a migration to Microsoft Entra ID - Microsoft Entra ID, formerly Azure Active Directory, is not a direct replacement for on-premises Active Directory due to feature gaps and alternative ways to perform similar identity and access management tasks. For some organizations, a move to ...
1 year ago Techtarget.com
Spy Trojan SpyNote Unveiled in Attacks on Gamers - The SpyNote Trojan, camouflaged as a mod for the game Roblox, has been observed targeting Android users. This mobile malware can log keystrokes, record screens, stream video from phone cameras and impersonate Google and Facebook applications to ...
1 year ago Infosecurity-magazine.com
Juniper Networks fixed a critical authentication bypass flaw in some of its routers - MUST READ. Threat actors actively exploit D-Link DIR-859 router flaw CVE-2024-0769. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise tool GooseEgg to exploit CVE-2022-38028 ...
1 year ago Securityaffairs.com CVE-2024-0769 CVE-2022-38028 CVE-2024-0204 CVE-2023-49103 CVE-2023-38831 CVE-2023-40044 APT28 Rocke
Critical Apache Log4j2 flaw still threatens global finance - Critical Apache Log4j2 flaw still threatens global finance. CISA adds Apache Flink flaw to its Known Exploited Vulnerabilities catalog. CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog. Russia-linked APT28 used post-compromise ...
1 year ago Securityaffairs.com CVE-2022-38028 CVE-2023-49103 CVE-2023-20198 CVE-2023-40044 APT28 Rocke
Critical unauthenticated RCE flaw in OpenSSH server - MUST READ. Critical unauthenticated remote code execution flaw in OpenSSH server. Expert released PoC exploit code for Veeam Backup Enterprise Manager flaw CVE-2024-29849. CISA adds Oracle WebLogic Server flaw to its Known Exploited Vulnerabilities ...
1 year ago Securityaffairs.com CVE-2024-29849 CVE-2023-49103 CVE-2023-20198 CVE-2023-38831 Rocke
Patch Now: Attackers Pummel Critical, Easy-to-Exploit OwnCloud Flaw - Hackers are actively exploiting a critical flaw in the open source ownCloud platform that allows access to access admin passwords, mail server credentials, and license keys, exposing their enterprise to data breaches or other types of malicious ...
1 year ago Darkreading.com CVE-2023-49103 CVE-2023-49105 CVE-2023-49104

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)