us-technology

(Image credit: Epic Games) What’s new in Fortnite? (Image credit: Epic Games) Epic Games ran a Fortnite live event over the weekend (August 2), which saw Daigo destroy Demon’s Domain by summoning a huge kraken. Players had to work together to take the creature down, before Superman swooped in to save the day. We’re now just days away from the launch of a new season, so hopefully we’ll be hearing more about what’s next very soon indeed. Fortnite Chapter 6 is finally here, continuing with Fortnite Chapter 6 Season 3 which has switched up the map once again. There’s new weapons to try out, a superhero-themed Battle Pass, as well as updates centered around Superman himself. We don’t yet know exactly what’s to follow in the next season of Fortnite, but given Fortnite Super is just days away from ending, it won’t be long before we get some hints from Epic Games. It’s frequent updates like these that make Fortnite one of the best battle royale games around. Last season concluded June 7 with a climactic Star Wars live event, before Chapter 6 Season 3 went live across the world. Here’s everything you need to know about the process of Fortnite Chapter 6 Season 4 launching, when the next season starts, and what to expect from Fortnite in the future. Also, the latest on what’s been revealed about Superman, and other superhero skins. When does the current season of Fortnite end? (Image credit: Epic Games) Fortnite Super will end on August 7, 2025. So far, no details have been shared on specific timings, though the in-game Battle Pass menu does count down to the update. We’ll be sure to provide details closer to launch, but expect the new season to launch after a period of extended downtime. When is the next season of Fortnite? (Image credit: Epic Games) The next season of Fortnite has yet to be fully revealed, but it’ll launch following downtime on August 7, 2025. Hopefully, downtime is only 2-3 hours (based on the average times of Chapter 6 so far), but it’s worth noting that things have been known to slip slightly in the past. What to expect from the next Fortnite season (Image credit: Epic Games) Epic Games has not fully revealed what’s in store for Fortnite Chapter 6 Season 4, but given that the current one only has a couple of days left, we’ll be hearing updates very soon indeed. Sign up for breaking news, reviews, opinion, top tech deals, and more. Fortnite Chapter 6 Season 3 map changes (Image credit: Epic Games) Here’s the full map for Fortnite Super. As you can see in the image above, there’s still some Star Wars locations like Outpost Enclave, First Order Base, and Resistance Base. The new locations are Supernova Academy, Utopia City, and Demon’s Domain. Sprites have been turned into mascots, but work the same way as before, with different abilities like laser-vision. You Might Also Like… Best crossplay games Fortnite Chapter 4 review Here’s when to expect the new season of Fortnite OG Jake is a freelance writer who currently works regularly with TRG. Hailing from the overcast shores of Brighton in the United Kingdom, Jake can be found covering everything from features to guides content around the latest game releases. As seen on NME.com, Eurogamer.net, and VG247.com, Jake specializes in breaking games down into approachable pieces for guides, and providing SEO advice to websites looking to expand their audiences. Read More

(Image credit: NetEase) Marvel Rivals Season 3.5 will launch next week, adding a brand new Hero into the mix, and refreshing Competitive Mode ranks and rewards. We’ve now had the full reveal on what’s set to change, including details on Blade, the new Team Ups, and all incoming buffs and nerfs. What’s new in Marvel Rivals? (Image credit: NetEase) Marvel Rivals will be launching into Season 3.5 later this week, and NetEase has shared the full roadmap for the new update. Looks like we’ll be getting a new event alongside the launch of Season 3.5, and can look forward to skins for Peni Parker, Scarlet Witch, and Iron Man in the future. For full info on what’s set to be added on August 8, visit our Marvel Rivals patch notes guide. In my Marvel Rivals review, I praised the game’s huge suite of Heroes, and the surprising amount of depth found when trying out each one. With Season 3.5, there’s set to be another Hero added, as well as an overhaul to the roadmap. Since its launch, Marvel Rivals has changed quite a bit, adding smart changes to Competitive Mode while giving players something to work toward. It’s consistent updates like this that make Marvel Rivals a worthy inclusion in our best PC Games of 2025 list. Here’s everything you need to know about the next season of Marvel Rivals, including when the current one ends, and what to expect from the new Heroes that are being added. As release day draws nearer, I’ll update this page with all of the latest news and info. When is the next season of Marvel Rivals? (Image credit: NetEase) Marvel Rivals Season 3.5 will launch following downtime that’s planned for August 8, 2025. This is according to recent info given by NetEase alongside the full reveal of Season 3.5. When does the current season of Marvel Rivals end? (Image credit: NetEase) Marvel Rivals Season 3 will end on August 8 at 5AM EDT / 2AM PDT / 10AM BST, for a few hours of downtime before the launch of the new season. Keep an eye on the official Marvel Rivals website for any changes. Marvel Rivals Season 3.5 new Team Up changes (Image credit: NetEase) Marvel Rivals Season 3.5 brings in a bunch of new Team Ups, while removing existing ones. The first new one adds Luna Snow and Adam Warlock, unlocking powerful synergistic healing. Here’s what changed: Duality Dance: Luna Snow, Adam Warlock (NEW) Vibrant Vitality: Mantis, Groot, Loki (NEW) Ever-Burning Bond: Human Torch, Spider-Man (Balance Changes) Atlas Bond: Luna Snow, Iron Fist (Removed) Guardian Revival: Adam Warlock, Star Lord, Mantis (Removed) Chilling Assault: Luna Snow, Hawkeye, Iron Fist (Iron Fist added) Lunar Force: Cloak & Dagger, Moon Knight, Blade (Blade added) Ragnarok Rebirth: Hela, Loki, Thor (Loki adjusted) Rocket Network: Peni Parker, Rocket Raccoon, Star Lord (Star Lord added) Marvel Rivals latest Hero balancing changes Welcome to Season 3.5 | Dev Vision Vol. 08 | Marvel Rivals – YouTube Watch On In the Developer Vision video you can view above, some general balance updates applied to Marvel Rivals alongside the latest seasonal update are explained in full. We’ve collected the key points in the list below: Sign up for breaking news, reviews, opinion, top tech deals, and more. Hero balancing (buffs): Star Lord, Iron Fist, Spider-Man, Dr Strange, Groot, Thor, Adam Warlock, Hero Balancing (nerfs): Black Panther, Wolverine, Magneto, Mantis, Cloak & Dagger New Hero schedule: One per month from Season 3 onwards New mode: Resource Rumble Maps: Throne of Knull Competitive Mode: New ranked rewards, increased penalties for quitting, point compensation Misc: Voice-Chat monitoring, text chat filtering, shader compilation changes Marvel Rivals Blade Blade: The One and Only | Character Reveal | Marvel Rivals – YouTube Watch On Blade is the main Hero being added for Marvel Rivals Season 3.5. He’s a Duelist that wields a shotgun and a sword. He can use the sword to block incoming damage, and has an arcing leap ability to close the distance. His Ultimate ability deals massive damage over a large area with the sword. Marvel Rivals next season FAQ Who was the last Hero to be added to Marvel Rivals? Phoenix was the last Hero to be added to Marvel Rivals. She’s a ranged Duelist that deals great burst damage with flaming attacks. She has a dash to escape diving enemies, and her Ultimate is great for clearing the battlefield of support items like spider-mines, Loki clones, and Rocket revive hubs. Who are the next characters coming to Marvel Rivals? The next Hero that’ll be added to Marvel Rivals is Blade. Beyond that we don’t know who’s set to arrive in Season 4, though we only have a month to wait now. What season is Marvel Rivals in? Marvel Rivals is currently in Season 3. This started on July 11, and should run through to August 8. We’ll then be in Season 3.5. You Might Also Like… Will Marvel Rivals be on Nintendo Switch 2? Best free games to play in 2025 When to expect the next season of Fortnite Jake is a freelance writer who currently works regularly with TRG. Hailing from the overcast shores of Brighton in the United Kingdom, Jake can be found covering everything from features to guides content around the latest game releases. As seen on NME.com, Eurogamer.net, and VG247.com, Jake specializes in breaking games down into approachable pieces for guides, and providing SEO advice to websites looking to expand their audiences. Read More

(Image credit: 2K) Despite having been announced over five years ago, we barely know anything about BioShock 4, and have next to nothing that’s been officially confirmed. This is a shame given it’s one of the most interesting and highly acclaimed gaming series of all time – and it’s been more than a decade since the last game was released. We do know that 2K Games are publishing it and it’s being developed by a studio called Cloud Chamber. Apart from that, we’re clutching at straws in terms of where the game might be set, how it might play, what platforms it is going to release on, and so on. It would be easy to say that we ‘expect’ to hear something soon, but given the nearly five-year gap since the announcement and now, and the fact that it really is one of the most highly-anticipated upcoming games that’s known to be in development, we really do hope that we get something concrete soon. However, while we wait for more info on BioShock 4, here’s everything that’s been revealed about the game so far, including some rumors about its development so far. Once new details come to light, this page will be updated. BioShock 4: cut to the chase What is it? The fourth entry in 2K Games’ retrofuturistic game series When can I play it? TBC What can I play it on? TBC (PS5, Xbox Series X|S, and PC are likely) Who is making it? Cloud Chamber Studios (a 2K Games studio) BioShock 4 – what we know so far (Image credit: 2K) While we’re certainly excited for the next BioShock game, we don’t actually know when we’ll get our hands on it. In a tweet officially announcing a new BioShock game back in 2019, publisher 2K Games stated that work had begun on the next iteration of the BioShock franchise. Here, it confirmed that the game would be in development “for the next several years”. That may not have been the most welcome news, but it did give us an idea about what platforms BioShock 4 would eventually release on. Now that we’re deep into the generation of the PS5 and Xbox Series X|S – and, by extension, further away from the Xbox One and PS4, we would strongly predict that, given the ongoing wait for the game as well, BioShock 4 will be a current-gen exclusive and not cross-generational. As spotted by GamesRadar (July 4, 2024), the studio’s senior cinematic designer Jeff Spoonhower shared a bunch of open roles on LinkedIn, while also teasing what’s to come. Sign up for breaking news, reviews, opinion, top tech deals, and more. “The BioShock team at 2K Cloud Chamber is ramping up!” the post reads. “We have many positions open across a variety of disciplines including art, animation, engineering, design, narrative, and production.” In a report published by Bloomberg (August 2, 2025), it’s revealed that BioShock 4 allegedly failed an internal review by publisher 2K recently. As a result, the creative director Kelley Gilmore has been moved off of the project, and there’s a change in the top layers of leadership involved with making BioShock 4. This is unfortunately the latest update with have on BioShock 4, so it would appear that the game is still a while off from being released. BioShock 4 gameplay predictions (Image credit: 2K Games) Now, when looking at or thinking about BioShock 4 gameplay and setting details we are diving head first into a lot of speculation and clutching at straws. However, there have been some clues that we could investigate (read: ‘cling to’) to try and inform ourselves a little on both factors. First, to potential BioShock 4 gameplay. The original official 2K press release from 2019 (no longer live or available) did seem to indicate that it would be first-person again. 2K President David Ismailer said alongside that ”We can’t wait to see where its [BioShock’s] powerful narrative and iconic, first-person shooter gameplay head in the future with our new studio team at Cloud Chamber leading the charge.” This rather implies that the first-person nature is likely to continue. BioShock 4 setting prediction (Image credit: 2K Games) The settings of BioShock games are always incredibly important aspects. Ever since players first locked eyes on the underground city of Rapture, BioShock games’ settings have mesmerized, while also became a core part of each game’s story and narrative. In terms of possible BioShock 4 setting details, there was a lot of rumor floating around at the end of 2021 stating that the fourth game would take us back to a familiar time period. The crux of the rumors was that BioShock 4 would be set in the 1960s and in an Antarctic city called ‘Borealis’ – and that its story would connect the previous games in the series. While these claims did align with several publications’ own sources at the time, there has been no official confirmation or word on them. Going back a bit further in 2021, there was a strong belief that BioShock 4 would be going open-world due to details stated in some job ads at the time that all pointed toward the design of a bust, crowd-filled, expansive open-world setting. Again, there was and has been no official comment on that. BioShock 4 developer (Image credit: 2K Games) As we know, the studio making BioShock 4 is Cloud Chamber – but who exactly is leading development and has their hands on the tiller? Well, we know a few people involved – and we’ve addressed the Ken Levin-shaped question below too. Leading the studio is Kelley Gilmore, a veteran developer, formerly of Firaxis Games. However, with other folks involved who have experience with the BioShock series working on the game too, there is genuine “BioShock DNA” within the development team as Gilmore confirmed in an interview with our sister site GamesRadar+. When was BioShock 4 announced? Today, 2K announced the founding of Cloud Chamber, its newest development studio. This team

(Image credit: Shutterstock / sdecoret) When I first started as an engineer in the semiconductor industry, we worked on pretty boring electronics. Laptops, portable phones, gaming computers – not the most exciting stuff by today’s standards. Then some smart engineer on the U.S. West Coast took a portable mobile phone and a portable computer, stuffed them into each other and called it a smartphone. It’s basically a data display device. And we were super proud of our smartphones. And when these data display devices were combined with big storage and big compute in the cloud, well that’s what enabled an on-demand world. A world that allows us to order whatever we want with only a couple of clicks. Now, after decades of technology advancements, we are moving from an on-demand world, to one that anticipates our needs and automates to address them. In this world an ever-growing number of connected systems – cars, smart homes, factory floor sensors, healthcare devices – process data right where it’s captured. At the intelligent edge, manual devices transform into autonomous and responsible robots. These robots will be powered by engineering innovations, new design processes, and advances in sensors and AI. What can we expect in this new world? Think about this for a minute. Over the next few decades, our homes will be able to predict maintenance needs, keep our families safe, and even order food for the fridge. Sound more like dream than reality? I am telling you – it is not. And it’s more than just our homes. Driving will be entirely automated too, and cars themselves will be convenience spaces where you can relax or work while you ride. This intelligent world is closer than you think. But how will we get there? CTO and EVP at NXP Semiconductors. Creating our digital twins One of the most important steps toward autonomous and responsible robots has been underway for decades: the creation of digital twins. These are virtual models of physical objects, located within the cloud. For an individual, that might be the state of your health, wealth, and your physical presence. It also applies to homes, businesses, hospitals, and even cars. But simply digitizing the physical world will only take us so far. We need to enable this digital world to reach out to its physical counterpart. In doing so, these digital twins will be able to connect with each other, optimize and learn from each other. Then, and this is the critical part, they apply that knowledge in the real world. Only once we achieve this, can autonomous robots truly become a reality. From manual machines to autonomous robots We need to enable machines to sense, think, connect, and act in our physical world. And what is most important, we need to make sure they always do so responsibly – with safety and security at the core of everything they do. Because you will never hand over control to a robot that you do not trust. Largely, building acting machines has been achieved over the past 140 years. These machines have just always required a human to provide input or oversight. More recently, connectivity challenges have been solved in the 1990s and early 2000s. Now our real challenges lie in enabling machines to sense and think. The automotive industry is a clear example of where we’ve fallen short here so far. Around 2016, everyone thought that self-driving cars were around the corner. Theoretically, we had the technology to make them work. Yet fully autonomous driving still remains out of reach. So, what went wrong? The gap between the autonomous driving future that was predicted, and today’s reality comes from a fundamental misunderstanding of AI systems. We thought that simply having an AI system that’s trained on how we drive would be enough. It’s like expecting to be able to hand the keys to your teenager and letting them drive simply because they’d been in the car with you for years. In the real world, people need to train and pass deterministic tests before they are given a driver’s license. That layer of trust, safety, and security is what was missing. Enabling the brain shift To get the safety and security part right, today’s AI (the brain of the robot) requires a new approach. And where better to look for inspiration than the human brain itself. Our brains are largely broken into three areas: the cerebrum facilitates perception, the cerebellum coordinates action and vital functions, and the brain stem regulates real time functions and powers reflexes. For humans, all of these are crucial. But for robots, it depends on their use. Back to the autonomous car example, the highest priority is function and safety. For this, we need reflexes and coordination in conjunction with sensors. For a self-driving car, that translates at a base level to functional and safe power management and a real-time neural information transportation system. Or in other words, reliable Power Management Integrated Circuits (PMIC) and processors that can handle all the information that comes in from a vast array of sensors. Beyond that, you need modular software building blocks. This is because it’s software that defines how autonomous vehicles function. Having pre-built blocks of software also means that production can be adapted even at scale. If you’ve got building blocks for compute, networking, power management, and more, you can minimize the time spent on basic functionality. With that, you can invest more effort into bringing products to market or solving difficult challenges. While self-driving cars are the most familiar example today, this brain shift taking place is laying the groundwork for other intelligent machines in the future. Building on intelligent foundations Re-engineering the robot brain is important, but it’s not only thing needed for a world that anticipates and automates. We also need ongoing improvements to sensors, along with a common language to enable interoperability across these robots. These are all areas where we are making rapid progress: with high-resolution radar, ultra-wideband signals, and the Matter

French fashion giant Chanel is the latest company to suffer a data breach in an ongoing wave of Salesforce data theft attacks. Chanel says the breach was first detected on July 25th after threat actors gained access to a Chanel database hosted at a third-party service provider, as first reported by WWD. The breach only impacted customers in the United States and exposed personal contact information. “Based on the findings of the investigation, the data obtained by the unauthorized external party contained limited details of a subset of individuals who contacted our client care center in the U.S. —specifically name, email address, mailing address and phone number,” a Spokesperson told WWD. “No other information was contained in the database. The clients affected have been informed.” While Chanel has not replied to our emails and the name of the third-party service provider was not mentioned, BleepingComputer has learned that it was stolen from the company’s Salesforce instance. This attack has been attributed to the ongoing wave of Salesforce data-theft attacks conducted by the ShinyHunters extortion group. As first reported by Mandiant, threat actors have been actively targeting Salesforce customers in vishing (voice phishing) attacks to compromise credentials or to trick employees into authorizing a malicious OAuth app with their organization’s Salesforce portal. Once they gain access to the Salesforce instance, they exfiltrate the database and use it as leverage in extortion demands on customers. In a statement to BleepingComputer, Salesforce emphasized that its platform was not compromised, but rather, customers’ accounts are being breached in social engineering attacks. “Salesforce has not been compromised, and the issues described are not due to any known vulnerability in our platform. While Salesforce builds enterprise-grade security into everything we do, customers also play a critical role in keeping their data safe — especially amid a rise in sophisticated phishing and social engineering attacks,” Salesforce told BleepingComputer. “We continue to encourage all customers to follow security best practices, including enabling multi-factor authentication (MFA), enforcing the principle of least privilege, and carefully managing connected applications. For more information, please visit: https://www.salesforce.com/blog/protect-against-social-engineering/.” The threat actors have not publicly leaked the data for any companies to date, with companies currently extorted via email. Other companies impacted in these Salesforce data theft attacks include Adidas, Qantas, Allianz Life, and the LVMH brands, Louis Vuitton, Dior, and Tiffany & Co. BleepingComputer knows of other allegedly breached companies that have not yet disclosed attacks, but we have not been able to verify them independently as of yet. Read More

Proton fixed a bug in its new Authenticator app for iOS that logged users’ sensitive TOTP secrets in plaintext, potentially exposing multi-factor authentication codes if the logs were shared. Last week, Proton released a new Proton Authenticator app, which is a free standalone two-factor authentication (2FA) application for Windows, macOS, Linux, Android, and iOS. The app is used to store multi-factor authentication TOTP secrets that can be used to generate one-time passcodes for authentication on websites and applications. Over the weekend, a user posted in a now-deleted Reddit post that the iOS version was exposing TOTP secrets in the app’s debug logs found under Settings > Logs. “Imported my 2FA accounts, enabled backup and sync, everything looked good at first. At some point, after I changed the label on one of my entries and switched apps briefly,” reads an archive of the post. “I came back to find that about half of my 2FA entries were gone. I think it might’ve happened after the label edit, but I’m not 100% sure. Could’ve been something else. Either way, they disappeared without any error or warning.” “I wanted to do the right thing and submit a bug report. While preparing it, I opened the log file the app generates, and that’s when it went from mildly annoying to deeply concerning. Turns out, the log contains full TOTP secrets in plaintext. Yes, including the one for my Bitwarden account.” Another commenter noted that the leak stems from code on the iOS app [1, 2] that adds a lot of data about a TOTP entry to a params variable, which is then passed to two functions used for adding or updating a TOTP secret on the app. TOTP secret passed to ‘params’ variable which is added to logs When this is done, the functions will also add this data to a log entry, which exposes the TOTP secret. Proton confirmed the bug in the iOS version, stating that it is now fixed in version 1.1.1, released to the App Store approximately 7 hours ago. “Secrets are never transmitted to the server in plaintext, and all sync of secrets is done with end-to-end encryption. Logs are local only (never sent to the server), and these secrets can also be exported on your device to meet GDPR data portability requirements,” Proton told BleepingComputer. “In other words, even if this was not in the logs, somebody who has access to your device to get these logs, would still be able to obtain the secrets. Proton’s encryption cannot protect against device side compromise, so you must always secure your device as that is outside of our threat model.” “We have updated the iOS app to change the logging behavior, but this isn’t a vulnerability that can be exploited by an attacker, and if the attacker has access to your device to access the local logs, they will anyways be able to obtain the secrets, and there is nothing Proton (or any 2FA app) can do to prevent that.” While this log data can’t be exploited remotely, the concern was that if the logs were shared or posted anywhere to help diagnose an issue or bug, it would also expose the sensitive TOTP secret to a third party. These secrets could then be imported to another Authenticator to generate one-time passcodes for that account. Read More

Microsoft announced that the transcription, dictation, and read aloud features will stop working in older versions of Office 365 applications in late January 2026. Read aloud lets users hear documents and emails read back, transcription converts speech into text in real-time, and the dictation feature allows for voice-to-text input across Office applications. The company advised customers to update their Microsoft 365 Office apps to a version higher than 16.0.18827.20202 (released in early July) by the end of January 2026 to maintain access to these accessibility and productivity features. This deadline provides most organizations with approximately one year to plan and implement the necessary software updates across their environments. However, Redmond added that government cloud customers using GCC, GCC High, and DoD environments have two more months, until March 2026, to update their software. “To ensure continued high-quality performance of the Read Aloud, Transcription, and Dictation features in Microsoft 365 Office apps, we’re upgrading the backend service that powers these capabilities,” the company said in a Friday message center message. “As a result, these features will no longer function on Office clients running versions earlier than 16.0.18827.20202 after January 2026.” The change stems from Microsoft’s decision to upgrade the backend service that powers these voice-enabled capabilities. Users running Office clients with version numbers below the specified threshold will lose access to the features after the deadline. The company stated that Office clients running versions higher than 16.0.18827.20202 will not be affected by the infrastructure upgrade and will experience no changes to their current functionality. In May, Redmond also announced plans to end support for Office apps on Windows 10 later this year and that it will continue providing security updates for three more years, until 2028. One month earlier, in April, Microsoft reminded customers that Office 2016 and Office 2019 will reach the end of extended support two months from now, on October 14, 2025. Read More

CTM360 has discovered a new global malware campaign dubbed “ClickTok” that spreads the SparkKitty spyware through fake TikTok shops to steal cryptocurrency wallets and drain funds. The unique spyware trojan discovered by CTM360 is specifically engineered to exploit TikTok Shop users across the globe. Dubbed as “ClickTok”, this highly coordinated scam operation employs a hybrid scam model that combines phishing and malware to deceive buyers and affiliate program participants on TikTok’s growing e-commerce platform.  In the ClickTok campaign, TikTok shops were identified embedded with SparkKitty spyware, a variant closely resembling SparkCat, previously identified by Kaspersky. Once installed, it infiltrates the user’s device, accesses the photo gallery, and extracts screenshots that may contain cryptocurrency wallet credentials. What makes ClickTok unique is its simultaneous use of phishing and malware tactics, significantly increasing its impact and stealth.  The scam begins with the impersonation of TikTok’s commercial ecosystem, including TikTok Shop, TikTok Wholesale, and TikTok Mall. Threat actors create fake TikTok websites that closely mimic the official interface, deceiving users into thinking they’re interacting with the real platform. Victims are lured into logging in and attempting to make purchases. During the checkout process, they are instructed to pay via cryptocurrency wallets. Once payment is made, the trojanized app embedded with SparkKitty spyware, covertly captures sensitive data, including wallet credentials, by reading screenshots and images stored on the device, ultimately enabling the theft of digital funds. The Motive Behind ClickTok – A Hybrid Scam Structure The attacker has two main objectives:  Phishing Websites:  They incite users to open the fake Shop URLs distributed through meta ads, prompting users to enter login credentials, payment details, or seller information, all of which are silently harvested.  CTM360 has tracked down a unique spyware trojan specifically engineered to exploit TikTok Shop users across the globe. Dubbed as “ClickTok”, this highly coordinated scam operation employs a hybrid scam model that combines phishing and malware to deceive buyers and affiliate program participants on TikTok’s growing e-commerce platform.  Trojanized Apps:  On mobile, the sites urge users to install modified TikTok Apps that are infected with SparkKitty, a malicious spyware variant capable of deep device surveillance, clipboard scraping, and credential theft. These fake apps have the exact user interfaces as original TikTok shops, tricking victims into believing they’re interacting with a legitimate TikTok App while silently siphoning sensitive data in the background. Fake Ads, AI Videos & Lookalike Domains ClickTok scammers use Fake AI-generated Videos and Meta ads to reach a wider audience. These ads direct users to fake cybersquatted domains carefully crafted to look like real TikTok URLs.  To date, CTM360 has observed: 10,000+ impersonated TikTok websites, many using free or inexpensive TLDs such as .top, .shop, .icu, and others. Over 5,000+ unique malicious app instances, spread via QR codes, messaging apps, and in-app downloads. Fraudulent campaigns impersonating not just TikTok Shop, but also TikTok Wholesale and TikTok Mall.  Motive & Monetization The ClickTok campaign uses fake TikTok Shop login pages to harvest user credentials and malware distribution through trojanized apps that enable account hijacking. It implements an alternative payment structure that excludes traditional card transactions, instead requiring payments through cryptocurrency wallets. Victims are often encouraged to “top up” fake TikTok wallets or digital currencies like USDT, ETH and more.  CTM360’s Recommendations CTM360 urges users and organizations to stay vigilant and take the following precautions: Avoid downloading modded, cracked, or unknown software, especially from torrent sites and Telegram. Always verify domain authenticity before entering login or payment information, and manually check for spelling errors or suspicious domain extensions. Report any suspicious TikTok-related content, ads, or apps directly to TikTok or cybersecurity authorities in your country. Brands and sellers should regularly monitor brand abuse and impersonation trends using threat intelligence platforms. Strong antivirus or EDR Solution to prevent SparkKitty spyware breaches.  If you use a crypto wallet, go for one that is clipboard-protected. Detect Cyber Threats 24/7 with CTM360 Monitor, analyze, and promptly mitigate risks across your external digital landscape with the CTM360. Join our Community Edition  Sponsored and written by CTM360. Read More

A newly discovered Linux malware, which has evaded detection for over a year, allows attackers to gain persistent SSH access and bypass authentication on compromised systems. Nextron Systems security researchers, who identified the malware and dubbed it “Plague,” describe it as a malicious Pluggable Authentication Module (PAM) that uses layered obfuscation techniques and environment tampering to avoid detection by traditional security tools. This malware features anti-debugging capabilities to thwart analysis and reverse engineering attempts, string obfuscation to make detection more difficult, hardcoded passwords for covert access, as well as the ability to hide session artifacts that would normally reveal the attacker’s activity on infected devices. Once loaded, it will also scrub the runtime environment of any traces of malicious activity by unsetting SSH-related environment variables and redirecting command history to /dev/null to prevent logging, eliminating audit trails and login metadata, and erasing the attacker’s digital footprint from system history logs and interactive sessions. “Plague integrates deeply into the authentication stack, survives system updates, and leaves almost no forensic traces. Combined with layered obfuscation and environment tampering, this makes it exceptionally hard to detect using traditional tools,” threat researcher Pierre-Henri Pezier said. “The malware actively sanitizes the runtime environment to eliminate evidence of an SSH session. Environment variables such as SSH_CONNECTION and SSH_CLIENT are unset using unsetenv, while HISTFILE is redirected to /dev/null to prevent shell command logging.” While analyzing the malware, the researchers also discovered compilation artifacts indicating active development over an extended period, with samples compiled using various GCC versions across different Linux distributions. Additionally, although multiple variants of the backdoor have been uploaded to VirusTotal over the past year, none of the antivirus engines have flagged them as malicious, suggesting that the creators of the malware have been operating undetected. “The Plague backdoor represents a sophisticated and evolving threat to Linux infrastructure, exploiting core authentication mechanisms to maintain stealth and persistence,” Pezier added. “Its use of advanced obfuscation, static credentials, and environment tampering makes it particularly difficult to detect using conventional methods.” In May, Nextron Systems discovered another malware exploiting the flexibility of the PAM (Pluggable Authentication Modules) Linux authentication infrastructure, which enables its creators to steal credentials, bypass authentication, and gain stealthy persistence on compromised devices. Read More

Ziff Davis-owned IGN Entertainment has laid off staff, including eight members of the IGN Creators Guild. Those cuts represent 12 percent of the bargaining unit. The layoffs are the latest shift in the turbulent gaming media landscape. Earlier this year, Verge parent company Vox Media sold Polygon to GameRant owner Valnet, Giant Bomb went independent, and Game Informer returned after being shut down by GameStop. Last week, Ziff Davis also laid off staff at CNET. Laid off IGN staffers include former senior features editor Matt Kim and video editor Chelsea Miller, but no single department was primarily targeted by the cuts, Rebekah Valentine, IGN senior reporter and co-chair of the guild, tells The Verge. “It was largely single individuals from different departments.” “The company has told us that the reason for this layoff stems from a Ziff Davis-mandate to cut costs despite several quarters in a row of year-over-year revenue increases, to which IGN Entertainment responded by coming for our members’ jobs,” the guild says. “This is perplexing to us, as we are told again and again that IGN Entertainment has had a tremendously successful year thus far thanks to their hard work.” An employee in the engineering department was also laid off, Hunter Paniagua, a representative of the Pacific Media Workers Guild, which represents the IGN Creators Guild, tells The Verge. Ziff Davis didn’t immediately reply to a request for comment. Last year, across all of Ziff Davis, the company employed approximately 3,800 people, according to an SEC filing. Last year, IGN acquired the website portfolio of Gamer Network, which includes publications like Eurogamer, Gamesindustry.biz, and Rock Paper Shotgun. Terms of that deal weren’t disclosed at the time. “The company has not responded to the union’s questions about whether its budget for future acquisitions is being reconsidered as a cost-saving measure alongside these other apparently necessary personnel cuts,” the IGN Creators Guild says. Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates. Jay Peters Read More