Grand Theft Auto V cheat service hacked, data on thousands of gamers exposed
Hackers breached a service that provided cheats for Grand Theft Auto V, stealing usernames, hashed passwords, and other personal data. The incident has exposed thousands of players to potential privacy risks.
A cheat service for Grand Theft Auto V has suffered a data breach, compromising the personal information of thousands of users. The attack targeted a platform that offered unauthorized modifications and cheats for the popular video game, according to security researchers. Stolen data includes usernames, hashed passwords, email addresses, and IP addresses. The breach was disclosed by the hacking group itself, which posted a sample of the stolen database online. The group claimed to have accessed the service's servers and extracted the information without triggering any alarms. The cheat service has not yet publicly acknowledged the incident or notified affected users. Security experts warn that the exposed data could be used for targeted phishing attacks or account takeovers on other platforms. Players who used the same credentials across multiple services are particularly at risk. The breach highlights the ongoing security vulnerabilities in third-party gaming services, which often operate with limited resources and oversight. Grand Theft Auto V, developed by Rockstar Games, remains one of the best-selling video games of all time, with a large online multiplayer component that attracts cheaters. Rockstar has repeatedly taken action against cheat providers, but the cat-and-mouse game continues. Affected users are advised to change passwords on any accounts that share the compromised credentials and enable two-factor authentication where possible. The full extent of the breach is still under investigation, but the leaked database contains records from thousands of users. The incident serves as a reminder of the risks associated with using unofficial cheat services in online games.
Red Hat NPM channel compromised in supply-chain attack pushing credential-stealing worm
Official Red Hat NPM accounts were compromised and used to distribute a malicious worm that steals credentials. The attack began Monday and affected over 30 packages.
Official Red Hat NPM accounts have been compromised and used to push a malicious worm that spreads from machine to machine, where it pilfers sensitive credentials in hopes of stealing yet more confidential data, researchers said. The supply-chain attack began Monday and remained active at the time this post went live, according to researchers at security firm Aikido. It’s the result of the threat actor responsible for the hack taking control of @redhat-cloud-services, a legitimate channel in the npm repository that’s reserved for official Red Hat packages. As such, the channel is widely trusted by developers who rely on Red Hat cloud services.
The vicious cycle of today’s supply-chain attacks is evident in this incident. It’s unclear precisely how the threat actor took control of the namespace, but it almost certainly involved the compromise of credentials required to access it, possibly through a previous supply-chain attack. More than 30 packages seem to be affected. The worm is designed to spread across networks, harvesting credentials from infected systems to gain access to additional resources.
Aikido researchers detected the malicious activity and reported it to Red Hat. The compromised packages were removed from the npm registry shortly after the discovery. However, the attack highlights the ongoing risk of supply-chain compromises targeting trusted developer tools and platforms.
Developers who have used any of the affected packages are advised to rotate credentials and audit their systems for signs of compromise. The worm’s ability to spread laterally makes it particularly dangerous for organizations with interconnected networks.
Red Hat has not yet issued a public statement regarding the incident. The company is likely investigating the breach and working to secure its NPM accounts. Users of Red Hat cloud services should remain vigilant and monitor for any suspicious activity.
The attack underscores the importance of multi-factor authentication and strict access controls for package publishing accounts. As supply-chain attacks become more sophisticated, developers must verify the integrity of dependencies and monitor for unusual updates.
Aikido researchers continue to analyze the worm’s behavior and impact. They have shared indicators of compromise with the security community to help organizations detect and respond to the threat. The full extent of the data theft is not yet known.
Red Hat has not provided a timeline for when the compromised accounts will be fully restored. In the meantime, developers are urged to avoid using any packages from the @redhat-cloud-services namespace until further notice.
WhatsApp Develops Scam Alert Feature to Detect Fraud Without Reading Messages
WhatsApp is developing a new Scam Alert feature that detects fraudulent messages without reading their content. The system aims to protect users from scams by analyzing message patterns and metadata.
WhatsApp is working on a new security feature called Scam Alert, designed to identify fraudulent messages without accessing their content. The feature, currently in development, uses pattern recognition and metadata analysis to flag potential scams. This approach preserves end-to-end encryption while enhancing user protection.
The system analyzes message metadata such as sender behavior, message frequency, and known scam patterns. When suspicious activity is detected, the feature alerts the user without revealing the message content. This method ensures privacy while combating fraud.
Scam Alert is part of WhatsApp's broader effort to tackle online fraud. The company has been testing the feature internally and plans to roll it out to users in the coming months. The exact release date has not been announced.
WhatsApp has not disclosed specific technical details about how the feature distinguishes scams from legitimate messages. However, the system is expected to learn from reported scams and adapt to new fraud techniques over time.
The feature will be available on both Android and iOS versions of the app. Users will receive a notification when a potential scam is detected, with options to report or block the sender. The feature will be optional and can be disabled in settings.
WhatsApp's Scam Alert comes amid rising concerns about phishing and social engineering attacks on messaging platforms. The company has previously introduced features like two-step verification and suspicious link detection to enhance security.
The development was first spotted in the WhatsApp beta for Android version 2.24.10.10. The feature is not yet available to the public and may undergo changes before the final release.
WhatsApp has not provided a timeline for the global rollout of Scam Alert. The company stated that the feature will be introduced gradually after thorough testing to ensure effectiveness and user privacy.
DOJ sues states that rejected ICE requests for undercover license plates
The Department of Justice has filed lawsuits against four states that blocked ICE agents from registering undercover license plates, arguing the policies are unconstitutional and endanger federal officers. The DOJ cited websites like ICEList.info and ICESpy.org as examples of alleged doxing threats.
The Trump administration is pressing forward with legal action against states that have refused to allow Immigration and Customs Enforcement agents to register undercover license plates. The Department of Justice filed lawsuits targeting four states, claiming their policies violate the Constitution by imposing different rules on federal officers compared to state officers, who can easily obtain such plates.
In the lawsuits, the DOJ pointed to websites such as ICEList.info and ICESpy.org as evidence of alleged doxing threats against ICE agents. The department argued that these sites expose officers to harassment and invasive tracking, though it did not provide specific evidence linking the sites to actual harm.
The DOJ contended that denying undercover plates increases risks for ICE agents, including potential harassment and the possibility that enforcement targets could evade arrest more easily. The lawsuits assert that state policies unlawfully hinder federal law enforcement operations.
The four states targeted in the lawsuits have not yet publicly responded to the DOJ's allegations. The legal challenge marks an escalation in the ongoing conflict between the federal government and states that have adopted policies limiting cooperation with ICE.
The DOJ's filings emphasize the need for uniform treatment of federal officers, arguing that state restrictions create unconstitutional burdens. The cases are expected to test the limits of state authority over federal immigration enforcement.
No court dates have been set for the lawsuits, and the DOJ has not indicated whether additional states may face similar legal action. The administration continues to push for expanded ICE access to undercover plates as part of its broader immigration enforcement strategy.
Dutch Authorities Dismantle Botnet of 17 Million Devices
Dutch police and the National Cyber Security Center dismantled a botnet comprising over 17 million devices, managed by 200 servers. The operation followed a security researcher's report, and the host infrastructure was located in the Netherlands.
Authorities in the Netherlands announced the dismantling of a botnet that included more than 17 million devices. The network was managed by 200 servers, according to a joint operation by the police and the National Cyber Security Center (NCSC). The action was made public on Thursday.
The investigation began after a security researcher reported the sprawling network to authorities. The host infrastructure was located in the Netherlands, the NCSC stated. Police subsequently seized several botnet servers from a hosting provider for further investigation.
The botnet was taken offline by the provider because it was used for criminal purposes, the NCSC explained. The scale of the botnet, with millions of compromised devices, highlights the ongoing threat of such networks for cybercrime activities.
The NCSC did not disclose the specific criminal activities the botnet was used for, but botnets are commonly employed for distributed denial-of-service attacks, spam campaigns, and credential theft. The dismantling disrupts the infrastructure that enabled these operations.
No arrests have been reported in connection with the takedown. The authorities continue to analyze the seized servers to understand the full scope of the botnet's operations and identify those responsible.
The operation underscores the importance of collaboration between security researchers and law enforcement. The NCSC encouraged other researchers to report similar threats to help protect digital infrastructure.
Details about the hosting provider or the specific malware used to compromise the devices were not released. The NCSC advised device owners to keep their software updated and use strong passwords to prevent their devices from being enlisted in botnets.
The takedown represents a significant blow to cybercriminal infrastructure, but the NCSC warned that similar networks may still be active. The agency continues to monitor the threat landscape and coordinate with international partners.