### Summary
If there are two overlapping policies for the `update` action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies. 

E.g. have one policy allowing update access to `field_a` if the `id == 1` and one policy allowing update access to `field_b` if the `id == 2`. The user with both these policies is allowed to update both `field_a` and `field_b` for the items with ids `1` and `2`. 

### Details
Before v11, if a user was allowed to update an item they were allowed to update the fields that the single permission, that applied to that item, listed. With overlapping permissions this isn't as clear cut anymore and the union of fields might not be the fields the user is allowed to update for that specific item.

The solution that this PR introduces is to evaluate the permissions for each field that the user tries to update in the validateItemAccess DB query, instead of only verifying access to the item as a whole. This is done by, instead of returning the actual field value, returning a flag that indicates if the user has access to that field. This uses the same case/when mechanism that is used for stripping out non permitted field that is at the core of the permissions engine.

As a result, for every item that the access is validated for, the expected result is an item that has either 1 or null for all the "requested" fields instead of any of the actual field values. These results are not useful for anything other than verifying the field level access permissions.

The final check in validateItemAccess can either fail if the number of items does not match the number of items the access is checked for (ie. the user does not have access to the item at all) or if not all of the passed in fields have access permissions for any of the returned items.

### Impact
This is a vulnerability that allows update access to unintended fields, potentially impacting the password field for user accounts.

**Summary**

If there are two overlapping policies for the update action that allow access to different fields, instead of correctly checking access permissions against the item they apply for the user is allowed to update the superset of fields allowed by any of the policies.

E.g. have one policy allowing update access to field_a if the id == 1 and one policy allowing update access to field_b if the id == 2. The user with both these policies is allowed to update both field_a and field_b for the items with ids 1 and 2.

**Details**

Before v11, if a user was allowed to update an item they were allowed to update the fields that the single permission, that applied to that item, listed. With overlapping permissions this isn't as clear cut anymore and the union of fields might not be the fields the user is allowed to update for that specific item.

The solution that this PR introduces is to evaluate the permissions for each field that the user tries to update in the validateItemAccess DB query, instead of only verifying access to the item as a whole. This is done by, instead of returning the actual field value, returning a flag that indicates if the user has access to that field. This uses the same case/when mechanism that is used for stripping out non permitted field that is at the core of the permissions engine.

As a result, for every item that the access is validated for, the expected result is an item that has either 1 or null for all the "requested" fields instead of any of the actual field values. These results are not useful for anything other than verifying the field level access permissions.

The final check in validateItemAccess can either fail if the number of items does not match the number of items the access is checked for (ie. the user does not have access to the item at all) or if not all of the passed in fields have access permissions for any of the returned items.

**Impact**

This is a vulnerability that allows update access to unintended fields, potentially impacting the password field for user accounts.

**References**

*   GHSA-99vm-5v2h-h6r6
*   directus/directus@a7ea677

GHSA-99vm-5v2h-h6r6: Directus allows updates to non-allowed fields due to overlapping policies

Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn…

Is your Signal, WhatsApp, or Telegram account safe? Google warns of increasing attacks by Russian state-backed groups. Learn how they’re stealing messages and what you can do to defend yourself.

Russian state-backed actors are increasingly targeting secure messaging applications like Signal to intercept sensitive communications, reveals a recent report by Google’s Threat Intelligence Group. These groups, often aligned with Russian intelligence services, are focusing on compromising accounts used by individuals of interest, including military personnel, politicians, journalists, and activists. While the initial focus appears to be related to the conflict in Ukraine, researchers believe that these tactics will spread to other regions and threat actors.  

A primary method employed by these actors in this campaign involves exploiting the “linked devices” feature of Signal. By using phishing techniques, they trick users into scanning malicious QR codes, which then secretly link the victim’s account to a device controlled by the attacker. This allows the attacker to receive all messages in real-time, effectively eavesdropping on conversations without needing to compromise the entire device.

These malicious QR codes are often disguised as legitimate Signal resources, such as group invites, security alerts, or even device pairing instructions. In some cases, they are incorporated into phishing pages designed to mimic specialized applications, such as those used by the Ukrainian military.

The screenshot shows a Signal app phishing site and one of the malicious QR codes used in the attack (via Google).

In some cases, malicious QR codes are used in close-access scenarios, such as when Russian military forces capture devices on the battlefield.  This method lacks centralized monitoring and can go unnoticed for extended periods, which makes it hard to detect.

One group, identified as UNC5792 (also known as UAC-0195), has been observed modifying legitimate Signal group invite links. These altered links redirect victims to fake pages that initiate the unauthorized linking of their devices to the attacker’s control. The phishing pages are designed to closely resemble official Signal invites, making detection challenging. 

Another group, UNC4221 (UAC-0185), has targeted Ukrainian military personnel by embedding malicious QR codes within phishing sites that mimic artillery guidance applications. They have also used fake Signal security alerts to deceive victims. 

Beyond phishing, APT44 (Sandworm) utilizes malware and scripts to extract Signal messages from compromised Windows and Android devices. Their WAVESIGN script retrieves recent messages, while Infamous Chisel malware searches for Signal database files on Android devices.  

Other groups, like Turla and UNC1151, target the desktop application, using scripts and tools to copy and exfiltrate stored messages. UNC4221 has also used a JavaScript payload called PINPOINT to gather user information and geolocation data.

The popularity of secure messaging apps makes them prime targets for adversaries and other platforms, such as WhatsApp and Telegram, are also facing similar threats.

“The operational emphasis on Signal from multiple threat actors in recent months serves as an important warning for the growing threat to secure messaging applications that is certain to intensify in the near-term,” researchers warned.

Therefore, users are advised to stay cautious. It is important to use strong screen locks with complex passwords, keep operating systems and apps updated, and ensure Google Play Protect is enabled. Regularly auditing linked devices, exercising caution with QR codes and links, and enabling two-factor authentication are also recommended. iPhone users at high risk should consider enabling Lockdown Mode.

Hackers Tricking Users Into Linking Devices to Steal Signal Messages

Multiple Russia-aligned threat actors have been observed targeting individuals of interest via the privacy-focused messaging app Signal to gain unauthorized access to their accounts.
"The most novel and widely used technique underpinning Russian-aligned attempts to compromise Signal accounts is the abuse of the app's legitimate 'linked devices' feature that enables Signal to be used on multiple

Hackers Exploit Signal's Linked Devices Feature to Hijack Accounts via Malicious QR Codes

The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

Source: Chiew via Shutterstock

Attackers are actively exploiting an authentication bypass flaw found in the Palo Alto Networks PAN-OS software that lets an unauthenticated attacker bypass authentication of that interface and invoke certain PHP scripts.

Both the Cybersecurity Infrastructure and Security Agency (CISA) and security researchers are warning of increasing attacker activity to exploit the flaw, tracked as CVE-2025-0108 and first revealed in a blog post on Feb. 12 as a zero-day flaw by researchers at Searchlight Cyber AssetNote. PAN-OS is the operating system for Palo Alto's firewall devices; the flaw affects certain versions of PAN-OS v11.2, v11.1 , v10.2, and v10.1 and has been patched for all affected versions.

Patch info is available in Palo Alto's security advisory on CVE-2025-0108, which is rated as 8.8 and therefore of high severity on the CVSS. The company warned that while the PHP scripts that can be invoked do not themselves enable remote code execution, exploiting the flaw "can negatively impact integrity and confidentiality of PAN-OS," potentially giving attackers access to vulnerable systems, where other bugs could be used to achieve further aims.

Indeed, researchers observed attackers making exploit attempts by chaining CVE-2025-0108 with two other PAN-OS Web management interface flaws — CVE-2024-9474, a privilege escalation flaw, and CVE-2025-0111, an authenticated file read vulnerability — on unpatched and unsecured PAN-OS instances.

**Active Exploitation of Palo Alto Firewalls**

Threat actors apparently got the memo on the potential for exploit, as attacks on affected devices are on the rise. As of Feb. 18, 25 malicious IPs are actively exploiting CVE-2025-0108, up from merely two the day after its discovery was made public, according to researchers at GreyNoise. The top three countries for these attacks are the US, Germany, and the Netherlands, according to a blog post on the exploitation.

"Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted and take immediate steps to secure them," Noah Stone, head of content at GreyNoise Intelligence, wrote in the post.

The increased activity to exploit the flaw compelled the CISA to add it to the Known Exploited Vulnerabilities Catalog this week and urge those affected to apply Palo Alto's patches for affected device versions.

**Why CVE-2025-0108 in PAN-OS Exists**

The flaw exists because of a common architecture present in PAN-OS, "where authentication is enforced at a proxy layer, but then the request is passed through a second layer with different behavior," security researcher Adam Kues wrote in Searchlight Cyber Assenote's post.

"Fundamentally, these architectures lead to header smuggling and path confusion, which can result in many impactful bugs," he explained.

Specifically, a Web request to the PAN-OS management interface is handled by three separate components: Nginx, Apache, and the PHP application itself. The researchers found that when the authentication by the requester is set at the Nginx level and based on HTTP headers, the request is then reprocessed again in Apache, which may process the path or headers differently to Nginx before finally handing off the request to PHP.

"If there is a difference between what Nginx thinks our request looks like and what Apache thinks our request looks like, we could achieve an authentication bypass," Kues explained.

The risk of exploitation is greatest if a network configuration enables access to the management interface from the Internet (or any untrusted network) either directly or through a dataplane interface that includes a management interface profile, Palo Alto noted in its advisory.

**Eliminate Risk by Patching Auth Bypass Now**

Palo Alto's network devices are widely used and flaws within them are often quickly set upon by attackers, making it imperative that mitigation for CVE-2025-0108 happens sooner rather than later. The best way to eliminate the risk of exploitation completely is to apply Palo Alto's updates to affected devices, according to the CISA and researchers.

Affected organizations also can reduce this risk if network administrators ensure that only trusted internal IP addresses can access the management interface, according to Palo Alto. Defenders can discover any assets that require remediation action by visiting the Assets section of the Customer Support Portal, the company said.

Palo Alto also recommends that organizations whitelist IPs in the management interface to prevent this or similar vulnerabilities from being exploited over the Internet.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild

Cary, North Carolina, 19th February 2025, CyberNewsWire

**Cary, North Carolina, February 19th, 2025, CyberNewsWire**

2025 marks a time of unprecedented volatility in the technology job market. On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas.

At the same time, organizations are trying to adapt to the changing dynamic. This has led to more job uncertainty, which the technology sector usually avoids. This year alone, roughly 7,000 jobs have been cut across dozens of tech giants, fueling growing concerns among industry professionals. 

As the technology job market weathers this volatility, INE Security, a global leader in networking and cybersecurity training, is highlighting its commitment to equipping IT professionals with the skills they need to thrive. INE focuses on practical training, certifications, and preparation. This helps networking and cybersecurity professionals succeed in a changing job market.

> “Continuous learning and adaptation are more important than ever for individuals hoping to succeed in their networking and cybersecurity career,” said Dara Warn, CEO of INE Security. “It is vital that professionals maintain a continuous cycle of learning. Training gives learners the knowledge and skills they need to succeed. Hands-on practice helps them understand tasks better. Certifications show that they have learned well and prove their skill mastery.”

**Key Benefits of INE’s Training and Certification Programs:**

*   **Enhanced Employability:** Executives, supervisors, and HR professionals are completely aligned in considering industry or professional certifications the most compelling during the hiring process, according to the Society for Human Resource Management (SHRM). 
*   **Practical Experience:** The human element was involved in 68% of cybersecurity breaches in 2023 (Verizon’s 2024 Data Breach Investigations Report). Practical, hands-on experience and industry-recognized certifications validate the skills needed to minimize this risk. 
*   **Flexible Learning Paths:** From foundational courses to advanced certifications, learners can tailor their education to career goals and market needs.

> “With every technological advancement, the skill sets required to manage, secure, and innovate within these systems evolve,” added Warn. “INE Security’s commitment to updating our course materials and labs ensures that our students are always at the forefront of the industry. Our focus is on making them indispensable in their current roles and highly attractive to prospective employers. INE’s training programs are more than just skill-building—they are career lifelines for professionals affected by market disruptions. ”

For more information about how INE can help you stabilize your cybersecurity and networking career goals, users can visit www.ine.com.

For a limited time, access INE Security training and certifications for up to 50% off, including eJPT, eMAPT, eCTHP, eCIR, eCDFP, and ICCA. Bundle certifications with Premium training and save even more. 

**About INE Security**

INE Security is the premier provider of online networking and cybersecurity training and certification.

Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for red-team and blue-team security training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

**Contact**

**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech

By taking several proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets.

John Cusimano, Vice President, OT Security, Armexa

February 19, 2025

4 Min Read

Source: Lev Dolgachov via Alamy Stock Photo

COMMENTARY

Boards of directors play an important role in managing the strategic risks faced by their organizations, particularly in sectors with high-risk operational technology (OT) environments such as energy, transportation, manufacturing, and production. Each of these industries relies heavily on OT — the hardware and software that controls physical processes and devices — to maintain safe, reliable operations, making them particularly concerned about cyberattacks. However, understanding and managing cyber-risks in OT systems can be challenging for boards, often due to the cyber-physical nature of OT and its integration with information technology (IT).  

**The Primary Obstacles Boards Face in Evaluating OT Risks**

One of the biggest challenges boards face is the wide gap between OT specialists and board members. Individuals with deep OT domain knowledge are often too far down the organizational hierarchy to directly influence board-level decisions. This disconnect can lead to a lack of risk awareness and understanding at the highest levels of the organization. 

Additionally, the chief information security officer (CISO), who typically manages enterprise cybersecurity risk, often lacks the specific expertise and training needed to manage cyber-risks in OT environments. OT systems have security vulnerabilities that are significantly different from traditional IT systems. This can result in OT cybersecurity being misunderstood, understaffed, and underfunded despite the potentially catastrophic impact of an OT cyber incident.  

To gain a true picture of OT risks, boards may consider appointing a dedicated OT cybersecurity leader to collaborate closely with the CISO. This role will often have executive-level visibility as well as the authority and resources to assess and manage OT security risks effectively. Just as companies have dedicated leaders for managing environment health and safety risks (EH&S) or financial risks, they also need specialized leaders for OT security. More companies are recognizing this need and are creating dedicated roles for OT cybersecurity leaders, signaling a positive shift in prioritizing OT security. 

**Three Key Strategies Needed for Effective Decision-Making in OT Environments**

Effective decision-making begins with recognizing that the consequences of an OT security breach are notably different from an IT security breach. While an IT breach might compromise data and financial assets, an OT breach can have serious consequences, including physical damage to equipment, disruption of critical processes, and even health, safety, and environmental impacts.  

To address these challenges, organizations must consider adopting a risk-based approach to OT cybersecurity. This involves following industry standards for OT risk assessment and management, such as ISA/IEC 62443-3-2, which provides guidance on partitioning OT systems into security zones and developing credible risk scenarios.  

By developing and analyzing risk scenarios, organizations can identify and prioritize the most serious threats to their OT environments. These scenarios can be ranked based on their likelihood and potential impact, using the same scale the company uses for ranking other risks, ensuring consistency and allowing the board to understand the relative importance of different risks in a broader organizational context. 

**How to Achieve Strategic Cyber-Risk Management Across the Organization**

Boards of directors that recognize the need for separate but aligned programs for IT and OT cybersecurity, each led by their respective experts, will be able to address the specific characteristics and risks associated with each domain. IT security focuses on protecting data confidentiality, integrity, and availability, while OT security prioritizes safety, availability, and process integrity. 

To confirm effective oversight and governance, boards can establish an OT Cybersecurity Governance Committee. This committee may include key executives from operations, engineering, IT, and finance, fostering cross-functional collaboration to make sure that OT cybersecurity is integrated into the organization's overall risk management framework. 

**The Board's Role in OT Security**

Boards and senior management must proactively address the growing cyber-risks in OT environments. This requires a multifaceted approach beginning with appreciating the unique challenges and risks associated with OT cybersecurity, including understanding the potential consequences of OT breaches and the importance of dedicated OT security leadership. Organizations will need to invest in building internal OT cybersecurity expertise and/or partnering with specialized external providers. This includes hiring skilled professionals, providing ongoing training, and leveraging external resources when needed.  

The next step is to develop a comprehensive OT cybersecurity program that includes elements such as risk assessments, vulnerability management, incident response planning, security awareness training, and continuous monitoring. The program will foster collaboration between IT and OT by sharing information, aligning security policies, and coordinating incident response efforts. With an evolving threat landscape, it's important to regularly review and update the OT cybersecurity strategy to confirm it remains effective, focusing on emerging threats, vulnerabilities, and best practices.   

By taking these proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets. Specialized firms can provide valuable guidance and support in navigating the complexities of OT cybersecurity, helping organizations align their security processes with business goals and achieve their desired security outcomes.  

Boards of directors have an important role in overseeing and managing cyber-risks in OT environments. By understanding the challenges of OT security, investing in dedicated expertise, and adopting a strategic and proactive approach, organizations can strengthen their defenses and safeguard their critical operations from the growing threat of cyberattacks. 

**About the Author**

Vice President, OT Security, Armexa

John Cusimano is the vice president, OT Security for Armexaan. He is accomplished business and thought leader with more than 30 years of experience in process control, functional safety, operational technology (OT) and industrial control systems (ICS) cybersecurity. John has performed and led hundreds of OT cybersecurity vulnerability and risk assessments and helped dozens of companies establish OT cybersecurity programs. He is a voting member of the ISA 99 cybersecurity standards committee. As part of that committee, he chaired the subcommittee that authored the ISA/IEC 62443-3-2:2020 standard IACS Security Risk Assessment & Design. He is the developer and primary instructor of multiple training courses on OT cybersecurity.

What Is the Board's Role in Cyber-Risk Management in OT Environments?

Malwarebytes now protects ARM-based Windows devices, such as Microsoft’s Surface Pro X and Lenovo’s Yoga laptops.

For the last four years, Malwarebytes has been protecting ARM-based machines running on Apple’s M-series processors. Now, we’ve expanded our protection range to include ARM-based Windows machines such as Copilot+ PCs, including Microsoft Surface Pro, Lenovo Yoga Slim and ThinkPad, and Dell Inspiron, among others. 

ARM-based chips offer advantages such as improved performance, longer battery life, lower costs, and advanced features like on-device AI processing. 

And with ARM processors gaining popularity in the PC market—projections suggest that they could have 25% market share by 2027—there is no doubt that malware creators will expand their reach into this area. 

Malwarebytes helps you get ahead of these threats. With active protection layers that defend against system vulnerabilities, malicious links, and more, Malwarebytes has you covered across your devices. 

**Where can I get it?** 

Go to the Malwarebytes website and hit the Free Download button to try it yourself, or click the button below. Our installer will automatically detect if you have an ARM device.

We recommend Windows 11 or higher for this installation, because Windows 11 has been optimized to run on ARM processors.

 Malwarebytes introduces native ARM support for Windows devices  

Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?

In the ongoing saga that is Google’s struggle to replace tracking cookies, we have entered a new phase. But whether that’s good news is another matter.

For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams.

But it’s not been straight forward for Google. As we reported in July, 2024, the tech giant said that due to feedback from authorities and other stakeholders in advertising, Google was looking at a new path forward in finding the balance between privacy and an ad-supported internet.

The announcement read:

> “Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing.”

It’s not hard to see why this is scary. Apple’s App Tracking Transparency (ATT) feature caused a significant upset in the mobile advertising industry. When introduced in April 2021, it allowed users to opt out of being tracked across apps and websites. This led to an estimated 96% of US users choosing to opt out of tracking. With three billion Chrome users around the world, that might easily be an advertiser’s worst nightmare.

Google promised to kill tracking cookies by introducing a one-time global prompt upgrade that would present users with the choice of being tracked or not. By third-party cookies that is.

But ahead of fulfilling that promise, Google has introduced digital fingerprinting. Digital fingerprinting is like creating a unique digital ID for you or your device based on various pieces of information collected when you browse the internet, like:

*   Operating System (OS): Windows, Android, iOS, etc.
*   Browser type and version
*   IP address
*   Installed browser plugins
*   Time zone
*   Language settings
*   …and so on.

With all these pieces of information, it’s possible to create a unique fingerprint by which websites can recognize you, even if you clear your cookies. They will even be able to make an informed guess if you visit the same site with a different browser.

Google itself, at one point, said that fingerprinting was undesirable:

> “Unlike cookies, users cannot clear their fingerprint and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.”

But, per Google’s announcement on December 19, 2024, organizations that use its advertising products can use fingerprinting techniques from last Sunday, February 16, 2025. Well, as far as Google is concerned that is.

The UK information commissioner’s office (ICO) reminded businesses they do not have free rein to use fingerprinting as they please. Like all advertising technology, it must be lawfully and transparently deployed – and if it is not, the ICO will act.

But the OK from Google is likely the start of an intermediate period where we will be bothered with both fingerprinting and third-party cookies until the advertising industry has had the time to transition.

**What can I do?**

Countering fingerprinting is a lot harder than keeping cookies at a minimum. But there are some things you can do to make it harder to get your fingerprint taken.

*   However hard it may be, the time may have come to consider switching to a browser that provides built-in features to resist fingerprinting
*   Or look for anti-fingerprinting tools in the form of browser extensions
*   Use a VPN that can mask your IP address and location, which are very significant pieces of information for fingerprinting
*   Keep your browser updated, so your old version will not give away your data
*   Disabling JavaScript can break a website’s functionality, but it also significantly reduces the data websites can gather about you.

We don’t just write about privacy, we can help you improve yours. Try Malwarebytes Privacy VPN.

 Google now allows digital fingerprinting of its users 

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that…

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that provides an angle on honesty and equality in the industry. Developers are incorporating blockchain into gaming to establish a fairer setting for players. This article digs deep into how blockchain games guarantee transparency and impartiality while discussing their advantages and obstacles.

****Exploring the World of Blockchain Technology****

Blockchain is a system of distributed ledgers that records transactions on computers to prevent tampering with data and ensure transparency. Every transaction is visible to all participants involved in the process without relying on a central authority for trust among users in the system’s decentralized environment. Blockchain games are an excellent example of how this technology innovates the gaming industry.

****Exploring the Integration of Blockchain Technology****

Integrating technology into gaming means utilizing ledgers to handle game items and transactions smoothly and securely for players to have genuine ownership of digital assets like characters and weapons or skins in a game environment with verification and safeguarding through blockchain for added security measures with sustainable assurance for peer to peer trades feasible, without intermediaries involvement leading to cost savings. 

****Improving Clarity****

Blockchain technology emphasizes transparency as an element in gaming by allowing players to validate the fairness of in-game events, such as loot drops and purchases, through unchangeable records maintained by the blockchain system. This openness builds trust as players can personally verify the authenticity of game rules. 

****Making Sure Things Are Fair****

Players have always been worried about fairness in gaming! Blockchain technology tackles this problem by allowing game algorithms and results to be easily verified by all parties. To guarantee fairness in games powered by technology and to prevent any play or cheating from happening during gameplay or outcome determination processes, smart contracts are utilized to automate and enforce the rules fairly according to mutually agreed conditions with no chance for any manipulation. 

****Ensuring Honesty and Integrity****

In traditional gaming settings, cheating and fraud are issues that disrupt play for all participants involved. However, with the integration of blockchain technology, every transaction and action taken by players is meticulously documented, making it harder for individuals to engage in deceitful practices. The unchangeable nature of these records is a deterrent against cheating since tampering with past data becomes nearly impossible. This transparency ultimately promotes equality among players, ensuring a level playing field where everyone can compete fairly. 

****Securing Ownership and Assets** **

In games online, belongings usually don’t belong to the players themselves. Blockchain alters this by enabling gamers to own virtual items separately from the game creators or developers who made them in the first place. Gamers can freely sell these possessions with confidence in their ownership security. This newfound freedom enriches the gaming journey as players engage deeply with their realms. 

****The Obstacles Encountered in Blockchain Gaming****

While blockchain gaming offers advantages and opportunities for growth in the industry, it also encounters obstacles along the way. One key issue is scalability, with blockchain networks finding it challenging to handle several transactions efficiently. Moreover, the intricate nature of technology may deter gamers from embracing it fully. To overcome these challenges and gain acceptance, education and user-friendly interfaces play roles.

Blockchain also faces challenges due to its energy consumption levels. However, new technologies are being developed to address this issue and make the gaming industry more eco-friendly by adopting sustainable practices. 

****The Upcoming Trajectory of Blockchain-Based Gaming****

The outlook for games seems bright as technology progresses. Developers are expected to address existing constraints shortly to encourage wider acceptance of these games among players and enthusiasts alike. The overall gaming experience will improve and appeal to a more extensive audience base through advancements in scalability and energy conservation measures. There is potential for blockchain-based games to find their way into the mainstream market and transform the industry by introducing transparency and equity principles. 

****Final Thoughts** **

Blockchain technology promotes transparency and fairness in gaming by providing players with ownership and verifiable results in blockchain games that cultivate a fairer environment for all participants despite obstacles ahead; the promise of advancement and creativity persists substantially. Adopting this technology has the potential to revolutionize our interaction with realms and redefine our understanding of gaming by paving the way for a future where fairness and transparency reign supreme. 

1.  In Gaming Item Scams and How to Avoid Them?
2.  Exploring Data Privacy and Security in B2B Gaming Data
3.  The Rise of Blockchain Gaming and Secure Marketplaces
4.  Blockchain in cybersecurity: opportunities and challenges
5.  GAM3S.GG and Immutable Partner for Web3 Gaming Expansion

How Blockchain Games Ensure Transparency and Fairness

Info stealers are thriving on Mac, with one specific variant accounting for 70% of all info stealer detections at the end of 2024.

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system.

These are the dangers of “infostealers,” which have long plagued Windows devices but, in the past two years, have become a serious threat for Mac owners. And in 2024, one malicious program in particular is responsible for the lion’s share of infostealer activity—racking up 70% of known infostealer detections on Mac.

These findings come from the 2025 State of Malware report. While many of the threats detailed in the report target companies and businesses, this latest wave of infostealers makes no distinction between Mac computers in an office and Mac computers at home. Unlike ransomware, which is deployed against large businesses that cybercriminals hope can pay hefty ransoms, infostealers can deliver illicit gains no matter the target.

With the right cybersecurity practices, everyday Mac users can stay safe from these emerging threats.

****The threat of infostealers****

“Infostealers” are a type of malware that do exactly as they say—they steal information from people’s devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

With stolen credit card details, hackers can attempt fraudulent purchases online. With stolen passwords, the impact is even broader; hackers could wire funds from a breached online banking account into their own, or masquerade as someone on social media to ask friends and family for money. Some infostealers don’t even require an additional step—they can take cryptocurrency directly from a victim’s online accounts. 

But there is another threat to infostealers that comes from their recent history. They are wildly adaptable.

In 2016, Malwarebytes first discovered an infostealer called TrickBot that, when implanted on a person’s device, would steal online banking credentials. But over time, the developers behind TrickBot began adding alarming new features, including the capabilities to steal Outlook credentials, disable Windows Defender, and even to download and deliver additional, separate malware onto infected devices.

By 2018, TrickBot was the largest threat to businesses.

Now, in 2025, another infostealer is raising red flags all across cyberspace, and this time, it isn’t interested in Windows devices.

****The next Mac malware****

Malware is “malicious software,” and just like legitimate software, malware has to be developed for specific operating systems. That means that, for instance, ransomware that works on a Windows laptop doesn’t automatically work on a Mac laptop, and likewise, a phishing app developed for Android devices doesn’t work on iPhones.

For years, then, a great deal of malware activity has focused on Windows devices. The common cybercriminal calculus was that, if there were more Windows users in the world, there was more reason to target those users with cyberattacks.

During this time, most Mac threats were bothersome pieces of malware that would hijack a victim’s web browser to deliver annoying ads and wayward links. But as Mac computers have become standard within businesses—and as demand for Windows computers has waned—cybercriminals have readjusted their thinking.

In 2023, a new infostealer on Mac called Atomic Stealer (AMOS) made its debut, and since its launch, it has not only showcased new features—much like TrickBot—it has also been gussied up with some of the markings of a legitimate business.  

For instance, AMOS can be “licensed” out to other cybercriminals, much like how genuine companies offer their own software for a monthly subscription price. For AMOS, that price was initially $1,000 a month, and with that access, cybercriminals didn’t just buy a productivity tool or communications app, they bought access to an information stealer that can crack into Mac computers to steal a variety of sensitive information.

By January 2024, AMOS had increased its price to $3,000 a month. The developers ran a holiday promotion—seriously—and even released an AMOS update that would better obfuscate the infostealer from being detected by cybersecurity software.

But in the world of cybercrime, malware _features_ only mean so much. Another important piece of cybercrime is getting malware _onto_ a device to begin with. And in 2023, malware delivery evolved hand-in-hand with Mac infostealers.

Rather than trying to deliver malware through clumsy email attachments, cybercriminals have recently turned to “malicious advertising” or “malvertising.” This means that cybercriminals will create bogus versions of websites that will rank highly during regular Google searches, tempting victims into clicking the first, ad-supported link they see online, and unknowingly reaching a website controlled entirely by cybercriminals.

On these websites, cybercriminals advertise a piece of high-demand software and trick users into a download. But instead of receiving the desired software, victims receive, in these cases, infostealers.

This one-two punch of malvertising and advanced infostealers paved the way last year for the next, big Mac threat, called Poseidon.

As we warned in the State of Malware report:

> “Poseidon boasts that it can steal cryptocurrency from over 160 different wallets, and passwords from web browsers, the Bitwarden and KeePassXC password managers, the FileZilla file transfer app, and VPN configurations including Fortinet and OpenVPN.”

Poseidon is the most active infostealer on Mac today, and it accounted for 70% of all infostealer detections on Mac in the final months of 2024, an impressive feat considering the malware barely launched last summer.

Interestingly, Poseidon is just another “fork” of AMOS, meaning that another hacker took AMOS, built upon it, and released it in the wild. Already, Malwarebytes has uncovered consumer-targeted campaigns to infect Mac owners with Poseidon, including a malvertising website disguising Poseidon behind a download for a buzzy new web browser called Arc.

Poseidon represents a sea change in Mac malware, and with the type of advanced targeting that cybercriminals can achieve through malvertising—hackers can target malicious ads based on a potential victim’s location, operating system, software, and search terms—Mac users must be on watch.

****How to stay safe****

In 2025, Mac users don’t need to just watch out for infostealers. They also have to watch out for malvertising in general, as cybercriminals use the malware delivery method for all sorts of threats online.

Here’s how you can stay safe:

*   Use cybersecurity software that offers always-on protection against Mac malware including infostealers, adware, and the rare instances of ransomware.
*   Use Malwarebytes Browser Guard to securely browse the web and to be notified when visiting known, malicious websites that are in control of cybercriminals.
*   Beware the first, ad-supported result on Google searches and other search engines. Cybercriminals have successfully placed their own, malicious ads in these top rankings to trick victims into downloading malware.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

Latest News