Pavel Durov, the founder of Telegram, has raised concerns about accessibility issues on his platform, attributing them to a technique called "BGP hijacking," which redirects internet traffic. He alleges that these disruptions affect users beyond India, including in the UAE, and suggests that Reliance Jio, an Indian telecom operator partly owned by Meta, may be involved in sabotaging access to Telegram. Reliance Jio has denied these allegations, stating they operate in accordance with global internet routing best practices. BGP hijacking occurs when a network falsely claims to be the preferred route, causing disruptions in internet traffic. There are indications that the network in question may be linked to Reliance Communications rather than Reliance Jio. The situation is complicated by a temporary block on Telegram in India due to the platform allegedly being used for leaking examination materials.
Zimperium’s zLabs researchers have analyzed a newly identified Android banking trojan named Rokarolla, which targets 217 distinct banking and cryptocurrency applications. It is distributed through malicious websites that impersonate popular platforms like TikTok and Google Chrome, with one identified distribution point being hxxps://infocontablidades[.]it[.]com/. The malware uses a dropper disguised as Google Play Protect to install a second-stage payload and gain Accessibility Services access, allowing it to simulate user interactions and manipulate on-screen elements. Rokarolla downloads counterfeit HTML login pages for targeted applications and overlays them to capture user credentials, including sensitive card information. It can also deploy a fraudulent PIN entry screen, read and send SMS messages, intercept one-time codes from banks, and block incoming calls. The malware rewrites the clipboard, operates a keylogger and screen content logger, and scrapes WhatsApp contact data. It captures screenshots without alerting users and has a resilient command-and-control infrastructure with multiple fallback domains. No product flaws are exploited, and defenses against it include installing apps only from Google Play and being cautious with Accessibility Services. Zimperium’s Mobile Threat Defense and zDefend products can detect Rokarolla, and a list of indicators of compromise is available on their GitHub repository.
Cybersecurity researchers have identified two new Windows variants of the SprySOCKS backdoor, named WINDRV and WINPLUS, which were previously thought to be exclusive to Linux systems. Both variants feature hard-coded command-and-control configurations and can communicate via TCP, UDP, and WebSocket protocols. They support over 30 commands for operations such as system information collection and file management. WINDRV employs kernel drivers for stealth, obscuring network connections and allowing TCP traffic diversion. SprySOCKS was first documented by Trend Micro in September 2023, linked to the Chinese state-sponsored threat actor Earth Lusca, also known as FishMonger. The Windows variants belong to version 1.8 of SprySOCKS and utilize a kernel driver named RawWNPF for enhanced stealth. The attack chain begins with an initial access method that drops a batch script, leading to the installation of the backdoor. Evidence suggests these variants may have been used in attacks against government organizations in Honduras, Taiwan, Thailand, and Pakistan between 2023 and 2024. The WINPLUS variant was first detected in July 2024 in Pakistan. There are indications of a potential UEFI bootkit involvement exploiting CVE-2023-24932, a vulnerability in the Windows Boot Manager.
Microsoft has introduced pg_durable, a PostgreSQL extension that enables developers to execute durable workflows within the database, reducing the need for external orchestration systems. It simplifies workflow management by allowing developers to express long-running, fault-tolerant SQL functions directly in SQL, managing execution concerns like retries and recovery. Workflows are defined in SQL, with the extension handling retry states, progress tracking, and checkpointing. A pg_durable function operates as a graph of SQL steps that can resume from the last durable checkpoint after a failure. The extension preserves execution states within PostgreSQL tables, ensuring workflows can withstand crashes and restarts. It includes a domain-specific language (DSL) for scheduling and parallel execution. An example of a durable function is provided, demonstrating sequential and parallel execution using specific operators. pg_durable is particularly useful for vector embedding pipelines and scheduled maintenance tasks. Architecturally, it consists of a PostgreSQL extension and a background worker built on Rust libraries, without any external control plane. Durable execution allows long-running workflows to automatically resume from failure points, simplifying distributed system architecture.
14 Hours Productions is developing a political spy thriller game titled Burn-9, set to launch for PC on Steam, GOG, and the Humble Store in 2026. Players take on the role of an unseen operator assisting the last survivor of a black-ops team in a chaotic mission. A demo is currently available. The game involves navigating espionage and making pivotal choices based on gathered intelligence while using advanced surveillance systems. Players can disable security measures and extract sensitive information, facing moral complexities and ethical dilemmas throughout the mission.
Apple has removed the state-backed messaging app Max from its App Store, leading to criticism from Russian officials who deemed the action "unfriendly." Max is no longer available for download on iPhones and iPads, although existing users can still access it without updates. Russia's Digital Development Minister, Maksut Shadaev, stated that the removal denies access to about 20 million Russians and that Apple provided no explanation to the app's developers. Apple cited compliance with sanctions regulations as the reason for the removal but did not specify which sanctions. Max remains available on Android devices through Google Play and RuStore. The app, promoted by Russian authorities as an alternative to foreign platforms, was developed by VK and integrates messaging, voice calls, and access to government services. At the time of removal, Max was the ninth most downloaded app in Russia's App Store. Russian officials have criticized Apple, with some labeling the company as "enemies." Digital rights advocates have raised concerns about Max's ties to the government and lack of encryption, suggesting potential monitoring of users. Apple has a history of removing apps from the Russian store, but Max's removal does not appear to be linked to a specific government request.
Microsoft Corp. is facing a proposed class-action lawsuit alleging anticompetitive behavior in collaboration with Valve Corp., the operator of the Steam gaming platform. The lawsuit, filed in the U.S. District Court for the Western District of Washington, claims that the two companies engaged in a pricing agreement that stifled competition in the PC game distribution market. Plaintiffs assert that this agreement maintained uniform pricing for PC games across both platforms, limiting competitive pressure and harming consumers. The lawsuit also alleges that the arrangement discouraged competition and reduced incentives for improving game quality and offerings. The plaintiffs seek class-action status to represent all gamers who purchased PC games through these platforms. Neither Microsoft nor Valve has publicly addressed the allegations at the time of the lawsuit's filing.
Infinity Ward has committed to a thematic and grounded approach to skins and cosmetics in Call of Duty: Modern Warfare 4, assuring fans there will be no whimsical designs at launch or in future seasons. This commitment follows concerns about increasingly outlandish skins in the franchise, particularly after Activision introduced premium skins inspired by the Fallout TV series for Call of Duty: Black Ops 7. Fan frustration is rising, and there are worries about declining skin sales due to a disconnect between developers and marketing teams. Recent entries in the franchise have faced critical struggles, despite strong sales, leading to discontent among fans. Additionally, Microsoft is under pressure to profit from its acquisition of Activision Blizzard while navigating backlash related to its ties with the Israel Defense Forces, which has complicated the launch of Modern Warfare 4.
Activision is offering a 10% pre-order loyalty discount for previous owners of the Call of Duty® franchise on the Modern Warfare® 4 Vault Edition. Pre-ordering any digital edition grants early access to the Open Beta and the Hunter Killer Operator Skin for use in Call of Duty®: Black Ops 7 and Call of Duty®: Warzone™. The Vault Edition includes Call of Duty®: Modern Warfare® 4, the Hostile Alliance Operator Pack, the Special Forces Operator Pack, a Signature Weapon Collection, a BlackCell (1 Season) with a Battle Pass and additional content, and a DMZ Deployment Bonus. The game is set during a full-scale invasion on the Korean Peninsula, featuring a narrative involving South Korean soldiers and Captain Price. Gameplay includes various combat scenarios, a multiplayer mode focused on grounded combat, and a DMZ mode where players make critical decisions. Modern Warfare® 4 will be available on Xbox Series X|S and PC, but not on Xbox One, and online multiplayer requires a Game Pass Essential subscription and specific PC security requirements.