EnergyWeaponUser, a known cybercriminal and leaker, is selling a new database which, they claim, holds more than 89 million Steam user records, phone numbers, and one-time access codes.
Steam is a digital games distribution platform developed by Valve. It has more than 130 million monthly active users, which use the platform to buy, download, and play computer games.
Recently, a new thread in an underground forum appeared where the hacker offered the database for $5,000. BleepingComputer was among those who analyzed the records, and claims it holds “historic SMS text message with one-time passcodes for Steam, including the recipient’s phone number”.
TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!
New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.
Preferred partner (What does this mean?)View Deal
Was it Twilio?However, it is unclear where EnergyWeaponUser picked the archives up. Valve is being silent for the moment. An independent games journalist MellowOnline1 believes the theft is the result of a supply chain attack, with Twilio being the most likely victim.
Twilio is a cloud communications platform that allows devs to integrate different messaging, voice, and video features. Among other things, it provides SMS and MMS messaging, which many companies use for one-time passcodes and 2FA.
However, the company told BleepingComputer that it investigated the claims and found no evidence of compromise.
"There is no evidence to suggest that Twilio was breached,” a spokesperson for the company told the publication. “We have reviewed a sampling of the data found online, and see no indication that this data was obtained from Twilio."
Another possible explanation is that an intermediary SMS provider could have been breached. At press time, the actual victim was not yet confirmed. EnergyWeaponUser’s claims could not be verified at this time. However, the leaker is rather infamous, as they were previously linked with Cisco, Ford, and HPE breaches.
Steam is warning users to enable Steam Guard Mobile Authenticator and keep an eye on account activity.
Via BleepingComputer
You might also likeIvanti has released a patch for two vulnerabilities in its Endpoint Manager Mobile (EPMM) software, that’s allegedly being chained in remote code execution (RCE) attacks in the wild.
The vulnerabilities are tracked as CVE-2025-4427, and CVE-2025-4428. The former is an authentication bypass in EPMM’s API, allowing threat actors to access protected resources. It was assigned a medium-severity score of 5.3.
The latter is an RCE vulnerability exploited through maliciously crafted API requests. This one was given a high severity score (7.2/10).
Save up to 68% on identity theft protection for Techradar readers
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
Updating the toolsIvanti says it’s seen it abused in attacks: "When chained together, successful exploitation could lead to unauthenticated remote code execution,” the company said in a security advisory. “We are aware of a very limited number of customers whose solution has been exploited at the time of disclosure."
To address the issue, users should install Ivanti Endpoint Manager Mobile 11.12.0.5, 12.3.0.2, 12.4.0.2, or 12.5.0.1.
"The issue only affects the on-prem EPMM product. It is not present in Ivanti Neurons for MDM, Ivanti's cloud-based unified endpoint management solution, Ivanti Sentry, or any other Ivanti products," the company further explained. "We urge all customers using the on-prem EPMM product to promptly install the patch."
Ivanti’s EPMM software is a popular solution across different industries, including healthcare, education, logistics, manufacturing, and government. According to The Shadowserver, there are hundreds of exposed instances at the moment, mostly in Germany (992), but with a significant number in the United States (418), as well.
Those that cannot apply the patch at this time can implement different workarounds. Ivanti said these users should follow best practice guidance or filtering access to the API using either the built-in Portal ACL’s functionality, or an external WAF. More details on using the portal’s ACL functionality can be found here.
Via BleepingComputer
You might also likeSAP has patched a critical-severity zero-day vulnerability in NetWeaver server that was being chained in attacks targeting some of the world’s biggest enterprises.
The vulnerability is tracked as CVE-2025-42999, and carries a severity score of 9.1/10 (critical). On NVD, it was said that SAP NetWeaver Visual Composer Metadata Uploader is “vulnerable when a privileged user can upload untrusted or malicious content which, when deserialized, could potentially lead to a compromise of confidentiality, integrity, and availability of the host system.”
In a statement given to BleepingComputer, SAP said it discovered this flaw when it was investigating a different one, also a zero-day. This one was reported earlier in April this year, and is now tracked as CVE-2025-31324 (10/10 - critical). The two flaws were allegedly being abused in attacks since January 2025.
With Aura's parental control software, you can filter, block, and monitor websites and apps, set screen time limits. Parents will also receive breach alerts, Dark Web monitoring, VPN protection, and antivirus.
Preferred partner (What does this mean?)View Deal
SAP issues patchWhen security researchers first discovered CVE-2025-31324 being abused, it was said that more than 1,200 SAP instances were at risk of being hijacked. Some researchers claimed the number of vulnerable endpoints was somewhat smaller - around 500 instances.
Visual Composer is a development tool that allows users to build web-based business applications without writing code. It’s mostly used to create dashboards, forms, and interactive reports. The Metadata Uploader, on the other hand, is a tool for importing external data models (metadata) into the Visual Composer design environment. This allows developers to connect to remote data sources (web services, databases, or SAP systems).
ReliaQuest, watchTowr, and Onapsis, are just some of the firms that observed the bug being exploited in attacks in which threat actors were dropping web shells on vulnerable servers. SAP, however, told the media that it was not aware of any attacks that impacted customer data or systems.
"Something like 20 Fortune 500/Global 500 companies are vulnerable, and many of them are compromised," Onyphe CTO Patrice Auffret told BleepingComputer.
Via BleepingComputer
You might also likeGoogle announced that it's integrating its AI assistant, Google Gemini, with Google TV devices – starting with TCL TVs later this year.
The expansion was announced at its Android Show yesterday along with a host of other new features. In addition to teasing a new look of Android 16, Google revealed that Gemini’s smarts will be coming to devices with Google TV, cars with built-in Google and Android Auto, and its line of WearOS smartwatches.
At the moment Google is keeping the exact roll-out date under-wraps, but the company has stated that Gemini support for Google TV will be rolled out to TCL TVs first, with other devices to follow.
Gemini support for WearOS smartwatches and cars with Android Auto is set to roll out 'in the coming months'. (Image credit: Google )When Gemini makes its Google TV debut, it will replace the previous Google Assistant tool but will continue to offer content recommendations based on your voice commands. According to Google’s blog post you can use prompts such as ‘show me action movies that are age-appropriate for kids’.
Gemini’s capabilities will reach beyond entertainment. You’ll also have the freedom to ask Gemini on your Google TV non-recommendation based questions. For example, Google says that Gemini will be able to ‘help your kids explore their endless questions about the solar system by answering questions and pulling up the perfect YouTube video to learn more’.
However, there have been some questions about when the Google TV Streamer will receive the same treatment.
No sign of Gemini for Google’s flagship streaming deviceTo the surprise of many, it turns out that the Google TV Streamer won’t be the launch device for Gemini, nor has Google given word on its plans to bring the AI tool to its own devices. So as it stands, it’s a bit of a waiting game, but what do know is that Google TV devices will get their long-awaited support for Gemini before the end of the year.
Owners of some of the best smart TVs with Google TV have been waiting for further announcements since the company announced the next generation of Google TV with Gemini at CES 2025. At the same time, the company also unveiled its new ‘Ambient Mode’, which has been enhanced by the introduction of its new proximity sensors to adjust the display automatically.
But the future of Gemini for Google TV Streamer is still on our minds, and while we wait for further announcements from Google we’ll have our eyes peeled for any updates that might crop up elsewhere.
You might also likeThe launch of the Samsung Galaxy S25 Edge, the ultra-slim, AI-powered version of the Galaxy S25, was one of the biggest stories in the tech world yesterday. However, hidden in this announcement was the detail of a new Samsung Galaxy Ring variant.
Unfortunately, those hoping for news of the Samsung Galaxy Ring 2 will be disappointed: the ring is the original, but sporting a new limited-edition color referred to as 'Two-Tone Titanium Black'.
Samsung's Korean newsroom website states in a translated blog post: "Samsung Electronics will release the new 'Galaxy Ring Two-Tone Titanium Black' along with the Galaxy S25 Edge and sell a limited quantity at Samsung Gangnam from the 14th.
"When you purchase the newly released Galaxy Ring and Galaxy S25 Edge together, you will receive a 20% discount on the Galaxy Ring and 100,000 won in Samsung Electronics membership points."
No pictures of the ring were included in the post, so we don't yet have any idea what the Two-Tone Titanium Black version will look like.
An early sign of a Ring 2? We don't yet have any pictures of the new colorway, but this is the Titanium gold version (Image credit: Future / Matt Evans)It sounds like the new colorway is simply an exercise to promote the new S25 Edge, and will be only available at Samsung Gangnam for a limited time. However, if it proves popular, we could see the color make its way to other stores and other regions.
The Samsung Galaxy Ring has been out for nearly a year at this point. It's unknown whether a Ring 2 will be on the cards so early into the product's lifestyle: smart ring market leader Oura goes years between generations, as smart rings don't really have interactive elements like watches and phones so it's hard to introduce new features.
However, rumors persist we'll see a Ring 2 proper with a solid-state battery at this year's Samsung Galaxy Unpacked. If so, perhaps the Two-Tone colorway will make its way to a wider release.
You might also like...A globally operating organised crime group has been dismantled by Eurojust and Europol in a joint operation with German, British, Cypriot, Albanian, and Israeli investigators - leading to the arrest of a suspect. Eurojust confirms the group defrauded over a hundred victims, taking over €3 million through a fake online investment platform.
The group used cyber trading and was able to make "considerable profits” and to defraud the victims. The group, as criminals often do, promised substantial profits in a short period of time. Once victims transferred money to the platform, they were then shown false charts indicating they could earn much more if more is transferred to the platform.
The online networks used criminals posing as brokers, using ‘psychological tactics’ to convince the victims to transfer even more finds, which of course, were never actually invested into anything, but rather were directly stolen by the group.
Save up to 68% on identity theft protection for TechRadar readers!
TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.
Preferred partner (What does this mean?)View Deal
Disrupted operationsThe scam was uncovered after a married couple reported the fraud to German authorities - and an inquiry uncovered an extensive network of criminals. Law enforcement seized evidence connected to the investigation like documents, electronic devices, and cash.
Digital scams, particularly investment fraud, is a serious danger, and is costing internet users millions every year. New tools for cybercriminals, especially AI tools, are helping fraudsters pump out scamming campaigns in minutes, allowing criminals to access cybercrime with far fewer skills than used to be necessary.
This goes beyond extensive phishing campaigns, with deepfake celebrity endorsements, deepfake calls or videos, and even AI-generated fake websites mimicking legitimate businesses
“The good news is there are ways to avoid falling victim to such attacks,” said Aaron Walton, Threat Intel Analyst at Expel.
“Many organisations build in technological solutions to help prevent malicious emails from landing in user’s inboxes by automatically detecting suspicious indicators. Users can also protect themselves and their organisations by flagging any emails that appear suspicious to their security teams.”
You might also likeBest Buy has revealed that it will have some Nintendo Switch 2 units, in addition to various games and accessories, available for customers to buy at midnight on launch day, June 5, 2025.
Most stores will be open from 12:01AM ET on the day, and you can check whether your local one is participating via the Best Buy website.
The shops will have limited stock of both the Nintendo Switch 2 and Nintendo Switch 2 Mario Kart World bundle, which retail for $449.99 and $499.99, respectively.
This is on top of copies of some of the most anticipated Nintendo Switch 2 launch titles, such as Cyberpunk 2077: Ultimate Edition, Street Fighter 6 Year 1-2 Fighters Edition, and The Legend of Zelda: Tears of the Kingdom – Nintendo Switch 2 Edition.
Available accessories include the Nintendo Switch 2 Pro Controller and Nintendo Switch 2 camera. Customers who attend also have a chance to receive a special collectible Nintendo item, but there's no word on what this could be quite yet.
In addition to being a nostalgic throwback to the midnight game and console launches of old, this could be a great opportunity to get your hands on a Nintendo Switch 2 on launch day if you were not able to secure a pre-order.
You might also like...If you’ve found that the sound from your Dolby Atmos speakers is not syncing properly with your Apple TV, help is on the way in the form of the latest tvOS 18.5 update, which Apple says fixes a persistent bug that has been frustrating users for quite some time.
According to user complaints on Reddit and the official Apple Support forums, Dolby Atmos playback from speakers connected to an Apple TV over AirPlay or Bluetooth is often out of sync with the visual content on-screen. That can be irritating, as dialogue might not line up correctly with characters’ facial movements. Some users have noted that switching from Dolby Atmos to 5.1 surround sound fixes the issue.
Interestingly, the bug doesn’t seem to be limited to Dolby Atmos speakers, and can apparently manifest when Dolby Atmos is enabled, even if it’s not being used. For instance, Redditor LastUserStanding posted that “I disabled Dolby Atmos on the Apple TV and it resolved this problem,” despite having an entirely wired sound setup that does not include a Dolby Atmos speaker.
Time to update (Image credit: Future)The issue seems to have affected a wide range of speakers, including those made by third parties and even ones manufactured by Apple, such as the HomePod. Fortunately, Apple believes it has found a fix, which has been included in the tvOS 18.5 update.
Apple’s tvOS 18.5 release notes say that the update “adds support for synchronizing Dolby Atmos playback to speakers over AirPlay or Bluetooth,” seemingly addressing the reported problem. To manage this synchronization, you’ll need to go to Settings > Video and Audio > Wireless Audio Sync on your Apple TV.
So, if you’ve found strange syncing issues when using your Apple TV, make sure you update to tvOS 18.5. Even if you don’t have a Dolby Atmos speaker, it could be that disabling this feature puts things right for you.
You might also likeYesterday Google announced a major revamp of the design language used in Android and its apps, but it seems there are also some changes coming to the lock screen that Google didn't specifically mention in its presentation.
The team at Android Authority spotted a few tweaks to the always-on display in one of the images shared by Google, and they could finally bring Pixel handsets up to speed with Samsung Galaxy phones and iPhones in this particular department.
You'll see that the always-on display shows a dimmed version of the home screen wallpaper, which isn't currently an option on Pixel phones, while the at-a-glance widget has been shifted to the right of the clock as well.
That shuffling of the lock-screen widgets actually leaked last month, but this is more evidence that it's on the way. It seems likely that these changes could be applied to the lock screen with the launch of Android 16 in June.
Playing catch-up This Pixel 9a wallpaper will disappear when the screen dims (Image credit: Zachariah Kelly / TechRadar)I use a Pixel as my main phone, and the lack of customization options on the lock screen has been frustrating. This is a screen users see a lot of every day of course, so a bit more visual flair with wallpaper support will be very welcome.
As Android Authority points out, the option to see the wallpaper on the lock screen has been available in the past on Pixel phones, but hasn't been offered from the Google Pixel 4 onwards – perhaps to maximize battery life.
Head into the lock screen settings on a Pixel phone today, and you get some useful options for limiting the sensitive content that shows up in notifications, and changing the shortcut buttons shown while the phone is locked.
However, you don't get the same level of control as Samsung and Apple give you, with options for showing the wallpaper, setting a different backdrop to the home screens, and choosing which widgets get shown when the phone is locked.
You might also likeTikTok has launched a new AI feature that can turn your photos into videos, and it's available for free within TikTok Stories.
The new feature, called TikTok AI Alive, allows you to transform static photos into "dynamic, immersive videos directly within TikTok Stories."
TikTok says AI Alive "uses intelligent editing tools that give anyone, regardless of editing experience, the ability to transform static images into captivating, short-form videos enhanced with movement, atmospheric and creative effects."
The press release for the launch emphasizes TikTok's aim to spark creativity within users, although we've yet to see how the platform's biggest creators take to this new AI tool.
Some examples of how users can use AI Alive include "capturing a serene sunset photo and effortlessly turning it into a cinematic clip," or taking '"a group selfie and bringing it to life as a lively, animated memory that highlights the subtle gestures and expressions of friends or family."
You can try AI Alive today for free, and it's surprisingly easy to use directly from within TikTok Stories:
How to use TikTok AI Alive (Image credit: TikTok)AI Alive is very easy to use – you just need a device with the TikTok app installed. Once you've logged in and have everything ready to go, follow these steps below to bring your image to life:
Spectre, a series of chip vulnerabilities affecting pretty much all processors today, doesn’t seem to go away, despite multiple vendor efforts to contain and remedy the flaws.
Recently, security researchers at ETH Zurich published a new paper, claiming to have found a way around the protections released by Intel.
Sandro Rüegge, Johannes Wikner, and Kaveh Razavi, the researchers behind the paper, named the vulnerabilities Branch Prediction Race Conditions (BPRC), and claim it only works on Intel’s products (all Intel CPUs since the 9th generation - Coffee Lake Refresh - as well as other chips dating back to the 7th generation Kaby Lake ones). AMD and ARM seem to have dodged this bullet, at least for now.
TechRadar Pro readers can get 60% off Premium Plans at RoboForm now!
New users can take advantage of RoboForm’s exclusive deal and get 60% off the Premium Plan. With this deal, you can get unlimited password storage, one-click login & autofill, password sharing, two-factor authentication for added protection, cloud backup, and emergency access for trusted contacts. To claim this deal, visit this link and sign up for the Premium Plan to lock in this huge discount.
Preferred partner (What does this mean?)View Deal
Slow updatesSpectre and Meltdown were two enormous vulnerabilities that were first spotted in 2018, and which were so severe that they had most OEMs scrambling for a fix. Some fixes were so poorly implemented that they bricked entire devices, while others were “just” slowing the computers down.
At one point, Intel introduced Indirect Brach Restricted Speculation (IBRS/eIBRS), Indirect Branch Predictor Barrier (IBPB), as two techniques to control speculation and mitigate the risk.
This is apparently where the new flaw lies. Branch predictions update slowly and asynchronously (in the background, not instantly). This delay creates a race condition, which means that the CPU is still updating its internal branch prediction data from earlier code while switching to a different privilege level (from user mode to kernel mode, for example).
This timing means that predictions from user code can be mislabeled as coming from kernel mode, allowing the attacker to inject their own predictions. As a result, threat actors could pull sensitive data such as passwords, from the vulnerable device.
Intel has released a microcode update to address the flaw, The Register reports. The chipmaker's advisory, issued Tuesday, labeled the vulnerability as CVE-2024-45332.
Via The Register
You might also likeNvidia's RTX 5060 is set for launch on May 19, just before one of the biggest tech events in the world, Computex 2025, begins on May 20. However, it looks like we might have an early insight into the pricing of the 8GB GPU.
As reported by Wccftech, Asus TUF and Prime RTX 5060 GPUs were spotted on Best Buy (by popular leaker @momomo_us on X) ahead of launch. Most interestingly, the Asus TUF RTX 5060 OC Edition was listed for $409, which is close to the RTX 5070's $549 launch price.
This comes after one of rival AMD's Radeon RX 9060 XT partner cards was leaked in a listing on a Swiss retailer, with a high price tag for a low-end GPU. However, it's important to note that this price is more than likely just a placeholder for now - at least that's what we hope.
On the other hand, that might not be the case for the Nvidia GPUs. The other Asus RTX 5060 listings (which were as low as $339.99) are representative of pricing that is expected for a budget GPU, and are also consistent with the $409 price for the overclocked model (since most OC GPUs are sold at higher prices).
It's also worth noting that PNY's overclocked RTX 5060 was also spotted on Best Buy, at $299.99, which might be a more reasonable proposition for gamers on a budget.
These listings (which have now been removed) may very well be inaccurate with placeholder prices, but it would be hard to see retail pricing be much lower. Having said that, we’d also not like to see a price higher than $299.99 for a graphics card using 8GB of VRAM in 2025.
(Image credit: Future / John Loeffler) Just like the Acer Nitro Radeon RX 9060 XT listings, this will be dead on arrival if trueI hate to sound like a broken record, but 8GB of VRAM isn't sufficient for gaming in 2025, and there's enough evidence out there to prove this; from poorly optimized ports, VRAM-hungry titles, and more games like Assassin's Creed Shadows forcing RTGI (Ray-Traced Global Illumination), frame rates and smoothness just aren't up to par on 8GB graphics cards.
Computex 2025 and the RTX 5060's launch are now only days away, so it's still early days. However, I'm willing to believe that Team Green's partner cards on this occasion will be priced at absurd levels - especially when you consider the terrible state of the GPU market.
I can almost guarantee that if any RTX 5060 GPU (including AMD's RX 9060 XT 8GB) launches at $409 or above, it's not going to sell well regardless of consumer desperation. That's not me being harsh or targeting either Team Red or Team Green; that's just the reality.
Gamers need more powerful hardware to run newly-released, graphically-demanding games, and if they still have to spend that much for a weaker GPU that’s going to make too many compromises to play modern games compared to the likes of an RTX 5070 Ti or RTX 5080, then I can imagine there are going to be a lot of angry PC gamers...
You may also like...Nothing has so far found smartphone success with eye-catching but affordable handsets that target the low-end and mid-range markets, but with the Nothing Phone 3, the company is taking a gamble on something more premium.
In a video shown during the latest Android Show, Nothing’s CEO Carl Pei revealed that the Nothing Phone 3 is coming this summer (likely meaning sometime between June and August), and that it will have “premium materials, major performance upgrades, and software that really levels things up.”
These will apparently combine to make this Nothing’s “first true flagship smartphone”. That all sounds promising, but unsurprisingly it'll come at a cost, with Pei adding that the Nothing Phone 3 will cost around £800.
A flagship phone with flagship competitionConverted, that’s roughly $1,060 / AU$1,640, but price conversions are rarely accurate. Given that the Nothing Phone 2 launched for $599 / £579 / AU$1,049, we’d think the US price of the Nothing Phone 3 would be similar to the UK price – so probably $800 or just over. In Australia, it’s harder to predict, but maybe around AU$1,350.
That would put the Nothing Phone 3 in a similar price bracket to the Samsung Galaxy S25, the iPhone 16, and the Google Pixel 9, so it would have far more high-profile competition than previous Nothing handsets.
It'll be interesting, then, to see whether the Nothing Phone 3 will offer enough to justify that price, and whether buyers will give it a chance over bigger names. We should find out soon, but in the meantime – or if you’re not in the market for a premium phone – there’s always the more mid-range Nothing Phone 3a and Nothing Phone 3a Pro.
You might also like