Rockstar Games Analytics Leak, Adobe Zero-Day Fix Shake Tech Security Landscape

Stolen Rockstar Games Analytics Data Leaked by Extortion Gang

• ShinyHunters gang published over 78.6 million Rockstar Games records from Snowflake.
• Data accessed via compromised Anodot authentication tokens after third-party breach.
• Rockstar confirmed limited non-material information accessed with no player impact.

USA, Apr 13 (TNGB) – The ShinyHunters extortion group reportedly published more than 78.6 million records from Rockstar Games internal analytics systems on its dark web site. The files originated from Snowflake instances compromised through stolen authentication tokens linked to a security incident at monitoring firm Anodot. Exposed information included player behavior tracking, in-game revenue and purchase metrics for Grand Theft Auto Online and Red Dead Online plus Zendesk support ticket details. Rockstar Games confirmed the breach in statements to media but described the data as limited and non-material.

Third-party supply chain weaknesses keep exposing major gaming studios to persistent extortion demands.

Why This Matters: Supply chain breaches in cloud analytics tools now threaten proprietary game data at scale and force companies to reassess vendor access controls.

European Gym Giant Basic-Fit Data Breach Affects One Million Members

• Basic-Fit confirmed unauthorized access to personal and bank details of about one million members.
• Exposed data covered names, addresses, emails, phones, birth dates and IBANs across six countries.
• Hackers spent minutes inside systems before detection and no passwords were taken.

NETHERLANDS, Apr 13 (TNGB) – Dutch fitness chain Basic-Fit reportedly disclosed a data breach that exposed personal and financial information belonging to roughly one million members in the Netherlands, Belgium, Luxembourg, France, Spain and Germany. The compromised records included full names, home addresses, email addresses, phone numbers, dates of birth and bank account details tied to membership payments. Company monitoring tools detected the activity quickly and halted it while an external forensic investigation began. Affected members received direct notifications and the firm alerted data protection authorities in each country.

Consumer fitness databases remain attractive targets for fast opportunistic theft despite short dwell times.

Why This Matters: Rapid breaches of membership platforms demonstrate how even brief intrusions can expose banking details and heighten phishing risks for everyday consumers.

Secret Grand Jury Convened to Unmask Anonymous Government Critic on Reddit

• Federal prosecutors issued a grand jury subpoena to Reddit seeking full identity and data on one user.
• The account posted public details about an ICE agent and protest suggestions after a Minneapolis incident.
• Earlier administrative summons was withdrawn after court challenge yet demands expanded.

USA, Apr 13 (TNGB) – Federal prosecutors reportedly summoned Reddit to appear before a secret grand jury in Washington D.C. to reveal the identity and personal data of an anonymous user who criticized ICE online. The account shared publicly available information about an agent involved in a fatal shooting and suggested protest signage without calls for violence. Attorneys argued the posts concerned only local Oregon politics and lacked any link to federal customs or trade violations originally cited. The government dropped its first summons after open court proceedings began.

Secret grand jury processes sidestep public scrutiny and weaken First Amendment protections for online political speech.

Why This Matters: Escalating federal efforts to unmask anonymous critics raise serious questions about government overreach into protected political expression on public forums.

Zombie Microsoft Bugs Rise from the Dead Pave Way for Criminals

• CISA added four long-patched Microsoft vulnerabilities to its Known Exploited Vulnerabilities catalog.
• Ransomware crews including Storm-1175 and Medusa affiliates continue chaining them for access.
• One vulnerability dates to 2012 and still sees active exploitation nearly fourteen years later.

USA, Apr 13 (TNGB) – Criminal actors and ransomware operators reportedly keep exploiting four legacy Microsoft vulnerabilities that the Cybersecurity and Infrastructure Security Agency placed on its actively exploited list this week. The flaws enable privilege escalation on Windows systems, deserialization attacks on Exchange Server and unsafe library loading in Visual Basic for Applications. Medusa ransomware groups have combined CVE-2023-21529 with other exploits for initial access and data exfiltration in ongoing campaigns. Federal agencies received a firm April 27 patching deadline.

Legacy vulnerabilities in widely deployed Microsoft products keep providing attackers reliable entry points years after fixes were issued.

Why This Matters: Persistent use of decade-old flaws underscores how slow patching cycles in enterprise environments sustain ransomware profitability.

IBM Pays 17 Million Dollar Fine to End DOJ Suit Over DEI Programs

• IBM settled a Department of Justice lawsuit for 17 million dollars over alleged DEI hiring practices.
• Prosecutors claimed race, color, national origin or sex influenced hiring and promotions under federal contracts.
• The company denied wrongdoing and the agreement included no admission of liability.

USA, Apr 13 (TNGB) – IBM reportedly agreed to pay 17 million dollars to resolve a Department of Justice civil rights fraud lawsuit that accused the firm of incorporating race, color, national origin or sex into hiring and promotion decisions while receiving federal contract funds. The case formed part of a broader initiative targeting diversity programs tied to government money. IBM maintained throughout the litigation that all workforce decisions rested solely on skills and business requirements. This settlement marks the first resolution under the initiative aimed at private sector DEI practices.

Federal scrutiny of corporate diversity initiatives tied to government contracts will likely intensify in coming months.

Why This Matters: The resolution sets a financial precedent for how federal contracts can trigger reviews of internal hiring policies without requiring liability admissions.

Critical Flaw in WolfSSL Library Enables Forged Certificate Use

• WolfSSL released CVE-2026-5194 after improper signature verification allowed forged certificates.
• The vulnerability affects ECDSA, DSA, ML-DSA, Ed25519 and Ed448 algorithms before version 5.9.1.
• Embedded systems, IoT devices and aerospace equipment using the library face immediate risk.

USA, Apr 13 (TNGB) – Security researchers reportedly discovered a critical flaw in the wolfSSL cryptographic library that permits attackers to supply forged certificates by bypassing proper digest size checks during signature verification. The issue impacts ECDSA and related algorithms in versions prior to 5.9.1 and affects billions of devices in embedded systems, routers, IoT hardware and aerospace applications worldwide. WolfSSL issued version 5.9.1 on April 8 following external review and urged immediate upgrades.

Certificate validation weaknesses in widely used cryptographic libraries still create systemic risks for secure communications.

Why This Matters: Flaws in foundational libraries like wolfSSL can undermine trust in device authentication across entire supply chains and critical infrastructure.

Hack for Hire Campaign Targets Middle Eastern Journalists with Spyware

• Bitter group with suspected Indian government links allegedly ran hack for hire since 2022.
• Android ProSpy spyware targeted journalists, activists and civil society via spear phishing.
• Lookout, Access Now and SMEX linked attacks through shared infrastructure and tactics.

MIDDLE EAST, Apr 13 (TNGB) – Three cybersecurity organizations reportedly documented a sustained hack for hire campaign that delivered Android ProSpy spyware to journalists, activists and civil society figures across the Middle East and North Africa. The Bitter group allegedly relied on fake social media profiles and messaging platforms for spear phishing lures beginning at least in 2022. Lookout, Access Now and SMEX jointly analyzed command infrastructure and tactics that tied the operations together. Victims received no prior warning before compromise attempts.

Hack for hire operations continue to erode press freedom by turning commercial spyware against independent reporters.

Why This Matters: Commercial spyware sold through intermediaries now enables targeted surveillance of journalists and activists far beyond state borders.

Daniel Moreno Gama Faces Federal Charges for Attacking Sam Altman Home

• Daniel Moreno Gama allegedly threw a Molotov cocktail at Sam Altman’s residence on April 10.
• He attempted forced entry at OpenAI headquarters carrying incendiary devices and a manifesto.
• Federal charges include attempted property damage by explosives and firearm possession.

USA, Apr 13 (TNGB) – Texas resident Daniel Moreno Gama reportedly traveled to California on April 10 where he threw a Molotov cocktail at OpenAI CEO Sam Altman’s home and tried to break into company headquarters using a chair. Authorities recovered a manifesto from him titled Your Last Warning that admitted the actions and called for violence against AI leaders while listing addresses. Prosecutors filed federal charges of attempted property damage by explosives and possession of an unregistered firearm. The events unfolded amid ongoing public discussions about artificial intelligence development risks.

Physical attacks on technology executives signal escalating tensions around rapid AI development.

Why This Matters: Targeted violence against AI industry figures highlights growing societal friction over the pace and direction of technological advancement.

Xbox Game Pass Has Become Too Expensive Says Microsoft Gaming Chief

• New Xbox gaming chief Asha Sharma noted in an internal memo that Game Pass pricing feels too high.
• The service increased 50 percent last year after adding Call of Duty content to Ultimate tier.
• Microsoft intends to evolve the subscription model toward greater flexibility.

USA, Apr 13 (TNGB) – Microsoft’s new gaming chief Asha Sharma reportedly stated in a leaked internal memo that Xbox Game Pass pricing has become too expensive for many players and needs a stronger value proposition. The subscription tier rose to 29.99 dollars monthly for Ultimate following the integration of Call of Duty titles. Sharma acknowledged widespread online feedback and promised further employee discussions in the coming week. No immediate price changes appeared in the document.

Subscription fatigue in gaming services may force major platforms to rethink long term pricing strategies.

Why This Matters: Rising subscription costs risk alienating core users and could reshape how major publishers balance revenue with player retention.

Adobe Rolls Out Emergency Fix for Acrobat Reader Zero Day Flaw

• Adobe issued an out of band patch for CVE-2026-34621 zero day in Acrobat and Reader.
• Malicious PDFs bypassed sandbox protections to access privileged JavaScript APIs.
• Exploitation began in December with industry specific lures aimed at oil and gas users.

USA, Apr 13 (TNGB) – Adobe reportedly released an emergency update to close a zero day vulnerability in Acrobat and Reader that let malicious PDF files escape the sandbox and invoke privileged JavaScript APIs. The flaw identified as CVE-2026-34621 enabled local file reading and data exfiltration through functions such as util.readFileIntoStream. Security reports confirmed active exploitation since December in campaigns using Russian language lures tailored to oil and gas sector targets. Users should apply the patch through the built in update mechanism immediately.

Zero day flaws in ubiquitous PDF readers still pose immediate risks to enterprise and individual users alike.

Why This Matters: Emergency patches for widely used document software underscore how targeted PDF attacks remain a persistent vector for data theft.