Technology

Critical motherboard flaw allows game cheats, Riot Games blocks 'Valorant' players that don't update BIOS — security patches pushed live by all major motherboard vendors

Source

Tom's Hardware

Published

Dec 18, 2025

TL;DR

AI Generated

Riot Games identified a critical security flaw in certain motherboards from major vendors like Asus, Gigabyte, MSI, and ASRock that could enable cheating in games like Valorant. The vulnerability involves the IOMMU not fully initializing, potentially allowing DMA devices to manipulate system RAM and bypass anti-cheat measures. Riot Games collaborated with motherboard manufacturers to release BIOS updates addressing the issue to prevent unfair advantages in esports competitions. Players are urged to update their BIOS to the latest version to ensure security features are active and to avoid restrictions on launching Valorant.

Read Full Article

The most severe Linux threat to surface in years catches the world flat-footed

A critical Linux vulnerability, named CopyFail (CVE-2026-31431), has been disclosed by security researchers, allowing unprivileged users to gain root access across various Linux distributions. The exploit code, released by Theori, works universally without modification, posing a significant threat to data centers and personal devices. While the Linux kernel security team patched the vulnerability in several versions, many distributions had not yet implemented the fixes at the time of the exploit's release. This flaw enables attackers to execute malicious activities like hacking multi-tenant systems and creating backdoors, emphasizing the severity of the issue.

Ars Technica•

20 hours ago

Open source package with 1 million monthly downloads stole user credentials

A widely used open source package with 1 million monthly downloads was compromised by threat actors exploiting a vulnerability in the developers’ account workflow, granting access to sensitive information. The malicious package, element-data 0.23.3, was distributed to users, collecting user credentials, API tokens, and more. Users who installed this version are advised to consider their credentials compromised. The attackers gained access through a GitHub action, allowing them to publish the malicious package. The developers swiftly removed the package, rotated credentials, and fixed the vulnerability.

Ars Technica•

3 days ago

Enthusiast fixes 30-year issue with S3 graphics card — hacking the VBIOS fixes black levels by scalpelling out the Virge DX’s ‘pedestal bit’

A retro hardware enthusiast successfully fixed a 30-year-old issue with S3 graphics cards by hacking the VBIOS to address the 'pedestal bit' problem that caused washed-out black levels. By adjusting the hexadecimal value in the VBIOS code, the darkest blacks were restored to their proper color, eliminating the undesirable gray appearance. The enthusiast used debugging tools to locate and modify the pedestal bit, then dumped the VBIOS to a file, made the necessary tweaks, and flashed it back to the hardware. The fix resulted in a deep black background upon booting, confirming the successful elimination of the pedestal bit issue. This solution can potentially be applied to other S3 Virge DX models, offering a resolution to a long-standing problem in graphics card technology.

Tom's Hardware•

6 days ago

Google Cloud customer wakes up to $18,000+ bill despite $7 budget, thanks to forgotten API key in published project — attacker put in 60,000+ requests and blasted through $1,400 spending cap

An Australia-based AI consultant woke up to an $18,000+ Google Cloud bill despite having a $7 budget, due to an attacker exploiting a forgotten API key in a published project. The attacker made over 60,000 requests, surpassing the spending cap. Despite following security practices, a single vulnerability led to the breach. Google automatically upgraded the account tier without notification, allowing for higher spending limits. The user's bank credited back the charges, but the incident highlights risks associated with Google Cloud's API key format.