Risky Bulletin: Microsoft Tells Users to Uninstall Games Affected by a Unity Bug

Podcast: Risky Bulletin
Host: risky.biz (Read by Claire Aird)
Date: October 5, 2025

Overview

In this episode, the Risky Business team delivers a round-up of critical cybersecurity news, headlined by a serious vulnerability in the Unity game engine that’s prompting Microsoft to urge users to uninstall affected games. The bulletin also covers significant data breaches (Discord, Renault), landmark moves in encryption and app takedowns (Google, Apple), global cybercrime operations, and several novel security findings in the wild.

Key Discussion Points and Insights

1. Microsoft Urges Uninstallation of Vulnerable Unity Games

[00:04 – 01:30]

Vulnerability: Bug in the Unity cross-platform game engine allows arbitrary code execution via command line arguments.
Impact: Especially severe on Android—malicious app intents can trigger exploits. On Windows, Microsoft is telling users to uninstall Unity-based games until patches roll out.
Industry Response: Steam is blocking Unity games deemed vulnerable; games from the last eight years are potentially at risk, but a full list is unavailable.

“Microsoft has instructed customers to uninstall Unity based games until vendors patch and recompile.”
– Claire Aird [00:30]

2. Major Data Breaches: Discord, Renault, US Air Force

[01:31 – 03:00]

Discord: Breach via a third-party customer support vendor; attackers stole names, emails, payment details, support tickets, and identification documents.
Renault (UK): Customer data stolen from a third-party data processor; included names, birth dates, vehicle details.
US Air Force: Breach led to shutdown of internal servers (SharePoint, Teams); some personal data believed exposed.

“The stolen information includes names, emails, payment details and customer support tickets. Images of identity documents... were also stolen.”
– Claire Aird [01:45]

3. Military & Corporate Responses to Cyber Threats

[03:01 – 04:10]

US Army: Patched multiple vulnerabilities in its new command and control platform, co-developed by Anduril and Palantir. Insider and external threats, as well as data leaks, were concerns.
Salesforce: Hackers (“scattered lapsus hunters”) are trying to extort Salesforce after breaching their systems; group promises not to target customers if Salesforce pays.
LinkedIn: Filed another lawsuit over data scraping (Pro APIs charged $15,000+ for scraped user data); mirrors similar legal actions from earlier in the year.

4. Privacy Protections and Government Pressure

[04:11 – 05:00]

ICE-Tracking App: Apple and Google block an app that tracked ICE agents, following pressure from U.S. Justice Department and citing policy violations.
Encryption Roll-Out: Google now offers end-to-end encryption for Gmail within enterprise accounts—including recipients outside Gmail, managed via guest accounts.

“Google Enterprise customers can now send end-to end encrypted emails. The feature works regardless of whether recipients are using Gmail accounts.”
– Claire Aird [04:50]

5. Global Cybercrime and Law Enforcement Actions

[05:01 – 06:20]

Interpol: 260 fraud suspects arrested across 14 African countries for romance scams, sextortion ($2.8M+ stolen from 1,400+ victims).
Cambodia Scam Compound Riot: Workers (Bangladeshi & Pakistani) rioted and destroyed property at the infamous Kaibo scam compound after a religious ceremony dispute; military police deployed.
Deepfake Fines: Australian fined $340,000+ for AI-generated celebrity deepfake porn; the largest fine in the country's history for such offenses.

6. Malware, Espionage, and Influence Operations

[06:21 – 08:00]

WhatsApp Worm: “Sorvab hotel” malware spreads via WhatsApp in Brazil, installs info-stealer targeting local institutions and crypto exchanges.
Iran Influence Operation: Network of 50+ X accounts attempts to incite revolt in Iran; Citizen Lab suspects Israeli intelligence contractors.
Zimbra Zero-Day: Vulnerability (patched in January) was in fact a zero-day used for cyber-espionage against Brazil’s military.
Perplexity’s Comet AI Browser: Vulnerable to data theft via hidden AI prompts in malicious URLs.

7. Academic and Industry Cybersecurity Research

[08:01 – 09:00]

Optical Mouse as Microphone: Academics demonstrate “Mickey Mouse” attack—gaming mice’s sensors can record audio by converting vibrations to data, enabling eavesdropping.
Agent-to-Agent AI Security: AWS, Google, Meta, ByteDance, Cisco, and others release a collaborative security framework for protecting AI agent communication and protocols.

8. Upcoming: Major Joint Cloud Hacking Contest

[09:01 – 09:30]

Zero Day Cloud: AWS, Azure, and GCP announce a joint hacking contest, managed by Wiz, set for Black Hat Europe in December:
- Individual vulnerabilities can yield up to $300,000; total prizes $4.5M.

Notable Quotes & Memorable Moments

On the Unity Bug’s Widespread Impact:

“The bug affects Unity games compiled in the past eight years, but a comprehensive list of affected titles is not available.”
– Claire Aird [00:40]
On Discord’s Breach Scope:

“Images of identity documents, documents used for age verification were also stolen.”
– Claire Aird [01:48]
On Academic Innovation in Eavesdropping:

“Academics have turned an optical mouse into a microphone to secretly record audio.”
– Claire Aird [08:15]

Important Timestamps

Unity Game Engine Vulnerability & Microsoft’s Response: [00:04 – 01:30]
Discord and Renault Data Breaches: [01:31 – 02:30]
US Army Platform Patch & Salesforce Extortion: [03:01 – 03:50]
Apple/Google Block ICE-Tracking App & Gmail Encryption: [04:11 – 05:00]
Interpol and Cambodian Cybercrime Crackdowns: [05:01 – 06:20]
WhatsApp Worm, Iran Influence Op, Zimbra Zero-Day: [06:21 – 08:00]
Optical Mouse Eavesdropping, Agent Security Framework: [08:01 – 09:00]
Joint Cloud Zero-Day Contest Announcement: [09:01 – 09:30]

Summary for Non-Listeners

This Risky Bulletin delivers a brisk, detail-packed overview of recent infosec developments. The episode is anchored by the revelation of a serious Unity game engine vulnerability, with strong words and recommendations from Microsoft and Steam. The news bulletin then ricochets through high-profile data breaches (notably at Discord and Renault), an arms race in AI and encryption, global law enforcement crackdowns, and both academic and industry developments in security. Whether you care about game security, personal privacy, enterprise email, or cutting-edge attack techniques, this episode is an efficient tour of the latest cybersecurity flashpoints.

Risky Bulletin: Microsoft Tells Users to Uninstall Games Affected by a Unity Bug

Podcast: Risky Bulletin
Host: risky.biz (Read by Claire Aird)
Date: October 5, 2025

Overview

Key Discussion Points and Insights

1. Microsoft Urges Uninstallation of Vulnerable Unity Games

[00:04 – 01:30]

Vulnerability: Bug in the Unity cross-platform game engine allows arbitrary code execution via command line arguments.
Impact: Especially severe on Android—malicious app intents can trigger exploits. On Windows, Microsoft is telling users to uninstall Unity-based games until patches roll out.
Industry Response: Steam is blocking Unity games deemed vulnerable; games from the last eight years are potentially at risk, but a full list is unavailable.

“Microsoft has instructed customers to uninstall Unity based games until vendors patch and recompile.”
– Claire Aird [00:30]

2. Major Data Breaches: Discord, Renault, US Air Force

[01:31 – 03:00]

Discord: Breach via a third-party customer support vendor; attackers stole names, emails, payment details, support tickets, and identification documents.
Renault (UK): Customer data stolen from a third-party data processor; included names, birth dates, vehicle details.
US Air Force: Breach led to shutdown of internal servers (SharePoint, Teams); some personal data believed exposed.

“The stolen information includes names, emails, payment details and customer support tickets. Images of identity documents... were also stolen.”
– Claire Aird [01:45]

3. Military & Corporate Responses to Cyber Threats

[03:01 – 04:10]

US Army: Patched multiple vulnerabilities in its new command and control platform, co-developed by Anduril and Palantir. Insider and external threats, as well as data leaks, were concerns.
Salesforce: Hackers (“scattered lapsus hunters”) are trying to extort Salesforce after breaching their systems; group promises not to target customers if Salesforce pays.
LinkedIn: Filed another lawsuit over data scraping (Pro APIs charged $15,000+ for scraped user data); mirrors similar legal actions from earlier in the year.

4. Privacy Protections and Government Pressure

[04:11 – 05:00]

ICE-Tracking App: Apple and Google block an app that tracked ICE agents, following pressure from U.S. Justice Department and citing policy violations.
Encryption Roll-Out: Google now offers end-to-end encryption for Gmail within enterprise accounts—including recipients outside Gmail, managed via guest accounts.

“Google Enterprise customers can now send end-to end encrypted emails. The feature works regardless of whether recipients are using Gmail accounts.”
– Claire Aird [04:50]

5. Global Cybercrime and Law Enforcement Actions

[05:01 – 06:20]

Interpol: 260 fraud suspects arrested across 14 African countries for romance scams, sextortion ($2.8M+ stolen from 1,400+ victims).
Cambodia Scam Compound Riot: Workers (Bangladeshi & Pakistani) rioted and destroyed property at the infamous Kaibo scam compound after a religious ceremony dispute; military police deployed.
Deepfake Fines: Australian fined $340,000+ for AI-generated celebrity deepfake porn; the largest fine in the country's history for such offenses.

6. Malware, Espionage, and Influence Operations

[06:21 – 08:00]

WhatsApp Worm: “Sorvab hotel” malware spreads via WhatsApp in Brazil, installs info-stealer targeting local institutions and crypto exchanges.
Iran Influence Operation: Network of 50+ X accounts attempts to incite revolt in Iran; Citizen Lab suspects Israeli intelligence contractors.
Zimbra Zero-Day: Vulnerability (patched in January) was in fact a zero-day used for cyber-espionage against Brazil’s military.
Perplexity’s Comet AI Browser: Vulnerable to data theft via hidden AI prompts in malicious URLs.

7. Academic and Industry Cybersecurity Research

[08:01 – 09:00]

Optical Mouse as Microphone: Academics demonstrate “Mickey Mouse” attack—gaming mice’s sensors can record audio by converting vibrations to data, enabling eavesdropping.
Agent-to-Agent AI Security: AWS, Google, Meta, ByteDance, Cisco, and others release a collaborative security framework for protecting AI agent communication and protocols.

8. Upcoming: Major Joint Cloud Hacking Contest

[09:01 – 09:30]

Zero Day Cloud: AWS, Azure, and GCP announce a joint hacking contest, managed by Wiz, set for Black Hat Europe in December:
- Individual vulnerabilities can yield up to $300,000; total prizes $4.5M.

Notable Quotes & Memorable Moments

On the Unity Bug’s Widespread Impact:

“The bug affects Unity games compiled in the past eight years, but a comprehensive list of affected titles is not available.”
– Claire Aird [00:40]
On Discord’s Breach Scope:

“Images of identity documents, documents used for age verification were also stolen.”
– Claire Aird [01:48]
On Academic Innovation in Eavesdropping:

“Academics have turned an optical mouse into a microphone to secretly record audio.”
– Claire Aird [08:15]

Important Timestamps

Unity Game Engine Vulnerability & Microsoft’s Response: [00:04 – 01:30]
Discord and Renault Data Breaches: [01:31 – 02:30]
US Army Platform Patch & Salesforce Extortion: [03:01 – 03:50]
Apple/Google Block ICE-Tracking App & Gmail Encryption: [04:11 – 05:00]
Interpol and Cambodian Cybercrime Crackdowns: [05:01 – 06:20]
WhatsApp Worm, Iran Influence Op, Zimbra Zero-Day: [06:21 – 08:00]
Optical Mouse Eavesdropping, Agent Security Framework: [08:01 – 09:00]
Joint Cloud Zero-Day Contest Announcement: [09:01 – 09:30]

wavePod

Risky Bulletin: Microsoft tells users to uninstall games affected by a Unity bug

Powered by Wave AI

Summary

Risky Bulletin: Microsoft Tells Users to Uninstall Games Affected by a Unity Bug

Overview

Key Discussion Points and Insights

1. Microsoft Urges Uninstallation of Vulnerable Unity Games

2. Major Data Breaches: Discord, Renault, US Air Force

3. Military & Corporate Responses to Cyber Threats

4. Privacy Protections and Government Pressure

5. Global Cybercrime and Law Enforcement Actions

6. Malware, Espionage, and Influence Operations

7. Academic and Industry Cybersecurity Research

8. Upcoming: Major Joint Cloud Hacking Contest

Notable Quotes & Memorable Moments

Important Timestamps

Summary for Non-Listeners

Summary

Risky Bulletin: Microsoft Tells Users to Uninstall Games Affected by a Unity Bug

Overview

Key Discussion Points and Insights

1. Microsoft Urges Uninstallation of Vulnerable Unity Games

2. Major Data Breaches: Discord, Renault, US Air Force

3. Military & Corporate Responses to Cyber Threats

4. Privacy Protections and Government Pressure

5. Global Cybercrime and Law Enforcement Actions

6. Malware, Espionage, and Influence Operations

7. Academic and Industry Cybersecurity Research

8. Upcoming: Major Joint Cloud Hacking Contest

Notable Quotes & Memorable Moments

Important Timestamps

Summary for Non-Listeners