Risky Bulletin: Microsoft tells users to uninstall games affected by a Unity bug

Sun Oct 05 2025

Summary

Risky Bulletin: Microsoft Tells Users to Uninstall Games Affected by a Unity Bug

Podcast: Risky Bulletin
Host: risky.biz (Read by Claire Aird)
Date: October 5, 2025

Overview

In this episode, the Risky Business team delivers a round-up of critical cybersecurity news, headlined by a serious vulnerability in the Unity game engine that’s prompting Microsoft to urge users to uninstall affected games. The bulletin also covers significant data breaches (Discord, Renault), landmark moves in encryption and app takedowns (Google, Apple), global cybercrime operations, and several novel security findings in the wild.

Key Discussion Points and Insights

1. Microsoft Urges Uninstallation of Vulnerable Unity Games

[00:04 – 01:30]

Vulnerability: Bug in the Unity cross-platform game engine allows arbitrary code execution via command line arguments.
Impact: Especially severe on Android—malicious app intents can trigger exploits. On Windows, Microsoft is telling users to uninstall Unity-based games until patches roll out.
Industry Response: Steam is blocking Unity games deemed vulnerable; games from the last eight years are potentially at risk, but a full list is unavailable.

“Microsoft has instructed customers to uninstall Unity based games until vendors patch and recompile.”
– Claire Aird [00:30]

2. Major Data Breaches: Discord, Renault, US Air Force

[01:31 – 03:00]

Discord: Breach via a third-party customer support vendor; attackers stole names, emails, payment details, support tickets, and identification documents.
Renault (UK): Customer data stolen from a third-party data processor; included names, birth dates, vehicle details.
US Air Force: Breach led to shutdown of internal servers (SharePoint, Teams); some personal data believed exposed.

“The stolen information includes names, emails, payment details and customer support tickets. Images of identity documents... were also stolen.”
– Claire Aird [01:45]

3. Military & Corporate Responses to Cyber Threats

[03:01 – 04:10]

US Army: Patched multiple vulnerabilities in its new command and control platform, co-developed by Anduril and Palantir. Insider and external threats, as well as data leaks, were concerns.
Salesforce: Hackers (“scattered lapsus hunters”) are trying to extort Salesforce after breaching their systems; group promises not to target customers if Salesforce pays.
LinkedIn: Filed another lawsuit over data scraping (Pro APIs charged $15,000+ for scraped user data); mirrors similar legal actions from earlier in the year.

4. Privacy Protections and Government Pressure

[04:11 – 05:00]

ICE-Tracking App: Apple and Google block an app that tracked ICE agents, following pressure from U.S. Justice Department and citing policy violations.
Encryption Roll-Out: Google now offers end-to-end encryption for Gmail within enterprise accounts—including recipients outside Gmail, managed via guest accounts.

“Google Enterprise customers can now send end-to end encrypted emails. The feature works regardless of whether recipients are using Gmail accounts.”
– Claire Aird [04:50]

5. Global Cybercrime and Law Enforcement Actions

[05:01 – 06:20]

Interpol: 260 fraud suspects arrested across 14 African countries for romance scams, sextortion ($2.8M+ stolen from 1,400+ victims).
Cambodia Scam Compound Riot: Workers (Bangladeshi & Pakistani) rioted and destroyed property at the infamous Kaibo scam compound after a religious ceremony dispute; military police deployed.
Deepfake Fines: Australian fined $340,000+ for AI-generated celebrity deepfake porn; the largest fine in the country's history for such offenses.

6. Malware, Espionage, and Influence Operations

[06:21 – 08:00]

WhatsApp Worm: “Sorvab hotel” malware spreads via WhatsApp in Brazil, installs info-stealer targeting local institutions and crypto exchanges.
Iran Influence Operation: Network of 50+ X accounts attempts to incite revolt in Iran; Citizen Lab suspects Israeli intelligence contractors.
Zimbra Zero-Day: Vulnerability (patched in January) was in fact a zero-day used for cyber-espionage against Brazil’s military.
Perplexity’s Comet AI Browser: Vulnerable to data theft via hidden AI prompts in malicious URLs.

7. Academic and Industry Cybersecurity Research

[08:01 – 09:00]

Optical Mouse as Microphone: Academics demonstrate “Mickey Mouse” attack—gaming mice’s sensors can record audio by converting vibrations to data, enabling eavesdropping.
Agent-to-Agent AI Security: AWS, Google, Meta, ByteDance, Cisco, and others release a collaborative security framework for protecting AI agent communication and protocols.

8. Upcoming: Major Joint Cloud Hacking Contest

[09:01 – 09:30]

Zero Day Cloud: AWS, Azure, and GCP announce a joint hacking contest, managed by Wiz, set for Black Hat Europe in December:
- Individual vulnerabilities can yield up to $300,000; total prizes $4.5M.

Notable Quotes & Memorable Moments

On the Unity Bug’s Widespread Impact:

“The bug affects Unity games compiled in the past eight years, but a comprehensive list of affected titles is not available.”
– Claire Aird [00:40]
On Discord’s Breach Scope:

“Images of identity documents, documents used for age verification were also stolen.”
– Claire Aird [01:48]
On Academic Innovation in Eavesdropping:

“Academics have turned an optical mouse into a microphone to secretly record audio.”
– Claire Aird [08:15]

Important Timestamps

Unity Game Engine Vulnerability & Microsoft’s Response: [00:04 – 01:30]
Discord and Renault Data Breaches: [01:31 – 02:30]
US Army Platform Patch & Salesforce Extortion: [03:01 – 03:50]
Apple/Google Block ICE-Tracking App & Gmail Encryption: [04:11 – 05:00]
Interpol and Cambodian Cybercrime Crackdowns: [05:01 – 06:20]
WhatsApp Worm, Iran Influence Op, Zimbra Zero-Day: [06:21 – 08:00]
Optical Mouse Eavesdropping, Agent Security Framework: [08:01 – 09:00]
Joint Cloud Zero-Day Contest Announcement: [09:01 – 09:30]

Summary for Non-Listeners

This Risky Bulletin delivers a brisk, detail-packed overview of recent infosec developments. The episode is anchored by the revelation of a serious Unity game engine vulnerability, with strong words and recommendations from Microsoft and Steam. The news bulletin then ricochets through high-profile data breaches (notably at Discord and Renault), an arms race in AI and encryption, global law enforcement crackdowns, and both academic and industry developments in security. Whether you care about game security, personal privacy, enterprise email, or cutting-edge attack techniques, this episode is an efficient tour of the latest cybersecurity flashpoints.

Loading summary...

Transcript

A (0:04)

Microsoft tells users to uninstall games affected by a Unity bug, Discord discloses a data breach, Google rolls out end to end encryption for Gmail and Apple and Google Block an ICE tracking app. This is the risky bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 6th of October and this podcast episode is brought to you by Corelight. In today's top story, a vulnerability has been found in the popular Unity cross platform game engine Command line arguments to the game engine can be leveraged to load arbitrary code. The flaw is most impactful on Android, where app intents can be used to start games with malicious arguments. On Windows, Microsoft has instructed customers to uninstall Unity based games until vendors patch and recompile. Still, Steam is also blocking Unity games from running if they contain the command line arguments used in the exploit. The bug affects Unity games compiled in the past eight years, but a comprehensive list of affected titles is not available. In other news Hackers have stolen user data from the messaging platform Discord. The breach occurred at a third party company used for Discord's customer support. The stolen information includes names, emails, payment details and customer support tickets. Images of identity documents, documents used for age verification were also stolen. Hackers have compromised Renault's UK operation. The French carmaker said customer data was stolen from a third party data processing partner. The company did not say how many users were affected. Stolen data included customer names, birth dates, contact information and vehicle details. The US Air Force has confirmed a recent security breach. SharePoint and Teams servers were reportedly shut down while the intrusion was investigated. Some personal data is believed to have been exposed or stolen. Affected individuals are being contacted. The US army has patched multiple vulnerabilities in its new battlefield communication platform. The next generation command and control platform connects data from soldiers, sensors and vehicles in real time. It was developed by Andurul and Palantir. An internal memo revealed the platform was vulnerable to insider threats, external attacks and data leaks. The Pentagon has spent $100 million on the platform since work began in July. Hackers behind a recent Salesforce breach are attempting to extort the company itself rather than individual affected customers. Earlier this year, the scattered lapsus hunters group socially engineered Salesforce customer support gain gained access to customer accounts and stole data. The group has said it will not go after individual companies if Salesforce pays up. LinkedIn has filed a lawsuit against a company and its CEO for scraping the social networking platform. LinkedIn claims that Pro APIs used millions of fake accounts in its large scale scraping operation it then charged $15,000 for access to the data that included users profile information, posts, reactions and comments. In July, LinkedIn a similar lawsuit against another company over data scraping practices. Apple and Google have blocked an app that tracked the location of ICE agents. Apple removed the ICE block app following pressure from the US Justice Department. Google also removed it, citing a violation of its policies. U.S. attorney General Pam Bondi claimed the app put ICE agents at risk. Google Enterprise customers can now send end to end encrypted emails. The feature works regardless of whether recipients are using Gmail accounts. Non Gmail recipients can read encrypted messages via guest accounts. The feature went live on Thursday. 260 fraud suspects have been detained across 14 African countries. Interpol says. The suspects are accused of running romance scams and sextortion. They allegedly stole more than $2.8 million from at least 1,400 victims. Several arrests have been made after a riot broke out at a Cambodian cyberscam compound. Bangladeshi and Pakistani workers destroyed office equipment and rioted in the streets at the infamous Kaibo scam compound on Saturday. Officials deployed military police forces to the compound in the city of Sihanoukville. Reports say the riot began after a disagreement about a religious ceremony. An Australian has been fined more than $340,000 for posting deepfake pornographic images of celebrities. Anthony Rotondo was linked to at least 12 incidents between November 2022 and October 2023. The fine is the country's largest to date for using AI to generate non consensual images. A self propagating WhatsApp worm is infecting Windows systems across Brazil. The Sorvab hotel worm spreads through WhatsApp private messages. It prompts users to download and run it on a Windows desktop. The malware installs an infosteeler that loots credentials for Brazil institutions and crypto exchanges. A network of X accounts are engaged in an influence operation that aims to incite a revolt in Iran. More than 50 accounts were created in 2023 but were activated this year during Israel's military offensive against the country. Citizen Lab believes an Israeli intelligence agency or one of its contractors is behind the operation. A Zimbra vulnerability patched in January was actually a zero day that was exploited for cyber espionage operations. It used milit malicious iCalendar files delivered via email to run malicious code on Zimbra servers. According to security firm Strike Ready, the zero day was used to target Brazil's military. A malicious URL can hijack Perplexity's Comet AI browser and steal user data. The link includes a hidden AI prompt that bypasses the Comet browser's security. The flaw was detailed in a blog by security firm LayerX. Academics have turned an optical mouse into a microphone to secretly record audio. The new Mickey Mouse technique takes advantage of the powerful optical sensors commonly found in gaming mice. Those sensors detect vibration caused by nearby sounds and record the patterns as mouse movements. Nearby conversations can be recovered from the data with the help of sound processing. LLMs tech companies have collaborated on a security framework designed to protect AI, agents and protocols. The new Agent to Agent security framework provides recommendations for securing communications between agents and their prompts. Ten companies have contributed, including AWS, Google Meta, ByteDance and Cisco. And finally AWS, Azure and GCP are holding a joint cloud hacking contest called Zero Day Cloud. It'll be managed by Wiz and will run at Black Hat Europe in December. Researchers can earn up to $300,000 for individual vulnerabilities. The total prize pool is $4.5 million. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Corelight. Find them@corelight.com thanks for your company.