Ransomware threat actors tracked as Velvet Tempest are using the ClickFix technique and legitimate Windows utilities to deploy the DonutLoader malware and the CastleRAT backdoor.

Researchers at cyber-deception threat intelligence firm MalBeacon observed the hackers’ actions in an emulated organization environment over a period of 12 days.

Velvet Tempest, also tracked as DEV-0504, is a threat group that has been involved in ransomware attacks as an affiliate for at least five years.

The actor has been associated with deploying some of the most devastating ransomware strains: Ryuk (2018 – 2020), REvil (2019-2022), Conti (2019-2022), BlackMatter, BlackCat/ALPHV (2021-2024), LockBit, and RansomHub.

The attack was observed by MalBeacon between February 3 and 16 in a replica environment for a non-profit organization in the U.S. with more than 3,000 endpoints and over 2,500 users.

After obtaining access, Velvet Tempest operators performed hands-on keyboard activities, including Active Directory reconnaissance, host discovery, and environment profiling, as well as using a PowerShell script to harvest credentials stored in Chrome.

The script was hosted on an IP address that researchers linked to tool staging for Termite ransomware intrusions.

According to the researchers, Velvet Tempest gained initial access through a malvertising campaign that led to a ClickFix and CAPTCHA mix that instructed victims to paste an obfuscated command into the Windows Run dialog.

The pasted command triggered nested cmd.exe chains and used finger.exe to fetch the first malware loaders. One of the payloads was an archive file disguised as a PDF file.

In subsequent stages, Velvet Tempest used PowerShell to download and execute commands that fetched additional payloads, compile .NET components via csc.exe in temporary directories, and deploy Python-based components for persistence in C:\ProgramData.

The operation ultimately staged DonutLoader and retrieved CastleRAT backdoor, a remote access trojan associated with the CastleLoader malware loader known for distributing multiple families of RATs and information stealers, like LummaStealer.

Termite ransomware has previously claimed high-profile victims such as SaaS provider Blue Yonder and Australian IVF giant Genea.

While Velvet Tempest is typically associated with double-extortion attacks, where victim systems are encrypted after stealing company data, MalBeacon’s report notes that the threat actor did not deploy the Termite ransomware in the observed intrusion.

Multiple ransomware actors have adopted the CkickFix technique in attacks. Sekoia reported in April 2025 that the Interlock ransomware gang used the social engineering method to breach corporate networks.

Malware is getting smarter. The Red Report 2026 reveals how new threats use math to detect sandboxes and hide in plain sight.

Download our analysis of 1.1 million malicious samples to uncover the top 10 techniques and see if your security stack is blinded.

Download The Report

Phone Repair Guru examines packages from AliExpress, each holding the components that will hopefully be utilized to make a seventh-generation iPad. Sounds like a simple challenge: build a fully functional iPad with these components, primarily acquired online, and evaluate how the final cost compares to a reconditioned tablet that costs roughly $200 Canadian. However, there is a catch: the screen is purchased from eBay because the AliExpress selections were inadequate, and the housing is a bit of a mess, having arrived broken but salvageable.

The packages arrive in waves, beginning with the small components: volume buttons, side key, speakers, ringer buzzer, GPS and Wi-Fi antennas, headphone jack, microphone, home button and its flex cable, metal pins for accessories, screws, front and rear cameras, battery and white digitizer, and the motherboard with a charging port pre-soldered on it. Phone Repair Guru must sort through it all while keeping in mind that the quality of everything can vary greatly.

Sale

Apple iPad 11-inch: A16 chip, 11-inch Model, Liquid Retina Display, 128GB, Wi-Fi 6, 12MP Front/12MP Back…

• WHY IPAD — The 11-inch iPad is now more capable than ever with the superfast A16 chip, a stunning Liquid Retina display, advanced cameras, fast…
• PERFORMANCE AND STORAGE — The superfast A16 chip delivers a boost in performance for your favorite activities. And with all-day battery life, iPad…
• 11-INCH LIQUID RETINA DISPLAY — The gorgeous Liquid Retina display is an amazing way to watch movies or draw your next masterpiece.* True Tone…

The housing is assembled first, with the headphone jack installed and secured with a larger screw, and the magnet from the old configuration is pulled out and replaced once the new portion is in position. Next, the speakers are installed, held in place by screws at the bottom and a few adjacent. Antennas are attached on top of the speakers with some residual adhesive. The microphone assembly is slotted along its flexible cable, with the end poking through a hole in the frame.

Cameras are installed with care, as the front camera requires a little bracket from the old housing to secure it before being inserted underneath. The back camera is simply pushed into place and sealed with hot glue (because the preferred cold glue ran out, which I suppose is anti-rep tactics).

The battery comes next, with the motherboard being wrenched out to guide the battery connection, and then the battery is installed. The mother board is reinserted, and a little amount of adhesive is used to ensure that it is securely attached to the housing. Back in goes the motherboard, flex cables are linked, and the battery is secured with a single screw.

The digitizer layer is fitted on top of the home button using pre-applied adhesive. It is aligned using a metal back plate and a little dot for precision. Two flex cables and the home button connector click into the digitizer, and the LCD is fitted in, with the solid connector establishing contact and the bigger screws securing in each corner. The battery connector is tightly clamped down to keep everything locked in.

Finally, all of the remaining screws are inserted, and the protective adhesive removed. What happens when you push the power button? The Apple logo appears. The device boots up to iPadOS 16, the language changes from Chinese to English, Wi-Fi activates, and updates begin downloading. Function checks confirm that everything is working properly; voice memos are recorded and played back through the speaker and microphone. Charging is operating, the power, volume, and home buttons all respond, and touch input works properly. Of course, cameras work as well.

Apple announced a ton of new tech this week, from the iPhone 17E to speedy new MacBook Pro models with M5 Pro and M5 Max chips. By far, the affordable MacBook Neo is making the biggest splash. The 256GB model starts at $599, while the 512GB model costs $699.

But let’s be real. We’re all talking about the new colors. With silver, blush, citrus, and indigo on the table, we polled the CNET crew to see which shade actually wins the office beauty pageant.

Silver came in dead last. Makes sense, since that’s Apple’s default color, and most of us are looking for a tech glow-up. Despite the lower votes for standard silver, I’m sure the classic look will sell well. It’s predictable, but it’s also clean and fresh.

Among CNET staff, the other three colors got a lot more love, with citrus and indigo clearly edging ahead of the competition.

Managing Editor Josh Goldman said that citrus was the favorite at the New York Apple event. But he’s personally not a fan: “It is a yellow-green. I don’t care for it.”

Senior Copy Editor Sarah McDermott also weighed in, calling citrus the “worst of both worlds.” McDermott opted for the blush, as did Goldman, who called it “subtle, changing from silver to pink, depending on the lighting.”

Senior Editor Lori Grunin wasn’t a fan of citrus, either: “Get your green out of my yellow. Also, of the colors, I like the pink best, but I think all-pink devices are ugly.” If Grunin were to buy a MacBook Neo, she’d go with the indigo.

The indigo color squeaked ahead to earn the most votes, and for good reason. It’s a calming shade and reminds me a lot of the iPhone 17 Pro in deep blue.

Senior Editor James Bricknell agreed that Neo’s citrus hue is “more like a lemon that’s not quite ripe,” rather than a bright yellow, but he stilled liked the citrus the best out of the lot. He added, “Full disclosure, my iPad is also yellow. It’s simply the most fun color that Apple makes.”

Citrus is my favorite of the four as well, and Bricknell and I both agreed the indigo is probably our second-favorite. While I’m not a big fan of pastels in general, I must say blush pink is a lovely shade.

In the end, indigo took the top spot, garnering 38% of the vote. Citrus was close behind, with 35%. Blush earned a respectable 23% of the vote. And silver scored a measly 4% in total.

I, for one, miss the days of bold, bright colors. Everything has been getting washed out and pastel-ified for years, as if brands just want to be the LaCroix of colors.

I want Kool-Aid red back. I was a big fan of the Product (Red) collection, and I would have loved for the new releases to include some bright, saturated shades — and I’m not the only one in that camp.

Social Media Manager Faith Chihil wants those infamous translucent iBooks to make a comeback. Goldman noted that the days of plastic Apple laptops and desktops are likely done. Senior Writer Jeff Carlson jumped in, agreeing, “Yes, but what about transparent aluminum? (Which is real now!).” Now that’s an idea.

Advertisement

Watch this: Apple Gets It Right! Hands-on with MacBook Neo

05:09

You can preorder everything Apple has announced right now, with items launching officially on March 11.

When to watch Newcastle vs. Man City

• Saturday, March 7 at 3 p.m. ET (12 p.m. PT)

Where to watch Newcastle vs. Man City

• Newcastle vs. Man City will air in the US on ESPN Plus, which is available via ESPN Select or ESPN Unlimited.

The pick of this weekend’s English FA Cup fifth-round matches sees Eddie Howe’s resurgent Newcastle host Premier League title-chaser Man City in the Northeast on Saturday. 

Advertisement

While City may have lost ground to Arsenal in the EPL title race following its draw with struggling Nottingham Forest in midweek, Pep Guardiola’s crew remains in the hunt for an unprecedented quadruple. Could it be in the cards with this tie coming ahead of its UEFA Champions League clash with Real Madrid at the Bernabeu next Wednesday?

Newcastle may draw encouragement for this game, and next week’s UCL match against Barcelona, from its 2-1 win over Man United in the Premier League on Wednesday.

Newcastle United takes on Manchester City at St. James’ Park on Saturday, March 7. Kickoff is set for 8 p.m. GMT local time in the UK, which is 3 p.m. ET or 12 p.m. PT in the US and Canada, and 7 a.m. AEDT in Australia early on Sunday morning.

Advertisement

Livestream Liverpool vs. Brighton in the US

Every match from this point in the tournament will be available to stream live on ESPN Plus, which is accessible via the network’s ESPN Select or ESPN Unlimited streaming packages. ESPN Select carries ESPN Plus and is the cheaper option at $13 a month.

Advertisement

ESPN’s streaming platforms have been shaken up in recent months. The sports network now offers two tiers with its new direct-to-consumer setup: ESPN Select and ESPN Unlimited. ESPN Select is essentially what ESPN Plus used to be, with the same content available to subscribers, including FA Cup soccer, for $13 a month. If you want full access to ESPN’s networks and services, such as ESPN, ESPN2, ESPN3, ESPNews and ESPN Deportes, as well as all of ESPN Select’s content, then ESPN Unlimited is the way to go. It costs $30 a month.

Livestream Liverpool vs. Brighton in the UK

TNT Sports and the BBC are sharing duties for the FA Cup this season, with this Saturday evening game set to be shown on TNT Sports 1.

Advertisement

TNT Sports will be showing every match live from the third round onward, excluding Saturday 3 p.m. kickoffs. You can access TNT Sports via Sky Q as part of a TV package, as well as through online streaming options. It costs £31 either way and comes in a package that includes Discovery Plus’ library of documentary content.

Livestream Liverpool vs. Brighton in Canada

Canadian soccer fans looking to watch this FA Cup fixture can watch all the action live via Sportsnet.

Advertisement

Sportsnet is available via most cable operators, but cord-cutters can subscribe to the standalone streaming service Sportsnet Plus instead, with prices starting at CA$30 per month or CA$250 per year for the standard plan.

Livestream Liverpool vs. Brighton in Australia

Football fans in Australia can watch FA Cup matches live on the streaming service Stan Sport.

Advertisement

Stan Sport will set you back AU$20 a month, on top of a Stan subscription, which starts at AU$12. It is worth noting the streaming service is offering a seven-day free trial. On top of select FA Cup matches, a subscription gives you access to Premier League, Champions League and Europa League action, along with international rugby and Formula E.

• Attackers now rely on employees to unknowingly launch the malware themselves
• Fake IT support calls transform routine troubleshooting into a full network compromise
• Browser crashes become the opening move in carefully staged social engineering attacks

Cybercriminal activity continues to move away from direct software exploitation toward manipulating everyday user behavior within corporate environments, experts have warned.

New research by Huntress describes a campaign in which attackers intentionally crash a user’s browser and display alarming security messages that encourage a “repair.”

David Barnett has learned a lot since first launching PopSockets more than a decade ago. 

As the tale goes, the former philosophy professor was looking for an easy way to hold his headphones and went on to create one of the most viral phone accessories of all time: A device that grips to the back of the phone and can be used as a kickstand or a handle — better known as the PopSockets. 

Barnett sat down with Equity this week to talk about his journey building this company from his garage, why he decided to never take on traditional venture capital funding, and some of the lessons he’s learned while scaling the business. 

“I was a philosophy professor, so I had no experience with manufacturing,” he recalled, adding that he also lacked experience in business, tax, accounting, and finance. “I burned through a lot of money with no revenue,” he continued, adding that he had “wave after wave of manufacturing defects” during the early days. 

 Still, he managed along and was able to land in a local toy store where he would often stop by to watch how customers interacted with his brand. “The sales were quite slow,” he said. He adjusted the Popsocket a bit, and that’s when everything started to take off. “That was the point where I thought, ‘Okay, this could work in retail.”

From there, he spoke about the hits and misses of entering retail (including a dispute he had with Amazon that briefly caused him to pull his product from the website). He spoke about adapting the product even more, protecting intellectual property, and when he knew it was time to step down as CEO and let someone else take the reins. 

“The greatest lesson I’ve learned is that it’s all about the people,” he said, adding that he was looking for this trait in his successor. “I think that’s the most important skill one can have as a leader.” 

UFC 326 live streams feature a headline bout that’s been more than a decade in the making. Max Holloway vs Charles Oliveira 2 is rematch from 2015 and the pair finally go head-to-head again in the Octagon at T-Mobile Arena, Las Vegas, on Saturday. The prize? To find out which one is the baddest mother in the UFC.

So much has happened in the careers of these two elite fighters since Holloway beat Oliveira via TKO on a Fight Night in Saskatchewan all those years ago. Both have enjoyed titles, taken part in infamous feuds and tasted their fair share of defeats, too, as the duo head towards the final acts of their careers. Now, Dana White has given MMA fans what they want and made this long-awaited rematch happen at last, with Holloway’s symbolic BMF title on the line.

For most of gaming history, the deal between players and technology was refreshingly simple: save up, buy a machine, install a game, and that experience was yours for as long as the hardware kept breathing. Old consoles might collect dust, but they still booted up when nostalgia struck. A five-year-old gaming PC might wheeze at the latest AAA release, but it could still run older favorites just fine. Ownership wasn’t just a technical detail, but was part of gaming culture itself, whether that meant shelves stacked with discs or a lovingly assembled PC rig with mismatched RGB fans and a side panel that had been opened far too many times.

Unfortunately, that long-standing contract is quietly changing. Across the industry, hardware is increasingly being offered as a service rather than a product. Gaming laptops can now be rented through subscription programs, consoles are available on lease-style payment plans, and cloud gaming services promise high-end performance without requiring a powerful PC at home. The pitch is appealingly simple: skip the painful upfront cost and just pay a manageable monthly fee. But the catch is equally simple: when the subscription ends, the hardware goes back, the service stops working, and sometimes even access to the games disappears. What used to be something gamers owned is slowly becoming something they merely access.

The shift isn’t happening randomly either. Gaming hardware has become dramatically more expensive in recent years, largely because the same advanced chips used in gaming PCs are now in massive demand from AI companies and data centers. According to a 2026 outlook from Deloitte, spending on compute and storage hardware for AI deployments surged by 166 percent year-over-year in 2025, reaching roughly $82 billion. Those same fabrication plants produce the GPUs, memory, and processors that power gaming machines, meaning consumer hardware is now competing directly with enterprise AI infrastructure for supply. The result is predictable: prices stay high, availability tight, and suddenly the idea of renting a powerful gaming machine starts to look a lot more tempting. Especially for players who can’t justify dropping $1,500 or more on a PC just to play the latest releases.

Hardware as a subscription

Major hardware companies have begun experimenting with what’s often called Hardware-as-a-Service. Instead of selling a device outright, companies rent it to users through monthly subscriptions that include support, upgrades, and maintenance.

HP, for example, recently launched the OMEN Gaming Subscription program. For a monthly fee ranging roughly from $50 to $130, depending on the tier, subscribers receive a gaming laptop along with technical support and the option to upgrade to newer hardware after about a year. The catch is straightforward: once the subscription ends, the device must be returned. Sony has explored a similar approach through its Sony Flex program in the UK. Through this service, players can lease a PlayStation 5 console, including newer variants, by paying monthly installments over a 12, 24, or 36-month period. While the total cost across several years may approach the price of buying the console outright, the key difference remains that the user does not retain the hardware at the end of the contract.

This hardware shift is closely tied to the growing rise of cloud gaming, too. Services like NVIDIA GeForce Now and Xbox Cloud Gaming aim to remove the need for local gaming hardware entirely by streaming games from powerful remote servers. In fact, market research firms expect the cloud gaming sector to grow rapidly, with projections suggesting a compound annual growth rate of over 40 percent through 2030. In other words, gaming companies are increasingly exploring models where the device in your living room matters less, or might eventually disappear entirely.

When access replaces ownership

From a business perspective, subscription ecosystems make perfect sense. Instead of relying on occasional hardware sales every few years, companies generate predictable recurring revenue. This strategy mirrors the broader shift seen across the tech industry, where music, movies, and software have largely moved from physical ownership to subscription access.

Industry leaders have acknowledged this transition. Microsoft CEO Satya Nadella has described Xbox Game Pass as central to the company’s vision of delivering gaming experiences across multiple devices through subscription services rather than relying solely on console ownership. NVIDIA CEO Jensen Huang has also emphasized the growing role of cloud computing, suggesting that powerful data centers can eventually deliver high-end gaming experiences remotely without requiring expensive GPUs in every home.

For players, however, the long-term implications are more complicated. Renting hardware may lower the barrier to entry, but it can also increase long-term costs. A gamer paying $100 per month for a high-end laptop over two years would spend $2,400. Yet, at the end of that period, there is no hardware to sell, reuse, or upgrade. The machine simply goes back to the manufacturer.

There are also cultural implications, particularly for PC gaming enthusiasts. PC gaming has historically been built around customization and experimentation. Players upgrade GPUs, tweak cooling systems, replace memory modules, and modify their systems over time. Rental hardware, by contrast, often arrives sealed, and opening the device for upgrades or maintenance can violate service agreements. In that sense, a rental-first ecosystem could gradually push aside the tinkering culture that helped define PC gaming for decades.

Beyond financial and cultural concerns, the shift toward rental hardware and subscription ecosystems also raises questions about preserving gaming history. When games exist on physical media or are installed locally, they can survive long after the companies behind them disappear. On the other hand, subscription-based services change that dynamic by tying access to active servers and ongoing licensing. In fact, the video game preservation community has warned that this creates a growing risk for the medium’s long-term survival.

Frank Cifaldi, co-director of the Video Game History Foundation, has described modern games as increasingly being treated as licensed services rather than permanent products that players actually own. Further, legal experts such as Dr. David C. Mowery have also noted that strict digital rights management and game-as-a-service models make it harder for archives and researchers to preserve titles for future generations, since both the hardware and the games themselves may only exist within controlled subscription platforms.

A hybrid future for gaming

Don’t get me wrong, none of this means rental-based gaming is inherently bad. In fact, it could make gaming far more accessible for players who cannot afford expensive hardware. Subscription access lowers the entry barrier and allows more people to experience high-end games without major upfront investments.

Ideally, the future lands somewhere in the middle with a hybrid model. Subscriptions, cloud services, and rental hardware could continue lowering the barrier for casual players who want easy access to games without spending heavily on hardware. At the same time, the enthusiasts, the builders, collectors, and modders would still have the option to buy and own their machines outright. Gaming has always supported multiple ways to play, from smartphones to high-end PCs, so it would be great if the industry evolved to allow both access and ownership to coexist comfortably.

Still, the rise of rental hardware signals a significant philosophical shift for the industry. For the first time, gaming platforms are increasingly being treated less like products and more like ongoing services. If that model continues to expand, the future of gaming might not revolve around the machines players own, but the subscriptions they maintain. And for a hobby built on personal rigs, physical collections, and the joy of tinkering, that’s a change that can feel both exciting and a little unsettling.