Steam client update blocks custom URI scheme launches to reduce exploitation
Security Tool/Service
Summary
Hide ▲
Show ▼
Steam released a Client update that blocks custom URI scheme launches, reducing a potential exploitation path through the platform. The change matters because it hardens the distribution client against abuse tied to a broader Unity-related risk.
Related Happenings
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch Release
First: 15.04.2026 00:22
Last: 15.04.2026 00:22
Sources 1
About this happening:
**Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Microsoft April 2026 Patch Tuesday security update (165 CVEs)
Security Patch ReleaseAbout this happening: **Microsoft** shipped **April 2026 Patch Tuesday** updates covering **165 CVEs**, including an **actively exploited zero-day** and a **publicly disclosed** flaw, creating immediat...
Google Android Advanced Flow adds safer APK sideloading for unverified developers
Security Tool/Service
First: 21.03.2026 16:18
Last: 21.03.2026 16:18
Sources 1
About this happening:
**Google** is rolling out **Advanced Flow** on **Android** to let power users sideload APKs from **unverified developers** with more friction and warnings, reducing the risk of **...
Google Android Advanced Flow adds safer APK sideloading for unverified developers
Security Tool/ServiceAbout this happening: **Google** is rolling out **Advanced Flow** on **Android** to let power users sideload APKs from **unverified developers** with more friction and warnings, reducing the risk of **...
Windows Shell security feature bypass (CVE-2026-21510)
Vulnerability
First: 10.02.2026 20:51
Last: 10.02.2026 20:51
Sources 1
About this happening:
Microsoft patched **CVE-2026-21510**, an **actively exploited Windows Shell** security feature bypass that could let attackers evade **SmartScreen** and Shell warnings. The flaw c...
Windows Shell security feature bypass (CVE-2026-21510)
VulnerabilityAbout this happening: Microsoft patched **CVE-2026-21510**, an **actively exploited Windows Shell** security feature bypass that could let attackers evade **SmartScreen** and Shell warnings. The flaw c...
Unity Runtime unsafe file loading and local file inclusion information disclosure flaw (CVE-2025-59489)
Vulnerability
First: 06.10.2025 16:56
Last: 06.10.2025 16:56
Sources 1
How related:
The vulnerability is tracked as CVE-2025-59489 and affects the Runtime component. It allows unsafe file loading and local file inclusion, and could lead to code execution and information disclosure.
About this happening:
**CVE-2025-59489** in **Unity Runtime** enables **unsafe file loading** and **local file inclusion**, creating **code execution** and **information disclosure** risk for affected...
Unity Runtime unsafe file loading and local file inclusion information disclosure flaw (CVE-2025-59489)
VulnerabilityHow related: The vulnerability is tracked as CVE-2025-59489 and affects the Runtime component. It allows unsafe file loading and local file inclusion, and could lead to code execution and information disclosure.
About this happening: **CVE-2025-59489** in **Unity Runtime** enables **unsafe file loading** and **local file inclusion**, creating **code execution** and **information disclosure** risk for affected...
BlockBlasters cryptodrainer on Steam
Malware Activity
First: 22.09.2025 12:28
Last: 22.09.2025 12:28
Sources 1
About this happening:
The **BlockBlasters** game on **Steam** was turned into a **cryptodrainer** after a malicious component was added on **August 30**, putting players' wallets and login credentials...
BlockBlasters cryptodrainer on Steam
Malware ActivityAbout this happening: The **BlockBlasters** game on **Steam** was turned into a **cryptodrainer** after a malicious component was added on **August 30**, putting players' wallets and login credentials...
Timeline
-
06.10.2025 16:56 2 articles · 7mo ago
Unity CVE-2025-59489 disclosure and mitigations
Initial DisclosureSteam released a Client update that blocks launching custom URI schemes to reduce exploitation through its distribution platform, Valve advised publishers to rebuild affected games with a safe Unity version or replace UnityPlayer.dll with a patched version, Microsoft warned users to uninstall vulnerable games until fixes were available, and Unity said it had released fixes for out-of-support versions starting 2019.1 and later after CVE-2025-59489 was identified in the Unity Runtime.
Show sources
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56
- Steam and Microsoft warn of Unity flaw exposing gamers to attacks — www.bleepingcomputer.com — 06.10.2025 16:56