Australia's Federal Court ruled Tuesday that Apple and Google violated competition law through anti-competitive app store practices. Judge Jonathan Beach found both companies breached section 46 of the Competition and Consumer Act by misusing market power to reduce competition.

The decision covers class actions representing 15 million consumers and 150,000 developers seeking compensation for inflated prices from 2017-2022, plus separate Epic Games cases. Apple's exclusive iOS App Store and mandatory payment system, along with Google's Play Store billing requirements, were ruled anti-competitive despite security justifications. Compensation amounts will be determined at subsequent hearings, with estimates reaching hundreds of millions of dollars.

Just days after demanding Intel CEO Lip-Bu Tan resign over his past ties to China, President Trump reversed course, calling Tan a "success" following a White House meeting. "I met with Mr. Lip-Bu Tan, of Intel, along with Secretary of Commerce, Howard Lutnick, and Secretary of the Treasury, Scott Bessent," Trump wrote in a post on Truth Social. "The meeting was a very interesting one. His success and rise is an amazing story. Mr. Tan and my Cabinet members are going to spend time together, and bring suggestions to me during the next week. Thank you for your attention to this matter!" CNBC reports: Tan has been an Intel director since 2022, and in March he replaced Pat Gelsinger as CEO. Last week Sen. Tom Cotton, R-Ark., questioned Tan's ties to China. Cotton brought up a past criminal case involving Cadence Design, where Tan had been CEO, and asked whether Intel required Tan to divest from positions in chipmakers linked to the Chinese Communist Party, the People's Liberation Army and any other concerning entities in China.

Trump's latest message marks a stark change in tone from last week. In a Truth Social post on Thursday, the president wrote that Tan "is highly CONFLICTED and must resign, immediately. There is no other solution to this problem." Intel said in a comment later that day that the company, directors and Tan are "deeply committed to advancing U.S. national and economic security interests."

In an unusual arrangement to secure export licenses, Nvidia and AMD have agreed to give the U.S. government 15% of revenue from certain chip sales to China. The Associated Press reports: The Trump administration halted the sale of advanced computer chips to China in April over national security concerns, but Nvidia and AMD revealed in July that Washington would allow them to resume sales of the H20 and MI308 chips, which are used in artificial intelligence development. President Trump confirmed the terms of the unusual arrangement in a Monday press conference while noting that he originally wanted 20% of the sales revenue when Nvidia asked to sell the "obsolete" H20 chip to China. The president credited Nvidia CEO Jensen Huang for negotiating him down to 15%. "So we negotiated a little deal. So he's selling a essentially old chip," Trump said.

Nvidia did not comment about the specific details of the agreement or its quid pro quo nature, but said they would adhere to the export rules laid out by the administration. "We follow rules the U.S. government sets for our participation in worldwide markets. While we haven't shipped H20 to China for months, we hope export control rules will let America compete in China and worldwide," Nvidia wrote in a statement to the AP. "America cannot repeat 5G and lose telecommunication leadership. America's AI tech stack can be the world's standard if we race."

Former NSA and Cyber Command chief Paul Nakasone told the Defcon security conference this month that technology companies will find it "very, very difficult" to remain neutral through 2025 and 2026.

Speaking with Defcon founder Jeff Moss in Las Vegas, Nakasone, now an OpenAI board member, addressed the intersection of technology and politics following the Trump administration's removal of cybersecurity officials deemed disloyal and revocation of security clearances for former CISA directors Chris Krebs and Jen Easterly. Nakasone also called ransomware "among the great scourges that we have in our country," stating the U.S. is "not making progress against ransomware."

Since 2023 the Python Software Foundation has had a Security Developer-in-Residence (sponsored by the Open Source Security Foundation's vulnerability-finding "Alpha-Omega" project). And he's just published a new 11-page white paper about open source's "phantom dependencies" problem — suggesting a way to solve it.

"Phantom" dependencies aren't tracked with packaging metadata, manifests, or lock files, which makes them "not discoverable" by tools like vulnerability scanners or compliance and policy tools. So Python security developer-in-residence Seth Larson authored a recently-accepted Python Enhancement Proposal offering an easy way for packages to provide metadata through Software Bill-of-Materials (SBOMs). From the whitepaper: Python Enhancement Proposal 770 is backwards compatible and can be enabled by default by tools, meaning most projects won't need to manually opt in to begin generating valid PEP 770 SBOM metadata. Python is not the only software package ecosystem affected by the "Phantom Dependency" problem. The approach using SBOMs for metadata can be remixed and adopted by other packaging ecosystems looking to record ecosystem-agnostic software metadata...

Within Endor Labs' [2023 dependencies] report, Python is named as one of the most affected packaging ecosystems by the "Phantom Dependency" problem. There are multiple reasons that Python is particularly affected:

- There are many methods for interfacing Python with non-Python software, such as through the C-API or FFI. Python can "wrap" and expose an easy-to-use Python API for software written in other languages like C, C++, Rust, Fortran, Web Assembly, and more.

- Python is the premier language for scientific computing and artificial intelligence, meaning many high-performance libraries written in system languages need to be accessed from Python code.

- Finally, Python packages have a distribution type called a "wheel", which is essentially a zip file that is "installed" by being unzipped into a directory, meaning there is no compilation step allowed during installation. This is great for being able to inspect a package before installation, but it means that all compiled languages need to be pre-compiled into binaries before installation...


When designing a new package metadata standard, one of the top concerns is reducing the amount of effort required from the mostly volunteer maintainers of packaging tools and the thousands of projects being published to the Python Package Index... By defining PEP 770 SBOM metadata as using a directory of files, rather than a new metadata field, we were able to side-step all the implementation pain...

We'll be working to submit issues on popular open source SBOM and vulnerability scanning tools, and gradually, Phantom Dependencies will become less of an issue for the Python package ecosystem.
The white paper "details the approach, challenges, and insights into the creation and acceptance of PEP 770 and adopting Software Bill-of-Materials (SBOMs) to improve the measurability of Python packages," explains an announcement from the Python Software Foundation. And the white paper ends with a helpful note.

"Having spoken to other open source packaging ecosystem maintainers, we have come to learn that other ecosystems have similar issues with Phantom Dependencies. We welcome other packaging ecosystems to adopt Python's approach with PEP 770 and are willing to provide guidance on the implementation."

"What happens when cybercriminals stop thinking small and start thinking like a Fortune 500 company?" asks a blog post from Koi Security. "You get GreedyBear, the attack group that just redefined industrial-scale crypto theft."

"150 weaponized Firefox extensions [impersonating popular cryptocurrency wallets like MetaMask and TronLink]. Nearly 500 malicious executables. Dozens of phishing websites. One coordinated attack infrastructure. According to user reports, over $1 million stolen." They upload 5-7 innocuous-looking extensions like link sanitizers, YouTube downloaders, and other common utilities with no actual functionality... They post dozens of fake positive reviews for these generic extensions to build credibility. After establishing trust, they "hollow out" the extensions — changing names, icons, and injecting malicious code while keeping the positive review history. This approach allows GreedyBear to bypass marketplace security by appearing legitimate during the initial review process, then weaponizing established extensions that already have user trust and positive ratings. The weaponized extensions captures wallet credentials directly from user input fields within the extension's own popup interface, and exfiltrate them to a remote server controlled by the group...

Alongside malware and extensions, the threat group has also launched a network of scam websites posing as crypto-related products and services. These aren't typical phishing pages mimicking login portals — instead, they appear as slick, fake product landing pages advertising digital wallets, hardware devices, or wallet repair services... While these sites vary in design, their purpose appears to be the same: to deceive users into entering personal information, wallet credentials, or payment details — possibly resulting in credential theft, credit card fraud, or both. Some of these domains are active and fully functional, while others may be staged for future activation or targeted scams...

A striking aspect of the campaign is its infrastructure consolidation: Almost all domains — across extensions, EXE payloads, and phishing sites — resolve to a single IP address: 185.208.156.66 — this server acts as a central hub for command-and-control, credential collection, ransomware coordination, and scam websites, allowing the attackers to streamline operations across multiple channels... Our analysis of the campaign's code shows clear signs of AI-generated artifacts. This makes it faster and easier than ever for attackers to scale operations, diversify payloads, and evade detection.

This isn't a passing trend — it's the new normal.
The researchers believe the group "is likely testing or preparing parallel operations in other marketplaces."

Thursday saw the release of Rust 1.89.0 But this week the Rust Foundation also released its second comprehensive annual technology report.

A Rust Foundation announcement shares some highlights: - Trusted Publishing [GitHub Actions authentication using cryptographically signed tokens] fully launched on crates.io, enhancing supply chain security and streamlining workflows for maintainers.

- Major progress on crate signing infrastructure using The Update Framework (TUF), including three full repository implementations and stakeholder consensus.

- Integration of the Ferrocene Language Specification (FLS) into the Rust Project, marking a critical step toward a formal Rust language specification [and "laying the groundwork for broader safety certification and formal tooling."]

- 75% reduction in CI infrastructure costs while maintaining contributor workflow stability. ["All Rust repositories are now managed through Infrastructure-as-Code, improving maintainability and security."]

- Expansion of the Safety-Critical Rust Consortium, with multiple international meetings and advances on coding guidelines aligned with safety standards like MISRA. ["The consortium is developing practical coding guidelines, aligned tooling, and reference materials to support regulated industries — including automotive, aerospace, and medical devices — adopting Rust."]

- Direct engagement with ISO C++ standards bodies and collaborative Rust-C++ exploration... The Foundation finalized its strategic roadmap, participated in ISO WG21 meetings, and initiated cross-language tooling and documentation planning. These efforts aim to unlock Rust adoption across legacy C++ environments without sacrificing safety.
The Rust Foundation also acknowledges continued funding from OpenSSF's Alpha-Omega Project and "generous infrastructure donations from organizations like AWS, GitHub, and Mullvad VPN" to the Foundation's Security Initiative, which enabled advances like including GitHub Secret Scanning and automated incident response to "Trusted Publishing" and the integration of vulnerability-surfacing capabilities into crates.io.

There was another announcement this week. In November AWS and the Rust Foundation crowdsourced "an effort to verify the Rust standard library" — and it's now resulted in a new formal verification tool called "Efficient SMT-based Context-Bounded Model Checker" (or ESBMCESBMC) This winning contribution adds ESBMC — a state-of-the-art bounded model checker — to the suite of tools used to analyze and verify Rust's standard library. By integrating through Goto-Transcoder, they enabled ESBMC to operate seamlessly in the Rust verification workflow, significantly expanding the scope and flexibility of verification efforts...

This achievement builds on years of ongoing collaboration across the Rust and formal verification communities... The collaboration has since expanded. In addition to verifying the Rust standard library, the team is exploring the use of formal methods to validate automated C-to-Rust translations, with support from AWS. This direction, highlighted by AWS Senior Principal Scientist Baris Coskun and celebrated by the ESBMC team in a recent LinkedIn post, represents an exciting new frontier for Rust safety and verification tooling.

xA California man sued Microsoft Thursday over its plan to stop supporting Windows 10 on October 14th, reports Courthouse News Though Windows 11 was launched nearly four years ago, many of its billion or so worldwide users are clinging to the decade-old Windows 10... According to StatCounter, nearly 43% of Windows users still use the old version on their desktop computers....

"With only three months until support ends for Windows 10, it is likely that many millions of users will not buy new devices or pay for extended support," Klein writes in his complaint. "These users — some of whom are businesses storing sensitive consumer data — will be at a heightened risk of a cyberattack or other data security incident, a reality of which Microsoft is well aware...." According to one market analyst writing in 2023, Microsoft's shift away from Windows 10 will lead millions of customers to buy new devices and thrown out their old ones, consigning as many as 240 million PCs to the landfill....

Klein is asking a judge to order Microsoft to continue supporting Windows 10 without additional charge, until the number of devices running the older operating system falls bellow 10% of total Windows users. He says nothing about any money he seeking for himself, though it does ask for attorneys' fees.

Microsoft did not respond to an email requesting a comment.
The complaint also requests an order requiring Microsoft's advertising "to disclose clearly and prominently the approximate end-of-support date for the Windows operating system purchased with the device at the time of purchase" or at least "disclose that support is only guaranteed for a certain delineated period of time without additional cost, and to disclose the potential consequences of such end-of-support for device security and functionality."

Last month Microsoft pledged $4 billion (in cash and AI/cloud technology) to "advance" AI education in K-12 schools, community and technical colleges, and nonprofits (according to a blog post by Microsoft President Brad Smith). But in the launch event video, Smith also says it's time to "switch hats" from coding to AI, adding that "the last 12 years have been about the Hour of Code, but the future involves the Hour of AI."

Long-time Slashdot reader theodp writes: This sets the stage for Code.org CEO Hadi Partovi's announcement that his tech-backed nonprofit's [annual educational event] Hour of Code is being renamed to the Hour of AI... Explaining the pivot, Partovi says: "Computer science for the last 50 years has had a focal point around coding that's been — sort of like you learn computer science so that you create code. There's other things you learn, like data science and algorithms and cybersecurity, but the focal point has been coding.

"And we're now in a world where the focal point of computer science is shifting to AI... We all know that AI can write much of the code. You don't need to worry about where did the semicolons go, or did I close the parentheses or whatnot. The busy work of computer science is going to be done by the computer itself.

"The creativity, the thinking, the systems design, the engineering, the algorithm planning, the security concerns, privacy concerns, ethical concerns — those parts of computer science are going to be what remains with a focal point around AI. And what's going to be important is to make sure in education we give students the tools so they don't just become passive users of AI, but so that they learn how AI works."

Speaking to Microsoft's Smith, Partovi vows to redouble the nonprofit's policy work to "make this [AI literacy] a high school graduation requirement so that no student graduates school without at least a basic understanding of what's going to be part of the new liberal arts background [...] As you showed with your hat, we are renaming the Hour of Code to an Hour of AI."

"Heather Adkins, Google's vice president of security, announced Monday that its LLM-based vulnerability researcher Big Sleep found and reported 20 flaws in various popular open source software," reports TechCrunch: Adkins said that Big Sleep, which is developed by the company's AI department DeepMind as well as its elite team of hackers Project Zero, reported its first-ever vulnerabilities, mostly in open source software such as audio and video library FFmpeg and image-editing suite ImageMagick. [There's also a "medium impact" issue in Redis]

Given that the vulnerabilities are not fixed yet, we don't have details of their impact or severity, as Google does not yet want to provide details, which is a standard policy when waiting for bugs to be fixed. But the simple fact that Big Sleep found these vulnerabilities is significant, as it shows these tools are starting to get real results, even if there was a human involved in this case.

"To ensure high quality and actionable reports, we have a human expert in the loop before reporting, but each vulnerability was found and reproduced by the AI agent without human intervention," Google's spokesperson Kimberly Samra told TechCrunch.
Google's vice president of engineering posted on social media that this demonstrates "a new frontier in automated vulnerability discovery."

hackingbear shares a report from CNN: Taiwanese authorities have detained three current and former employees of the world's largest chip manufacturer, Taiwan Semiconductor Manufacturing Company (TSMC), for allegedly stealing trade secrets [and taking them to Japanese company Tokyo Electrons], prosecutors said Tuesday. Law enforcement officers questioned several suspects and witnesses late last month. They searched their homes and detained three of them over "serious suspicions of violating national security laws," the intellectual property branch of the Taiwan High Prosecutors Office said on Tuesday. After an internal investigation, the major Taiwanese exporter raised suspicions with authorities that its "core technologies" may have been illegally accessed by former and current staffers.

Nikkei Asia first reported on Tuesday that TSMC had fired staffers suspected of illegally obtaining business secrets related to the manufacturing technology for the company's 2-nanometer chip, the most advanced processor in the semiconductor industry that is expected to go into mass production this year. Taiwanese local media reported that a former TSMC employee now works at top chip manufacturing equipment supplier Tokyo Electron Ltd., and that the Japanese firm's Taiwan office was raided by investigators. On Thursday, Tokyo Electron confirmed it had dismissed an employee of its Taiwan subsidiary who was involved in the case, and said the company was cooperating with authorities. "As of now, based upon the findings of our internal investigation we have not confirmed any evidence of the respective confidential information shared to any third parties," it said in a statement.

An anonymous reader quotes a report from SecurityWeek: Two different firms have tested the newly released GPT-5, and both find its security sadly lacking. After Grok-4 fell to a jailbreak in two days, GPT-5 fell in 24 hours to the same researchers. Separately, but almost simultaneously, red teamers from SPLX (formerly known as SplxAI) declare, "GPT-5's raw model is nearly unusable for enterprise out of the box. Even OpenAI's internal prompt layer leaves significant gaps, especially in Business Alignment."

NeuralTrust's jailbreak employed a combination of its own EchoChamber jailbreak and basic storytelling. "The attack successfully guided the new model to produce a step-by-step manual for creating a Molotov cocktail," claims the firm. The success in doing so highlights the difficulty all AI models have in providing guardrails against context manipulation. [...] "In controlled trials against gpt-5-chat," concludes NeuralTrust, "we successfully jailbroke the LLM, guiding it to produce illicit instructions without ever issuing a single overtly malicious prompt. This proof-of-concept exposes a critical flaw in safety systems that screen prompts in isolation, revealing how multi-turn attacks can slip past single-prompt filters and intent detectors by leveraging the full conversational context."

While NeuralTrust was developing its jailbreak designed to obtain instructions, and succeeding, on how to create a Molotov cocktail (a common test to prove a jailbreak), SPLX was aiming its own red teamers at GPT-5. The results are just as concerning, suggesting the raw model is 'nearly unusable'. SPLX notes that obfuscation attacks still work. "One of the most effective techniques we used was a StringJoin Obfuscation Attack, inserting hyphens between every character and wrapping the prompt in a fake encryption challenge." [...] The red teamers went on to benchmark GPT-5 against GPT-4o. Perhaps unsurprisingly, it concludes: "GPT-4o remains the most robust model under SPLX's red teaming, especially when hardened." The key takeaway from both NeuralTrust and SPLX is to approach the current and raw GPT-5 with extreme caution.

South Korea postponed a decision for the second time this year on Friday regarding Google's request to export detailed mapping data to overseas servers, which would enable full Google Maps functionality in the country. The inter-agency committee extended the deadline from August to October to allow further review of security concerns and consultations with industry stakeholders.

South Korea remains one of only a handful of countries alongside China and North Korea where Google Maps fails to function properly, unable to provide directions despite displaying landmarks and businesses. Tourism complaints increased 71% last year, with Google Maps accounting for 30% of all app-related grievances, while local industry groups representing 2,600 companies report 90% opposition to Google's request due to fears of market domination by the US tech company.

An anonymous reader shares a report: The Federal Communications Commission is planning a review of the US emergency alert systems. Both the Emergency Alert System (EAS) and the Wireless Emergency Alerts (WAS) will be subject to a "re-examination" by the agency. "We want to ensure that these programs deliver the results that Americans want and need," FCC Chairman Brendan Carr posted on X.

The announcement of this plan notes that the infrastructure underlying the EAS -- which includes radio, television, satellite and cable systems -- is 31 years old, while the framework underpinning the WAS mobile device alerts is 13 years old. The FCC review will also assess what entities should be able to send alerts on those systems, as well as topics such as geographic targeting and security.

Intel's chief executive Lip-Bu Tan has hit out at "misinformation" over his career after U.S. President Donald Trump alleged the semiconductor industry veteran was "highly conflicted" and should resign. From a report: In a letter to Intel staff published late on Thursday, Tan said that Intel was "engaging" with the Trump administration "to address the matters that have been raised and ensure they have the facts."

"There has been a lot of misinformation circulating about my past roles...I want to be absolutely clear: Over 40+ years in the industry, I've built relationships around the world and across our diverse ecosystem -- and I have always operated within the highest legal and ethical standards," Tan wrote.

Tan's move to reassure staff at Intel, the only US-headquartered company capable of manufacturing advanced chips, came hours after Trump had demanded his resignation in a post on Truth Social. Trump did not detail Tan's alleged conflicts of interest but the U.S. president's broadside followed a letter from Tom Cotton, the Republican head of the Senate intelligence committee, to Intel's chair expressing "concern about the security and integrity of Intel's operations" and Tan's ties to China.

An anonymous reader quotes a report from Wired: Two years ago, researchers in the Netherlands discovered an intentional backdoor in an encryption algorithm baked into radios used by critical infrastructure -- as well as police, intelligence agencies, and military forces around the world -- that made any communication secured with the algorithm vulnerable to eavesdropping. When the researchers publicly disclosed the issue in 2023, the European Telecommunications Standards Institute (ETSI), which developed the algorithm, advised anyone using it for sensitive communication to deploy an end-to-end encryption solution on top of the flawed algorithm to bolster the security of their communications. But now the same researchers have found that at least one implementation of the end-to-end encryption solution endorsed by ETSI has a similar issue that makes it equally vulnerable to eavesdropping. The encryption algorithm used for the device they examined starts with a 128-bit key, but this gets compressed to 56 bits before it encrypts traffic, making it easier to crack. It's not clear who is using this implementation of the end-to-end encryption algorithm, nor if anyone using devices with the end-to-end encryption is aware of the security vulnerability in them. Wired notes that the end-to-end encryption the researchers examined is most commonly used by law enforcement and national security teams. "But ETSI's endorsement of the algorithm two years ago to mitigate flaws found in its lower-level encryption algorithm suggests it may be used more widely now than at the time."

Microsoft's $30 Extended Security Updates license for Windows 10 will cover up to 10 devices under a single Microsoft Account, the company confirmed in updated support documentation. The ESU program, which provides security updates through October 13, 2026, requires a Microsoft Account for all three enrollment options: the $30 one-time purchase, redemption of 1,000 Microsoft Reward points, or free enrollment for users who sync their PC settings to OneDrive. Windows 10's support ends October 14, 2025.

President Trump on Thursday called on Intel's CEO to resign because of his past ties to China, the latest challenge for the troubled chip maker. From a report: "The CEO of INTEL is highly CONFLICTED and must resign, immediately. There is no other solution to this problem," Trump wrote in a post on Truth Social Thursday. The president appeared to be referencing Intel CEO Lip-Bu Tan's past business dealings in China, which Sen. Tom Cotton (R., Ark.) called out in a letter to the company's board earlier this week.

On Tuesday, Cotton wrote an open letter to Intel's board questioning Tan's ties to the Chinese government, including apparent connections to the country's military and investments in other semiconductor companies. "The new CEO of @intel reportedly has deep ties to the Chinese Communists," Cotton wrote in a post on X accompanying the letter. "U.S. companies who receive government grants should be responsible stewards of taxpayer dollars and adhere to strict security regulations. The board of @Intel owes Congress an explanation."

An anonymous reader quotes a report from TechCrunch: Ron Deibert, the director of Citizen Lab, one of the most prominent organizations investigating government spyware abuses, is sounding the alarm to the cybersecurity community and asking them to step up and join the fight against authoritarianism. On Wednesday, Deibert will deliver a keynote at the Black Hat cybersecurity conference in Las Vegas, one of the largest gatherings of information security professionals of the year. Ahead of his talk, Deibert told TechCrunch that he plans to speak about what he describes as a "descent into a kind of fusion of tech and fascism," and the role that the Big Tech platforms are playing, and "propelling forward a really frightening type of collective insecurity that isn't typically addressed by this crowd, this community, as a cybersecurity problem."

Deibert described the recent political events in the United States as a "dramatic descent into authoritarianism," but one that the cybersecurity community can help defend against. "I think alarm bells need to be rung for this community that, at the very least, they should be aware of what's going on and hopefully they can not contribute to it, if not help reverse it," Deibert told TechCrunch. [...] "I think that there comes a point at which you have to recognize that the landscape is changing around you, and the security problems you set out for yourselves are maybe trivial in light of the broader context and the insecurities that are being propelled forward in the absence of proper checks and balances and oversight, which are deteriorating," said Deibert.

Deibert is also concerned that big companies like Meta, Google, and Apple could take a step back in their efforts to fight against government spyware -- sometimes referred to as "commercial" or "mercenary" spyware -- by gutting their threat intelligence teams. [...] Deibert believes there is a "huge market failure when it comes to cybersecurity for global civil society," a part of the population that generally cannot afford to get help from big security companies that typically serve governments and corporate clients. "This market failure is going to get more acute as supporting institutions evaporate and attacks on civil society amplify," he said. "Whatever they can do to contribute to offset this market failure (e.g., pro bono work) will be essential to the future of liberal democracy worldwide," he said. Deibert is concerned that these threat intelligence teams could be cut or at least reduced, given that the same companies have cut their moderation and safety teams. He told TechCrunch that threat intelligence teams, like the ones at Meta, are doing "amazing work," in part by staying siloed and separate from the commercial arms of their wider organizations. "But the question is how long will that last?" said Deibert.

Activision will require PC players of Call of Duty: Black Ops 7 to enable Trusted Platform Module 2.0 and Windows Secure Boot when the game launches later this year. The company begins testing these anti-cheat measures with Black Ops 6's Season 5 on Thursday without enforcement.

TPM 2.0 verifies untampered boot processes while Secure Boot ensures Windows loads only trusted software at startup. Both features perform checks during system and game startup but remain inactive during gameplay. Activision has also pursued legal action against 22 individuals who developed and sold cheats.