{"id":50510,"date":"2023-02-10T15:22:56","date_gmt":"2023-02-10T15:22:56","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/34310\/Valve-Waited-15-Months-To-Patch-High-Severity-Flaw.-A-Hacker-Pounced..html"},"modified":"2023-02-10T15:22:56","modified_gmt":"2023-02-10T15:22:56","slug":"valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/","title":{"rendered":"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced."},"content":{"rendered":"<figure class=\"intro-image intro-left\"> <img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2015\/06\/dota-2-official-640x360.jpg\" alt=\"Valve waited 15 months to patch high-severity flaw. A hacker pounced\"><figcaption class=\"caption\"><\/figcaption><\/figure>\n<aside id=\"social-left\" class=\"social-left\" aria-label=\"Read the comments or share this article\"> <a title=\"0 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/02\/game-mode-exploits-high-severity-flaw-that-went-unpatched-in-dota-2-for-months\/?comments=1\"> <\/p>\n<h4 class=\"comment-count-before\">reader comments<\/h4>\n<p> <span class=\"comment-count-number\">33<\/span> <span class=\"visually-hidden\"> with 0 posters participating<\/span> <\/a> <\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/p><\/div>\n<\/aside>\n<p> <!-- cache hit 21:single\/related:3f7d5589a5d14722e23169565e2b8249 --><!-- empty --><\/p>\n<p>Researchers have unearthed four game modes that could successfully exploit a critical vulnerability that remained unpatched in the popular <em>Dota 2<\/em> video game for 15 months after a fix had become available.<\/p>\n<p>The vulnerability, tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-38003\">CVE-2021-38003<\/a>, resided in the open source JavaScript engine from Google known as V8, which is incorporated into <em>Dota 2<\/em>. Although Google <a href=\"https:\/\/chromereleases.googleblog.com\/2021\/10\/stable-channel-update-for-desktop_28.html\">patched the vulnerability<\/a> in October 2021, <em>Dota 2<\/em> developer Valve didn\u2019t update its software to use the patched V8 engine until last month after researchers privately alerted the company that the critical vulnerability was being targeted.<\/p>\n<h2>Unclear intentions<\/h2>\n<p>A hacker took advantage of the delay by publishing a custom game mode last March that exploited the vulnerability, researchers from security firm Avast <a href=\"https:\/\/decoded.avast.io\/janvojtesek\/dota-2-under-attack-how-a-v8-bug-was-exploited-in-the-game\/\">said<\/a>. That same month, the same hacker published three additional game modes that very likely also exploited the vulnerability. Besides patching the vulnerability last month, Valve also removed all four modes.<\/p>\n<p>Custom modes are extensions or even completely new games that run on top of <em>Dota 2<\/em>. They allow people with even basic programming experience to implement their ideas for a game and then submit them to Valve. The game maker then puts the submissions through a verification process and, if they\u2019re approved, publishes them.<\/p>\n<p>The first game mode published by Valve appears to be a proof-of-concept project for exploiting the vulnerability. It was titled \u201ctest addon plz ignore\u201d (ID 1556548695) and included a description that urged people not to download or install it. Embedded inside the mode was exploit code for CVE-2021-38003. While some of the exploit was taken from proof-of-concept code published in the Chromium bug tracker, the mode developer wrote much of it from scratch. The mode included lots of commented-out code and a file titled \u201cevil.lua,&#8221; further suggesting the mode was a test.<\/p>\n<aside class=\"ad_wrapper\" aria-label=\"In Content advertisement\"> <span class=\"ad_notice\">Advertisement <\/span> <\/aside>\n<p>Avast researchers went on to find three more custom modes that the same developer had published to Valve. These modes\u2014titled \u201cOverdog no annoying heroes\u201d (id 2776998052), \u201cCustom Hero Brawl\u201d (id 2780728794), and Overthrow RTZ Edition X10 XP (id 2780559339)\u2014took a much more covert approach.<\/p>\n<p>Avast researcher Jan Vojt\u011b\u0161ek explained:<\/p>\n<blockquote>\n<p>The malicious code in these new three game modes is much more subtle. There is no file named evil.lua nor any JavaScript exploit directly visible in the source code. Instead, there\u2019s just a simple backdoor consisting of only about twenty lines of code. This backdoor can execute arbitrary JavaScript downloaded via HTTP, giving the attacker not only the ability to hide the exploit code, but also the ability to update it at their discretion without having to update the entire custom game mode (and going through the risky game mode verification process).<\/p>\n<\/blockquote>\n<p>The server these three modes contacted was no longer working when Avast researchers discovered the modes. But given they were published by the same developer 10 days after the first mode, Avast says there\u2019s a high likelihood that downloaded code also exploited CVE-2021-38003.<\/p>\n<p>In an email, Vojt\u011b\u0161ek described the operation flow of the backdoor this way:<\/p>\n<blockquote>\n<ol>\n<li dir=\"ltr\">\n<p dir=\"ltr\"><i>The victim enters a game, playing one of the malicious game modes.<\/i><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\"><i>The game loads as expected, but in the background, a malicious JavaScript contacts the game mode\u2019s server.<\/i><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\"><i>The game mode\u2019s server code reaches out to the backdoor\u2019s C&amp;C server, downloads a piece of JavaScript code (presumably, the exploit for CVE-2021-38003), and returns the downloaded code back to the victim.<\/i><\/p>\n<\/li>\n<li dir=\"ltr\">\n<p dir=\"ltr\"><i>The victim dynamically executes the downloaded JavaScript. If this was the exploit for CVE-2021-38003, this would result in shellcode execution on the victim machine.<\/i><\/p>\n<\/li>\n<\/ol>\n<\/blockquote>\n<p>Valve representatives didn&#8217;t respond to an email seeking comment for this story.<\/p>\n<p>The researchers looked for additional <em>Dota 2<\/em> game modes that exploited the vulnerability, but their trail went cold. Ultimately, that means it\u2019s not possible to determine precisely what the developer\u2019s intentions for the modes were, but the Avast post said there were two reasons to suspect they weren\u2019t purely for benign research.<\/p>\n<p>\u201cFirst, the attacker did not report the vulnerability to Valve (which would generally be considered a nice thing to do),\u201d Vojt\u011b\u0161ek wrote. \u201cSecond, the attacker tried to hide the exploit in a stealthy backdoor. Regardless, it\u2019s also possible that the attacker didn\u2019t have purely malicious intentions either, since such an attacker could arguably abuse this vulnerability with a much larger impact.\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/34310\/Valve-Waited-15-Months-To-Patch-High-Severity-Flaw.-A-Hacker-Pounced..html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":50511,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[60],"tags":[3967],"class_list":["post-50510","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-packet-storm","tag-headlinehackerflawpatch"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced. 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced. 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-02-10T15:22:56+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2015\/06\/dota-2-official-640x360.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced.\",\"datePublished\":\"2023-02-10T15:22:56+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/\"},\"wordCount\":741,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg\",\"keywords\":[\"headline,hacker,flaw,patch\"],\"articleSection\":[\"Packet Storm\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/\",\"name\":\"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced. 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg\",\"datePublished\":\"2023-02-10T15:22:56+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2023\\\/02\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg\",\"width\":640,\"height\":360},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,patch\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackerflawpatch\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced.\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced. 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/","og_locale":"en_US","og_type":"article","og_title":"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced. 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-02-10T15:22:56+00:00","og_image":[{"url":"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2015\/06\/dota-2-official-640x360.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced.","datePublished":"2023-02-10T15:22:56+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/"},"wordCount":741,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg","keywords":["headline,hacker,flaw,patch"],"articleSection":["Packet Storm"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/","url":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/","name":"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced. 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg","datePublished":"2023-02-10T15:22:56+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2023\/02\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced.jpg","width":640,"height":360},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/valve-waited-15-months-to-patch-high-severity-flaw-a-hacker-pounced\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,patch","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawpatch\/"},{"@type":"ListItem","position":3,"name":"Valve Waited 15 Months To Patch High Severity Flaw. A Hacker Pounced."}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50510","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=50510"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/50510\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/50511"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=50510"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=50510"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=50510"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}