An April 10, 2026 r/pcgaming post pulled a security story into the gaming mainstream for good reason. The CPUID website, familiar to PC players through tools like HWMonitor and CPU-Z, briefly served malware through compromised download links. For a community that routinely uses these utilities to benchmark patches, compare temperatures, or troubleshoot game performance, this was not some distant enterprise-security incident. It was a reminder that trusted utility chains can fail in exactly the places users rarely inspect.

What happened

According to The Register, CPUID says a secondary backend feature, essentially a side API, was compromised for about six hours between April 9 and April 10, 2026. The company says its signed original files were not altered, but the website could randomly show malicious download links during that window. In other words, the build pipeline may have remained intact while the delivery layer in front of it was poisoned.

That distinction matters technically, but not much to an end user who clicked the wrong link. Reports cited by The Register say affected installers included fake files targeting 64-bit HWMonitor users. Analysis shared by vx-underground indicated a fake CRYPTBASE.dll could call out to command-and-control infrastructure, pull down more payloads, and operate largely in memory with PowerShell and .NET components. There were also signs that browser data could be targeted through Chrome-related interfaces.

Why PC gamers should care

Utilities from CPUID sit close to the daily workflow of PC gaming. Players reach for them when a new patch breaks frametimes, when a GPU driver behaves strangely, or when they want hard numbers on clocks, temperatures, and power draw. That makes the trust relationship unusually strong. Many users will install quickly because the tool name is familiar. A six-hour compromise is short, but it is long enough to catch people during a normal update cycle.

CPUID says the issue has been fixed, but as of April 10, 2026 there was still no public accounting of how the backend was accessed or how many malicious downloads were delivered. Anyone who downloaded HWMonitor or CPU-Z from the site during that six-hour window should treat the machine as potentially exposed, rotate important credentials, and re-download only after verifying the current links. For PC gaming, the lesson is blunt: even performance tools deserve the same supply-chain skepticism as launchers and mods.

#cpuid

CPUID Says a Six-Hour Breach Redirected HWMonitor Downloads to Malware