Security firm, Checkpoint Software, has found loopholes in the way four media players handle subtitles. Hackers have been hiding malicious code inside files which provide subtitles, which could steal information, deny services or install ransomware. The media players search online for files to provide subtitles, but only check for text, without screening for malicious code. The systems have also often been manipulated to ensure that the hacked files come high up on the recommended lists. The large number of subtitle formats, over 25, does not help. So far players from VLC, Kodi, Popcorn Time and Strem.io have been affected and users are advised to update their software ASAP.