Category: Security & Privacy

In a recent legal development, the founder of Intellexa, a spyware collective, has been sentenced to eight years in prison by a Greek court for illegal wiretapping and privacy violations.

The scandal, known as the ‘Greek Watergate,’ traces back to 2022 when the Greek government allegedly used Intellexa’s spyware to eavesdrop on politicians, journalists, business figures, and military personnel.

Tal Dilian, along with three other Intellexa executives, faced trial for their involvement in the wiretapping scheme. The court’s decision marks a significant moment, as it is reportedly the first time a spyware maker has been imprisoned due to the misuse of their technology.

Notably, in 2024, the U.S. government imposed sanctions on Intellexa, Dilian, and others associated with the company for their role in developing Predator, the spyware used to target Americans, including government officials and journalists.

As the legal proceedings continue, the court has instructed authorities to conduct further investigations, while the defendants have the option to appeal the verdict.

Source: TechCrunch

A former cybersecurity executive, Peter Williams, has been sentenced to 87 months in prison for selling sensitive hacking and surveillance tools to a Russian firm. Williams, who previously worked at the U.S. defense contractor L3Harris, pleaded guilty to leaking his company’s trade secrets in exchange for $1.3 million in cryptocurrency between 2022 and 2025. This case highlights the risks associated with insider threats and the importance of robust security measures within tech companies.

Williams, the former general manager of Trenchant, a division of L3Harris specializing in developing hacking tools, misused his access to the company’s secure networks to download these tools and sell them. The tools, known as zero-day exploits, are highly valuable in the cybersecurity market due to their ability to exploit unknown software vulnerabilities, potentially compromising millions of computers.

This incident underscores the critical need for stringent security protocols to prevent unauthorized access and data exfiltration within tech organizations. It also highlights the ongoing challenges in safeguarding intellectual property and proprietary technology from malicious actors seeking to exploit vulnerabilities for personal gain.

Source: TechCrunch

In a recent cybersecurity incident, the popular online automotive marketplace CarGurus fell victim to a data breach, impacting approximately 12.5 million user accounts. The breach, which compromised sensitive user information including names, email addresses, phone numbers, and physical addresses, was attributed to the actions of the ShinyHunters hacking group.

CarGurus, established in 2006, offers a platform for individuals to engage in buying, selling, and financing vehicles online. The breach underscores the importance of robust cybersecurity measures in safeguarding user data on digital marketplaces.

According to Have I Been Pwned, a renowned data notification service operated by security researcher Troy Hunt, the extent of the breach highlights the potential risks associated with cyber threats in the automotive e-commerce sector.

The ShinyHunters group, notorious for their social engineering tactics, has a history of targeting organizations through deceptive means, as seen in their previous data breaches affecting prominent entities such as Salesforce, Google, and Workday. The breach serves as a stark reminder of the ongoing cybersecurity challenges faced by online platforms in protecting user privacy.

CarGurus, along with other affected parties, is expected to address the breach and enhance security protocols to mitigate future risks. The incident sheds light on the critical need for continuous vigilance and proactive measures to combat evolving cyber threats in the digital automotive marketplace.

Source: TechCrunch

Peter Williams, the former general manager of U.S. hacking tools maker L3Harris Trenchant, has been sentenced to seven years in prison for selling the company’s hacking and surveillance tools to a Russian firm. This incident raises concerns about the security implications of advanced hacking tools falling into the wrong hands.

Williams admitted to selling seven trade secrets to a Russian broker. The U.S. Department of Justice highlighted the potential global impact of these tools, capable of compromising millions of computers and devices worldwide.

This case underscores the critical need for robust cybersecurity measures and stricter controls over the distribution of sensitive hacking technologies. The incident also highlights the challenges in preventing insider threats within tech companies dealing with cutting-edge security tools.

As technology continues to advance, ensuring the responsible use and safeguarding of such powerful hacking capabilities is paramount to maintaining digital security on a global scale.

Source: TechCrunch

The U.S. Treasury has taken action against a Russian firm known for acquiring undisclosed software vulnerabilities and reselling them for potentially malicious purposes. The sanctions target Operation Zero, a company accused of obtaining cyber exploits stolen from a U.S. defense contractor.

Operation Zero’s activities, including offering substantial sums for exploits targeting popular platforms like Android, iPhones, and Telegram, underscore the growing sophistication of cyber threats faced by governments and organizations worldwide. These zero-day exploits, while lucrative commodities in the cyber underworld, present significant risks to U.S. national security, foreign policy, and economy.

By disrupting these activities, authorities aim to mitigate the potential impact of cyberattacks fueled by stolen exploits and unauthorized access to sensitive software vulnerabilities. The Treasury’s move sheds light on the intricate web of cyber espionage, where actors like Operation Zero operate at the intersection of technology, security, and geopolitics.

Source: TechCrunch

In a recent cybersecurity incident, Chinese hackers reportedly infiltrated the network of an Ivanti subsidiary through vulnerabilities in its VPN software, potentially compromising the data of multiple organizations. The breach, which dates back to February 2021, involved exploiting a backdoor in Pulse Secure’s VPN product, as detailed by Bloomberg. This backdoor granted unauthorized access to 119 other entities utilizing the same VPN solution.

According to sources, Mandiant, a prominent cybersecurity firm, was aware of the breaches and alerted Ivanti about the exploitation of the software bug, affecting various European and U.S. military contractors. The incident underscores the critical importance of robust cybersecurity measures, especially in a landscape where malicious actors continuously target vulnerabilities in popular software.

Furthermore, the report highlighted the impact of organizational changes following private equity acquisitions on cybersecurity practices. Ivanti’s acquisition by Clearlake Capital Group in 2017 led to cost-cutting measures, including layoffs that may have impacted the security posture of its technologies. Similar challenges were observed in the cybersecurity realm with Citrix, following acquisitions by investment firms Elliott Management and Vista Equity Partners.

As cybersecurity threats continue to evolve, organizations must prioritize proactive security measures, regular software updates, and comprehensive risk assessments to safeguard against potential breaches.

Source: TechCrunch

Amid rising public concern over the use of Flock surveillance cameras and their potential ties to U.S. immigration authorities, Americans are taking direct action against the technology, reports Brian Merchant for TechCrunch. Flock, a $7.5 billion Atlanta-based startup, manufactures license plate readers that have come under scrutiny for their perceived connections to U.S. Immigration and Customs Enforcement (ICE).

The surveillance cameras, which are spread across the country, capture license plate data that can be accessed by federal authorities. While Flock denies direct data sharing with ICE, reports suggest that local police have shared access to Flock’s cameras and databases with federal agencies.

Instances of vandalism against Flock cameras have been reported in various states, including California, Connecticut, Illinois, and Virginia. In La Mesa, California, cameras were destroyed despite city council approval for their continued use, reflecting residents’ privacy concerns and opposition to the technology.

DeFlock, a project mapping license plate readers, estimates nearly 80,000 such cameras in the U.S. The public pushback highlights a growing resistance to surveillance technologies with perceived links to controversial government practices.

Source: TechCrunch

Wikipedia editors have taken action by removing all links to Archive.today, a popular web archiving service that has been heavily referenced on the online encyclopedia. The move comes after concerns were raised about Archive.today’s alleged involvement in a distributed denial of service (DDoS) attack and allegations of content alteration.

Archive.today, known for providing access to paywalled content and serving as a resource for Wikipedia citations, has faced scrutiny due to its association with potentially malicious activities. The decision to blacklist Archive.today was reportedly supported by evidence that the service may have compromised users’ computers to launch DDoS attacks and tampered with archived content, raising reliability concerns.

Notably, the recent DDoS attack targeted blogger Jani Patokallio, who reported unauthorized scripts running on the archive’s CAPTCHA page, leading to increased traffic on his blog. Patokallio’s prior investigation into Archive.today highlighted the mystery surrounding its ownership, suggesting a single individual with technical prowess and ties to Russia.

This development underscores the critical role of web archiving services in preserving online content ethically and securely. As internet users increasingly rely on archived resources for research and verification, ensuring the integrity of such platforms is paramount for maintaining trust and accuracy in digital information dissemination.

Source: TechCrunch

A Ukrainian man has been sentenced to five years in prison for orchestrating an identity theft operation that helped North Korean workers secure illicit employment at numerous U.S. companies. Oleksandr Didenko, 29, from Kyiv, set up a scheme where North Koreans used stolen identities of U.S. citizens to get hired, with their earnings funneled back to North Korea to fund its nuclear weapons program.

Didenko operated a website named Upworksell, where overseas workers, including North Koreans, could purchase or rent stolen identities to secure jobs at American firms. The Justice Department revealed that Didenko managed over 870 stolen identities through this platform. The FBI intervened in 2024, taking down Upworksell and leading to Didenko’s arrest and subsequent extradition to the U.S., where he pleaded guilty.

In addition to the identity theft scheme, Didenko paid individuals to host computers at their homes in California, Tennessee, and Virginia, creating ‘laptop farms’ where North Koreans could remotely conduct their work as if they were physically present in the United States. This case is part of a series of convictions related to North Korean IT worker scams, which have been identified as posing a significant threat to U.S. and Western businesses.

Source: TechCrunch

Cellebrite, a prominent provider of phone hacking tools, has come under scrutiny for the alleged misuse of its tools in Serbia, Jordan, and Kenya. Last year, Cellebrite suspended sales to the Serbian police following accusations of hacking into the phones of a journalist and an activist. However, the company chose not to investigate similar claims that surfaced in Jordan and Kenya, deviating from its previous stance.

According to a report by the Citizen Lab at the University of Toronto, Cellebrite’s tools were used by the Kenyan government to unlock the phone of activist Boniface Mwangi and by the Jordanian government to access the phones of local activists and protesters. This scrutiny was based on the discovery of a specific Cellebrite-linked application on the victims’ phones, indicating potential tool usage.

While Cellebrite has been urged to address these concerns directly, the company’s response remains guarded, with a spokesperson emphasizing the need for evidence-based claims. This scrutiny highlights the challenges faced by tech companies providing tools that can be repurposed for surveillance and raises questions about accountability and oversight in the digital security sector.

Source: TechCrunch

The FBI has issued a warning about a significant rise in ATM ‘jackpotting’ attacks, where hackers manipulate ATMs to dispense cash illicitly, resulting in millions of dollars in stolen currency. This criminal activity, once a demonstration by security researcher Barnaby Jack, has escalated into a profitable venture for cybercriminals.

According to the FBI’s security bulletin, over 700 attacks targeted ATMs in 2025, yielding at least $20 million for hackers. The attacks involve a combination of physical access techniques, like using generic keys to unlock ATM components, and digital methods, such as deploying malware like Ploutus to force dispensers to release cash rapidly.

Ploutus, a malware strain highlighted by the FBI, exploits vulnerabilities in the underlying Windows operating system that powers many ATMs. By compromising an ATM, hackers gain full control, enabling them to manipulate the cash dispensing process without affecting customer accounts directly.

This type of attack, focused on the ATM hardware itself, allows for quick cash-out operations that are challenging to detect until after the money is withdrawn. The FBI’s bulletin underscores the urgency for financial institutions to address security gaps in their ATM systems to prevent further exploitation by cybercriminals.

Source: TechCrunch