Category: Security & Privacy

Peter Williams, the former general manager of U.S. hacking tools maker L3Harris Trenchant, has been sentenced to seven years in prison for selling the company’s hacking and surveillance tools to a Russian firm. This incident raises concerns about the security implications of advanced hacking tools falling into the wrong hands.

Williams admitted to selling seven trade secrets to a Russian broker. The U.S. Department of Justice highlighted the potential global impact of these tools, capable of compromising millions of computers and devices worldwide.

This case underscores the critical need for robust cybersecurity measures and stricter controls over the distribution of sensitive hacking technologies. The incident also highlights the challenges in preventing insider threats within tech companies dealing with cutting-edge security tools.

As technology continues to advance, ensuring the responsible use and safeguarding of such powerful hacking capabilities is paramount to maintaining digital security on a global scale.

Source: TechCrunch

The U.S. Treasury has taken action against a Russian firm known for acquiring undisclosed software vulnerabilities and reselling them for potentially malicious purposes. The sanctions target Operation Zero, a company accused of obtaining cyber exploits stolen from a U.S. defense contractor.

Operation Zero’s activities, including offering substantial sums for exploits targeting popular platforms like Android, iPhones, and Telegram, underscore the growing sophistication of cyber threats faced by governments and organizations worldwide. These zero-day exploits, while lucrative commodities in the cyber underworld, present significant risks to U.S. national security, foreign policy, and economy.

By disrupting these activities, authorities aim to mitigate the potential impact of cyberattacks fueled by stolen exploits and unauthorized access to sensitive software vulnerabilities. The Treasury’s move sheds light on the intricate web of cyber espionage, where actors like Operation Zero operate at the intersection of technology, security, and geopolitics.

Source: TechCrunch

In a recent cybersecurity incident, Chinese hackers reportedly infiltrated the network of an Ivanti subsidiary through vulnerabilities in its VPN software, potentially compromising the data of multiple organizations. The breach, which dates back to February 2021, involved exploiting a backdoor in Pulse Secure’s VPN product, as detailed by Bloomberg. This backdoor granted unauthorized access to 119 other entities utilizing the same VPN solution.

According to sources, Mandiant, a prominent cybersecurity firm, was aware of the breaches and alerted Ivanti about the exploitation of the software bug, affecting various European and U.S. military contractors. The incident underscores the critical importance of robust cybersecurity measures, especially in a landscape where malicious actors continuously target vulnerabilities in popular software.

Furthermore, the report highlighted the impact of organizational changes following private equity acquisitions on cybersecurity practices. Ivanti’s acquisition by Clearlake Capital Group in 2017 led to cost-cutting measures, including layoffs that may have impacted the security posture of its technologies. Similar challenges were observed in the cybersecurity realm with Citrix, following acquisitions by investment firms Elliott Management and Vista Equity Partners.

As cybersecurity threats continue to evolve, organizations must prioritize proactive security measures, regular software updates, and comprehensive risk assessments to safeguard against potential breaches.

Source: TechCrunch

Amid rising public concern over the use of Flock surveillance cameras and their potential ties to U.S. immigration authorities, Americans are taking direct action against the technology, reports Brian Merchant for TechCrunch. Flock, a $7.5 billion Atlanta-based startup, manufactures license plate readers that have come under scrutiny for their perceived connections to U.S. Immigration and Customs Enforcement (ICE).

The surveillance cameras, which are spread across the country, capture license plate data that can be accessed by federal authorities. While Flock denies direct data sharing with ICE, reports suggest that local police have shared access to Flock’s cameras and databases with federal agencies.

Instances of vandalism against Flock cameras have been reported in various states, including California, Connecticut, Illinois, and Virginia. In La Mesa, California, cameras were destroyed despite city council approval for their continued use, reflecting residents’ privacy concerns and opposition to the technology.

DeFlock, a project mapping license plate readers, estimates nearly 80,000 such cameras in the U.S. The public pushback highlights a growing resistance to surveillance technologies with perceived links to controversial government practices.

Source: TechCrunch

Wikipedia editors have taken action by removing all links to Archive.today, a popular web archiving service that has been heavily referenced on the online encyclopedia. The move comes after concerns were raised about Archive.today’s alleged involvement in a distributed denial of service (DDoS) attack and allegations of content alteration.

Archive.today, known for providing access to paywalled content and serving as a resource for Wikipedia citations, has faced scrutiny due to its association with potentially malicious activities. The decision to blacklist Archive.today was reportedly supported by evidence that the service may have compromised users’ computers to launch DDoS attacks and tampered with archived content, raising reliability concerns.

Notably, the recent DDoS attack targeted blogger Jani Patokallio, who reported unauthorized scripts running on the archive’s CAPTCHA page, leading to increased traffic on his blog. Patokallio’s prior investigation into Archive.today highlighted the mystery surrounding its ownership, suggesting a single individual with technical prowess and ties to Russia.

This development underscores the critical role of web archiving services in preserving online content ethically and securely. As internet users increasingly rely on archived resources for research and verification, ensuring the integrity of such platforms is paramount for maintaining trust and accuracy in digital information dissemination.

Source: TechCrunch

A Ukrainian man has been sentenced to five years in prison for orchestrating an identity theft operation that helped North Korean workers secure illicit employment at numerous U.S. companies. Oleksandr Didenko, 29, from Kyiv, set up a scheme where North Koreans used stolen identities of U.S. citizens to get hired, with their earnings funneled back to North Korea to fund its nuclear weapons program.

Didenko operated a website named Upworksell, where overseas workers, including North Koreans, could purchase or rent stolen identities to secure jobs at American firms. The Justice Department revealed that Didenko managed over 870 stolen identities through this platform. The FBI intervened in 2024, taking down Upworksell and leading to Didenko’s arrest and subsequent extradition to the U.S., where he pleaded guilty.

In addition to the identity theft scheme, Didenko paid individuals to host computers at their homes in California, Tennessee, and Virginia, creating ‘laptop farms’ where North Koreans could remotely conduct their work as if they were physically present in the United States. This case is part of a series of convictions related to North Korean IT worker scams, which have been identified as posing a significant threat to U.S. and Western businesses.

Source: TechCrunch

Cellebrite, a prominent provider of phone hacking tools, has come under scrutiny for the alleged misuse of its tools in Serbia, Jordan, and Kenya. Last year, Cellebrite suspended sales to the Serbian police following accusations of hacking into the phones of a journalist and an activist. However, the company chose not to investigate similar claims that surfaced in Jordan and Kenya, deviating from its previous stance.

According to a report by the Citizen Lab at the University of Toronto, Cellebrite’s tools were used by the Kenyan government to unlock the phone of activist Boniface Mwangi and by the Jordanian government to access the phones of local activists and protesters. This scrutiny was based on the discovery of a specific Cellebrite-linked application on the victims’ phones, indicating potential tool usage.

While Cellebrite has been urged to address these concerns directly, the company’s response remains guarded, with a spokesperson emphasizing the need for evidence-based claims. This scrutiny highlights the challenges faced by tech companies providing tools that can be repurposed for surveillance and raises questions about accountability and oversight in the digital security sector.

Source: TechCrunch

The FBI has issued a warning about a significant rise in ATM ‘jackpotting’ attacks, where hackers manipulate ATMs to dispense cash illicitly, resulting in millions of dollars in stolen currency. This criminal activity, once a demonstration by security researcher Barnaby Jack, has escalated into a profitable venture for cybercriminals.

According to the FBI’s security bulletin, over 700 attacks targeted ATMs in 2025, yielding at least $20 million for hackers. The attacks involve a combination of physical access techniques, like using generic keys to unlock ATM components, and digital methods, such as deploying malware like Ploutus to force dispensers to release cash rapidly.

Ploutus, a malware strain highlighted by the FBI, exploits vulnerabilities in the underlying Windows operating system that powers many ATMs. By compromising an ATM, hackers gain full control, enabling them to manipulate the cash dispensing process without affecting customer accounts directly.

This type of attack, focused on the ATM hardware itself, allows for quick cash-out operations that are challenging to detect until after the money is withdrawn. The FBI’s bulletin underscores the urgency for financial institutions to address security gaps in their ATM systems to prevent further exploitation by cybercriminals.

Source: TechCrunch

Google has reported a significant decrease in the number of malicious apps attempting to infiltrate the Google Play Store, attributing this positive trend to its advanced AI systems and enhanced security measures. According to a recent Android app ecosystem safety report, Google successfully blocked 1.75 million policy-violating apps from being published on Google Play in 2025, marking a decrease from previous years. The company emphasized its ongoing commitment to protecting users from various security risks, including malware, financial fraud, and privacy breaches.

By implementing proactive security protocols, such as developer verification, mandatory pre-review checks, and extensive testing requirements, Google has effectively raised the bar for app quality and security within the Play Store. The company’s AI-powered defense mechanisms play a crucial role in identifying and deterring malicious actors, with over 10,000 safety checks conducted on each app before publication. Furthermore, Google’s integration of AI models has accelerated the detection of complex threats, enabling faster responses to emerging risks.

Looking ahead, Google announced plans to further bolster its AI investments in 2026 to stay ahead of evolving security challenges. By leveraging innovative technologies and stringent review processes, the company aims to maintain a secure and reliable app ecosystem for Android users worldwide.

Source: TechCrunch

A critical security flaw in the Ravenna Hub student admissions website has exposed sensitive personal information of children to unauthorized users. The website, used by families to manage school applications, allowed any logged-in user to access the personal data of other users, including children’s names, dates of birth, addresses, pictures, and school details. Additionally, parents’ email addresses, phone numbers, and information about children’s siblings were compromised.

Florida-based VentureEd Solutions, the company behind Ravenna Hub, acknowledged the issue and promptly addressed the security vulnerability after being alerted by TechCrunch. The incident has raised concerns about the oversight of cybersecurity measures at VentureEd and Ravenna Hub. The vulnerability exploited in this case is identified as an insecure direct object reference (IDOR), a common security weakness that arises due to inadequate server security controls.

While VentureEd Solutions claims to serve over a million students and facilitate hundreds of thousands of applications annually, the extent of unauthorized access and the potential impact on affected users remain unclear. The company’s CEO, Nick Laird, confirmed the fix but did not provide details on notifying users or conducting further investigations into the incident.

Source: TechCrunch

Japanese sex toy manufacturer Tenga recently disclosed a data breach that compromised customer information, as reported by TechCrunch. The breach occurred when a hacker gained unauthorized access to an employee’s professional email account, allowing them to steal customer names, email addresses, and historical email correspondence, potentially including order details and customer service inquiries.

According to the notification sent to customers, the hacker exploited the compromised inbox to send spam emails to contacts, further escalating the security incident. Tenga estimates that around 600 individuals in the United States were impacted by the breach, prompting the company to proactively reach out to those affected to ensure their safety and offer guidance.

The company, known for shipping millions of products globally, advised customers to update their passwords and remain cautious of suspicious emails, particularly those originating from the compromised employee’s account. Given the sensitive nature of the exposed information, which may involve intimate details related to orders and inquiries, the incident underscores the importance of robust cybersecurity measures in safeguarding customer data.

Source: TechCrunch

Def Con, a prominent hacking conference, has announced the ban of three individuals associated with the late Jeffrey Epstein from attending the event. The banned individuals include hackers Pablos Holman and Vincenzo Iozzo, along with former MIT Media Lab director Joichi Ito. This decision follows revelations of their connections with the convicted sex offender.

The conference’s move to prohibit the attendance of Holman, Iozzo, and Ito stemmed from information disclosed in the Department of Justice’s recent files related to the Epstein investigation. Additionally, Politico published an article detailing emails exchanged between the trio and Epstein, prompting Def Con’s action to exclude them from the conference.

In response to the ban, a spokesperson for Iozzo stated that Def Con’s decision was perceived as performative, emphasizing that Iozzo had minimal conference participation over the past two decades and had not engaged in any wrongdoing warranting the ban.

Notably, this development comes shortly after cybersecurity conferences Black Hat and Code Blue removed Iozzo from their review board pages due to emerging revelations tying him and others to Epstein.

While Def Con, Holman, and Ito have yet to comment on the ban, the cybersecurity community continues to grapple with the implications of such individuals being associated with Epstein.

Source: TechCrunch