Former head of #L3Harris​’s #Trenchant “offensive cyber” division has admitted to stealing a weapons-grade exploit chain worth $35M and selling it for personal gain. Company’s not on trial, but the feds charged #PeterWilliams last week—and this week he’s decided to ’fess up:

As we discussed earlier this year, organized crime groups are using slaves to scam people from massive “pig butchering” factories. One notorious center for the grotesquely evil practice is Myanmar.

#Microsoft​’s #Windows security update rollup is badly buggy this month. Post-patch, the #WinRE recovery environment doesn’t work with most keyboards and mice. And a fix for a cryptography bypass bug is causing failures, requiring rollbacks or registry edits to resolve.

Anything any #Android app can display is vulnerable to the #Pixnapping attack—including #2FA codes. That’s the worrying claim from a group of researchers this week. “It’s like Rowhammer, but for the screen,” quips one wag:

#Redis (Remote Dictionary Server) and its open source fork #Valkey share a scary flaw that can give an attacker full remote code execution. It’s been assigned a maximum CVSS score of 10.0—which is something you don’t often see.

#Japan​’s biggest producer of beer is still not producing any beer this week. #Asahi Group Holdings shut down production Monday after detecting a cyber intruder.

The #Akira #ransomware gang have found a way to override the multifactor authentication in #SonicWall SSL VPN appliances. These scrotes appear to be able to move laterally from the VPN boxes to deploy ransomware.

Iconic British brand today warned its business would stay stalled for even longer. And a loose confederation of threat actors, now calling itself Scattered Lapsus$ Hunters, has claimed responsibility for hacking the big car firm—via tedious Telegram trolling:

U.S. senator #RonWyden (pictured) is demanding the #FTC do something about #Microsoft $MSFT already. He says Satya’s crew are to blame for some awful #ransomware attacks exploiting a vulnerability that’s more than 10 years old:

A pair of ethical hackers discovered a bunch of “catastrophic” vulns in the code running 30,000 #BurgerKing, #TimHortons, #Popeyes and #FirehouseSubs locations. Owner #RBI quickly fixed the flaws, but then its contractor #Cyble issued a sus-seeming #DMCA takedown notice:

Four weeks ago, #Google admitted it was hacked by #ShinyHunters and/or #ScatteredSpider—via #vishing. Sadly, this sparked a journalistic game of Telephone: Over the space of four weeks, “This #Salesforce instance got vished,” quickly became, “2.5 billion #Gmail users hacked!!1!”

A subsidiary of @Zurich Insurance $ZURN admitted to a huge leak: More than one million customers’ data. #FarmersGroup is the latest corporation ’fessing up to its data going AWOL via #Salesforce vishing:

Chinese web users couldn’t access websites outside the People’s Republic yesterday. The outage lasted an hour and a quarter—with no explanation. Nobody’s sure whether it was a mistake or an ominous test of new #censorship capabilities:

The U.S. administration is celebrating a “mutually beneficial understanding” with the #UK, meaning #Apple won’t need to backdoor #iCloud. National intelligence director Tulsi Gabbard and White House veep JD Vance seem happy about it, anyway.

At least 35 data brokers employed #DarkPatterns to discourage #Californian​s from exercising their privacy rights. Researchers say the companies hid legally required web pages from #Google—so people can’t find them:

Venerable file compression-cum-archiving tool suffers yet another exploited vulnerability, causing the sole developer to issue a patch. Is it time to ditch WinRAR? Yes! Here’s why:

This week, #Google finally admitted it got socially engineered—leading to a breach of #CRM data. Yes, you read that right: Google got vished. Do the scrotes have your info? We don’t know and Google’s not saying.

The company behind the #Bee bracelet is being bought by #Amazon. Think of it as Copilot+ Recall for the real world. It seems like Jeff Bezos (pictured) just can’t get enough of knowing everything about you and your life.

All Your #UAVs Are Belong to UKR: #Gaskar Group, #Russian designer of drones plaguing #Ukraine​’s skies, is in utter disarray. Or, at least, so says Ukrainian military intelligence.

Freight trains in the U.S. use a radio link between front and rear, designed around 40 years ago. It’s emerged that the Flashing Rear End Device (#FRED) can be told to slam on the brakes via an extremely weak wireless protocol.