The worst part of your iPhone getting stolen may not be the theft itself. Instead, it’s the phishing attacks waged against people in your contacts. New research this week shows that there’s a thriving ecosystem for tools that let criminals unlock iPhones and target the phone numbers they find inside.
Foxconn, the electronics manufacturing giant known for its role in building iPhones, revealed this week that it recently “suffered a cyberattack.” A ransomware group known as Nitrogen, claimed responsibility for the hack and said it had stolen 8 TB of data from the manufacturer. While the theft remains unconfirmed, the fact that Foxconn remains a valuable target is all but inevitable.
The skies above the United States-Canada border are about to get a lot more crowded. The Department of Homeland Security and Defense Research and Development Canada plan to run an experiment this fall testing 5G-connected drones for collecting “real-time battlefield intelligence.”
In the Strait of Hormuz, meanwhile, Iran’s Revolutionary Guard Corps are successfully blocking the crucial shipping route using a “mosquito fleet” of small boats as US-Israeli combat operations continue to bombard the country.
And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
A lesson for future criminal hackers and rogue employees: When you—and, say, your twin brother—decide to destroy your employer’s network, remember to first close out the Microsoft Teams meeting in which you were fired, so that it doesn’t record you discussing your acts of vengeance.
That lesson has now hopefully been driven home for Muneeb and Sohaib Akhter, two hackers who have now pleaded guilty to charges that they destroyed 96 government databases after being fired from their jobs at the federal contractor Opexus. (Muneeb has since tried to recant his guilty plea in handwritten notes to the judge.) Their employer had made the decision to terminate the two 34-year-old brothers after discovering their criminal records, which included multiple hacking and wire fraud charges for crimes as petty as stealing airline miles.
The Teams meeting in which the two men were fired lasted only a few minutes. The detailed planning and execution of their revenge campaign, however, lasted hours and was all recorded by the same Teams meeting that they had failed to close—which was transcribed in a court document spotted by Ars Technica.
“Still connected? Still on the VPN?” Sohaib is heard saying to his brother, who lived in the same home. “Delete all their databases?”
“We are doing petty shit now,” Muneeb says.
Instructure, the company behind the educational software Canvas, said on Monday that it had reached a deal with the hackers calling themselves ShinyHunters who had disrupted Canvas across thousands of US schools and posted ransom messages on victims’ screens. In a message on its website, the company wrote that it “reached an agreement with the unauthorized actor involved in this incident.” The statement went on to claim that the data stolen by the hackers in their breach—including records of 275 million students, according to the hackers—had been “returned” to Instructure, had been destroyed on the hackers’ own systems, and that no Instructure customers would be further extorted. Instructure didn’t explicitly say whether it had paid a ransom, or how much it paid if so.
Glad to have all that settled. (Until the well-incentivized ransomware industry carries out its next massive disruption.)
Dream Market was once the world’s biggest dark web market for drugs and other contraband until it voluntarily shut down in 2019, following a series of raids that arrested many of its sellers. Now, the alleged administrator of the market has reportedly been tracked down and charged, more than seven years after the illicit marketplace disappeared from the internet. Owe Martin Andresen was arrested during a raid on his home and two other locations earlier this month. US and German prosecutors say he made millions of dollars from Dream Market’s commissions, some of which was laundered through gold bars he allegedly bought from a company in Atlanta. Given that Dream Market was launched in 2013—the same year that the original Silk Road dark web drug market was busted—Andresen’s arrest may bring to a close the longest-running dark web drug investigation of all time.
OpenAI disclosed that two of its employees were impacted by a supply chain attack on an open source project called TanStack, a popular library used to build web apps. In a blog post, the company said that it investigated the incident and observed unauthorized access and “credential-focused exfiltration activity” in a limited subset of internal code repositories. The company didn’t find evidence that user data was accessed or that its production systems were compromised. However, it’s now requiring that all macOS users update their OpenAI apps by June 12.
The TanStack hijacking was part of a larger attack on open source packages used by developers. Hackers embedded malware designed to steal people’s private data, which BleepingComputer reported included Git credentials, GitHub Action tokens, SSH keys, and Claude Code configs.
Findem, a major American data broker previously caught hiding its data-deletion page from Google, says it has taken steps to correct the problem after three years. The firm told Democrats on the Joint Economic Committee this week that a former employee had embedded a “no index” code on the company’s website, preventing consumers from finding its opt-out controls via Google search, but that company executives were unaware of the matter.
Fidem said it removed the code the day Senator Maggie Hassan, the panel’s ranking member, published a February report, which called out the company for its practices, and for failing to respond to the JEC minority’s questions. During the years the page was de-indexed, Findem says, only 679 people visited it.
