DOJ accuses director of defense firm's cyber division of selling secrets to Russia

Metacurity is a reader-supported publication that requires significant work and non-trivial expenses. We rely on the generous support of our paid readers. Please consider upgrading your subscription to support Metacurity's ongoing work. Thank you.

If you're unable to commit to a subscription today, please consider donating whatever you can. Thank you!

Peter Williams, a former director of the Trenchant arm of Melbourne, Florida-based L3Harris Technologies, an aerospace and defense technology company that sells computer vulnerabilities, has been charged with stealing secrets to sell to an unspecified buyer in Russia.

He was accused of stealing seven trade secrets from two unidentified companies with the intention of selling them to the Russian buyer, according to the Justice Department. Williams is a 39-year-old Australian national who resigned on Aug. 21.

The alleged incidents occurred between April 2022 and August 2025, according to his criminal information, a charging document that typically precedes a guilty plea. Electronic court records show that he is scheduled for an arraignment and plea agreement hearing on Oct. 29 in Washington federal court. Trenchant and L3Harris aren’t accused of any wrongdoing.

Prosecutors are seeking a $1.3 million forfeiture from Williams equal to the profits allegedly made from the theft. The document against Williams lists his home, 22 luxury and replica watches, several pieces of high-end jewelry, and all the funds in his seven bank and cryptocurrency accounts. Authorities also seized a Louis Vuitton handbag and two Moncler jackets. (Patrick Howell O'Neill and Chris Strohm / Bloomberg)

Related: CourtListener, TechCrunch, TechCrunch, CyberScoop, PCMag, The Cyber Express, Reuters, The Register

The just-released report from the multi-government Multilateral Sanctions Monitoring Team (MSMT) found that North Korean IT workers had concealed their nationality "to fraudulently gain contracts to work on animation projects for many companies."

Those companies included "HBO Max, Amazon, and several Japanese animation studios", the report found.

Many of them worked for companies such as Pyongyang's state-owned animation studio SEK studios, previously reported to have assisted in Western projects such as the 2007 "Simpsons Movie".

Almost 200 workers from the isolated country also "continued to perform animation work from China in 2024 and 2025", the report said.

Under UN sanctions, North Korean workers are prohibited from earning money abroad. (AFP)

Related: Sri Lankan Guardian

F1's governing body, the FIA, confirmed one of its driver information databases was subject to a breach that let "hackers" access Max Verstappen's personal information in just 10 minutes.

F1 drivers race under a super license, but registration on the FIA Driver Categorization website allows them to race in sports car events. A group of bloggers, as revealed on X they accessed the system, which lists any driver who has taken part in those events across the motor racing world at any stage of their careers.

Verstappen, Lando Norris, Fernando Alonso, and Nico Hülkenberg are among the Formula 1 drivers in the system with a background in that area.

Gal Nagli, whose X profile lists him as a hacker and bug bounty hunter, and blogger Ian Carroll outlined through a series of posts how they were able to access the portal by simply applying to be an admin.

The profile of Verstappen, who recently made his endurance sports car racing debut at the Nurburgring, was an immediate point of focus.

Carroll and Nagli were able to find the four-time world champion's "passport, his personal contact, his FIA correspondence, his license documents." They also found "internal communications," "committee discussions about driver performance, private evaluations, and confidential decision-making processes."

A blog post on Carroll's website added: "We stopped testing after seeing that it was possible to access Max Verstappen's passport, resume, license, password hash, and PII. This data could be accessed for all F1 drivers with a categorization, alongside sensitive information of internal FIA operations."

He and Nagli then contacted the FIA to alert the governing body to the flaws in the system. (Nate Saunders / ESPN)

Related: Ian Carroll, Motorsport, Sports Illustrated, Autosport, TechRadar, SpeedCafe, SportBible, Cybersecurity Insiders, RFI, AFP

Shaquille O’Neal’s $180,000 Range Rover, which was customized to fit the 7’1″ hoops hero in the driver’s seat, has gone missing after a car transport company was hacked.

The brand new car was in the middle of being customized by Effortless Motors, a job that was expected to increase the value of the vehicle to some $300,000, and Effortless had it shipped from Atlanta to Louisiana.

It was picked up on Monday, but never arrived at its destination. When Effortless called to find out where the missing motor had gone, they learned that it had gone AWOL along the route.

It’s believed that thieves may have hacked the moving company to access data about the pick-up or drop-off and used it to divert Shaq’s wheels into the wrong hands somewhere along the route.

Effortless is now offering a $10,000 reward. (Oli Coleman / New York Post)

Related: People, TMZ, Daily Mail, Men's Journal

A new report to the successor organization to the Cyberspace Solarium Commission recommends that the Trump administration should reverse cyber personnel and budget cuts, strengthen the Office of the National Cyber Director, and expand federal workforce initiatives.

The annual implementation report from CSC 2.0 is the first of five iterations to actually determine that the nation has gone backward on enacting the agenda of the landmark bipartisan commission, whose suggestions led to the creation of major new federal organizations and policies, including the national cyber director’s office.

In grading the degree to which its 2020 report had been enacted — whether they’re “implemented,” “nearing implementation,” “on track,” “progress limited” or facing “significant barriers” — the percentages dropped in every category, after years of rising or staying steady.

“Our nation’s ability to protect itself and its allies from cyber threats is stalling and, in several areas, slipping,” states the report, in a passage written by former chairman Sen. Angus King, I-Maine, and executive director Mark Montgomery. “This year’s assessment makes clear that technology is evolving faster than federal efforts to secure it. Meanwhile, cuts to cyber diplomacy and science programs and the absence of stable leadership at key agencies like the Cybersecurity and Infrastructure Security Agency (CISA), the State Department, and the Department of Commerce have further eroded momentum.” (Tim Starks / CyberScoop)

Related: 2025 Annual Report on Implementation, SC Media, Federal News Network, GovTech, The Register, New York Times, MeriTalk

In a statement to the German Press Agency, Apple claimed that it may have to turn off App Tracking Transparency in Europe as a result of “intense lobbying efforts."

Specifically, when it comes to Germany, the country’s Federal Cartel Office concluded earlier this year in a preliminary assessment that ATT was potentially anticompetitive, as Apple allegedly didn’t apply the same privacy standards to its own apps. Apple was also fined in France over ATT a few months ago.

In May 2021, Apple introduced App Tracking Transparency (ATT), a privacy feature that lets users choose whether apps can track their activity across other companies’ apps and websites for advertising or data-sharing purposes.

Following the rollout of the feature, cross-app and cross-site tracking declined sharply, with at least one study reporting a 54.7% drop in tracking rates in the United States alone.

The move had an immediate, but limited impact on online advertising, with companies such as Meta allegedly finding workarounds to bypass ATT and keep advertising numbers up.

Other companies and groups decided to take the matter to the courts and to regulatory bodies, accusing Apple of anticompetitive behavior. Some of these, Apple claims, may force it to shut down the feature in Europe. (Marcus Mendes / 9to5Mac)

Related: DPA International, Deutsche Presse-Agentur, Moneycontrol, BGR, Tech Times, EPIC, AppleInsider, MacRumors, Invezz, channelnews, MacRumors, The Tech Portal,  WebProNews, Apple Must, Macworld, Apple Insider

The United States Justice Department unsealed an indictment against 31 people, including alleged members of several organized crime families, along with two well-known figures in the NBA—Portland Trail Blazers coach Chauncey Billups and former player and assistant coach Damon Jones—for what prosecutors describe as their roles in a vast, rigged-gambling conspiracy that involved, among other things, hacked card shufflers.

Heat guard Terry Rozier was charged in a separate alleged gambling scheme, along with Jones and four others.

The 31 defendants in the first indictment are charged with running a ring of high-stakes private poker games from New York to the Hamptons to Miami, allegedly luring victims with the prospect of playing with NBA stars and then fleecing them for tens or even hundreds of thousands of dollars with multiple high-tech cheating systems—among them, hacked card shufflers set up to secretly transmit exactly what cards each player would have in their hand.

According to prosecutors, the marks were taken for more than $7 million over several years of running the rigged gambling schemes. “These individuals used technology and deceit to scam innocent victims out of millions of dollars—eventually funneling money to La Casa Nostra and enriching one of the most notorious criminal networks in the world,” FBI director Kash Patel wrote in a statement. (Andy Greenberg / Wired)

Related: Yahoo Sports, NBC News, Business Insider, CBC, DW, Reuters, NJ.com, Fast Company, The Morning Call, Los Angeles Daily News, Route Fifty, Chicago Sun-Times - All, Heavy.com, Business Insider, The Guardian, San Diego Union Tribune

Researchers at Infoblox report that the Universe Browser, which is linked to Chinese online gambling websites and is thought to have been downloaded millions of times, actually routes all internet traffic through servers in China and “covertly installs several programs that run silently in the background.”

The researchers say the “hidden” elements include features similar to malware—including “key logging, surreptitious connections,” and changing a device’s network connections.

The researchers who collaborated with the United Nations Office on Drugs and Crime (UNODC) on the work found links between the browser’s operation and Southeast Asia’s sprawling, multibillion-dollar cybercrime ecosystem, which has connections to money-laundering, illegal online gambling, human trafficking, and scam operations that use forced labor.

While the Universe Browser has most likely been downloaded by those accessing Chinese-language gambling websites, researchers say that its development indicates how pivotal and lucrative illegal online gambling operations are, exposing their links to scamming efforts that operate across the world. (Matt Burgess / Wired)

Related: Infoblox, Gadgets360, Samsung Magazine, Android Authority

Thailand’s government revoked the citizenship of a Cambodian high-ranking businessman, Phat Suphapa, after he was accused of being involved with cyber-scam operations and human trafficking networks.

Prime Minister Anutin Charnvirakul signed an order on Friday revoking the Thai citizenship of Suphapa, who is also known as Ly Yong Phat. Ly, a naturalized Thai national, is accused of maintaining Cambodian citizenship and involvement in illicit activities.

According to Thailand’s Interior Ministry, reports from the Anti-Money Laundering Office and the Department of Consular Affairs indicated Ly had connections with groups engaged in fraud and human-trafficking networks. He’s also been sanctioned by the US Office of Foreign Assets Control. Ly continued to use his Cambodian nationality despite having obtained Thai citizenship through naturalization.

The move on Ly is the latest action Anutin has taken in less than a week to show he’s tough on scam operations. On Wednesday, Deputy Finance Minister Vorapak Tanyawong announced he would step down a day after Anutin asked him to explain allegations that he and his wife are linked to Southeast Asian scam networks. (Suttinee Yuvejwattana / Bloomberg)

Related: Bangkok Post

Toys “R” Us Canada has sent notices of a data breach to customers informing them of a security incident where threat actors leaked customer records they had previously stolen from its systems.

The company discovered the data leak on July 30, 2025, when a threat actor posted on the dark web what they claimed to be Toys “R” Us customer data.

Subsequent investigation of the threat actor’s claims, conducted with the help of third-party experts, confirmed that the information was indeed authentic.

“On July 30, 2025, we became aware via a posting on the unindexed internet that a third-party was claiming to have stolen information from our database,” reads the letter sent to customers.

“We immediately hired third-party cybersecurity experts to assist with containment and to investigate the incident. (Bill Toulas / Bleeping Computer)

Related: Canadian Press, The Register, Mobile Syrup

The Latvian Data State Inspectorate (DVI) has imposed a 300,000 euro fine (around $350,000) on SIA “ZZ Dats” in connection with last year’s municipal data breach; the company has appealed the decision in court.

According to the Inspectorate, the data were stored in an information system maintained by ZZ Dats. Upon receiving information about a possible violation, the Inspectorate opened an investigation and found the company guilty of failing to fulfill the processor’s obligations in accordance with Article 32 of the General Data Protection Regulation (GDPR).

For the violation identified, the company received an administrative penalty—a €300,000 fine. ZZ Dats has appealed the decision to the Riga City Court. (Baltic News Network)

Related: LSM

A total of $1,024,750 was paid out at the Pwn2Own Ireland 2025 hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI), but the event was overshadowed by the last-minute withdrawal of a researcher who was scheduled to demonstrate a WhatsApp exploit worth $1 million.

The highest reward at Pwn2Own Ireland 2025, $100,000, was paid out for an exploit chain targeting the QNAP Qhora-322 router and the QNAP TS-453E NAS device. 

Two Samsung Galaxy S25 exploit chains were each rewarded with $50,000, and the same amount was earned for vulnerabilities in Synology ActiveProtect Appliance DP320 and the Sonos Era 300 smart speaker. 

Participants received up to $40,000 for hacking Ubiquiti cameras, QNAP and Synology NAS devices, Lexmark and Canon printers, and smart home systems such as Phillips Hue Bridge, Amazon Smart Plug, and Home Automation Green.

A total of 73 previously unknown vulnerabilities were disclosed at Pwn2Own Ireland 2025.

A researcher named Eugene (3ugen3) of Team Z3 was scheduled to demonstrate a $1 million zero-click remote code execution exploit against WhatsApp on Thursday.

However, the demonstration did not take place. ZDI initially said there was a delay due to “travel complications and delayed flights”, but noted that the researcher would still submit his exploit. ZDI later announced that the researcher withdrew from the competition, citing concerns that the exploit was not sufficiently prepared for a public demonstration.

Contacted by SecurityWeek, Eugene, who appears to be from China, described Pwn2Own as an “amazing event”. The researcher said, “We decided to keep everything private between Meta, ZDI and myself. No comments,” adding that he did not want his true identity revealed to the public. (Eduard Kovacs / Security Week)

Related: Bleeping Computer, Zero Day Initiative, GBHackers, Security Affairs

Researchers at Check Point report that Google has taken down thousands of YouTube videos that were part of the so-called "YouTube Ghost Network" that was quietly spreading password-stealing malware disguised as cracked software and game cheats.

The network relied on hijacked and weaponized legitimate YouTube accounts to post tutorial videos that promised free copies of Photoshop, FL Studio, and Roblox hacks, but instead lured viewers into installing infostealers such as Rhadamanthys and Lumma. 

The campaign, which has been running since 2021, surged in 2025, with the number of malicious videos tripling compared to previous years. More than 3,000 malware-laced videos have now been scrubbed from the platform after Check Point worked with Google to dismantle what it called one of the most significant malware delivery operations ever seen on YouTube.

Check Point says the Ghost Network relied on thousands of fake and compromised accounts working in concert to make malicious content look legitimate. Some posted the "tutorial" videos, others flooded comment sections with praise, likes, and emojis to give the illusion of trust, while a third set handled "community posts" that shared download links and passwords for the supposed cracked software. (Carly Page / The Register)

Related: Check Point, Help Net Security, PCMag

Financial regulators in Canada this week levied $176 million in fines against Cryptomus, a digital payments platform that supports dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services.

The penalties for violating Canada’s anti-money-laundering laws came ten months after KrebsOnSecurity noted that Cryptomus’s Vancouver street address was home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which were physically located there.

On October 16, the Financial Transactions and Reports Analysis Center of Canada (FINTRAC) imposed a $176,960,190 penalty on Xeltox Enterprises Ltd., more commonly known as the cryptocurrency payments platform Cryptomus.

FINTRAC found that Cryptomus failed to submit suspicious transaction reports in cases where there were reasonable grounds to suspect that they were related to the laundering of proceeds connected to trafficking in child sexual abuse material, fraud, ransomware payments, and sanctions evasion. (Brian Krebs / Krebs on Security)

Related: NASCUS, Rescana, Hacker News (ycombinator)

WazirX, once India’s largest cryptocurrency exchange by volume, will resume operations on October 24, per an email sent to creditors.

That ends more than a year of uncertainty for thousands of creditors left in limbo after one of the most dramatic collapses in the country’s crypto history, which saw over $230 million worth of various tokens being stolen from the exchange.

The restart follows a Singapore High Court–approved restructuring under Zettai Pte. Ltd., WazirX’s parent company, which received near-unanimous backing from creditors earlier this year.

That was the final step in a process that began after a massive security breach last year froze assets, shuttered withdrawals, and effectively took India’s oldest crypto platform offline. (Shaurya Malwa / CoinDesk)

Related: WazirX Blog, Cointelegraph, Entrackr, Decrypt, The Block, The Hindu, Yahoo Finance, The Cyber Express, crypto.news, Blockhead, Coinpedia Fintech News, Cryptonews, CoinGape, Inc42 Media, TheStreet, Bitcoin Insider

Seattle-area cybersecurity startup Chainguard landed $280 million in new financing, just six months after a Series D round pulled in $356 million.

The new funding comes from General Catalyst’s Customer Value Fund (CVF). (Kurt Schlosser / GeekWire)

Related: Chainguard, BizJournals

Best Thing of the Day: Dedication to Breach Reporting

TikTok user @kerneldump noticed a data breach at a company and failed to get a response, so he worked his way through the hiring process to land an interview for a job at the organization to inform them of the breach.

Bonus Best Thing of the Day: Slava Ukraini!

Ukraine has now deployed 30,000 free YubiKeys made by Yubico as a layer of protection against digital intrusions of its military systems.

Worst Thing of the Day: Money Doesn't Always Equal Security

CISA is uncertain about where thousands of instances of F5 are currently in use in the civilian federal government despite spending billions on continuous diagnostics and mitigation (CDM), designed for, among other things, “increasing visibility into the federal cybersecurity posture."

Bonus Worst Thing of the Day: It's Not Like We're Concerned About AI Risks or Anything

Meta is laying off 600 people in its AI division, shrinking the risk team, and replacing most of its manual reviews with automated systems.

Closing Thought