US issues seizure warrants for Starlink terminals in Myanmar cyberscam compounds

Metacurity is a reader-supported publication that requires significant work and non-trivial expenses. We rely on the generous support of our paid readers. Please consider upgrading your subscription to support Metacurity's ongoing work. Thank you.

If you're unable to commit to a subscription today, please consider donating whatever you can. Thank you!

US law enforcement issued seizure warrants for Starlink satellite internet terminals that provide cybercriminals with connectivity in scam compounds they run in Myanmar.

One warrant, by US magistrate judge G. Michael Harvey, authorized the seizure of nine Starlink terminals and two Starlink accounts allegedly used in scam compounds in Payathonzu, near Three Pagodas Pass at the Myanmar-Thai border.

A linked affidavit, written by FBI investigators, claims that the Starlink devices and accounts played a “substantial role” in an alleged money laundering and wire fraud operation targeting US citizens, saying Starlink parent company SpaceX should “disable service” to the devices. It also claims that at least 26 Starlink dishes appeared to be on the roofs of several buildings, making up one of several scam centers in the Three Pagodas Pass area.

The second warrant and affidavit—which was not issued to Starlink but focused on seizing websites used in scamming—also claims that “at least” 79 Starlink dishes appear on the roofs of buildings at the notorious Tai Chang compound in Myanmar, which US officials say is controlled by the Democratic Karen Benevolent Army, an armed group in Myanmar that was sanctioned by the US government this week. The warrant was signed on Monday by US Magistrate Judge Matthew J. Sharbaugh.

Both sets of legal documents cite a WIRED investigation from earlier this year, which revealed that scam compounds in Myanmar have been using Starlink for internet access. Starlink, which is owned and operated by Elon Musk’s SpaceX, is a high-speed satellite internet service available in more than 150 countries around the world.

The action comes as part of a new US law enforcement initiative known as the District of Columbia Scam Center Strike Force that was announced by the Justice Department, FBI, and Secret Service. (Matt Burgess and Lily Hay Newman / Wired)

Related: Cryptopolitan, CryptoRank, WebProNews

The US Justice Department announced that five people have pleaded guilty to helping North Koreans defraud US companies by posing as remote IT workers.

Three of the people, US nationals Audricus Phagnasay, Jason Salazar, and Alexander Paul Travis, each pleaded guilty to one count of wire fraud conspiracy.

Prosecutors accused the three of helping North Koreans posing as legitimate IT workers, who they knew worked outside of the United States, to use their own identities to obtain employment, helping them remotely access their company-issued laptops set up in their homes, and also helping the North Koreans pass vetting procedures, such as drug tests.

Travis, who prosecutors said was an active servicemember of the US Army at the time of the scheme, earned more than $50,000 for these actions, while Phagnasay and Salazar were paid at least $3,500 and $4,500, respectively. The scheme saw US companies pay around $1.28 million in salaries, most of which was sent to the North Korean IT workers overseas, per the DOJ.

The fourth US national who pleaded guilty is Erick Ntekereze Prince, who ran a company called Taggcar, which supplied to US companies allegedly “certified” IT workers, but who he knew worked outside of the country and were using stolen or fake identities. Prince also hosted laptops with remote access software at several residences in Florida, and earned more than $89,000 for his work, the DOJ said.

Another participant in the scheme who pleaded guilty to one count of wire fraud conspiracy and another count of aggravated identity theft is Ukrainian national Oleksandr Didenko, who prosecutors accuse of stealing US citizens’ identities and selling them to North Koreans so they could get jobs at more than 40 US companies.

According to the press release, Didenko earned hundreds of thousands of dollars for this service. Didenko agreed to forfeit $1.4 million as part of his guilty plea.

The DOJ also announced that it had frozen and seized more than $15 million in cryptocurrency stolen in 2023 by North Korean hackers from several crypto platforms. (Lorenzo Franceschi-Bicchierai / TechCrunch)

Related: Justice Department, Cryptonews, AInvest, Cryptoticker, Security Affairs, CoinCentral

According to an examination by the International Consortium of Investigative Journalists, The New York Times, and 36 other news organizations around the world, even as the crypto industry gains mainstream acceptance, at least $28 billion tied to illicit activity has flowed into crypto exchanges over the last two years.

The money came from hackers, thieves, and extortionists. It was traced to cybercriminals in North Korea and scammers whose schemes stretched from Minnesota to Myanmar. Over and over, the analysis showed, these groups have moved money onto the world’s largest exchanges, which are online marketplaces where people can convert US dollars or euros into Bitcoin, Ether, and other digital coins.

Among the recipients of this “dirty money” was Binance, the world’s biggest crypto exchange, which participated in a $2 billion business deal with Mr. Trump’s crypto firm in May. The money also flowed into at least eight other prominent exchanges, including OKX, a global platform with a growing footprint in the United States, according to the analysis.

“Law enforcement can’t cope with the overwhelming amount of illicit activity in the space,” said Julia Hardy, a co-founder of zeroShadow, a crypto investigations firm. “It can’t go on like this.”

However, Donald Trump has made crypto a cornerstone of his family business and ended a regulatory clampdown on the industry. Shortly before the 2024 election, he and his sons founded World Liberty Financial, a crypto start-up that is poised to generate tens of millions of dollars a year from the business deal involving Binance. Last month, Mr. Trump granted a pardon to Changpeng Zhao, Binance’s founder, who had served a four-month term in prison after the company’s plea agreement.

The Trump administration has also weakened law enforcement’s ability to prosecute crypto crime. In April, the Justice Department dismantled a crypto enforcement team, explaining that prosecutors should target terrorists and drug traffickers who use crypto, while eschewing cases against “the platforms that these enterprises utilize to conduct their illegal activities.”

The analysis relied partly on aggregate data that was assembled by Chainalysis, an analytics firm, and that did not identify specific exchanges. The Times and the International Consortium of Investigative Journalists also used public records and consulted with forensic experts to identify crypto accounts tied to criminals. Crypto transactions are recorded on a public ledger, allowing the movement of funds to be traced to individual exchanges. (David Yaffe-Bellany, Spencer Woodman, and Sam Ellefson / New York Times)

Related: ICIJ, ICIJ, ICIJ, ICIJ, CoinDesk

A database containing information on Princeton University alumni, donors, students, and other members of the school’s community was compromised “by outside actors for less than 24 hours,” adding to a string of cyberattacks against Ivy League schools.

The incident happened on Nov. 10 and affected a system in the university’s advancement office that contained personal information such as names, contact details, and “fundraising activities and donations” to the school, Princeton said in an email sent to alumni and posted to its website.

Princeton said in a statement that it was able to remove the attacker from its system within 24 hours and believes no other technology system was breached. The intruder gained access through a phone phishing incident targeting a Princeton employee who had access to the advancement database, the university said. (Tom Giles and Andrew Martin / Bloomberg)

Related: Princeton University, Newsweek, National Review, Economic Times, NewsBytes

Anthropic's research claiming that a previously unknown Chinese state-sponsored hacking group used the company’s Claude AI generative AI product to breach at least 30 different organizations in an autonomous way is tempered by evidence that indicates this hacking group devoted significant human and technical resources to the way it used Claude.

Namely, the automation detailed in Anthropic’s report, performed by Claude, was made possible through a frontend framework designed to orchestrate and support its operations. The framework handled tasks such as scripting, provisioning related servers, and significant backend development to ensure every step was followed correctly. Klein noted this development process was the most difficult — and, importantly, human-led — step in the operation.  

“The first part that is not autonomous is building the framework, so you needed a human being to put this all together,” Klein said. “You had a human operator that would put in a target, they would click a button, and then use this framework that was created [ahead of time]. The hardest part of this entire system was building this framework, that’s what was human intensive.”

Additionally, to conduct reconnaissance on targets, scan for vulnerabilities, and conduct other tasks, Claude called out to a set of open-source tools via Model Context Protocol (MCP) servers, which help AI models securely interface with external digital tools. Setting up these connections requires coding expertise, advanced planning, and technical work by humans to ensure interoperability.

Finally, Claude’s work was subject to constant human validation and review. An illustration of the attack chain details at least four different steps that explicitly involve having a human check Claude’s output or send the model back to work before taking additional steps.

This suggests that although Claude could perform these tasks autonomously, it relied on human oversight to review output, validate findings, ensure backend systems were working, and direct its next steps. (Derek B. Johnson / CyberScoop)

Related: BleepingComputer, Pivot to AI, WebProNews, This Week in Tom Merritt, Breitbart, The Decoder, BBC, Wired, Cyber Security News, Unite.AI, Fast Company, Engadget, The Power Law, New York Times, The Verge, TechRadar, The Guardian, SFist, Telegraph, Vox, Washington Examiner, Anthropic, Futurism, Semafor, The Hill, Blaze Media, Fox Business, CircleID, PCMag, The Daily Signal, The Hacker News, ZDNET, Daily News, KnowTechie, The 74, Fortune, Metacurity, Tom's Hardware, Infosecurity, Implicator.ai, CBS News, Livemint, Digit, The Stack

The US is quietly investing in AI agents for cyberwarfare, spending millions this year on a secretive startup that’s using AI for offensive cyberattacks on American enemies.

According to federal contracting records, a stealth, Arlington, Virginia-based startup called Twenty, or XX, signed a contract with the US Cyber Command this summer worth up to $12.6 million. It scored a $240,000 research contract with the Navy, too. The company has received VC support from In-Q-Tel, the nonprofit venture capital organization founded by the CIA, as well as Caffeinated Capital and General Catalyst. Twenty declined to comment.

Twenty’s contracts are a rare case of an AI offensive cyber company with VC backing landing Cyber Command work; typically, cyber contracts have gone to either small bespoke companies or to the old guard of defense contracting like Booz Allen Hamilton or L3Harris.

Though the firm hasn’t launched publicly yet, its website states its focus is “transforming workflows that once took weeks of manual effort into automated, continuous operations across hundreds of targets simultaneously.” Twenty claims it is “fundamentally reshaping how the US and its allies engage in cyber conflict.”
Its job ads reveal more. In one, Twenty is seeking a director of offensive cyber research, who will develop “advanced offensive cyber capabilities, including attack path frameworks… and AI-powered automation tools.”

AI engineer job ads indicate that Twenty will be deploying open source tools like CrewAI, which is used to manage multiple autonomous AI agents that collaborate. And an analyst role says the company will be working on “persona development.” Often, government cyberattacks use social engineering, relying on convincing fake online accounts to infiltrate enemy communities and networks.

Twenty’s executive team, according to its website, is stacked with former military and intelligence agents. CEO and cofounder Joe Lin is a former US Navy Reserve officer who was previously VP of product management at cyber giant Palo Alto Networks. He joined Palo Alto after the firm acquired Expanse, where he helped national security clients determine where their networks were vulnerable. CTO Leo Olson also worked on the national security team at Expanse and was a signals intelligence officer at the US Army.

VP of engineering, Skyler Onken, spent over a decade at US Cyber Command and the US Army. The startup’s head of government relations, Adam Howard, spent years on the Hill, most recently working on the National Security Council transition team for the incoming Trump administration. (Thomas Brewster / Forbes)

Lawmakers in Germany's federal Bundestag parliament approved legislation that would give new tools to the Interior Ministry to ban the use of components from specific Chinese manufacturers in critical sectors over cybersecurity risks.

The measures resemble what European countries have done in the telecom sector, but the new German bill applies to a much wider range of sectors, including energy, transport, and health care.

The law comes as German Chancellor Friedrich Merz signaled a tougher stance against Chinese tech giant Huawei, telling a business conference in Berlin that he "won’t allow any components from China in the 6G network." Merz is set to discuss the issue at a prominent digital sovereignty summit co-hosted by Germany and France next week.

The fresh scrutiny for supply chain security in the EU’s largest economy — a manufacturing powerhouse with a complex relationship with China — comes at a time when the European Union is considering how best to tackle cyber risks in supply chains dominated by Chinese firms.

Governments are looking beyond the telecom sector, pushing for action in areas such as solar power and connected cars. European cybersecurity officials are finalizing an ICT Supply Chain Toolbox to help governments mitigate the risks, and the European Commission is preparing an overhaul of its Cybersecurity Act to address the issue, expected in January.

The German legislation implements the EU’s NIS2 Directive, a critical infrastructure cybersecurity law. The Bundesrat, Germany’s upper legislative chamber, still has to sign off on the bill, which is expected next Friday. (Sam Clark / Politico)

Related: Bundestag, Bloomberg, TelecomTV, Hacker News, r/germany

Taiwan's National Security Bureau (NSB) urged Taiwanese people to be on alert when using Chinese generative artificial intelligence (AI) language models due to potential security breaches and the spread of "disinformation" following recent inspections of five such apps.

Its inspections of five Chinese generative AI apps – Deepseek, Doubao (豆包), Yiyan (文心一言), Tongyi (通義千問), and Yuanbao (騰訊元寶) – found violations of users' communication security across several indicators, the NSB, Taiwan's top intelligence agency, said in a statement issued Sunday.

The inspection consisted of two parts: the security of the apps themselves and their generative contents, according to the bureau.

Conducted jointly with the Ministry of Justice Investigation Bureau (MJIB) and the Criminal Investigation Bureau (CIB), the inspections checked these apps' security under 15 indicators in five categories: personal data collection, excessive permission usage, data transmission sharing, system information extraction, and biometric data access.

All five apps were found to have violations across many indicators, with Tongyi failing to meet 11 out of the 15 indicators. Doubao and Yuanbao both violated 10 of the 15, while Yiyan violated 9, and Deepseek violated 8, the NSB said.

All the China-made apps were found requesting their users' access to location data, collecting screenshots, forcing users to accept unreasonable privacy terms, and harvesting device parameters.

The inspections on the apps' generative contents across 10 indicators, meanwhile, found that some of the contents were biased and contained disinformation, the NSB said. (Joseph Yeh / Focus Taiwan)

Related: NSB.gov.tw, Taipei Times, Ocac News

The Dutch police seized thousands of servers in The Hague and Zoetermeer, used solely for hosting criminal activities.

The targeted "bulletproof" hosting company rented space to criminals to carry out crimes like ransomware attacks, botnets, phishing, and the distribution of child sexual abuse images, the Oost-Nederland police said. No arrests have been made.

According to the police, the company has been involved in 80 cybercrime investigations since 2022 and was active recently. “The hosting company is used solely to carry out criminal activities,” the police said. “It presents itself as bulletproof, advertising complete anonymity for users and suggesting it does not cooperate with law enforcement.” (NL Times)

Related: Politie

The British Crown Prosecution Service (CPS) announced it secured a civil recovery order to seize crypto assets worth £4.11 million ($5.39 million) from Twitter hacker Joseph James O'Connor, clawing back the proceeds of a scam that used hijacked celebrity accounts to solicit digital currency and threaten high-profile individuals.

O'Connor, now 26, is already serving a five-year sentence in the US after pleading guilty in 2023 to conspiracy to commit computer intrusions, wire fraud, and money laundering for his role in the July 2020 breach that compromised accounts belonging to the likes of Barack Obama, Bill Gates, and Jeff Bezos.

The group behind the intrusion used SIM-swapping and social engineering techniques to access internal Twitter tools, then pushed bogus messages urging followers to send Bitcoin to attacker-controlled wallets – a ruse that netted more than $100,000 in a matter of hours. (Carly Page / The Register)

Related: Crown Prosecution Service, The Times, Metro, Technology.org, The Independent

A Russian man purportedly named Denis Obrezko, allegedly part of the notorious group Void Blizzard, wanted for extradition by the United States over cybercrime allegations, was arrested on the Thai holiday island of Phuket.

Void Blizzard is a cyber espionage gang recognized by Microsoft for hacking attacks that align with Kremlin interests.

He was arrested on November 6 in a joint operation between the FBI and Thai authorities, one week after entering the country on a flight to Phuket, according to Thailand’s Cyber Crime Investigation Bureau (CCIB).

“This individual had previously breached security systems and attacked government agencies in both Europe and the United States,” the CCIB said Friday.

However, Russian publication Vot Tak identified only one Russian hacker, who was 35 years old at the time of his arrest in Thailand: Alexey Lukashev, born November 7, 1990, in the Murmansk region.

The FBI believes Lukashev is a Russian military intelligence officer with the rank of senior lieutenant, assigned to military unit 26165. He was one of 12 Russian intelligence officers indicted on July 13, 2018, for interfering in the 2016 US presidential election. (Laura Sharman, Helen Regan, and Sean Lyngaas / CNN and Vot Tak)

Related: Mezha, ANI, The Record, Tass, The Phuket Express, The Insider

Somalia’s Immigration and Citizenship Agency confirmed that hackers breached its electronic visa platform, exposing sensitive personal data of travellers who used the system, marking the first official acknowledgement by Somali authorities after the United States and United Kingdom issued warnings earlier in the week.

However, the statement did not indicate how many people were affected, nor did it give any sense of how long the process might take. The government has since quietly moved its e-visa system to a new website.

The UK embassy warned travellers on November 14 that “this data breach is ongoing and could expose any personal data you enter into the system,” advising people to “consider the risks before applying for an e-visa”.

Mohamed Ibrahim, a former Somali telecommunications minister and tech expert, told Al Jazeera that while hacking is a significant challenge, the authorities’ lack of transparency is troubling.

“Somalia isn’t high-tech, and hacking, in itself, is neither here nor there. But they should have been upfront with the public,” Ibrahim said.

“Why was the website’s URL changed, for example? That hasn’t even been explained,” he added, referring to the domain name change for the e-visa application site.

On Saturday, the Somali immigration agency’s director-general dismissed media reports about the breach as “coordinated misinformation campaigns” intended to undermine state institutions.

“A Somali individual cannot undermine the dignity, authority, honour or unity of the state,” Mustafa Sheikh Ali Duhulow told an audience in Mogadishu on Saturday night, without directly addressing the hacking allegations. (Faisal Ali / Al Jazeera)

Related: Dawan Africa, Garowe Online, Travel and Tour World, Men's Journal, Somalia Guardian

Hacked CCTV videos from a maternity hospital in India have been sold on Telegram, police say, raising serious questions about privacy and security in a country where such cameras have become commonplace.

Earlier this year, police in Gujarat state were alerted by the media to videos on YouTube - some showed pregnant women undergoing medical exams and receiving injections in their buttocks - in a maternity hospital in a city.

The videos had a link directing viewers to Telegram channels to buy longer videos.

The director of the hospital told the BBC that the cameras had been installed for the safety of doctors. The BBC is not naming the city or hospital to protect the identity of the women in the videos. None of them has filed a police complaint.

Police say their investigation uncovered a massive cybercrime racket where sensitive footage from at least 50,000 CCTVs from across the country was stolen by hackers and sold on the internet.

In Gujarat, police say they ended up discovering a "network of individuals spread across the country"."[They] were hacking into the video surveillance systems - or CCTV systems - of hospitals, schools, colleges, corporate offices and even the bedrooms of private individuals in multiple states," Lavina Sinha, who heads the Ahmedabad cyber crime department investigating the case, told reporters.

Hardik Makadiya, Gujarat's top cybercrime official, says videos were sold for 800–2,000 rupees ($9-22; £7-17, with Telegram channels offering live CCTV feeds via subscription. (Cherylann Mollan, Gopal Kateshiya, and Roxy Gagdekar Chhara / BBC News)

Related: CNBC, Times of India, WION, The Economic Times

The husband of the founder of the Korean sportswear brand Andar, who previously served as an executive director at the company, was sentenced to prison in an appellate trial and taken into custody in court for conducting illegal transactions with a North Korean hacker group.

The Seoul Western District Court dismissed both the defendant’s and the prosecution’s appeals and upheld the original sentence of one year in prison and one year of disqualification from certain rights, such as his rights to become a civil servant or to run for election, for violating the National Security Act. The court also ordered the defendant, surnamed Oh, into immediate custody.

From July 2014 to May 2015, Oh operated an illegal private server for an online game and allegedly contacted a North Korean hacker directly via a Chinese messenger app to obtain a core file that would allow users to bypass the game’s security system.

The hacker was reportedly the head of the development team at the Rungra Information Center under the Rungrado Trading General Corporation, an affiliate of Bureau 39 of the Workers’ Party of Korea — an organization that reportedly generates foreign currency for the regime. While the center appears to be a legitimate trading company, it is in fact used to develop and sell illegal programs — such as auto-play software for online games and tools for distributed denial-of-service (DDoS) attacks — which are used to fund the North Korean regime. (HYEON YE-SEUL / KoreaJoongAng Daily)

Related: The Chosun Daily, The Korea Times, Asia Business Daily, Maeil Business Newspaper

Fortinet has confirmed that it has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now "massively exploited in the wild."

The flaw was silently patched after reports that unauthenticated attackers were exploiting an unknown FortiWeb path traversal flaw in early October to create new administrative users on Internet-exposed devices.

The attacks were first identified by threat intel firm Defused on October 6, which published a proof-of-concept exploit and reported that an "unknown Fortinet exploit (possibly a CVE-2022-40684 variant)" is being used to send HTTP POST requests to the /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi Fortinet endpoint to create local admin-level accounts.

On Thursday, watchTowr Labs security researchers also demoed an exploit and released a tool called "FortiWeb Authentication Bypass Artifact Generator to help defenders identify vulnerable devices.

Cybersecurity firm Rapid7 added that the flaw affects FortiWeb versions 8.0.1 and earlier, as it confirmed that the publicly available proof-of-concept exploit no longer works after updating to version 8.0.2. (Sergiu Gatlan / Bleeping Computer)

Related: Heise Online, Security Week, Rapid7, Help Net Security, GitHub

In an SEC filing, hardware accessory giant Logitech confirmed it suffered a data breach in a cyberattack claimed by the Clop extortion gang, which conducted Oracle E-Business Suite data theft attacks in July.

"Logitech International S.A. ("Logitech") recently experienced a cybersecurity incident relating to the exfiltration of data. The cybersecurity incident has not impacted Logitech's products, business operations, or manufacturing," disclosed Logitech.

"Upon detecting the incident, Logitech promptly took steps to investigate and respond to the incident with the assistance of leading external cybersecurity firms."

Logitech says the data likely includes limited information about employees and consumers, as well as data relating to customers and suppliers, but the company does not believe hackers gained access to sensitive information such as national ID numbers or credit card information, as that data was not stored in the breached systems.

Logitech says that the breach occurred through a third-party zero-day vulnerability that was patched as soon as a fix was available.

This statement comes after the Clop extortion gang added Logitech to its data-leak extortion site last week, leaking almost 1.8 TB of data allegedly stolen from the company. (Lawrence Abrams / Bleeping Computer)

Related: SEC, The Register, Forbes, VOI, Android Headlines, WebProNews

In a regulatory filing, AIPAC (American Israel Public Affairs Committee) has announced a data breach linked to an external system breach that involved an unknown third-party company.

The filing states that the data breach was identified on August 28, 2025, when files stored on AIPAC systems were accessed without authorisation from October 20 2024, to February 6 2025. The review of those files showed that names, along with other personal identifiers, were taken.

A total of 810 people were affected, including one resident of Maine. Although AIPAC did not specify which data types were present in the personal identifiers, it is important to note that such identifiers, also known as PII, can cover Social Security numbers or Taxpayer ID numbers, driver's license numbers, state ID numbers, passport numbers, home address, contact details, email address, payment card data, and banking information. (Waqas / HackRead)

Related: Maine Attorney General

The Federal Bureau of Investigation is trying to unmask the operator of Archive .is, which also known as Archive. today, a website that saves snapshots of webpages and is commonly used to bypass news paywalls.

The FBI sent a subpoena to domain registrar Tucows, seeking “subscriber information on [the] customer behind archive.today” in connection with “a federal criminal investigation being conducted by the FBI.” The subpoena tells Tucows that “your company is required to furnish this information.”

The subpoena is supposed to be secret, but the Archive. today X account posted the document on October 30, the same day the subpoena was issued. The X post contained a link to the PDF and the word “canary.”

“If you refuse to obey this subpoena, the United States Attorney General may invoke the aid of a United States District Court to compel compliance. Your failure to obey the resulting court order may be punished as contempt,” the document said. It gave a deadline of November 29.

Tucows is headquartered in Toronto, Ontario, and is also incorporated in Pennsylvania. The company’s subpoena and warrant policy says it provides registrant information in response to civil subpoenas issued by US courts and warrants related to criminal matters. (Jon Brodkin / Ars Technica)

Related: Heise.de, Adguard

Best Thing of the Day: You Got That Right

Over on r/cybersecurity, security professionals engaged in a vigorous discussion of who is responsible for ensuring that security and compliance get baked into the products in the first place, and the number one upvoted response is "senior management."

Worst Thing of the Day: Wells Fargo Has Got Nothing on Crypto ATMs

Crypto ATM operators, which play a huge role in online cyber fraud, are in at least 28,000 locations, more than twice the number of Wells Fargo ATMs.

Bonus Worst Thing of the Day: That's Less Than Half the Price of a Single Maserati

Gadgets used by criminals to steal keyless cars without breaking in are being sold online for more than £20,000 (around $26,000)

Closing Thought (not cyber-related but still...)