Twin cybercriminals have been arrested after they forgot to turn off Microsoft Teams recording

The worst part Theft of your iPhone may not be theft itself. Instead, they are phishing attacks launched against people in your contacts. New research this week shows that there is a thriving ecosystem of tools that allow criminals to unlock iPhones and target the phone numbers they find inside.

Foxconn, the electronics manufacturing giant known for its role in manufacturing iPhones, revealed this week that it had recently been the target of a cyberattack. A ransomware group known as Nitrogen claimed responsibility for the hack and said it stole 8 terabytes of data from the manufacturer. While the theft remains unconfirmed, the fact that Foxconn remains a valuable target is inevitable.

The skies above the US-Canada border are about to get even busier. Homeland Security and Defense Research and Development Canada are planning a trial this fall to test 5G-connected drones to collect “real-time battlefield intelligence.”

Meanwhile, the Iranian Revolutionary Guard has successfully closed the vital shipping route in the Strait of Hormuz using a “mosquito flotilla” of small boats, while US-Israeli combat operations continue to bomb the country.

And that’s not all. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.

A lesson for future criminal hackers and rogue employees: When you and, say, your twin brother decide to destroy your employer’s network, remember to first close the Microsoft Teams meeting in which you were fired, so you won’t be recorded discussing your retaliation.

Hopefully, this lesson has been learned by Muneeb and Sohaib Akhtar, two hackers who have now pleaded guilty to charges of destroying 96 government databases after being fired from their jobs at federal contractor Opexus. (Munib has since tried to retract his guilty plea in handwritten notes to the judge.) Their employer made the decision to fire the 34-year-old brothers after discovering their criminal records, which included numerous hacking and wire fraud charges for crimes as trivial as stealing airline miles.

The teams meeting in which the two men were expelled only lasted a few minutes. However, the detailed planning and execution of their revenge campaign continued for hours and was all captured by the same teams meeting they failed to bring to an end – which was transcribed in a court document spotted by Ars Technica.

“Are you still connected? Are you still using a VPN?” Suhaib is heard saying to his brother, who lives in the same house. “Delete all their databases?”

“We are doing trivial work now,” Muneeb says.

Instructure, the company behind the educational software Canvas, said Monday it had reached an agreement with hackers calling themselves ShinyHunters who disabled Canvas across thousands of U.S. schools and posted ransom messages on victims’ screens. The company wrote in a message on its website that it “reached an agreement with the unauthorized party involved in this incident.” The statement went on to claim that the data the hackers stole during their breach — including the records of 275 million students, according to the hackers — had been “returned” to Instructure, destroyed on the hackers’ own systems, and that no Instructure customers would be blackmailed further. The instructions did not explicitly state whether a ransom had been paid, or the amount paid if so.

Glad that all settled. (Until the well-motivated ransomware industry pulls off the next massive disruption.)

Dream Market was once the world’s largest dark web marketplace for drugs and other contraband until it was voluntarily shut down in 2019, after a series of raids arrested many of its sellers. Now, the alleged administrator of the market has reportedly been tracked down and charged, more than seven years after the illicit market disappeared from the internet. Owe Martin Andresen was arrested during a raid on his home and two other locations earlier this month. American and German prosecutors say he received millions of dollars in Dream Market commissions, some of which was laundered through gold bullion he allegedly bought from an Atlanta company. Given that Dream Market was launched in 2013 — the same year the original Silk Road dark web drug market was busted — Andersen’s arrest could bring an end to the longest-running dark web drug investigation ever.

OpenAI revealed that two of its employees were affected by a supply chain attack on an open source project called TanStack, a popular library used to build web applications. In a blog post, the company said it investigated the incident and observed unauthorized access and “credential-focused exfiltration activity” in a limited subset of internal code repositories. The company found no evidence that user data had been accessed or that its production systems had been compromised. However, it now requires all macOS users to update their OpenAI apps by June 12.

The TanStack hijacking was part of a larger attack on open source packages used by developers. The hackers included malware designed to steal people’s private data, which BleepingComputer reported included Git credentials, GitHub Action tokens, SSH keys, and Claude Code configurations.

Findem, a major US data broker that was previously caught hiding its data deletion page from Google, says it has taken steps to correct the problem three years later. The company told Democrats on the Joint Economic Committee this week that a former employee included a “no index” icon on the company’s website, preventing consumers from finding opt-out controls via Google search, but company executives were unaware of it.

Vidim said it removed the code on the day Senator Maggie Hassan, the committee’s ranking member, published a report in February that criticized the company for its practices and for failing to respond to questions from a minority group on the Joint Economic Committee. In the years the page was de-indexed, only 679 people visited it, Vendum says.