#zero-day-exploits

#zero-day-exploits

The average e-crime breakout time - the period between initial access and lateral movement onto another system - dropped to 29 minutes, a 65% increase in speed from 2024. One such intrusion undertaken by Luna Moth targeting a law firm moved from initial access to data exfiltration in four minutes.

Peter Williams, a former executive at U.S. defense contractor L3Harris, was sentenced on Tuesday to 87 months in prison for leaking his former company's trade secrets in exchange for $1.3 million in crypto between 2022 and 2025. Williams sold the exploits to Operation Zero, which the U.S. government calls 'one of the world's most nefarious exploit brokers.'

That changed last week when the US Department of Justice published a sentencing memorandum [PDF] that frames Williams' conduct as a betrayal of his employer and the US government, and the cause of significant harm to US national security. Williams "made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world," the DoJ said.

A confidential informant told the FBI in 2017 that Jeffrey Epstein had a "personal hacker," according to a document released by the Department of Justice on Friday. The document, which was released as part of the Justice Department's legally required effort to publish documents related to its investigation into the late sex offender, does not identify who the alleged hacker was, but does include several details about them.

The two vulnerabilities are CVE-2025-48633, an information-disclosure flaw in Android's framework component, and CVE-2025-48572, an elevation-of-privilege bug also in the framework component. Both are ranked high severity, and according to Google, both "may be under limited, targeted exploitation." Both of these - plus an additional 105 security holes - all have patches, so it's a good idea to update your Android software ASAP.

Williams, a 39-year-old Australian citizen who was known inside the company as "Doogie," admitted to prosecutors that he stole and sold eight exploits, or " zero-days," which are security flaws in software that are unknown to its maker and are extremely valuable to hack into a target's devices. Williams said some of those exploits, which he stole from his own company Trenchant, were worth $35 million, but he only received $1.3 million in cryptocurrency from the Russian broker.