#zero-day-exploits

#zero-day-exploits

That changed last week when the US Department of Justice published a sentencing memorandum [PDF] that frames Williams' conduct as a betrayal of his employer and the US government, and the cause of significant harm to US national security. Williams "made it possible for the Russian Broker to arm its clients with powerful cyber exploits that could be used against any manner of victim, civilian or military around the world," the DoJ said.

A confidential informant told the FBI in 2017 that Jeffrey Epstein had a "personal hacker," according to a document released by the Department of Justice on Friday. The document, which was released as part of the Justice Department's legally required effort to publish documents related to its investigation into the late sex offender, does not identify who the alleged hacker was, but does include several details about them.

The two vulnerabilities are CVE-2025-48633, an information-disclosure flaw in Android's framework component, and CVE-2025-48572, an elevation-of-privilege bug also in the framework component. Both are ranked high severity, and according to Google, both "may be under limited, targeted exploitation." Both of these - plus an additional 105 security holes - all have patches, so it's a good idea to update your Android software ASAP.

Williams, a 39-year-old Australian citizen who was known inside the company as "Doogie," admitted to prosecutors that he stole and sold eight exploits, or " zero-days," which are security flaws in software that are unknown to its maker and are extremely valuable to hack into a target's devices. Williams said some of those exploits, which he stole from his own company Trenchant, were worth $35 million, but he only received $1.3 million in cryptocurrency from the Russian broker.