Vulnerable U Infosec's favorite weekly newsletter for news, tools, and tips with 32,000+ CISOs, founders, change-makers, and straight up hackers.

If you like this stuff, subscribe to my free weekly newsletter along with 32k other pros:

U.S. government accuses former L3Harris cyber boss of stealing trade secrets | TechCrunch The U.S. Department of Justice accused Peter Williams, former general manager of L3Harris’ hacking division Trenchant, of stealing trade secrets and selling them to a buyer in Russia.

Full article on TechCrunch -

Arraignment/plea agreement hearing scheduled for Oct 29 in DC. Williams isn't currently in federal custody. His attorney John Rowley declined comment when contacted by TC.

The criminal information doc is light on specifics - doesn't name the victim companies or detail nature of stolen trade secrets. But does list all the watches the FBI collected from him...

We can connect some dots based on what they do as a company.

Worth noting that this comes on heels of recent internal Trenchant investigation into leaked hacking tools. Not yet clear if the two incidents are connected.

Timeline: Williams allegedly stole 7 trade secrets between Apr '22-Jun '25, and an 8th between Jun-Aug '25. He was Trenchant's GM from Oct '24 until Aug '25, operating out of DC.

Former L3Harris/Trenchant GM Peter Williams charged with stealing trade secrets. DOJ claims he made $1.3M from the sale.

Woah. Trenchant, who develops zero-days and surveillance tools for Five Eyes intelligence agencies (US, UK, Canada, Australia, and New Zealand). Has had an insider accused of selling secrets to Russia.

Vulnerable U Infosec's favorite weekly newsletter for news, tools, and tips with 30,000+ CISOs, founders, change-makers, and straight up hackers.

Dig this kind of news?

Join over 30k pros who get my weekly newsletter for free:

'You'll never need to work again': Criminals offer reporter money to hack BBC Reporter Joe Tidy was offered money if he would help cyber criminals access BBC systems.

No vulnerabilities used. No lateral network movement.

It's all just OAuth tokens all the way down.

Read the whole story here:

Funnily enough, I was looking for Medusa stuff while writing this thread, and CISA's advisory on how to protect yourself from them is the top search result.

While this is all good advice, it wouldn't have done much to stop this type of attack.

Hacks are just logins in 2025.

Worth noting actors maintained professional demeanor throughout most interactions. Only escalated to aggressive tactics (MFA bombing) after patience wore thin.

Even apologized and said that was just them testing the login page.

Group referenced previous "successful" insider compromises at UK healthcare and US emergency services orgs.

Claims align with known Medusa TTPs focusing on high-value targets.

When reporter delayed, group pivoted to aggressive MFA bombing - continuously triggering 2FA notifications hoping for accidental approval. Same technique used in 2022 Uber compromise.

They requested specific network reconnaissance via command line queries, demonstrated knowledge of BBC's IT infrastructure, and offered "trust payment" of 0.5 BTC as deposit.

Threat actor claimed to be a "reach out manager" for Medusa - a Ransomware-as-a-Service operation believed to operate from Russia/CIS region.

Group has hit 300+ victims in past 4 years per US cyber authorities.

(img: TheHackerNews)

Initial contact came to @JoeTidy via Signal from "Syndicate" offering 15% of potential ransom payment for access to BBC systems.

Offer later increased to 25% of what they claimed would be "1% of BBC's total revenue."

This BBC reporter was offered 25% of a ransom payout if he gave hackers access to the corporate network.

He played along so we got a look inside their tactic here:

I think the separation of dev and prod is one of the most important things we need to solve in AI coding land.

Keys. Secrets. Deployment. All that jazz.

None of the tools help, if anything they make it super easy to do wrong.

Panel on bootstrapping vs. VC money.

@haroonmeer.canary.love : “With bootstrapping you need to be careful to not be timid when it’s time to be bold”

Just great life advice in general. Will remember this quote forever.

Oh and @hdm.io and @andrewmorr.is are cool too.

This is a fun vuln

youtu.be/jsygONOr_f4

Vulnerable U Infosec's favorite weekly newsletter for news, tools, and tips with 28,000+ CISOs, founders, change-makers, and straight up hackers.

If you like following news like this checkout my weekly newsletter:

Join over 30k pros: vulnu.com/subscribe

Not just 4chan trolls. 404media decompiled the app and found the URLs in question in code. Not public anymore, but verified they are there.

Original article: www.404media.co/wome...

"No authentication, no nothing. It's a public bucket"

This is why security and privacy pros hate these ID verification laws that require drivers license uploads - these apps just can't keep this stuff secure.

They found the database exposed on Google's Firebase.

The app is meant to be basically the "are we dating the same man?" Facebook group in a dating app.

In order to verify that the users are women, they ask for photos and driver's licenses.

That viral women's only dating app 'Tea' was hacked by some 4chan users.

They didn't phish, social engineer, or use some crazy hacker technique either - the database was just public

Hey so… don’t do this.

Someone can buy this extension that is tied to tons of peole's salesforce account and just ...get access to all that info. (h/t @johntuckner.me)

If I was a bad guy who was looking for memory vulns, I'd be ALL OVER these new hotness web browsers. (Comet, Arc, etc.)

Market share is small but much more valuable targets. - Teams behind them way smaller than ...Google

Wild trend this week of legitimate apps and extensions turning into malware.

youtu.be/o9XBXeX0_5E