‘Happy Gilmore’ Producer Buys Spyware Maker NSO Group

Research published this week indicates that North Korean scammers are trying to trick US companies into hiring them for architectural design work, using fake profiles, résumés, and Social Security numbers to pose as legitimate workers. The hustle fits into longstanding campaigns by the hermit kingdom to steal billions of dollars from organizations around the world using careful planning and coordination to pose as professionals in all different fields.
Under pressure from the Department of Justice, Apple removed a series of apps from its iOS App Store this month related to monitoring US Immigration and Customs Enforcement activity and archiving content related to ICE’s actions. As more apps are removed, multiple developers told WIRED this week that they aren’t giving up on fighting Apple over the decisions—and many are still distributing their apps on other platforms in the meantime.
WIRED examined increasing warnings from software supply chain security researchers that the proliferation of AI-generated software in codebases will create an even more extreme version of the code transparency and accountability issues that have come up with widespread integration of open source software components. And Apple announced expansions of its bug bounty program this week, including a maximum $2 million payout for certain exploit chains that could be abused to distribute spyware, and additional bonuses for exploits found in Apple’s Lockdown Mode or in beta versions of new software.
But wait, there’s more! Each week, we round up the security and privacy news we didn’t report in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
Happy Gilmore Producer Buys NSO Group
The notorious spyware vendor NSO Group, known for developing the Pegasus malware, has faced financial issues since losing a long legal battle against the secure messaging platform WhatsApp as well as a lawsuit filed by Apple. Now, the company, which has long had Israeli ownership, has been purchased by a group of US-based investors led by movie producer Robert Simonds, who helped finance Happy Gilmore, Billy Madison, The Pink Panther, Hustlers, and Ferrari, among many other films. The deal is reportedly worth “several tens of millions of dollars” and is close to completion. Israel’s Defense Export Control Agency (DECA) within the Ministry of Defense will need to approve the sale. Use of mercenary spyware has increased within some US federal government agencies since the beginning of the Trump administration.
Top US Cybersecurity Workers Reassigned to Immigration Roles
Hundreds of national security and cybersecurity specialists who work in the US Department of Homeland Security have faced mandatory reassignment in recent weeks to roles related to President Donald Trump’s mass deportation agenda. Bloomberg reports that affected workers are largely senior staffers who are not union eligible. Workers who refuse to move roles will reportedly be dismissed. Members of DHS’s Cybersecurity and Infrastructure Security Agency (CISA) who have faced reassignment reportedly worked on “issuing alerts about threats against US agencies and critical infrastructure.” For example, CISA’s Capacity Building team has faced a number of reassignments, which could hinder access to emergency recommendations and directives for high-value federal government assets. Workers have been moved to agencies including Immigration and Customs Enforcement, Customs and Border Protection, and the Federal Protective Service.
Hack Exposes Sensitive Discord User Data
A recent breach of a third-party customer service provider used by the communication platform Discord included a trove of data from more than 70,000 Discord users that contained identification documents as well as selfies, email addresses, phone numbers, some home location information, and more. The data was collected as part of age verification checks, a mechanism that has long been criticized for centralizing users’ sensitive information. 404 Media reports that the breach was perpetrated by attackers who are attempting to extort Discord. “This is about to get really ugly,” the hackers wrote in a Telegram channel on Wednesday while posting the stolen data.
ICE Buys Vehicles That Use Fake Cell Towers for Phone Surveillance
US Immigration and Customs Enforcement inked a $825,000 contract in May with TechOps Specialty Vehicles (TOSV), a Maryland-based company that manufactures equipment and vehicles for law enforcement. The company provides products including rogue cellphone towers that are used for phone surveillance and sometimes called “stingrays” or “cell-site simulators.” Public records reviewed by TechCrunch show that the agreement describes how the company “provides Cell Site Simulator (CSS) Vehicles to support the Homeland Security Technical Operations program” and is a modification for “additional CSS Vehicles.” TOSV also began a similar $818,000 contract with ICE in September 2024, prior to the start of the Trump administration. In an email to TechCrunch, TOSV president Jon Brianas declined to share details about the contracts but confirmed that the company does provide cell-site simulators. The company does not manufacture them itself, he said.
Read More
ICE Wants to Build Out a 24/7 Social Media Surveillance Team
Documents show that ICE plans to hire dozens of contractors to scan X, Facebook, TikTok, and other platforms to target people for deportation.
An App Used to Dox Charlie Kirk Critics Doxed Its Own Users Instead
Plus: A ransomeware gang steals data on 8,000 preschoolers, Microsoft blocks Israel’s military from using its cloud for surveillance, call-recording app Neon hits pause over security holes, and more.
A Dangerous Worm Is Eating Its Way Through Software Packages
Plus: An investigation reveals how US tech companies reportedly helped build China’s sweeping surveillance state, and two more alleged members of the Scattered Spider hacking group were arrested.
Armed Guards and Muscle Milk: Senate Investigation Reveals DOGE Takeover Details
A new Senate report claims DOGE put every American’s Social Security number at risk—and that officials at federal agencies essentially obstructed an investigation, all but denying DOGE even exists.
Apple and Google Pull ICE-Tracking Apps, Bowing to DOJ Pressure
Plus: China sentences scam bosses to death, Europe is ramping up its plans to build a “drone wall” to protect against Russian airspace violations, and more.
A DHS Data Hub Exposed Sensitive Intel to Thousands of Unauthorized Users
A misconfigured platform used by the Department of Homeland Security left national security information—including some related to the surveillance of Americans—accessible to thousands of people.
Apple’s Big Bet to Eliminate the iPhone’s Most Targeted Vulnerabilities
Alongside new iPhones, Apple released a new security architecture on Tuesday: Memory Integrity Enforcement aims to eliminate the most frequently exploited class of iOS bugs.
Jeffrey Epstein’s Yahoo Inbox Revealed
Plus: ICE deploys secretive phone surveillance tech, officials warn of Chinese surveillance tools in US highway infrastructure, and more.
‘SIM Farms’ Are a Spam Plague. A Giant One in New York Threatened US Infrastructure, Feds Say
The agency says it found a network of some 300 servers and 100,000 SIM cards—enough to knock out cell service in the NYC area. Experts say it mirrors facilities typically used for cybercrime.
North Korean Scammers Are Doing Architectural Design Now
New research shows that North Koreans appear to be trying to trick US companies into hiring them to develop architectural designs using fake profiles, résumés, and Social Security numbers.
Apple Announces $2 Million Bug Bounty Reward for the Most Dangerous Exploits
With the mercenary spyware industry booming, Apple VP Ivan Krstić tells WIRED that the company is also offering bonuses that could bring the max total reward for iPhone exploits to $5 million.
DHS Has Been Collecting US Citizens’ DNA for Years
Newly released data shows Customs and Border Protection funneled the DNA of nearly 2,000 US citizens—some as young as 14—into an FBI crime database, raising alarms about oversight and legality.