‘Happy Gilmore’ producer buys spyware maker NSO Group

Publish this research This week, it was reported that scammers in North Korea are trying to trick American companies into hiring them for architectural design work, using fake profiles, resumes and Social Security numbers to pose as legitimate workers. This hustle fits into the reclusive kingdom’s long-running campaigns to steal billions of dollars from organizations around the world, using careful planning and coordination to pose as professionals in all different fields.

Under pressure from the Justice Department, Apple removed a series of apps from its iOS App Store this month related to monitoring U.S. Immigration and Customs Enforcement activity and archiving content related to ICE proceedings. As more apps are removed, several developers told WIRED this week that they won’t give up fighting Apple over the decisions, and many are still distributing their apps to other platforms in the meantime.

WIRED examined growing warnings from software supply chain security researchers that the proliferation of AI-generated software in codebases will create a more extreme version of the code transparency and accountability issues that have resulted from widespread integration of open source software components. Apple announced expansions to its bug bounty program this week, including a maximum of $2 million for certain exploit chains that could be abused to distribute spyware, and additional bounties for exploits found in Apple’s Lockdown Mode or in beta versions of new software.

But wait, there’s more! Every week we round up security and privacy news that we haven’t published in-depth ourselves. Click on the titles to read the full stories. And stay safe out there.

Notorious spyware vendor NSO Group, known for developing the Pegasus malware, has faced financial troubles since losing a long legal battle against secure messaging platform WhatsApp as well as a lawsuit filed by Apple. Now, the company, which has long been owned by Israel, has been bought by a group of US-based investors led by film producer Robert Symonds, who helped finance Happy Gilmore, Billy Madison, Pink Panther, Hustlersand Ferrariamong many other films. The deal is reportedly worth “several tens of millions of dollars” and is nearing completion. The Defense Ministry’s Defense Export Control Agency (DECA) will need to approve the sale. The use of mercenary spyware within some US federal government agencies has increased since the beginning of the Trump administration.

Hundreds of national security and cybersecurity professionals who work at the U.S. Department of Homeland Security have faced mandatory reassignment in recent weeks to roles related to President Donald Trump’s mass deportation agenda. Bloomberg reports that the affected workers are largely senior employees who are not union-eligible. Workers who refuse to transfer roles will reportedly be fired. Members of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), who faced reassignment, reportedly worked to “issue alerts about threats against US agencies and critical infrastructure.” For example, CISA’s Capacity Building Team has faced a number of reassignments, which may hinder access to emergency recommendations and guidance for high-value federal government assets. The workers were transferred to agencies including Immigration and Customs Enforcement, Customs and Border Protection, and the Federal Protective Service.

A The last violation From a third-party customer service provider used by the Discord communications system, it includes a large data set from over 70,000 Discord users that contains identifying documents as well as personal photos, email addresses, phone numbers, some home location information, and more. The data was collected as part of age verification processes, a mechanism that has long been criticized for centralizing users’ sensitive information. 404 Media reports that the breach was committed by attackers trying to extort Discord. “This is about to get really ugly,” the hackers wrote on a Telegram channel on Wednesday while posting the stolen data.

U.S. Immigration and Customs Enforcement signed an $825,000 contract in May with TechOps Specialty Vehicles (TOSV), a Maryland-based company that manufactures law enforcement equipment and vehicles. The company provides products that include rogue cell towers used for phone monitoring and are sometimes called “stingrays” or “cell site simulators.” Public records A review reviewed by TechCrunch shows that the agreement describes how the company “provides Cell Site Simulator (CSS) vehicles in support of the Homeland Security Technical Operations Program” and is an amendment to “additional CSS vehicles.” TOSV also began a similar $818,000 contract with ICE in September 2024, before the start of the Trump administration. In an email to TechCrunch, TOSV President John Brennas declined to share details about the contracts but confirmed that the company provides cell site simulators. The company doesn’t make it itself, he said.