5 things you need to know about the cyber 'crossfire' that just exposed a global spyware ring.
- A forensic team has traced a massive data breach back to a digital "crossfire" where two competing private surveillance firms accidentally compromised each other's systems, leaking 500+ GB of emails and spyware logs onto the dark web. The data reveals they were both targeting the same dissident journalists.
- The leaked client lists show the spyware was not just used by repressive governments—but also by at least three major US-based private equity firms trying to monitor their own C-suite executives for insider trading, according to the unsealed warrants.
- Experts are calling it a "friendship fire" scenario in the cyber underworld: The attackers assumed the data belonged to a third-party broker, but a misconfigured server placed the blame and the payload squarely on the victim's own internal network.
- Zero-day exploit codes (the holy grail for hackers) were found inside the crossfire dump, including one that can turn any smartphone microphone into a permanent listening device—even when the phone is powered off. US-CERT has issued a rare "Do Not Use" warning for three popular voice assistant chips.
- The most bizarre twist: The breach occurred because an IT administrator for one of the spyware firms accidentally posted a support ticket on a public forum asking how to "stop the LAN crossfire" between two office routers, inadvertently leaking the administrative login to a honeypot scanner. The resulting cascade of automated attacks triggered the data spill.