May 23, 2025Ravie LakshmananRansomware / Dark Web As part of the latest "season" of Operation Endgame, a coalition of law enforcement agencies have taken down about 300 servers worldwide, neutralized 650 domains, and issued arrest warrants against 20 targets. Operation Endgame, first launched in May 2024, is an ongoing law enforcement operation targeting services and infrastructures assisting in or directly providing initial or consolidating access for ransomware. The previous edition focused on dismantling the initial access malware families that have been used to deliver ransomware. The latest iteration, per Europol, targeted new malware variants and successor groups that re-emerged after last year's takedowns such as Bumblebee, Lactrodectus, QakBot, HijackLoader, DanaBot, TrickBot, and WARMCOOKIE. The interaction action was carried out between May 19 and 22, 2025. "In addition, €3.5 million in cryptocurrency was seized during the action week, bringing the total amount seized during the Operation Endgame to more than €21.2 million," the agency said. Europol noted that the malware variants are offered as a service to other threat actors and are used to conduct large-scale ransomware attacks. Furthermore, international arrest warrants have been issued against 20 key actors who are believed to be providing or operating initial access services to ransomware crews. "This new phase demonstrates law enforcement's ability to adapt and strike again, even as cybercriminals retool and reorganize," Europol Executive Director Catherine De Bolle said. "By disrupting the services criminals rely on to deploy ransomware, we are breaking the kill chain at its source." Germany's Federal Criminal Police Office (aka Bundeskriminalamt or BKA) has revealed that criminal proceedings have been initiated against 37 identified actors. Some of the individuals who have been added to the E.U. Most Wanted list are listed below - Roman Mikhailovich Prokop (aka carterj), 36, a member of the QakBot group Danil Raisowitsch Khalitov (aka dancho), 37, a member of the QakBot group Iskander Rifkatovich Sharafetdinov (aka alik, gucci), 32, a member of the TrickBot group Mikhail Mikhailovich Tsarev (aka mango), 36, a member of the TrickBot group Maksim Sergeevich Galochkin (aka bentley, manuel, Max17, volhvb, crypt), 43, a member of the TrickBot group Vitalii Nikolaevich Kovalev (aka stern, ben, Grave, Vincent, Bentley, Bergen, Alex Konor), 36, a member of the TrickBot group The disclosure comes as Europol took the wraps off a large-scale law enforcement operation that resulted in 270 arrests of dark web vendors and buyers across 10 countries: the United States (130), Germany (42), the United Kingdom (37), France (29), South Korea (19), Austria (4), the Netherlands (4), Brazil (3), Switzerland (1), and Spain (1). The suspects, Europol noted, were identified based on intelligence gathered from the takedowns of the dark web marketplaces Nemesis, Tor2Door, Bohemia, and Kingdom Markets. Several suspects are alleged to have conducted thousands of sales on illicit marketplaces, often using encryption tools and cryptocurrencies to conceal their digital footprints. "Known as Operation RapTor, this international sweep has dismantled networks trafficking in drugs, weapons, and counterfeit goods, sending a clear signal to criminals hiding behind the illusion of anonymity," Europol said. Along with the arrests, €184 million in cash and cryptocurrencies, 2 tons of drugs, 180 firearms, 12,500 counterfeit products, and more than 4 tons of illegal tobacco have been seized by authorities. The joint action follows Operation SpecTor in May 2023, which led to the arrest of 288 dark web vendors and buyers and the seizure of €50.8 million in cash and cryptocurrency. "With traditional marketplaces under increasing pressure, criminal actors are shifting to smaller, single-vendor shops — sites run by individual sellers to avoid marketplace fees and minimize exposure," Europol said. "Illegal drugs remain the top commodity sold on the dark web, but 2023 also saw a surge in prescription drug trafficking and a rise in fraudulent services, including fake hitmen and bogus listings designed to scam buyers." Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post. SHARE    

Three teenagers nearly escaped prosecution for a 2020 house fire that killed five people until Denver police discovered a novel investigative technique: requesting Google search histories for specific terms. Kevin Bui, Gavin Seymour, and Dillon Siebert had burned down a house in Green Valley Ranch, mistakenly targeting innocent Senegalese immigrants after Bui used Apple's Find My feature to track his stolen phone to the wrong address. The August 2020 arson killed a family of five, including a toddler and infant. For months, detectives Neil Baker and Ernest Sandoval had no viable leads despite security footage showing three masked figures. Traditional methods -- cell tower data, geofence warrants, and hundreds of tips -- yielded nothing concrete. The breakthrough came when another detective suggested Google might have records of anyone searching the address beforehand. Police obtained a reverse keyword search warrant requesting all users who had searched variations of "5312 Truckee Street" in the 15 days before the fire. Google provided 61 matching devices. Cross-referencing with earlier cell tower data revealed the three suspects, who had collectively searched the address dozens of times, including floor plans on Zillow. Read more of this story at Slashdot.

Amadou Sow woke to the shrieking of smoke detectors. It was a little after 2:30 am on August 5, 2020, and his house in the suburbs of Denver, Colorado, was ablaze. The 46-year-old rushed to his bedroom door, but a column of smoke and heat forced him back. Panicked, Sow ran to the rear window, broke the screen with his hand, and jumped. The two-story drop fractured his left foot.Sow’s wife Hawa Ka woke their daughter Adama, who shared their room. She dragged the terrified 10-year-old to the window and pushed her out. Sow tried to catch her but missed. Miraculously, the girl landed on her hands and feet, uninjured. Then it was Ka’s turn. When she leaped, she fell on her back, shattering her spine in two places. Sow barely heard her howls of pain. He was thinking about their 22-year-old son, Oumar.He couldn’t see any movement inside Oumar’s room. He hurled a rock at the window, but the glass held steady. Despair filled him. Then he noticed Oumar’s car wasn’t in the driveway. He must be working his night shift at 7-Eleven. Thank God! Sow’s family was safe. But what about the others in the house? All told, nine people called 5312 Truckee Street home.Sow had bought the four-bedroom property in the northeastern suburb of Green Valley Ranch in 2018. The neighborhood was newly built and sparsely populated, cut off from the bulk of the city by miles of prairie grass, giving it an isolated, ghost-town feel. But for Sow, a Senegalese immigrant who usually worked nights at Walmart, the home was a refuge. Not long after his family moved in, his old friend Djibril Diol’s family joined them. Diol—Djiby to his friends—was 29 and a towering 6'8", a civil engineer who hoped to one day take his skills back to Senegal.The first fire truck arrived at 2:47 am. By then, the inferno had shattered the windows and plumed the air with smoke. The stench of burning wood filled the neighborhood. When firefighters subdued the blaze enough to get in the front door, they found the small body of a child. Djiby’s daughter Khadija had been two months shy of her second birthday. Farther in sprawled Djiby himself and his 23-year-old wife, Adja.Next to Adja lay Djiby’s 25-year-old sister, Hassan. She’d only been living in the house for three months. Like Adja, she had dreamed of going back to school to study nursing. She died with her arms still wrapped around her 7-month-old daughter, Hawa Beye. Medical examiners would later conclude that all five died of smoke inhalation, airways coated in black soot, internal organs and muscles burnished “cherry-red” from the heat.At the same time firefighters were entering the house on Truckee Street, Neil Baker, a homicide detective for the Denver Police Department (DPD), was awoken by a call from his sergeant. Baker—in his fifties with reading glasses, thinning hair, and a rosy complexion—threw on a suit, muttered a hurried goodbye to his wife, and jumped in his car.Neil Baker and his police colleagues used Google to help solve the case.Photography: Jimena PeckAfter nearly 30 years as a Denver-area cop, Baker knew his way around town. He also knew that Green Valley Ranch was a confusing rabbit’s warren of nearly identical roads. So before he set off, he did something innocuous, something anyone might have done: He Googled the address. And like anyone who Googles something, he was thinking about the search result he wanted—not the packets of data flitting between his device and Google’s servers, not the automated logs of what he was searching for and where he was searching from. But this unseen infrastructure would be key to figuring out what happened at Truckee Street—and it may soon extend the reach of law enforcement into the private lives of millions.Three weeks before the fire, 16-year-old Kevin Bui went into central Denver to buy a gun. Bui had led a charmed life. His family emigrated from Vietnam before he was born, and though they struggled financially at first—Bui describes his childhood homes as “the projects”—by the time he started high school, his dad’s accounting business had taken off. The family moved to a palatial house in Lakewood, on Denver’s western outskirts, complete with views of the mountains. Bui took to wearing Gucci belts and Air Jordans.Rogue NationWIRED profiles the people who make trouble—scams, drug deals, even murder—and also, occasionally, save the day.“I disliked school, but I was always really good at it,” Bui tells me. He was athletic too—a swimmer, and an inside linebacker on his school football team, the Green Mountain Rams. He was close with his older sister, Tanya, despite their seven-year age difference. Tanya filled Kevin’s girlfriend’s lashes and bitched to him about her boyfriends. The siblings discussed adopting a dog together.But there was a darker side to their life: Kevin and Tanya dealt fentanyl and marijuana, often finding customers on Snapchat. Kevin planned to start “carding,” stealing people’s credit card information on the dark web. And he took to amassing weapons.The guys Bui had arranged to meet in central Denver on that day in July had promised to sell him a gun. Instead, they robbed him of his cash, iPhone, and shoes.Afterward, Bui bubbled with humiliation. A few weeks earlier, football practice had shut down because of the pandemic. Classes had already been virtual for months. He felt he was “just doing bullshit”: waking up, logging on to Zoom, and returning to bed. The robbery tipped him over the edge. That night, at home in Lakewood, Bui resolved to get even. He pulled up the Find My device feature on his iPad and watched as it pinged his phone. The map zoomed east, past downtown, finally halting at Green Valley Ranch. A pin dropped at 5312 Truckee Street.The next afternoon, Bui sent a Snapchat message to his friend Gavin Seymour. “I deserved that shit cuz I knew it would happen and still went,” he wrote, according to later court records. “They goin get theirs like I got mine.”Bui and Seymour ran track together and lived just a four-minute drive apart. But in many ways they were opposites. Where Bui oozed confidence, Seymour was plagued by insecurity. Where Bui excelled academically, Seymour struggled with multiple learning disabilities. In contrast to Bui’s apparently cookie-cutter-perfect family life, Seymour’s parents split when he was young, and his father was largely absent.In response to Bui’s message, Seymour wrote: “idk why I would let you go alone I’m sorry for that.”Bui wrote back: “I cant even be mad cuz we used to do the same shit to random niggas.”But he was mad. More to the point, he was disgraced, his self-image—as a winner, a champ, top dog—shattered. A week later, Bui searched the Truckee Street address 13 times, including on sites like Zillow that detailed its interior layout. And he persuaded Seymour, who was just about to turn 16, and another friend, 14-year-old Dillon Siebert, to help him exact revenge. In late July, Seymour and Siebert also searched the address multiple times.Bui would later insist they’d planned to simply vandalize the house: hurl rocks at the windows, maybe, or egg the exterior. But sometime in those last hot days of July, things took a darker turn. On August 1, Bui messaged Seymour: “#possiblyruinourfuturesandburnhishousedown.”Three evenings later, Siebert and Bui went to Party City to buy black theater masks, then grabbed dinner at Wendy’s. They met up with Seymour, and at around 1 am on August 5 the three piled into Bui’s Toyota Camry. They stopped at a gas station, where they filled a red fuel canister to the brim. Then they set off for Green Valley Ranch, cruising past downtown and the Broncos stadium and through an industrial area dotted with smokestacks and semitrailers. The drive took at least 30 minutes, long and boring enough for any one of the teens to express doubt, postpone, chicken out. But it seemed none of them did, not even when they got to 5312 Truckee and saw a minivan—a family vehicle—parked out front.Green Valley Ranch, in the eastern suburbs of Denver, was a new and sparsely populated neighborhood with a confusing road layout and rows of cookie-cutter family homes. Even longtime city residents found it confusing to navigate.Photography: Jimena PeckThey found the house’s back door unlocked. It’s not clear who doused the gas on the living room walls and floors or who set the flame. When it caught, all three stumbled out to Bui’s car and took off.When Detective Baker arrived at 5312 Truckee Street two hours later, neighbors swarmed the street, their faces lit by the glow of the flames. The air tasted like ash. He spotted Ernest Sandoval, his partner on the case. Sandoval, nearly 15 years younger than Baker, had moved to homicide from the nonfatal shootings unit only a few weeks earlier.The officers on the scene told the pair that there could be as many as five fatalities. They suspected faulty wiring had sparked the blaze. It was terrible, tragic—but at least homicide’s job would be straightforward. “We’ll have some reports to write,” Baker remembers thinking. “We’ll have to probably go to the autopsies.” Then a man with melancholy eyes and a faint soul patch approached him. “I have something you should see,” he said. Noe Reza Jr. lived next door. He took out his phone, which held footage from his security cameras.The video clips started at 2:26 am. They showed three figures in hoodies and masks stealing through the side yard of 5312 Truckee. One points toward the rear of the house. Then they move out of the camera’s sight. Twelve minutes later, the trio sprint back toward the street. At 2:40, flames erupt from the home’s lower floor. Someone screams. The fire consumes the entire house within two minutes.“Oh, are you kidding me,” Baker thought. Five people had been murdered and their only lead was a few seconds of video that revealed nothing of the criminals’ identity.That morning, Kevin Bui slept in. Around 10 am, he searched online for news of the fire. There was an abundance. The tragedy had sparked headlines and Twitter threads across the world. The Council on American Islamic Relations issued a statement urging police to consider religious hate as a potential motive. Leaders of Colorado’s African community expressed fear, wondering which of their members might be targeted next. Even Senegal’s president tweeted he’d be watching the case closely.That’s when the truth began to dawn on Bui. Like many people, he had assumed that Apple’s Find My device software offers exact location tracking. But such programs rely on an unreliable combination of signals from GPS satellites, cell towers, Wi-Fi networks, and other connected devices nearby, and their accuracy can vary from a few feet to hundreds of miles. In the past, this ambiguity has led to threats, holdups, and even SWAT raids at the wrong addresses. (Apple did not respond to a request for comment.)As he read the news that morning, Bui realized that he had made a terrible mistake. These innocent faces didn’t belong to the guys who had robbed him. He’d killed a family.That August, Denver’s usually crystalline skies were choked with wildfire smoke. Baker and Sandoval barely noticed. They spent their waking hours in DPD’s 1970s-era HQ, with its fluorescent lighting and gumball machines in the lobby.The pair had begun their investigation with the usual stuff: interviewing the victims’ friends and family, combing through text messages and financial records. The more they dug, the clearer it became that the families of 5312 Truckee lived quiet, pious lives: work, mosque, home.The detectives returned to video footage. On clips pieced together from nearby Ring cameras, they saw the car the suspects were in taking a series of wrong turns as it entered the neighborhood, and wildly swerving and mounting curbs on the way out. But the videos weren’t clear enough to identify the exact make or model of the dark four-door sedan. The detectives quickly obtained what are known as tower dump warrants, which required the major phone networks to provide the numbers of all cellular devices in the vicinity of 5312 Truckee during the arson. And they slung a series of so-called geofence warrants at Google, asking the company to identify all devices within a defined area just before the fire. (At the time, Google collected and retained location data if someone had an Android device or any Google applications on their cell phone.)The warrants returned thousands of phone numbers, which the detectives dumped on Mark Sonnendecker, an agent at the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) who specialized in digital forensics. Sonnendecker, slim and soft-spoken with a face resembling Bill Nye’s, focused on T-Mobile subscribers. He had noticed that a “high percentage” of suspects in previous cases subscribed to the network.There were 1,471 devices registered to T-Mobile within a mile of the house when it ignited. Using software that visualizes how long it takes a signal to bounce from a cell tower to a phone and back again, Sonnendecker narrowed the list down to the 100 devices nearest to the house. One evening toward the end of August, detectives roamed the area around 5312 Truckee with a cell-phone-tower simulator that captured the IDs of all devices within range. That night, there were 723. Sonnendecker cross-referenced these with the 100 from earlier, eliminating the 67 that showed up on both lists and likely belonged to neighborhood residents who could be ruled out. That left 33 T-Mobile subscribers whose presence in Green Valley Ranch in the early hours of August 5 couldn’t easily be explained.Investigators considered bringing them in for questioning but decided against it; without any evidence to detain them, they feared spooking the arsonists into fleeing the country. Nothing pointed to any obvious suspects. Still, Sonnendecker remained confident that something would pop up to give police the breakthrough they needed.But as summer turned to fall, progress on the case began to falter. Hundreds of Crime Stoppers tips were still pouring in, including some from psychics. Baker and Sandoval crisscrossed the state to interrogate a trio found with drugs, guns, and masks in Gypsum and to interview the Senegalese community in the mountain town of Silverthorne. (For decades, West Africans had found work in the ski hub’s many resorts, hotels, and grocery stores.) They even chased a lead to Iowa. “We got pretty hopeful here and there, but it just kind of fizzled out,” recalls Baker.The detectives were feeling the pressure. In the wake of nationwide Black Lives Matter protests that summer, a petition demanding police stop “undervaluing the lives of BIPOC individuals” and prioritize the investigation into the deaths of the Diol family collected nearly 25,000 signatures. Baker and Sandoval were told not to take on any new cases so they could work this one full time.At a department meeting in September, Baker and Sandoval pleaded with colleagues for ideas. Was there anything they hadn’t tried—anything at all? That’s when another detective wondered if the perpetrators had Googled the address before heading there. Perhaps Google had a record of that search?It was like a door they’d never noticed suddenly flung open. They called Sonnendecker and the district attorney, Cathee Hansen. Neither had heard of Google turning over a list of people who had searched for a specific term. In fact, it had been done: in a 2017 fraud investigation in Minnesota, after a series of bombings in Austin in 2018, in a 2019 trafficking case in Wisconsin, and a theft case in North Carolina the following year. Federal investigators also used a reverse keyword search warrant to investigate an associate of R. Kelly who attempted to intimidate a witness in the musician’s racketeering and sexual exploitation trial. But those records had largely been sealed. So, unaware of these precedents, Hansen and Sandoval drafted their warrant from scratch, requesting names, birth dates, and physical addresses for all users who’d searched variations of 5312 Truckee Street in the 15 days before the fire.Google denied the request. According to court documents, the company uses a staged process when responding to reverse keyword warrants to protect user privacy: First, it provides an anonymized list of matching searches, and if law enforcement concludes that any of those results are relevant, Google will identify the users’ IP addresses if prompted by the warrant to do so. DPD’s warrant had gone too far in asking for protected user information right away, and it took another failed warrant 20 days later and two calls with Google’s outside legal counsel before the detectives came up with language the search giant would accept.Finally, the day before Thanksgiving 2020, Sonnendecker received a list of 61 devices and associated IP addresses that had searched for the house in the weeks before the fire. Five of those IP addresses were in Colorado, and three of them had searched for the Truckee Street house multiple times, including for details of its interior. “It was like the heavens opened up,” says Baker.In early December, DPD served another warrant to Google for those five users’ subscriber information, including their names and email addresses. One turned out to be a relative of the Diols; another belonged to a delivery service. But there was one surname they recognized—a name that also appeared on the list of 33 T-Mobile subscribers they’d identified earlier in the investigation as being in the vicinity of the fire. Bui.The phone was registered to Kevin’s sister Tanya—he may have borrowed it after his was stolen. But a quick scan of the social media accounts of the remaining subscribers on the list yielded three suspects: Kevin Bui, Gavin Seymour, and Dillon Siebert. They were teens, they were friends, and they didn’t live anywhere near Green Valley Ranch. They lived in the Lakewood area, 20 miles away. There was no reason for them to be Googling a residential address so far across town.“There was a lot of high-fiving,” recalls Sandoval. But it was too soon to fully celebrate. They now had to build a case strong enough to prosecute minors in a high-profile homicide. “We knew this was going to be a big, big, big fight,” Baker says.On New Year’s Day of 2021, Baker drove by the Bui family’s home and snapped a photo of the 2019 Toyota Camry sitting in the driveway. Another warrant to Google yielded the three teens’ search histories since early July. In the days before the fire, Siebert searched for retailer “Party City.” On Party City’s website, Baker spotted masks similar to those worn by the three perpetrators. The company confirmed that their Lakewood location had sold three such masks hours before the fire. Baker then contacted the shopping complex to get footage from the exterior security cameras that night. He saw that around 6 pm, a 2019 Toyota Camry pulled into the parking lot. “It just snowballed,” says Baker, shaking his head in remembered wonder. “I cannot believe the amount of evidence that we were able to come up with.”Photography: Jimena PeckFrom the teens’ texts and social media, detectives were able to see that the morning after the arson, with the house on Truckee Street still smoldering, Bui and Seymour embarked on a camping trip. A week later, Bui went golfing. A few months after that, Seymour joined the Bui family on vacation in Cancun, where more smiling photos of the two emerged, this time on beaches and boats. The posts enraged the detectives. “Where’s the remorse?” Baker said.Shortly after 7 am on January 27, police arrested Bui, Seymour, and Siebert. Seymour and Siebert refused to talk, but Bui agreed to an interview and promptly confessed. “He’d had six months of just keeping this inside,” said Baker. “He knew that his time had come.”For the next 18 months, the case dragged through the court system. It took a year for a judge to rule that Siebert, 14 at the time of the crime, would be charged as a juvenile, while 16-year-olds Bui and Seymour would be tried as adults. If convicted, they faced life in prison.In June 2022, just when it seemed like the prosecution could finally proceed, Seymour’s lawyers dropped a bombshell. They filed a motion to suppress all evidence arising from the reverse keyword search warrant that DPD had served to Google—the key piece of information that had led detectives to Bui and his friends.Nearly two years had passed since the Diols were killed in their own home. Many of the victims’ family and friends still moved through their days fearfully and lay awake nights, reliving the nightmare. Now, the detectives had to tell them that the case might be thrown out altogether, potentially allowing the three teens to walk free.Seymour’s defense argued that, in asking Google to comb through billions of users’ private search history, investigators had cast an unconstitutional “digital dragnet.” It was, they said, the equivalent of police ransacking every home in America. The Fourth Amendment required police to show probable cause for suspecting an individual before getting a warrant to search their information. In this case, police had no reason to suspect Seymour before seeing the warrant’s results. But the judge sided with law enforcement. He likened the search to looking for a needle in a haystack: “The fact that the haystack may be big, the fact that the haystack may have a lot of misinformation in it doesn’t mean that a targeted search in that haystack somehow implicates overbreadth,” he said.The teens’ fate looked sealed. Then, in January 2023, Seymour’s lawyers announced that the Colorado Supreme Court had agreed to hear their appeal. It would be the first state supreme court in America to address the constitutionality of a keyword warrant. Though the verdict would apply only in Colorado, it would influence law enforcement’s behavior in other states, and potentially the US Department of Justice’s stance on such warrants too.Baker and Sandoval’s investigation had now been dragged into a legal process that could reshape Americans’ right to search and learn online without fear of retribution. “Even a single query can reveal deeply private facts about a person, things they might not share with friends, family, or clergy,” wrote Seymour’s legal team. “‘Psychiatrists in Denver;’ ‘abortion providers near me;’ ‘is my husband gay;’ ‘does God exist;’ ‘bankruptcy;’ ‘herpes treatment’ … Search history is a window into what people wonder about—and it is some of the most private data that exists.”The Colorado Supreme Court heard arguments for the case in May 2023. Seymour’s attorney argued that reverse keyword searches were alarmingly similar to geofence warrants, which courts across the country had begun to question. (In August 2024, a federal circuit court of appeals—considered the most influential courts in the United States after the Supreme Court—ruled geofence warrants “unconstitutional under the Fourth Amendment” for never specifying a particular user.)Denver’s DA, Cathee Hansen—who’d helped detectives craft the warrant in question nearly three years earlier—compared it to querying a bank for suspicious transactions. “You don’t go into each person’s account and scroll through their transaction history to see if it applies to that account,” she said. “You just tap into a database.” Neither search violated any individual’s privacy, she argued.The judges pushed Hansen on the warrant’s applicability to abortion, outlawed in a growing number of states. “I could see warrants coming in from one of those states to Colorado: Who searched for abortion clinics in Colorado?” said Justice Richard Gabriel. “Under your view, there’d be probable cause for that. That’s a big concern.”After a five-month wait that Sandoval remembers as “gut-wrenching,” the court finally ruled in October 2023. In a majority verdict, four judges decided the reverse keyword search warrant was legal—potentially opening the door to wider use in Colorado and beyond. The judges argued that the narrow search parameters and the performance of the search by a computer rather than a human minimized any invasion of privacy. But they also agreed the warrant lacked individualized probable cause—the police had no reason to suspect Seymour before they accessed his search history—rendering it “constitutionally defective.”Because of the ruling’s ambiguity, some agencies remain leery. The ATF’s Denver office says it would only consider using a keyword warrant again if the search terms could be sufficiently narrowed, like in this case: to an address that few would have reason to search and a highly delimited time period. The crime would also have to be serious enough to justify the level of scrutiny that would follow, the ATF says.Not everyone is so cautious. Baker and Sandoval regularly field calls from police across the country asking for a copy of their warrant. Baker himself is considering using it in another case. And a cottage industry of consultants that, until recently, helped police craft tower-dump warrants now trains them to requisition Google. No systemic data is being collected on how often reverse keyword warrants are being used, but Andrew Crocker, surveillance litigation director of digital rights group the Electronic Frontier Foundation says it’s possible that there have been hundreds of examples to date.Meanwhile, another case—in which a keyword-search warrant was used to identify a serial rapist—is now before the Pennsylvania Supreme Court. If the warrant is upheld, as it was in Colorado, their use could accelerate nationwide. “Keyword warrants are dangerous tools tailor-made for political repression,” says Crocker. It’s easy to envision Immigrations and Customs Enforcement requesting a list of everyone who searched “immigration lawyer” in a given area, for instance.By the summer of 2024, all three teens had accepted plea deals: Siebert got 10 years in juvenile detention; Seymour got 40, and Kevin Bui 60, both in adult prison. Bui received the harshest sentence because he’d masterminded the arson. (He was also caught with 92 pills of fentanyl and a couple grams of methamphetamine in his sock while in detention.)To the victims, none of it was enough. Amadou Beye, the husband of Hassan Diol and father of seven-month-old Hawa, addressed Bui directly at his sentencing. “I will never forget or forgive you for what you did to me,” he said. “You took me away from my wife, the most beautiful thing I had. You took me away from my baby that I will never have a chance to see.” A shudder ran through his tall body. Beye had been in Senegal awaiting a visa when his family was killed. His daughter was born in America, and he never got to meet her.Bui remained expressionless throughout the victim impact testimonies, save for a furiously bobbing Adam’s apple. Peach fuzz darkened his now 20-year-old jaw. He wore a green jumpsuit, clear-framed glasses, and white shoes. At the end, he read from a crumpled sheet of yellow ruled paper. “I was an ignorant knucklehead blinded by rage. I’m a failure who threw his life away,” he said. “I have no excuses and nobody to blame but myself.”But when I talked to Bui three months later, he sounded upbeat. “When you go to prison there’s a lifeline,” he told me. Monday through Friday, he took classes on personal growth and emotional intelligence. Aside from that, “I just work out, I chill with some of the guys. We eat together, watch TV, watch sports,” he said. He tried to catch every Denver Broncos and Baltimore Ravens game. Lately, he’d also gotten into Sex and the City.Not once did Bui complain about the lack of privacy in prison or his exile from the outside world, both physical and digital. Prisoners had little internet access, which, for someone of his generation, who’d grown up online, must have been hard. Did he know who he was without his iPhone, his Snapchat and Instagram? Who were any of us really, without our online personas, our memes and TikToks and the access to the entirety of human knowledge afforded by our devices? As Seymour’s lawyers had argued, didn’t our deepest, truest selves reside online, in our searches and browsers?All Bui would say was that he was in a good place now. Then he had to go: He was getting a haircut. Online or not, he still had an image to maintain.Let us know what you think about this article. Submit a letter to the editor at mail@wired.com.

Last week, Epic Games resubmitted Fortnite to the App Store in the United States. This followed a court ruling that stated Apple wasn’t allowed to charge a 27% commission on payments conducted through external payment services on the U.S. App Store. However, when it submitted the new version of Fortnite for app review, Epic Games didn’t hear back for quite some time. Tonight, Epic Games shared a letter that it says it received yesterday from Apple. This follows this mornings announcement that Apple had ‘blocked’ the launch of the new Fortnite update globally, which wasn’t necessarily the case. Instead, Apple simply didn’t want to touch the US version of Fortnite. Epic Games had bundled the two versions together, and Apple had then suggested that Epic Games submit the US and EU versions separately. In the letter shared, Apple stated the following: As you are well aware, Apple has previously denied requests to reinstate the Epic Games developer account, and we have informed you that Apple will not revisit that decision until after the U.S. litigation between the parties concludes. In our view, the same reasoning extends to returning Fortnite to the U.S. storefront of the App Store regardless of which Epic-related entity submits the app. If Epic believes that there is some factual or legal development that warrants further consideration of this position, please let us know in writing. In the meantime, Apple has determined not to take action on the Fortnite app submission until after the Ninth Circuit rules on our pending request for a partial stay of the new injunction. You can read the letter in full here. In short, Apple doesn’t want to take action until everything is fully settled involving the dispute. As a result of this, Epic Games has asked the courts to force Apple to allow Fortnite to relaunch on the U.S. App Store under the new rules. My favorite Apple accessory recommendations: Follow Michael: X/Twitter, Bluesky, Instagram Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

The base model M4 Mac mini is one of the best values in Mac computers, but upgrading the storage to the maximum 2TB significantly reduces that value proposition. That’s because Apple charges an insane $800 for the upgrade, turning the budget $600 computer into a $1400 one. In other words, you can purchase two base model Mac minis for less than the price of a single Mac mini with a 2TB upgrade. But fret not, because Expand Mac mini offers a 2TB upgrade for the M4 Mac mini for just $320 – less than half of what Apple charges. In this hands-on step-by-step video walkthrough, I show you how to upgrade the M4 Mac mini SSD with 2TB of storage. Watch my full video, and be sure to subscribe to 9to5Mac on YouTube for more Mac guides and tutorials. Disclaimer: This only works with the Mac mini with M4 chip. It does not work with the higher-end M4 Pro Mac mini. Things you’ll need: Base M4 Mac mini Expand Mac mini 2TB SSD A second Mac running macOS Sonoma 14 or later for restoring macOS External SSD for Time Machine backup and restore A USB-C to USB-C cable that supports data and charging, not a Thunderbolt cable T3, T5, and T8 Torx drivers Jimmy tool Opening Pick Tweezer (Optional) Spudger (Optional) Expand Mac mini includes a multi-bit screw driver, the necessary bits, and pryer tool, but I much prefer my iFixit Pro Tech Kit, which includes higher quality parts. It’s not a requirement, but if you plan on doing any sort of DIY stuff, this kit is nice to have. Video: Upgrade the M4 Mac mini from 256GB to 2TB Subscribe to 9to5Mac on YouTube for more videos Backup your Mac Before you do anything, be sure to back up your Mac’s current SSD using Time Machine. This will let you easily restore your machine using Migration Assistant once the new SSD is installed and DFU-recovered. Step 1: Connect an external SSD with free space. Time Machine backups require their own volume, so you can create a separate volume via Disk Utility, or just use the entire SSD. I recommend any manner of Samsung SSDs; I use the Samsung T9. Step 2: Open Settings → General → Time Machine and click Add Backup Disk. Step 3: Enter your administrator password. Step 4: Select your external SSD and choose Set Up Disk… Step 5: Make sure Encrypt Backup is selected, and then enter and verify a new encryption password. Apple also requires you to fill out the “hint” field. Click Done to save the changes and the Time Machine backup will start preparing. Step 6: The Time Machine backup will automatically commence after 60 seconds, or you can force it to start by clicking Time Machine in the menu bar and selecting Back Up Now. Step 7: Verify that the backup is completed by visiting Settings → General → Time Machine. Step 8: Eject the Time Machine SSD from your Mac to save for later use. Erase All Content and Settings This is an optional step, but since you’ll no longer be using the SSD that you plan to replace, I recommend deleting the drive before removing. Ensure that you have your data backed up first before proceeding. Step 1: Go to Settings → General → Transfer or Reset and click Erase All Content and Settings. Step 2: Enter your Mac’s administrator password and click Unlock. Step 3: Click Continue on the Time Machine prompt, since you should have already backed up your Mac. Step 4: Click Continue on the Erase All Contents & Settings page. Step 5: If you’re signed in to iCloud, enter your Apple Account password to sign out and disable Activation Lock. Click Continue. Step 6: Click Erase All Content & Settings. The SSD will be erased, and the Mac will reboot. Install the new SSD Step 1: Shut down your M4 Mac mini and remove all cables. Step 2: Rest the Mac mini face down on a flat, soft surface to avoid marring the aluminum case. Step 3: Carefully insert the Jimmy tool between the gap where the aluminum chassis meets the plastic, black bottom cover, and pry the cover to create a gap between the two. Step 4: Insert a plastic opening pick and remove the Jimmy tool. Step 5: Slide the opening pick around the cover until it encounters each of the four clips that secure the cover to the chassis. Twist the opening pick slightly to pop out each clip. Take special care when sliding around the power button to avoid severing the power button cable. Step 6: Lift the edge of the cover that’s on the opposite corner of the power button, and flip it over to reveal the underside of the back cover. Rest something under the bottom cover so that you can access the inner plate screws without putting strain on the power button cable. Step 7: Remove all eight of the inner plate screws using a T5 Torx driver. All of the screws for the inner plate are the same, so don’t worry about remembering where each screw was. Step 8: Slide the inner plate down and away from the heat sink to loosen it. Be careful, because there is a ribbon cable that connects to the inner plate. Flip the back cover back on top of the inner plate, and then rest both the inner plate and back cover on the side of the Mac mini without putting stress on the ribbon cable. Step 9: Using the T3 Torx driver, remove the four fan screws. There are two short screws on the top, and two longer screws on the bottom. Step 11: Lift the fan and flip it over to expose the ribbon cable connection, and rest it on the edge of the Mac mini chassis without putting strain on the ribbon cable. Step 12: Remove the screw securing the SSD with the T8 Torx driver, and remove the SSD from its socket. Step 13: Insert the 2TB SSD into the socket securely, and secure it using the T8 screw. Step 14: Reinstall the fan, and put the inner plate and back cover back on without securing them down. Before securing the inner plate and back cover, it’s a good idea to test the install to make sure it was successful. DFU Restore Step 1: With the USB-C to USB-C cable, connect to the middle Thunderbolt port on the rear of the M4 Mac mini. This port is designated for DFU restores via macOS. Step 2: Plug the other end of the USB-C cable into a Mac running macOS Sonoma or later. Step 3: Hold the power button on the upgraded Mac mini, and while continuing to hold the power button, plug in the power cable. Step 4: Continue holding the power button until the Mac you’re using to perform the restore recognizes the connected Mac in DFU mode via Finder. You should also notice a flashing orange light on the front of the upgraded Mac mini. If macOS first shows an alert asking you to allow the accessory to connect, release the power button and click Allow. Step 5: Click the Restore Mac button on the Mac DFU Mode Finder window. Step 6: You’ll see a pop up warning you that your Mac will be reset to factory settings. Click Restore and Update. Step 7: macOS will download the necessary software, and then perform the restore. This works similarly to restoring an iPhone via a Mac. Depending on your Internet speed, it could take a while to download the restore file. The restore process is also somewhat lengthy, so be patient. Step 8: Once restored, the upgraded Mac mini’s status light should now be white, and you’ll see a message in macOS on the machine you used to perform the restore stating that the Mac has been restored to factory settings. Click OK. Migrate the Time Machine backup data Step 1: Disconnect your upgraded Mac mini from the other Mac, and connect the upgraded Mac mini to a monitor, keyboard, and mouse. Step 2: Power on the Mac mini, and connect the Time Machine backup drive to one of the USB-C ports. Step 3: Proceed through the initial macOS Setup process until you reach the Transfer Your Data to This Mac page. Select From a Mac, Time Machine, or startup disk, and click Continue. Step 4: Click Not Now on the Accessibility page, and Continue on the Data & Privacy page. Step 5: On the Transfer information to this Mac page, select your external drive, and click Continue. Step 6: If you set the Time Machine backup with encryption, enter the encryption password, and click Unlock. Step 7: Select the Time Machine icon, and click Continue. Step 8: Select your specific Time Machine backup and click Continue. Step 9: On the Transfer Your Information page, ensure that everything you want restored is checked and click Continue. Step 10: Create a new password for the user associated with the Time Machine backup, and click Set Password and then click Continue. macOS will now transfer your information from the Time Machine backup to your upgraded Mac mini’s SSD. This may take a while depending on how large the backup is. Step 11: On the Migration Complete page, click Restart Now to finish the migration. Step 12: Click Done when prompted, and macOS should display the initial Hello screen to finish the remainder of the initial setup. This includes logging back in to iCloud, setting up Disk Encryption, Touch ID, etc. Test out your Mac to make sure everything works, and verify the 2TB SSD upgrade via Finder and/or Disk Utility. Finish Mac mini reassembly If the install went as planned, you may now reassemble the Mac mini’s inner plate and back cover. Use the eight T5 Torx screws to secure the inner plate, and align the clips on the bottom cover to the holes on the inner plate and press down to lock the bottom plate back into place. Congratulations, you just saved hundreds of dollars on a 2TB SSD upgrade! 9to5Mac’s Take The nice thing about this install is that it’s totally non-destructive and can easily be reverted. It also requires no cable removals, or anything else weird. The install requires removing just 13 screws, and can be done in a matter of minutes. I wanted to challenge myself, and I was able to open the Mac mini and perform the install in 5 minutes. It’s the Time Machine backup, DFU restore, and migration that takes up the majority of the time, as the actual hardware install is cake as long as you have the needed tools. 256 GB SSD Speed Test 2TB SSD Speed Test When comparing the two drives, the performance of the upgraded 2TB SSD is predictably faster when it comes to write speeds. But I’m curious to see how the drive holds up over the long term. Are Apple’s drives that much better from a reliability standpoint that it warrants a $500 price difference, or are these drives largely the same, with Apple making insane margins for each upgrade sold? Time will tell, but I’ll be sure to report back with more info once I’ve been able to put the machine through the wringer for a few months. Would you consider this upgrade for your M4 Mac mini? Why or why not? Sound off down below with your thoughts. Add 9to5Mac to your Google News feed.  FTC: We use income earning auto affiliate links. More.You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Well, we’ve reached the end of the road. Andor’s second and final season brought us 12 episodes of (mostly) exceptional Star Wars drama released in three-episode chunks, a format which served the structure of the show brilliantly, with each chunk representing one year in the four years leading up to Rogue One, but also meant that we didn’t get to savor the show for nearly as long.Suggested ReadingFallout Season 2 Teaser Confirms Lucy and Ghoul are Heading to New Vegas Share SubtitlesOffEnglishview videoSuggested ReadingFallout Season 2 Teaser Confirms Lucy and Ghoul are Heading to New Vegas Share SubtitlesOffEnglishEach week, we’ve gathered to discuss our reactions to the show’s latest episodes (you can find last week’s conversation here), and now, we do so for the last time. Join us as we say goodbye to this extraordinary series. Ethan Gach: I’m in camp Kleya, who called her arrival on Yavin in the final stretch of Andor “a bitter ending,” but perhaps somewhat more consoled than she was by Cassian reassurance that “nothing’s ending.”The final three episodes of season 2 were always going to be somewhat disappointing and bittersweet since we knew the show was ending and in some cases we knew where it would need to funnel people to set up Rogue One, but the final chapter still managed a surprising amount of high-stakes tension and unexpected backstory. How would you both rate the final episodes and what are you feeling now that the journey’s over?Carolyn Petit: I thought episode 10, with its look at how Luthen and Kleya formed their bond and her undertaking the terrible task of doing what needed to be done, was outstanding. (It also gave us an alien who instantly became one of my favorite Star Wars creatures ever!) Episodes 11 and 12 weren’t peak Andor, but I have to admit that the final slow-motion montage sequence really worked for me, and they had a political dimension I found somewhat surprising that I’ll discuss a bit more later.Zack Zwiezen: I was worried that the final episode would run out of steam as Tony Gilroy and co literally ran out of space for storytelling and had to slam the brakes to set up Rogue One. And while I enjoyed the montage slow-walk, I wonder if that works if you haven’t seen Rogue One. But overall, the final three episodes are really good. And I think the Kleya-Luthen focused episode is one of my favorite Andor episodes ever. I’m so happy she got a big spotlight before the end.CP: Me, too. That episode also helped cement, I think, that the show recognizes how necessary all of Luthen’s efforts were, even if those fussy ineffectual bureaucrats on Yavin don’t. This is an issue I’ve long had with how Star Wars has at times sanded away its own political dimensions in my view, something that Andor not only seeks to undo but takes farther than ever before. In truth, the act of blowing up the Death Star in the first film, that act which people cheered for in theaters in 1977 and that Star Wars fans for decades since have loved and admired, would, in universe, be considered an act of terrorism. That’s what the Empire would call it. That’s what governments do: they present their own violence as “legitimate” or “necessary” and the violence of those rebelling against them as “terrorism.” But there were times in Star Wars history where I felt like the people at the reins of the franchise wanted to send a message that you shouldn’t be “too extreme” in your resistance, don’t be a Saw Gerrera, do it through “proper channels.” And so I loved that Andor gave us that scene with Bail and some other politicians all kind of hemming and hawing over Luthen while the show, I think, was emphatically telling all of us, “Luthen was right. Maybe not every single little decision he made was right, but his ethos was fundamentally right and without someone like him, none of this would have been here.” And I loved it for that.ZZ: I think, and they talk about this in the behind the scenes, it’s very important that Luthen’s fight against the empire was really because Kleya wanted revenge.CP: Right. She’s the humanity that he’s fighting for. She’s what radicalizes him.ZZ: If he hadn’t found her and saved her, Luthen likely doesn’t become the rebel we know in Andor. And it also adds a new layer of complexity to their relationship. He was part of the army that brutalized her people. So she still has some lingering hatred for him. And yet she does care about him. And in that moment when she sneaks into the hospital to finish the job, you can feel that.EG: I think that scene with the Rebel Alliance leaders also helps show the Senate mentality creeping back in as the insurgency professionalizes itself.It’s easy to see why even after defeating the Empire in key battles it might struggle to rebuild or retain power, issues explored in Ahsoka and The Mandalorian. These last few episodes help situate Cassian between the uncompromising logic of Luthen’s spycraft and the “no one left behind” mentality of the Rebellion. Luthen’s final sacrifice is to die, and Cassian’s is to go back and risk everything just to save someone.ZZ: We should rewind a bit and talk about that moment between Luthen and Dedra. Or even further actually, and pour one out for Lonni, who I knew was dead the moment he sat down at that bench.CP: Yeah. When he mentioned his wife and kid, for a moment I thought mayyyyyyyybe Luthen would be like “You know what? I owe this guy.” But alas, no.ZZ: I also loved that line Luthen gave Klaya before the meeting: “I think we used up all the perfect.” CP: So good.LucasfilmZZ: And then we get Dedra Meero walking into Luthen’s shop as he’s destroying evidence. My wife literally gasped “OH SHIT!” at seeing Dedra at the door.EG: Only two artifacts may not be what they seem!CP: In a show that so often demands that characters put on a performance to blend into their surroundings, it was great seeing those two feel each other out and Luthen pretend for a bit that she was maybe not there to arrest him. But then, of course, he tries to kill himself, and you see that he was thinking a few steps ahead when he picked up the knife, though he made it seem like it was just part of their friendly dealings.ZZ: When he picked up the knife I was so distracted by him mentioning it being a Nautolan artifact (Kit Fisto’s species) that I didn’t realize why he picked a knife.CP: Hahaha, the perils of having a database of Star Wars knowledge in your brain!ZZ: And then after he’s taken to the hospital, we get that wonderful sequence with Klaya sneaking in and taking him off life support. Anybody else want a Hitman-like Star Wars game now?CP: If that alien Kleya pushes around as she’s pretending to be hospital personnel is in it, absolutely! But yes, that was a great infiltration sequence, both thrilling and kind of excruciating because we knew what she was going there to do.EG: It included some of the best Coruscant backdrops we’ve ever gotten, I think.CP: One other moment from that episode that I can’t stop thinking about was the flashback scene in which we see Imperial officers drag some civilians through town, put them up against a wall, and kill them. It was another gut-wrenching reminder of the Empire’s evil and another moment that felt weirdly resonant as more and more people are being arrested by agents who often won’t even show warrants or identification in the streets of our towns.ZZ: On the flipside of that horrible moment that made me feel a pit in my stomach, we have Dedra getting arrested for being reckless and not following orders by chasing after Luthen long after she was supposed to be off the Axis investigation. I have to admit I smiled when I realized it was all over for her.CP: Man, I don’t know. I mean I absolutely hate her, don’t get me wrong, and yet that final shot of her, where we see that she’s in a prison very much like the one Cassian was in last season (if not the same one) was complicated for me. Like, I think that kind of incarceration is just wrong in and of itself and so it elicited this weird moment of something like sympathy for her, which in no way means I forgive her for what she’s done. It’s just one of those reminders that it’s ultimately a systemic evil that will sometimes grind up the people operating inside of it and supporting it as much as those being actively persecuted.The leopards ate her face, in other words.ZZ: Space leopards.But I agree, yes, that the Empire is evil and the way it operates (like many real-world countries) is to crush people up to fuel the fires of growth and war. And I think it was very arrogant of her to believe she would be spared. Or maybe she truly bought into the lies that the Empire was good and doing the right thing? Surely, she won’t end up in some horrible place and left to rot forever.CP: Yep.ZZ: Meanwhile, her boss, after all of these failures and letting the info on the Death Star slip out, realizes what’s coming for him and knows he doesn’t want to be ripped apart by the machine he helped create. And takes an easier way out. CP: That was the first and only indication we ever got that Nemik’s manifesto is actually spreading around, right, that people are listening to it? That was a cool moment, I thought, where at first we think it’s non-diegetic, just the writers and filmmakers reminding us one last time of Nemik’s stirring words, but then we see, oh, no, Partagaz was actually listening to it, the fire is spreading. It’s out there.EG: I loved the scene right outside when the gun shot goes off.CP: Yeah, so clear that the guy knew Partagaz wasn’t just taking a moment to “collect his thoughts,” he knew exactly what was coming.ZZ: The slight “stand down” gesture to the troopers.EG: I appreciate the minor moments of humanity Andor evokes even between the worst people.CP: Yeah, they’re essential IMO.ZZ: It makes them more evil. They are human beings. People with feelings and thoughts. And yet they still do this shit.EG: Something also given to Krennic when he and Partagaz wish each other luck at facing Palpatine’s wrath. Unlike the more buffoonish bad guy energy he gives off in Rogue One.ZZ: Also, very fun to see a character call out the Death Star name. Partagaz thinks its dumb. It’s just one of those reminders that [the Empire is] ultimately a systemic evil that will sometimes grind up the people operating inside of it and supporting it as much as those being actively persecuted.ZZ: I’m so happy to see K-2SO back!CP: Yes. Not unlike C-3P0 he can be so exasperating at times (in an endearing and funny way), but when he goes full Terminator on Empire goons, man it feels good.For me, the whole tone of the scene with Andor and Melshi in the safehouse with Kleya and the communications jammed changed from “Oh shit, oh shit, get outta there!” to “LMAO y’all are about to get owned” as soon as K-2SO left the ship to go in for them, and it was glorious.ZZ: Yeah. The moment K-2SO shows up, it’s basically over for those imperial assholes and I loved it so much. I also like that the show uses its limited time with K-2SO to really develop a relationship between him and Cassian. They seem like buds!The part where they are playing space poker or whatever was great. Gilroy mentioned that after Bix leaves the place becomes a frat house, with Melshi moving in and them all drinking and partying between missions.CP: Ah, that totally makes sense!ZZ: I wonder if Andor is trying to drink away some pain and fill his life with friends to deal with losing Bix? That’s my read. He needs some buds and suds.CP: Definitely. There’s a part of me that still feels like Andor, the title character, could have maybe used a little bit more character development in this show, that with all of its moving pieces his own journey, both ideologically and as a person, maybe got a smidge sidelined. But I do like that we see him dreaming about his sister, since finding her was the big obsession driving him in the early episodes of season one. Now, I feel like he’s accepted that she’s gone but still the idea of her, his depth of feeling for her and the pain of losing her is part of what drives him to create a better world, not entirely unlike Luthen being driven by his love for Kleya. And speaking of love and the things that drive us, how did y’all feel about that final-final image of the show?ZZ: I loved it! To me it worked perfectly with a theme in Andor: hope.EG: “There is another.” lmao.CP: Right, to me it did in part feel like a nod to Star Wars’ obsession with dynasties and legacies, like we have to believe that, though Andor himself dies, what he stands for will live on not just as an idea but because he literally has a child. And yet, I still kinda liked it. We didn’t get a lightsaber but we did get a continued bloodline!ZZ: I think the show needed some hope at the end.EG: I think it was very thematically appropriate, even if I’m torn on the merits of mixing insurgency and family. It’s a division that feels a bit too tidy.ZZ: I think it did provide more reason for Bix leaving like she did. She was pregnant. She wanted to give her child a peaceful life and knew Andor would follow her if he knew. And in her mind, she’s thinking that they’ll get back together one day after the Empire has fallen. It’s both a very tragic final scene and also this reminder that there is more. This isn’t an ending.Screenshot: Lucasfilm / KotakuCP: Vel even tells him not to wait too long to reconnect, and we already know he never gets the chance! Really loved that those two, Cassian and Vel, got a moment here, too, and got to acknowledge all those they’ve lost along the way. But yes, you’re right, it was a lovely mix of deeply sad and hopeful, that final image. Luthen, Cassian, Saw, and so many others know they’re fighting for a world they themselves will likely not live to see. But that kid might.ZZ: And before we leave, I did like that we got one more tiny moment with Mon’s husbasndHe seems to be with the mother of the boy his daughter married? It was very fast. Couldn’t tell. But him just getting drunk in a limo on Coruscant, presumably throwing his wife under the bus and pledging loyalty to the Empire, seemed like all we needed to know about what happened to him.CP: Exactly. He is who we knew he was and his sad empty privileged life is his reward for it.I’d be curious to know how that final montage plays for folks who haven’t seen Rogue One. It really worked for me, seeing Cassian all dressed up for his fateful mission, the cuts to Dedra and other characters, and all around him, the Rebel base on Yavin, active and buzzing, about to change the galaxy, and now we know it’s all because of the efforts of so many people but among them, one Luthen Rael, an unsung hero of Star Wars. Are either of you planning on rewatching Rogue One any time soon?ZZ: I wanted to hold off until after this VG chat so I came into this without the weight of Rogue One on my mind. I plan on watching it this weekend! EG: I will say, as a parting thought, I don’t know that I needed the show to try and line up so neatly with Rogue One, perhaps the worst part of which is that silly blueprint handoff that directly leads into A New Hope. I do think some of the broader thrust of Andor and the unease and disquiet within its characters ended up being subsumed a little to neatly by the end of episode 12.CP: Oh, I agree. At a certain point in the final episode you really feel the show shift into “Okay, let’s get all the pieces in place for Rogue One” mode.ZZ: Yeah. It reminds me of the ending of Star Wars Episode III, where George Lucas sets up all the pieces for A New Hope and it feels less like an actual ending and more like a checkpoint.CP: And I think heading right from Andor into Rogue One will be quite jarring because—sorry Rogue One!—your dialogue is just not on the same level!ZZ: Nope! And what happened to Bail Organa! Did he get a haircut?CP: Hahaha.ZZ: But really, if that’s my biggest complaint about Andor—that its ending isn’t as strong as it could have been because of Rogue One—I’m still really happy.I’m not sure we’ll ever get a show like this again, or at least not for a long time. Real sets. Lots of actors. Incredible writing. Big budgets. Set in a large franchise. All this freedom. Even Gilroy has stated he’s not sure if this kind of thing will ever happen again.CP: It was glorious, and while I really hope we see more like it, I’ll try to just be grateful for the miracle that we ever got it at all. Now I just need Disney to put it on Blu-ray so I have it on physical media and it’s not trapped on a streaming service forever!ZZ: Rebellions and physical libraries of movies we love are built on hope. .

Microsoft has issued fixes for a total of five new zero-day vulnerabilities out of a grand total of just over 70 addressable common vulnerabilities and exposures (CVEs) on the fifth Patch Tuesday of 2025 – over 80 when third-party issues are accounted for. In numerical order, this month’s zero days are as follows: CVE-2025-30400, an elevation of privilege (EoP) vulnerability in Microsoft DWM Core Library; CVE-2025-30397, a memory corruption leading to remote code execution (RCE) vulnerability in Scripting Engine; CVE-2025-32701, an EoP vulnerability in Windows Common Log File System Driver (CLFS); CVE-2025-32706, a second EoP flaw in CLFS; CVE-2025-32709, an EoP issue in Windows Ancillary Function Driver for WinSock (AFD.sys). All five of these CVEs are listed by Microsoft as being exploited in the wild, but have not yet been made public. They are all rated as being of Important severity, and all save the Scripting Engine flaw carry CVSS ratings of 7.8. Mike Walters, president and co-founder of patch management specialist Action1, said that the two CLFS issues stood out as particularly dangerous given its importance in computing – the CLFS is a critical component that providers logging services to user- and kernel-mode applications, and is widely used by various system services and third-party applications. “Attackers exploiting these vulnerabilities can escalate privileges to system level, granting them full control to run arbitrary code, install malware, modify data, or disable security protections,” said Walters. “With low complexity and minimal privileges needed, these flaws pose a serious risk, especially given the confirmed in-the-wild exploitation [and] while no public exploit code is currently available, the presence of active attacks suggests that targeted campaigns, potentially involving advanced persistent threats (APTs), are already underway. “Organisations should prioritise immediate assessment and remediation of these vulnerabilities to prevent potential compromise. Any organisation running Windows systems – across enterprise, government, education, or consumer sectors – could be exposed. Given Windows’ global footprint, millions of devices are likely at risk,” said Walters. CVE-2025-30400 in DWM Core Library should also be high on security admins’ patching lists, observed Kev Breen, senior director of threat research at Immersive. He explained: “If exploited, it would allow attackers to gain system-level permission on the affected host. With this level of privilege, attackers would be able to gain full control over the host, including any security tools and user accounts, potentially allowing for domain-level access to be compromised. “This CVE is marked as ‘Exploitation Detected’ by the Microsoft team, meaning patches should be applied immediately as threat groups, including ransomware affiliates, will be quick to leverage this once more details become public.” Breen added that once this happens, cyber teams and threat hunters should work quickly to review their systems for indicators of compromise (IoCs) to ensure that they haven’t been hit in the window between the point at which threat actors began at-scale exploitation, and the patch was released. Breen’s colleague, cyber threat intelligence researcher Ben Hopkins, ran the rule over the remaining exploited zero-days, CVE-20205-30397 in Scripting Engine and CVE-2025-32709 in AFD.sys “A scripting engine memory corruption vulnerability occurs when the Microsoft scripting engine mishandles objects in memory, in this case leading to an elevation of privilege being performed by an attacker,” he explained. “This specific vulnerability exists … involves access to a resource using (‘type confusion’) which allows attackers to execute code over a network. Type confusion in this context occurs when a program mistakenly treats a piece of data as a different type than it actually is, which leads to undefined and unpredictable behaviour, allowing the attacker to execute arbitrary code and elevate their privileges,” said Hopkins For the layperson, this means that having attained system-level privileges, a threat actor could easily access sensitive data and look for opportunities to pivot to other, more valuable parts of the victim’s network. Turning to the issue affecting AFD.sys, a core Windows kernel-mode driver that supports network socket operations by bridging from WinSock (Windows Sockets API) in user space, and lower-level network drivers in the kernel, Hopkins explained that an unauthorized attacker could exploit a condition in which memory that has been deallocated can still be accessed to inject controlled data into memory and influence how the program behaves, ultimately granting them the ability to elevate their privileges. In both cases, what this means is that having attained system-level privileges, a threat actor could easily access sensitive data and look for opportunities to pivot to other, more valuable parts of the victim’s network. Two additional zero-days have been publicly-disclosed today (13 May) but have not yet been reported as coming under attack at the time of writing. These are CVE-2025-26685, a spoofing vulnerability in Microsoft Defender for Identity, and CVE-2025-32702, an RCE vulnerability in Visual Studio. Both of these are rated of Important severity, carrying CVSS scores of 6.5 and 7.8 respectively. Finally, the May update brings a total of 11 critical flaws affecting Azure Automation, Azure DevOps, Azure Storage Resource, Microsoft Dataverse, Microsoft msagsfeedback.zurewebsites.net, Microsoft Office, Microsoft Power Apps, Microsoft Virtual Machine Bus and Remote Desktop Client (RDP). In their impact, these issues run the gamut from EoP to spoofing to information disclosure, and six of them lead to RCE, said Microsoft. Of the critical issues, Walters’ co-CEO and co-founder at Action1, Alex Vovk, told Computer Weekly that the two RDP flaws stood out in particular. These are tracked as CVE-2025-29966 and CVE-2025-29967. “Both vulnerabilities pose critical risks, including remote code execution, full system compromise, and data breaches,” remarked Vovk. “Given the broad adoption of remote desktop services, many organizations are potentially exposed. CVE-2025-29966 and CVE-2025-29967 underscore the urgent need to secure both client and server components in remote access environments.” Read more about Patch Tuesday April 2025: Microsoft is correcting 124 vulnerabilities in its March Patch Tuesday, one of which is being actively exploited in the wild, and 11 of which are ‘critical’. March 2025: The third Patch Tuesday of 2025 brought fixes for 57 flaws and a hefty number of zero-days. February 2025: Microsoft corrected 57 vulnerabilities, two of which are being actively exploited in the wild, and three of which are ‘critical’. January 2025: The largest Patch Tuesday of the 2020s so far brings fixes for more than 150 CVEs ranging widely in their scope and severity – including eight zero-day flaws. December 2024: Microsoft has fixed over 70 CVEs in its final Patch Tuesday update of the year, and defenders should prioritise a zero-day in the Common Log File System Driver, and another impactful flaw in the Lightweight Directory Access Protocol. November 2024: High-profile vulns in NTLM, Windows Task Scheduler, Active Directory Certificate Services and Microsoft Exchange Server should be prioritised from November’s Patch Tuesday update. October 2024: Stand-out vulnerabilities in Microsoft’s latest Patch Tuesday drop include problems in Microsoft Management Console and the Windows MSHTML Platform. September 2024: Four critical remote code execution bugs in Windows and three critical elevated privileges vulnerabilities will keep admins busy. August 2024: Microsoft patches six actively exploited zero-days among over 100 issues during its regular monthly update. July 2024: Microsoft has fixed almost 140 vulnerabilities in its latest monthly update, with a Hyper-V zero-day singled out for urgent attention. June 2024: An RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address in Microsoft’s latest Patch Tuesday update. May 2024: A critical SharePoint vulnerability warrants attention this month, but it is another flaw that seems to be linked to the infamous Qakbot malware that is drawing attention.

Federal agencies scrambled to bring back over $220 million worth of contracts after Elon Musk's so-called Department of Government Efficiency cancelled them, .However, of those 44 contracts that were cancelled and eventually reinstated, DOGE is still citing all but one of them as examples of the government spending the group supposedly saved on its website's error-plagued "Wall of Receipts." The White House told the NYT that this is "paperwork lag" that will be fixed.Clerical errors or not, the "zombie contracts" are a damning sign of the chaos sowed by the billionaire's hasty and sweeping cost-cutting that would seem antithetical to its stated goals of efficiency."They should have used a scalpel," Rachel Dinkes of the Knowledge Alliance, an association of education companies that includes one that lost a contract, told the NYT. "But instead they went in with an axe and chopped it all down." Musk brought the Silicon Valley ethos of "move fast and break things" he uses at his business ventures, like SpaceX, to his cleaning house of the federal government. And this, it seems, resulted in a lot of wasted time and effort.Some of the contracts DOGE cancelled were required by law, according to the NYT, and some were for skills that the government needed but didn't have. The whiplash was most felt at the Department of Veterans Affairs, which reversed 16 cancelled contracts — the highest of any agency in the NYT's analysis.Many of the contracts that DOGE cancelled were reinstated almost immediately. The Environmental Protection Agency, for example, revived a contract just two and a half hours after Musk's team cancelled it, the paper found. Others were brought back within days.After losing a contract with the US Department of Agriculture in February, Raquel Romero and her husband gained it back four days later. The USDA told the NYT that it reinstated the contract after discovering that it was "required by statute," but declined to specify which one. Romero believes that a senior lawyer at the agency, who was a supporter of the couple's work, intervened on their behalf."All I know is, she retired two weeks later," Romero told the NYT.The waste doesn't end there. Since the contracts are necessary, it puts the fired contractors in a stronger bargaining position when the government comes crawling back. In the case of the EPA contract, the agency agreed to pay $171,000 more than before the cancellation. In other words, these cuts are costing, not saving, the government money.A White House spokesperson, however, tried to spin the flurry of reversals as a positive sign that the agencies are complying with Musk's chaotic directions, while also playing down the misleading savings claims on DOGE's website."The DOGE Wall of Receipts provides the latest and most accurate information following a thorough assessment, which takes time," White House spokesman Harrison Fields told the NYT. "Updates to the DOGE savings page will continue to be made promptly, and departments and agencies will keep highlighting the massive savings DOGE is achieving."Harrison also called the over $220 million of zombie contracts "very, very small potatoes" compared to the supposed $165 billion Musk has saved American taxpayers.If this latest analysis is any indication, however, that multibillion-dollar sum warrants significant skepticism. We're only beginning to see a glimmer of the true fallout from Musk tornadoing through the federal government.Share This Article