It came to light yesterday that the US National Security Agency suffered a significant intrusion by a Russian intelligence service (thought to be the FSB) in 2015. Sensitive material concerning both offensive and defensive tools and techniques is said to have been exfiltrated from a contractor's computer (where they probably shouldn't have been in the first place).
The contractor's device was secured by Kaspersky software, and reports say that the hackers used the Kaspersky security tools as, effectively, reconnaissance to identify the material they eventually stole. Kaspersky Lab denies any complicity in the incident. Observers are divided as to whether Kaspersky cooperated with Russian intelligence services or simply had their software compromised, but there's general agreement that whatever the outcome of investigation is, it's bad news for Kaspersky.
NSA discovered the compromise in the spring of 2106, a few weeks before the ShadowBrokers began to dump what they have claimed were Equation Group hacking tools. Observers are looking into possible connections, but so far the story is still developing, and none have come to light.
The incident has brought fresh criticism to both NSA and its use of contractors.
Forbes reports that, in addition to its problem with inadvertently exposed data, Deloitte also had some employees successfully catphished by Iranian operators using a bogus Facebook page.
Apple yesterday issued an emergency patch for MacOS that closes a serious Keychain vulnerability.
German authorities have dropped their post-Snowden investigation of alleged GCHQ and NSA surveillance of German targets (including Chancellor Merkel's phone).