ZDNet reports that Apple disputes the seriousness of the vulnerabilities ZecOps claimed it discovered being exploited in the wild. It's the exploitation in the wild that Apple takes particular exception to: Cupertino says it found no indications that the zero days (which will be fixed in the next iOS release) pose any real threat to users. Some researchers believe that ZecOps may have observed malformed emails, and not malicious exploitation of iOS bugs. ZecOps says it intends to release more information on its discovery. In the meantime, Naked Security suggests that whatever else the bugs might be, they don't seem to be directly exploitable, and so any risk is probably low.
A researcher associated with the Johns Hopkins University’s School of Advanced International Studies reports finding a hitherto unremarked campaign, "Nazar" that used tools the ShadowBrokers are believed to have obtained from the US National Security Agency and then leaked to threat actors.
The US National Security Agency and the Australian Signals Directorate have issued joint guidance on detecting and preventing web shell malware.
Joker's Stash is back. The carding souk is offering a fresh batch of stolen paycard data. The goods this time are mostly cards stolen from US and South Korean users, BankInfo Security says.
Nintendo has confirmed that hackers gained access to about 160,000 player accounts, according to ZDNet. The attackers are thought to have abused a legacy login system, Nintendo Network ID (NNID), that remains in use to manage old Wii U or Nintendo 3DS accounts.