MMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMMM

INGAPORE – A man sought out young girls he found attractive on social media and took them to staircase landings to touch them intimately, despite objections from the girls. The man began his offending in 2022, when he was about 19 years old, targeting girls aged between 12 and 14. On Oct 17, he was sentenced to one year and six months’ jail after pleading guilty to two counts of sexual exploitation of a child or young person.   There is a gag order in place to protect the identity of his victims. The court heard that the man, 22, messaged his first victim via social media platform TikTok some time in 2022. He introduced himself and said he reached out to her because he found her “cute”. She was then between 12 and 13 years old.   The pair then began chatting over Instagram and WhatsApp, and entered into a relationship shortly after.   The man admitted to engaging in obscene acts with the girl on up to 10 occasions until he stopped communicating with her towards the end of December 2022. Around two years later in April 2024, the man contacted the girl again, now 14, and suggested meeting up that same month.   When the pair met near her flat, she agreed to rekindle their relationship. While she was sitting on his lap, he started to touch her private parts. Uncomfortable with his behaviour, she asked him to stop, but he ignored her and continued to touch her inappropriately. Despite her objections, he continued until she eventually gave in as he refused to stop. This happened again the next day, after the man asked to meet her again near her flat. On April 29, 2024, he met her at her secondary school and walked her home. Her sister saw him as the girl went into her flat to change out of her school uniform. After changing, the pair went to the staircase landing on the top floor of a nearby block, where the man instructed her to sit on his lap. He then touched her private parts again. He continued to touch her, even as she pleaded with him to stop. Eventually, she made up an excuse to go to a nearby fast-food restaurant, as she knew he would stop touching her there. Around that time, the girl’s sister told their mother she had seen the girl going out with a male friend who seemed much older than them. When confronted by her mother, the girl revealed everything that had happened. Her mother then took her to lodge a police report on May 1, 2024. The man admitted to deleting his online conversations with the girl a day later, on May 2, 2024. Separately, the man employed the same tactic, using TikTok to reach out to another girl, 14, and started to chat with her on Instagram and WhatsApp some time in March 2022. During their conversations, he persistently asked to meet her and asked her to send him photographs of her breasts. After the pair met on May 29, 2022, at a staircase landing of a flat, he instructed her to sit on his lap. After she complied, he got her to remove some of her clothes. He then exposed himself and rubbed himself against her. He warned her that if she tried to stop him, he would rape her. He asked her if she wanted to have penetrative sex with him several times, which she declined. He went on to say that even if she wanted to leave, it would not be possible since she was physically smaller than him. When the girl returned home, she told her parents about the incident after they asked about her whereabouts. They took her to a hospital for a check-up on May 30, 2022, and the hospital lodged a police report thereafter.

A Chinese state-backed cybergang known as Flax Typhoon spent more than a year burrowing inside an ArcGIS server, quietly turning the trusted mapping software into a covert backdoor. Researchers at ReliaQuest say that the espionage outfit, which Microsoft tracks as a China-based state-sponsored actor, modified a legitimate ArcGIS server object extension (SOE) to act as a web shell, giving them long-term, near-invisible access. By exploiting ArcGIS’ extensibility features while avoiding traditional, signature-based malware, Flax Typhoon embedded itself so deeply that even restoring systems from backups simply reinstalled the implant. Security nightmare stories needed! Boss get the company hacked because he taped passwords to his monitor? Coworker get phished by a Nigerian prince? Share the dirty details and they might appear in a future edition of PWNED, our new weekly feature about the worst security breaches that never should have happened. Drop us a line at [email protected]. Your anonymity is guaranteed. ArcGIS is widely used in geospatial analytics, infrastructure planning, environmental monitoring, and more, so compromising it carries a serious risk. What makes this attack elegant, for the attackers at least, is that it used legitimate internal features of the software to hide in plain sight. The SOE component was modified to accept base64-encoded commands passed through REST API parameters, and the attackers secured their access with a hardcoded secret key, ensuring that only they could communicate with it. Flax Typhoon leveraged valid credentials – reportedly a portal administrator account – to deploy the malicious extension. That allowed them to mask their activity as routine system operations, slipping under many defenders’ radar. When victim organizations attempted to recover by restoring from backups, they were effectively re-infecting themselves because the malicious SOE was baked into those backups. “By ensuring the compromised component was included in system backups, they turned the organization's own recovery plan into a guaranteed method of reinfection,” ReliaQuest said. “This tactic turns a safety net into a liability, meaning incident response teams must now treat backups not as failsafe, but as a potential vector for reinfection.” FBI cyber cop: Salt Typhoon pwned 'nearly every American' Salt Typhoon used dozens of domains, going back five years. Did you visit one? Typhoon-adjacent Chinese crew broke into Taiwanese web host Typhoon-like gang slinging TLS certificate 'signed' by the Los Angeles Police Department Once inside, the attackers used the malicious ArcGIS extension to maintain access and issue remote commands. ReliaQuest says that this allowed Flax Typhoon to perform typical post-compromise activity, including running commands, uploading and downloading files, and maintaining persistence – all while avoiding known, signature-based malware. This is consistent with Flax Typhoon’s modus operandi, as observed by Microsoft earlier, which relies heavily on “living off the land” techniques, valid tools, and minimal custom malware to sustain stealthy persistence. It also highlights how attacker sophistication increasingly lies less in weaponization and more in subverting trust – turning the target’s own system into the attack vector. This episode echoes other documented Flax Typhoon operations. In September 2024, the FBI publicly exposed a botnet run by the group and accused Beijing-based Integrity Technology Group of running it, tying that effort to broader intrusion campaigns. Meanwhile, US authorities have sanctioned Integrity Tech for its role in backing Flax Typhoon’s cyber intrusions. These latest findings underline how even legitimate, widely used software can become a long-term espionage tool when misused. For defenders, it’s another reminder that persistence doesn’t always come from exotic malware – sometimes it’s hiding in the apps you trust most.     

They got alot $$$ from tourism so can give them some funds