【AI前沿】Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording

Andy GreenbergMaddy VarnerDell CameronAndrew CoutsSecurityMay 16, 2026 6:30 AMSecurity News This Week: Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams RecordingPlus: Instructure’s Canvas ransomware debacle comes to a close, an alleged dark net market kingpin gets arrested, OpenAI workers fall victim to a supply chain attack, and more.CommentLoaderSave StorySave this storyCommentLoaderSave StorySave this storyThe worst partof your iPhone getting stolen may not be the theft itself. Instead,it’s the phishing attackswaged against people in your contacts. New research this week shows that there’s a thriving ecosystem for tools that let criminals unlock iPhones and target the phone numbers they find inside.Foxconn, the electronics manufacturing giant known for its role in building iPhones, revealed this week that it recently “suffered a cyberattack.” A ransomware group known as Nitrogen,claimed responsibility for the hackand said it had stolen 8 TB of data from the manufacturer. While the theft remains unconfirmed, the fact that Foxconn remains a valuable target is all but inevitable.The skies above the United States-Canada border are about to get a lot more crowded. The Department of Homeland Security and Defense Research and Development Canada plan to run an experiment this falltesting 5G-connected dronesfor collecting “real-time battlefield intelligence.”In the Strait of Hormuz, meanwhile, Iran’s Revolutionary Guard Corps are successfully blocking the crucial shipping routeusing a “mosquito fleet”of small boats as US-Israeli combat operations continue to bombard the country.And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams RecordingA lesson for future criminal hackers and rogue employees: When you—and, say, your twin brother—decide to destroy your employer’s network, remember to first close out the Microsoft Teams meeting in which you were fired, so that it doesn’t record you discussing your acts of vengeance.That lesson has now hopefully been driven home for Muneeb and Sohaib Akhter, two hackers who have now pleaded guilty to charges that they destroyed 96 government databases after being fired from their jobs at the federal contractor Opexus. (Muneeb has since tried to recant his guilty plea in handwritten notes to the judge.) Their employer had made the decision to terminate the two 34-year-old brothers after discovering their criminal records, which included multiple hacking and wire fraud charges for crimes as petty as stealing airline miles.The Teams meeting in which the two men were fired lasted only a few minutes. The detailed planning and execution of their revenge campaign, however, lasted hours and was all recorded by the same Teams meeting that they had failed to close—which was transcribed in acourt document spotted by Ars Technica.“Still connected? Still on the VPN?” Sohaib is heard saying to his brother, who lived in the same home. “Delete all their databases?”“We are doing petty shit now,” Muneeb says.Instructure Reaches Deal With Ransomware Gang Following Canvas HackInstructure, the company behind the educational software Canvas, said on Monday that it had reached a deal with the hackers calling themselves ShinyHunters who had disrupted Canvas across thousands of US schools and posted ransom messages on victims’ screens. In a message on its website, the company wrote that it “reached an agreement with the unauthorized actor involved in this incident.” The statement went on to claim that the data stolen by the hackers in their breach—including records of 275 million students, according to the hackers—had been “returned” to Instructure, had been destroyed on the hackers’ own systems, and that no Instructure customers would be further extorted. Instructure didn’t explicitly say whether it had paid a ransom, or how much it paid if so.Glad to have all that settled. (Until the well-incentivized ransomware industry carries out its next massive disruption.)Alleged Boss of Dream Dark Web Market Arrested in GermanyDream Market was once the world’s biggest dark web market for drugs and other contraband until it voluntarily shut down in 2019, following a series of raids that arrested many of its sellers. Now, the alleged administrator of the market has reportedly been tracked down and charged, more than seven years after the illicit marketplace disappeared from the internet. Owe Martin Andresen was arrested during a raid on his home and two other locations earlier this month. US and German prosecutors say he made millions of dollars from Dream Market’s commissions, some of which was laundered through gold bars he allegedly bought from a company in Atlanta. Given that Dream Market was launched in 2013—the same year that the original Silk Road dark web drug market was busted—Andresen’