Apple has released quantum-resistant cryptographic code and the mathematical verification tools it developed to prove the code’s correctness, making them publicly available for independent review and broader use across the industry.

The release includes implementations of two quantum-secure algorithms, ML-KEM and ML-DSA, along with the formal verification libraries and tools Apple created to validate their accuracy. The company also published detailed documentation of its verification methodology, which it describes as achieving the strongest known correctness results for any widely deployed production implementation of these algorithms.

The quantum-secure algorithms are integrated into corecrypto, Apple’s cryptographic library used across its operating systems. The library handles encryption, decryption, hashing, and digital signatures on over 2.5 billion active devices. Apple began deploying quantum-resistant encryption in iMessage in 2024 and has expanded the technology to VPN services and TLS networking protocols.

One of the tools released is the company’s Cryptol-to-Isabelle translator, which converts cryptographic models between formal languages, along with supporting libraries needed to reproduce the results. Formal verification uses mathematical proofs to show that code works correctly for all possible inputs. Apple translated its code into Cryptol, a formal language developed by Galois, then into Isabelle, a proof assistant from the University of Cambridge and The Technical University of Munich, to prove both matched the official standards. Apple has used Isabelle previously to verify hardware cryptographic components.

The verification process uncovered errors that conventional testing would have missed. Researchers found a missing computational step in the ML-DSA code that would have silently broken digital signatures. If this bug had reached production, messages in iMessage may have appeared authenticated when they actually weren’t, leaving users unaware their communications lacked proper security.

Even with these tools, Apple acknowledged that it still depends on conventional cryptographic testing and evaluation is needed for assurance. Formal verification can catch errors that traditional testing simply cannot find. Testing works by trying many scenarios, but with complex cryptographic code, there are too many possible inputs to test exhaustively. Subtle bugs can hide in the gaps between test cases and never trigger a warning. Formal verification, by contrast, uses mathematics to prove correctness across all possible inputs at once.

However, Apple’s team writes that it couldn’t formally verify every single aspect of their code with the tools available, so they combined approaches: formal verification for core mathematical correctness, conventional testing for aspects formal methods couldn’t cover, and careful evaluation of how all the pieces work together. Apple argues this hybrid approach provides the most robust security for critical cryptographic software.

“Based on our work to date, we believe that the strongest assurance possible comes from combining formal verification with conventional methods and critically evaluating the end-to-end results,” the blog post reads.

Furthermore, the blog states that Apple selected ML-KEM and ML-DSA from among several standardized quantum-resistant algorithms because they best matched the company’s requirements for security, performance, and compact parameters. The algorithms address the threat posed by future quantum computers, which could potentially break the encryption methods currently protecting digital communications.

More information can be found on Apple’s corecrypto GitHub page. 

The post Apple open-sources quantum-resistant encryption code appeared first on CyberScoop.

Foxconn, one of the world’s largest manufacturers of electronics sold by major tech vendors, is recovering from a cyberattack that disrupted some of the company’s factories in North America.

Nitrogen, a ransomware group that’s known for targeting organizations in the manufacturing, construction and technology sectors, claimed responsibility for the attack on its data leak site and said it stole 8 terabytes of data spanning more than 11 million files. 

The threat group posted screenshots of some of the allegedly stolen data and claimed it compromised “confidential instructions, projects and drawings from Intel, Apple, Google, Dell, Nvidia and many other projects.” 

Foxconn is famously known as the primary assembler of Apple iPhones. Apple and the other companies allegedly impacted by the attack did not respond to a request for comment.

A spokesperson for Foxconn confirmed some of its factories in North America suffered a cyberattack, and said its cybersecurity team immediately responded to the breach by implementing additional “measures to ensure the continuity of production and delivery.”

The spokesperson did not answer questions about when the attack occurred or what systems or data was impacted, but noted that “affected factories are currently resuming normal production” as of Tuesday. 

Nitrogen was first observed in 2023, using ALPHV, one of the most prevalent ransomware variants at that time, Cynthia Kaiser, senior vice president at Halcyon’s Ransomware Research Center, told CyberScoop. The group started using stolen code from Conti, another formerly prolific ransomware variant, in 2024 to build its own custom attack tools to hit Windows and VMware server environments, she added.

The threat group has most recently focused on companies in the manufacturing and technology sectors. “However, the most recent cases of claims by Nitrogen do not include a working file listing on the leak site and include mostly older images of files,” Kaiser said. “This raises questions about whether Nitrogen is inflating data-theft claims in an attempt to pressure victims into paying higher ransoms.”

Foxconn hasn’t described the nature of the attack or confirmed the existence of a ransom demand. 

Ismael Valenzuela, vice president of threat research and intelligence at Arctic Wolf Labs, said Nitrogen follows a “consistent playbook, stealing data before encrypting systems so they have leverage on multiple fronts, combining operational disruption with the threat of sensitive information being exposed.”

The threat group’s tactics indicate it’s not opportunistic, but rather “operating with a defined model, focusing on organizations that are easier to access but still critical enough to drive pressure and payment,” Valenzuela added. 

Foxconn, also known as Hon Hai Precision Industry with headquarters in Taiwan, is among the world’s largest companies with $259 billion in revenue last year, the company said. Foxconn’s North American footprint includes multiple factories in Mexico, Wisconsin, Ohio, Texas, Virginia and Indiana.

The post Major tech manufacturer Foxconn confirms cyberattack hit North American factories appeared first on CyberScoop.

Google launched a feature for Android phones Tuesday for dedicated forensic logs about intrusions from sophisticated attacks like those by spyware vendors, in what design partners at Amnesty International hailed as an important first.

The tech giant has been ramping up the new feature, Intrusion Logging, since last year, and has now begun rolling it out.

“The new intrusion logging feature promises to be a major aid to digital forensics researchers undertaking investigations into sophisticated attacks on Android devices,” Amnesty International said in a Tuesday technical briefing. “This is the first time a major device vendor has released a feature specifically to enhance the ability to forensically detect and respond to advanced digital threats.”

To date, independent investigators have relied on records and often short-lived log files that weren’t meant for forensic use, and Amnesty said surveillance groups have grown increasingly aware of those forensic efforts. Intrusion Logging, a feature of Android Advanced Protection Mode, is designed specifically to keep track of possible intrusions for forensic purposes. It keeps records of security incidents like device unlocking, physical access and spyware installation and removal.

Google’s annual security and privacy update for Android phones mentions the feature and its development with Amnesty International, Reporters Without Borders and others. It also touts new protections against banking scam calls, other features for detecting suspicious activity on Android phones, additional privacy safeguards and more.

The firm has been working on the feature since announcing it last year.

“Intrusion Logging enables persistent and privacy-preserving forensics logging to allow for investigation of devices in the event of a suspected compromise,” wrote Eugene Liderman, director of Android security and privacy.

Intrusion Logging joins an expanding slate of features from tech companies to fight sophisticated attacks like those from commercial spyware, among them Apple’s Lockdown Mode and Memory Integrity Enforcement and WhatsApp’s Strict Account Settings.

Intrusion Logging “promises to help shift the balance to the advantage of defenders, providing civil society investigators with the key evidence needed to detect and expose some of the most advanced attacks facing journalists and activists,” said Donncha Ó Cearbhaill, head of the Amnesty International Security Lab, “With Intrusion Logging Google is the first major vendor to proactively address to challenge of detecting advanced attacks on device. By making more consensual forensic data available for researchers, we can make life more difficult for attackers and help civil society seek accountability when their devices are unlawfully targeted by spyware and mobile data extraction tools.”

The feature has some limitations, though, Amnesty said in its technical briefing. It requires Android 16 and is only available for now on Pixel devices; the device has to be linked to a Google account, and the logs may include sensitive information, like browser navigation history, so secure sharing of the logs is important.

The logs may also be deletable by attackers, Ó Cearbhaill told CyberScoop, but he said he understands there are plans to strengthen protections against that in future versions. And lots of attacks would be detectable in the logs where attackers wouldn’t necessarily have the root access needed to try to delete logs, he said.

To enable Intrusion Logging, users need to be using Android Advanced Protection Mode, and can find the feature at Settings > Security & privacy > Advanced Protection > Intrusion Logging. If users suspect some kind of security incident, they’ll need to export and share the logs with a forensic analyst.

The post Google and Amnesty International teamed up to make it harder for spyware vendors to hide appeared first on CyberScoop.

Major technology companies have joined forces in an effort to use advanced artificial intelligence to identify and address security flaws in the world’s most critical software systems, marking a significant shift in how the industry approaches cybersecurity threats.

Anthropic announced Project Glasswing on Tuesday, bringing together Amazon, Apple, Broadcom, Cisco, CrowdStrike, the Linux Foundation, Microsoft, and Palo Alto Networks. The initiative centers on Claude Mythos Preview, an unreleased AI model that Anthropic will make available exclusively to project partners and approximately 40 additional organizations responsible for critical software infrastructure.

The model has already identified thousands of previously unknown vulnerabilities in its initial testing phase, including security flaws that have existed in widely used systems for decades, according to Anthropic. Among the discoveries is a 27-year-old bug in OpenBSD, an operating system known primarily for its security focus, and a 16-year-old vulnerability in FFmpeg, a widely used video software program that automated testing tools had failed to detect despite running the affected code line five million times. The company has been in contact with the maintainers of the relevant software, and all found vulnerabilities have been patched. 

Anthropic will commit up to $100 million in usage credits for the project, along with $4 million in direct donations to open-source security organizations. The company has stated it does not plan to make Mythos Preview available to the general public, citing concerns about the model’s potential misuse.

The initiative reflects growing concerns within the technology sector about the dual-use nature of advanced AI systems. While Mythos Preview was not trained specifically for cybersecurity purposes, its coding and reasoning capabilities have proven effective at identifying subtle security flaws that have eluded human analysts and conventional automated tools.

“Although the risks from AI-augmented cyberattacks are serious, there is reason for optimism: the same capabilities that make AI models dangerous in the wrong hands make them invaluable for finding and fixing flaws in important software—and for producing new software with far fewer security bugs,” the company said in a blog post. “Project Glasswing is an important step toward giving defenders a durable advantage in the coming AI-driven era of cybersecurity.”

The project comes as the industry has predicted that similar AI capabilities will soon become more widespread. Anthropic executives have indicated that without coordinated action, such tools could eventually reach actors who might deploy them for malicious purposes rather than defensive security work.

Participating organizations will be required to share their findings with the broader industry. The project places particular emphasis on open-source software, which forms the foundation of most modern systems, including critical infrastructure, yet whose maintainers have historically lacked access to sophisticated security resources.

“Open source software constitutes the vast majority of code in modern systems, including the very systems AI agents use to write new software. By giving the maintainers of these critical open source codebases access to a new generation of AI models that can proactively identify and fix vulnerabilities at scale, Project Glasswing offers a credible path to changing that equation,” said Jim Zemlin, CEO of the Linux Foundation. “This is how AI-augmented security can become a trusted sidekick for every maintainer, not just those who can afford expensive security teams.” 

Additionally, Anthropic says it has engaged in ongoing discussions with U.S. government officials regarding Mythos Preview’s capabilities. The company has framed the project in national security terms, arguing that maintaining leadership in AI technology represents a strategic priority for the United States and its allies. Anthropic has been locked in a high-stakes dispute with the Department of Defense about the U.S. military’s use of the startup’s Claude AI model in real-world operations. 

The project’s success will depend partly on whether the collaborative approach can keep pace with rapid advances in AI capabilities. Anthropic has indicated that frontier AI systems are likely to advance substantially within months, potentially creating a dynamic environment where defensive and offensive capabilities evolve in parallel.

“Project Glasswing is a starting point,” Anthropic wrote in a blog post. “No one organization can solve these cybersecurity problems alone: frontier AI developers, other software companies, security researchers, open-source maintainers, and governments across the world all have essential roles to play. The work of defending the world’s cyber infrastructure might take years; frontier AI capabilities are likely to advance substantially over just the next few months. For cyber defenders to come out ahead, we need to act now.”

The post Tech giants launch AI-powered ‘Project Glasswing’ to identify critical software vulnerabilities appeared first on CyberScoop.

Leaked iOS spyware has some cybersecurity professionals raising urgent alarms about potential mass iPhone compromises, a development that pairs ominously with the recent discovery of two sophisticated iOS exploit kits.

At the same time, some other experts say Apple’s defensive features for iPhones remain elite. But several factors have created unprecedented circumstances: the public accessibility of a version of DarkSword, shortly after the discovery of the original version of DarkSword and the earlier discovery of a similar kit known as  Coruna, and a  growing market for iPhone exploits driven by their high value as targets.

Allan Liska, field chief information security officer at Recorded Future, said he was worried about what the leaked DarkSword version could do to “democratize” iPhone exploits.

“Right now, iPhone exploitations are among the most expensive to research/implement so they have been, largely, the realm of nation-states,” he said. “If anyone can exploit an iPhone, suddenly something that has managed to be relatively secure now is a much bigger attack surface.”

Google, iVerify and Lookout released research last week on DarkSword’s discovery, centered on Ukraine. Google also said it saw targeting in Saudi Arabia, Turkey and Malaysia. And that was before a version turned up on GitHub, a development TechCrunch first reported and Google and iVerify have analyzed. (The week before, iVerify and Google uncovered Coruna. Google declined to comment further for this story.)

“It’s extremely alarming that this leaked out on GitHub,” said Rocky Cole, co-founder of iVerify. “I would assume that it’s being used all around the world, and including here in the United States.”

Hundreds of millions of iPhones running iOS 18 could be vulnerable to DarkSword.

“I think that the top line issues here are pretty clear: people who have devices that are vulnerable should upgrade ASAP,” said Eva Galperin, director of cybersecurity at the Electronic Frontier Foundation. “It is very likely that these vulnerabilities are being used right now to exploit vulnerable devices at scale, which is unusual for Apple products.”

The propagation problem

Coruna was concerning enough for Apple that it took the rare step of backporting security updates to still older versions of iOS, Cole said. The fear, he said, was that it might be wormable — capable of spreading from one device via text message to everyone in a phone’s contact list.

But Cole said Apple hasn’t released similar security-focused updates to iOS 18, for reasons he doesn’t know.

Apple has emphasized the patches it has issued, urged users to update their phones and touted Lockdown Mode as a defense against spyware.

“Apple devices are designed with multiple layers of security in order to protect against a wide range of potential threats, and every day Apple’s security teams around the world work tirelessly to protect users’ devices and data,” said Apple spokesperson Sarah O’Rourke. “Keeping your software up to date is the single most important thing you can do to maintain the security of your Apple products, and devices with updated software were not at risk from these reported attacks.”

IPhones’ widespread use makes them high-value targets, fueling a thriving market for exploits. Coruna and DarkSword are indicators of this growing demand. 

“It’s time for organizations to start thinking of mobile security the way they think about desktop security, which is to say everyone knows how to secure their laptop,” Cole said. And for iPhone exploit hunting in particular, “you’re starting to see people do it at a mass level.” Furthermore, the resale market is such that exploits that once were exclusive are no longer, and AI makes it even easier to customize them in the code, he said. 

DarkSword has drawn federal attention: The Cybersecurity and Infrastructure Security Agency this week added vulnerabilities that DarkSword exploits to the list that federal agencies must patch.

The number of people still using iOS 18 is large, up to 25% of all iPhones. Cole said several factors are contributing to that, such as users being leery of iOS 26’s onboard artificial intelligence or the Liquid Glass interface.

Said Galperin: “There are many reasons why people do not keep their devices up to date, so when I tell people ‘just patch your stuff’ I think it is important to realize that there are circumstances under which this is easier said than done.”

Proven defenses despite expanding risks

Despite the concerns, Cole credited iPhone for its high security standards, in particular for its app store.

For Natalia Krapiva, senior tech-legal counsel at Access Now, a key takeaway is the worrisome proliferation of commercial spyware and cyber intrusion capabilities.

“This is exactly what human rights activists and digital security researchers have been warning governments and companies about: In the absence of effective regulation for the industry, these exploits will get out and end up in the hands of adversaries like Russia, China, Iran, or, as in the case of DarkSword, leaked online for any criminal to use,” she said.

On the other hand, Apple’s Lockdown Mode and Memory Integrity Enforcement are top-notch defensive measures, Krapiva said. We’ve yet to see a Lockdown Mode-enabled iPhone being infected with spyware, she said.

“I think we’ll keep seeing more attempts to exploit both Apple and Android devices as they improve their software and hardware security,” she said. “It’s the old cat-and-mouse game.”

Adam Boynton, senior enterprise strategy manager at Jamf, said what’s happened with Coruna and DarkSword is evidence of Apple’s success.

“What’s encouraging here is that Apple’s security model works,” he said. “Coruna skips devices running the latest iOS versions and avoids those with Lockdown Mode enabled entirely. That’s a strong validation of the defences Apple has built.

“DarkSword reinforces the same principle,” he continued. “Where Coruna targeted older iOS versions, DarkSword demonstrates that even relatively current releases can be targeted by determined actors. Apple moved quickly to patch the vulnerabilities involved, and devices running the latest iOS are protected.”

The post DarkSword’s GitHub leak threatens to turn elite iPhone hacking into a tool for the masses appeared first on CyberScoop.

Researchers have discovered a second instance of suspected Russian hackers using iOS exploits, pointing to what they say are several foreboding trends.

iVerify, Lookout and Google collaborated on the research published Wednesday, a follow-up to earlier revelations about a similar exploit kit, Coruna. While the second kit — dubbed DarkSword — also targeted users in Ukraine, the scale is significant: iVerify estimated up to 270 million iPhone users could be susceptible, while Lookout told CyberScoop roughly 15% of all iOS devices currently in use are running iOS 18 or earlier versions and could be vulnerable to the exploit kit.

The research reveals a range of new details, as well as interesting patterns:

• Whereas Russian and Chinese hackers used Coruna with financial gain in mind, there are signs DarkSword could serve both financial and surveillance purposes, and/or could be used to inflict harm.
• Lookout observed that someone used a large language model to customize both Coruna and DarkSword.
• The discovery of DarkSword reinforces earlier concerns about a secondary exploit market, Lookout and iVerify said.
• DarkSword is the second “mass” iOS campaign discovered this month, with the first known one to be Coruna.
• Both kits suggest cyberattacks are migrating toward mobile phones as they make up a bigger portion of internet traffic, Rocky Cole, iVerify’s co-founder and chief operating officer, told CyberScoop.
• Google also found that DarkSword was used against targets in Saudi Arabia, Turkey, and Malaysia

DarkSword can exfiltrate saved passwords, crypto wallets, text messages and more, researchers found. Attackers are leveraging the exploit kit by first compromising Apple’s WebKit and then using WebGPU as a pivot point for sandbox escapes, according to Justin Albrecht, Lookout’s global director for mobile threat intelligence.

What’s less clear is who, exactly, is behind the exploit kit, other than the links to Russia. Cole said DarkSword is hosted on the same command and control infrastructure as Coruna, but is an entirely separate kit made by entirely separate people. Google has attributed the campaigns to a group it tracks as UNC6353, which it describes as a Russian-backed espionage group, as well as UNC6748 and Turkish commercial surveillance vendor PARS Defense. 

The attackers’ motives are also a bit opaque, mixing what appears to be both espionage and financial objectives. Albrecht noted there is precedent for this: Russian threat groups have targeted cryptocurrency in Ukraine before, notably with Infamous Chisel, an Android exploit kit deployed by Sandworm. 

“They’re probably well-funded, probably well-connected, but it’s confirmed that they’re stealing crypto. There is definitely a financial motivation,” Albrecht told CyberScoop. “Now, I think the big question is, depending on who the group is, is the financial motivation in this just to do damage to Ukrainians, or is it to steal crypto?”

Russia has been under heavy sanctions for a long time and is starting to have budget problems due to the ongoing war in Ukraine, he noted. “Why not start to fund their operations with stolen funds? It wouldn’t be outside the norm, although it would be a potential shift in their TTPs for Russian APTs in general,” Albrecht said. 

The kit could be handy for someone trying to do a “pattern of life” analysis, Cole said, and thus useful for surveillance and intelligence purposes.

He said a commercial spyware vendor might have made the kit with no target audience in mind, thus the “Swiss Army knife”-like quality of it. The major concern for Cole is that there’s apparently a growing market for these kinds of tools, and people may be lulled into a false sense of security about iPhones not being vulnerable.

Despite the sophistication of the exploits themselves, the threat actors behind DarkSword may not be particularly experienced, Albrecht said. None of the JavaScript or HTML code was obfuscated in any way, and the server-side component was labeled “Dark sword file receiver” — poor operational security for a seasoned Russian threat actor.

“Your experienced Russian threat actors, your APT29’s of the world, I would expect them to have better OPSEC,” Albrecht said.

One of the more unusual findings in the research is the clear presence of large language model-generated code. The server-side component of DarkSword, for instance, includes telltale signs of AI-generated code, complete with detailed notes and comments characteristic of LLM output.  It’s a development that effectively lowers the barrier to entry for deploying advanced mobile exploits, even among state-sponsored actors, Albrecht said.

All three research teams have been in contact with Apple about the findings, according to Albrecht, with Google likely in closest contact since they began investigating the threat in late 2025. In its blog, Google said it reported the vulnerabilities used in DarkSword to Apple in late 2025, and all vulnerabilities were patched with the release of iOS 26.3, although most were patched prior.

CLARIFICATION 3/18/26: Clarified the suspected origins of the DarkSword exploit kit and any links to tools developed for the U.S. government.

The post Second iOS exploit kit now in use by suspected Russian hackers appeared first on CyberScoop.

Professional NBA and NFL athletes were allegedly deceived and victimized by a 34-year-old Georgia man’s sneaky social-engineering scheme that he ran while impersonating a well-known adult film star, the Justice Department said Monday.

Kwamaine Jerell Ford allegedly initiated and committed some of the crimes while incarcerated in federal prison for a similar, widespread phishing scam that also targeted college and professional athletes and musical artists starting in 2015. 

“While serving time for stealing credit card numbers from athletes and celebrities to fund his lifestyle, Ford allegedly engaged in the same conduct again,” Theodore S. Hertzberg, U.S. attorney for the Northern District of Georgia, said in a statement.

The alleged repeat offender, while adopting the persona of an adult film model, tricked professional athletes into providing him their iCloud login credentials and multifactor authentication codes for those accounts to steal financial and personally identifiable information to pay for personal expenses.

Ford is accused of executing more than 2,000 unauthorized transactions on professional athletes’ debit and credit cards from November 2020 to September 2024, according to an unsealed indictment. He was in federal custody for the first 14 months of the conspiracy and released on probation for prior crimes in January 2022.

Prosecutors did not name victims, divulge how many athletes Ford allegedly victimized during his latest scheme, or how much money he obtained through the conspiracy. 

He pleaded not guilty Friday to 22 charges for crimes including wire fraud, obtaining information by computer from a protected computer, access device fraud, aggravated identity theft and sex trafficking. Ford is being held without bail pending a trial. 

Using the adult film model’s identity, Ford allegedly enticed his high-profile victims to communicate with him on social media by falsely claiming he would send them adult film content through iCloud.

When a professional athlete responded, Ford allegedly sent phishing messages to the victim designed to look like legitimate Apple customer service text messages. Officials said Ford spoofed legitimate Apple customer service accounts and posed as an Apple customer support representative to request victims’ login details via text messages.

Prosecutors said Ford told his victims the messages contained a video file shared through an iCloud link that required them to reply with an MFA code. Ford allegedly attempted to access his victims’ iCloud accounts at the same time, triggering an MFA code delivery to the victim’s device.

Professional athletes who provided their iCloud MFA codes to Ford were ultimately tricked into giving him complete access to their iCloud accounts, officials said. Ford allegedly used that access to steal sensitive data, driver’s licenses and credit card information that he used for personal spending.

Ford also, while impersonating the adult film star, allegedly victimized an OnlyFans model by claiming he would advance their career. Prosecutors said Ford enticed the OnlyFans model to engage in and record commercial sex acts with professional athletes without their consent. 

“Ford clearly did not learn from his prior conviction for a similar scheme. This time, he allegedly escalated his criminal activity — stealing identities and money while also moving into coercion and sex trafficking,” Peter Ellis, acting special agent in charge at the FBI Atlanta office, said in a statement. 

Ford allegedly advertised the victim to targeted athletes, coordinated their travel to coincide with athletes’ known locations, and negotiated payments from the athletes for sex with the victim. Prosecutors said Ford took a financial cut from those commercial sex acts, many of which the victim was coerced into filming without the athletes’ knowledge. 

Ford is also accused of using these videos from the OnlyFans model to engage with additional athletes under false pretenses. When the OnlyFans model resisted filming the sex acts, Ford allegedly coerced them to send him money in lieu of the videos.

In 2019, Ford was sentenced to three years in prison and ordered to pay restitution of almost $700,000 after he pleaded guilty to computer fraud and aggravated identity theft. That scheme, which also ran for about four years, allowed Ford to hack into more than 100 Apple accounts belonging to high-profile professional athletes and rappers. 

Ford was still in prison for those crimes when he allegedly established a new scheme targeting similar victims on some of the same technology platforms.

You can read the indictment below.

The post Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison appeared first on CyberScoop.