Three Quick Hits: Canadian Hacker Jailed, Open-Source Flaws Dropped, ATM Jackpotters Sentenced
A week's worth of security stories that deserve a second look — from an Anonymous-linked arrest in Canada to cash-machine criminals facing US prison time.

Key points
- A Canadian hacker linked to the Anonymous collective — a loose, international group of politically motivated hackers — was sentenced to prison.
- A security researcher published zero-days, meaning previously unknown software flaws, affecting multiple open-source projects widely used in business software.
- Two Venezuelan nationals were sentenced in the United States for ATM jackpotting — a scheme where criminals use hardware or software to force cash machines to spit out all their cash.
- All three cases are unrelated but landed in the same news cycle, first rounded up by SecurityWeek.
Some weeks in security move slowly. This was not one of them.
Start with the arrest. A Canadian national with ties to Anonymous was handed a prison sentence after a prosecution tied him to hacking activity carried out under the group's banner. Anonymous has no formal membership — it is more a flag of convenience than a club — which makes attributing crimes to specific individuals unusually difficult. Courts managed it here.
How do zero-days in free software put ordinary people at risk?
They put people at risk because open-source software — free code that anyone can download and build on — quietly powers a huge share of the apps and websites ordinary people use every day. When a researcher drops a zero-day, meaning they publish details of a flaw before the people who maintain the software have had a chance to fix it, every product built on top of that code becomes a potential target until a patch arrives.
The researcher in this case released working details for flaws in several open-source projects. Intentions vary when researchers go public early — sometimes it is to pressure slow maintainers, sometimes it is genuine disagreement about disclosure timelines. The practical effect is the same: a short window where the flaw is known to attackers and not yet repaired.
If you run a small business that relies on third-party software, now is a reasonable time to check whether your vendor has pushed any security updates recently. Applying updates promptly is still the single most effective thing a small organisation can do.
Finally, the ATM jackpotting case. Two Venezuelan nationals received US federal sentences for a scheme that used malicious software, planted directly onto cash machines, to order the machines to dispense their full cash cassettes on command. Banks and ATM operators — not individual account holders — absorb the direct losses in most jackpotting cases. Your savings are not at immediate risk, but attacks like this ultimately feed into the costs banks pass on to everyone.
MFA — multi-factor authentication, where logging in requires a second proof of identity beyond a password, like a one-time code sent to your phone — would not have stopped the jackpotting, which required physical access to the machines. It would have been irrelevant to the ATM scheme and only partially relevant to the hacking cases. Honest accounting matters.
Three different crimes, three different methods, one shared lesson: determined people will probe every layer of a system, from the firmware inside a cash machine to the code powering a free software library.



