Peter Williams, the former Trenchant executive who stole zero-day exploits from his employer and sold them to a Russian exploit buyer between 2022-2025, was sentenced today to 7 years and 3 months in prison in a hearing that was partially closed to the public due to the sensitive nature of the tools he stole.

https://www.zetter-zeroday.com/trenchant-exec-who-sold-his-employers-zero-day-exploits-to-russian-buyer-sentenced-to-7-years-in-prison/

When a hacker who goes by the names "Waifu" and "Judische" began posting death threats against security researcher Allison Nixon, she had no idea why he targeted her. So she set out to unmask him. The quest led her to uncover the identity of Connor Riley Moucka, a 25-yr-old Canadian who was ringleader of the infamous Snowflake/AT&T hacks as well as Cameron John Wagenius (aka Kiberphant0m
online), an active-duty US Army soldier, who both were arrested. Here's my story, as well as a free link below that.

https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

https://archive.is/20260216131016/https://www.technologyreview.com/2026/02/16/1132526/allison-nixon-hackers-security-researcher

Polish grid systems targeted in December were wide open to attack, a new technical report from the Polish government reveals. Systems used default passwords and did not use multi-factor authentication. In some cases they also had outdated and unpatched software. Also, Polish investigators have found no evidence linking the attack to Russia's Sandworm hacking group, contrary to statements from security researchers. Instead, they attribute it to Berserk Bear, also a Russian group but one associated with the FSB instead of the GRU. Here's my story, which includes a link to the technical report.

https://www.zetter-zeroday.com/polish-grid-systems-targeted-in-cyberattack-had-little-security-per-new-report/

The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of the country. The attackers were able to render the communication devices --known as remote terminal units or RTUs -- not only inoperable but also unrecoverable. This new information, combined with my story last week that the attack used a wiper aimed at erasing IT systems, shows that the attack was a multi-pronged operation targeting both IT and OT systems. Nonetheless, researchers are calling this an opportunistic attack rather than a fully planned one

https://www.zetter-zeroday.com/attack-against-polands-grid-disrupted-communication-devices-at-about-30-sites/

Exclusive: A cyberattack targeting Poland's energy infrastructure in December used wiper malware that would have erased grid computers and rendered them inoperable had it not been thwarted, a researcher at @ESET told me. The researcher calls the attack "unprecedented" for Poland and "substantial."

https://www.zetter-zeroday.com/cyberattack-targeting-polands-energy-grid-used-a-wiper/

New court document in Peter Williams case reveals the former Trenchant exec continued to sell stolen code to Russian zero-day broker even after realizing that code he'd written and previously sold to Russian buyer was being "utilized" by a South Korean broker, indicating wide distribution of the code. The new doc also reveals that Williams was contracted to earn $4 million from the code he stole and sold between April 2022 and Aug 2025, though prosecutors don't say how much he actually collected on the contracts; they only say that he received $1.3 million in cryptocurrency for "upfront" payments (the contracts specified upfront payments as well as additional payments for customer support to keep the exploits working after the sale). Also, in an interview Williams did with the FBI in July 2025 while agents were still trying to determine who stole the code from Trenchant, Williams told agents that the theft of just two of the trade secrets from Trenchant amounted to about a $35 million loss for his company. Here's my story about the information in the new document:

https://www.zetter-zeroday.com/former-trenchant-exec-sold-stolen-code-to-russian-buyer-even-after-learning-that-other-code-he-sold-was-being-utilized-by-different-broker-in-south-korea/

I forgot to post this here yesterday. I attended the hearing yesterday for Peter Williams -- the former general manager of Trenchant charged with selling zero days to a Russian zero-day purchasing platform -- and this is my piece for Wired about what prosecutors revealed at the hearing. I had expected Williams to plead not guilty at the hearing so it was a surprise when his attorneys stated that he'd already agreed to plead guilty.

https://www.wired.com/story/peter-williams-trenchant-trade-secrets-theft-russian-firm/