Cybersecurity professionals are raising the warning flag. Cybercriminals are now allegedly using a broad range of hacking tools the U.S. government created in the first place. At our recent cybersecurity event in San Francisco, California that all changed when bad news broke. The Reconnect Community Summit will be held from October 13-15, 2026. The conference focused on the increasing prevalence of leaks of hacking tools. While these incidents have been few and far between, they are not unprecedented.
When in 2017 the U.S. National Security Agency (NSA) realized that some of its hacking tool had been stolen, these tools were purpose-built to take advantage of zero-day vulnerabilities within Windows machines around the world. Among these leaked technologies was included the infamous exploit known as EternalBlue. Yet, after its release it became infamous for being later used in large scale attacks such as the catastrophic WannaCry ransomware attack in 2017.
Zack Whittaker, the security editor at TechCrunch, opened the conference to emphasize the impact these leaks have had. He’s the writer of the weekly cyber cybersecurity digest, “This Week in Security.” Reports suggest that at least one of these exploits from this suite was sold to a South Korean broker. This specific exploit kit—nicknamed Coruna—is made up of the parts of a bad hacking campaign called Operation Triangulation.
The U.S. government has not only actively engaged in these sorts of hack back attempts, it has actively encouraged them. They even hacked iPhones of employees working for Kaspersky, a major cyber-security company. The ethical implications of government-developed tools. They further point out how cybercriminals can exploit these new technologies.
Experts caution that the rush to deploy such tools has far-reaching consequences both for cybersecurity and beyond. iVerify, a cybersecurity nonprofit, pointed out that “the more widespread the use, the more likely a leak is to happen with confidence.” This very public reveal should be a warning about the cyclical nature of tool leaks and their subsequent use by cybercriminals.
Furthermore, iVerify added a cautionary note regarding the leaked tools: “While iVerify has some evidence that this tool is a leaked US government framework, that shouldn’t overshadow the knowledge that these tools will find their way into the wild and will be used unscrupulously by bad actors.”
Unfortunately, the incident that led to these leaks is a perfect illustration of the continuing war between cybersecurity experts and cybercriminals. Prosecutors allege that a man named Williams sold exploits that can penetrate millions of computers and devices around the world. This disclosure is a validation of what many in the cybersecurity community have feared most, the vulnerabilities that these tools leaked to the world would create.
The defense against the ever-changing hacking landscape is in constant flux. As criminals increasingly obtain government-developed cyber tools, the imperative for robust cybersecurity measures becomes even more critical. The discussions and findings presented at the San Francisco event will likely spur further research and initiatives aimed at addressing these vulnerabilities.
