After last month's Petya/NotPetya ransomware outbreak you may be feeling like the next global attack could come at any moment. It hasn't struck yet, but if the ransomware fear doesn't get you, the phishing paranoia might. And don't forget angst about power grid hacks. Reports this week revealed that the FBI and Department of Homeland Security are scrambling to defend multiple US energy companies and manufacturing plants from hackers—including a nuclear power plant in Kansas. So far there's no evidence that hackers have accessed the industrial control systems that actually direct physical equipment, so it's not a doomsday scenario yet, but from an anxiety perspective it's not great.

Meanwhile, North Korea demonstrated on Tuesday (US Independence Day) that it is capable of launching an intercontinental ballistic missile, bringing the reclusive nation one step closer to possessing nuclear weapons that could directly threaten the continental US or pretty much any other part of the world. On the dystopian artificial intelligence beat, you probably won't be able to trust your own senses and judgement anymore, since AI is generating sophisticated forgeries. And halfway through 2017 there have already been too many cybersecurity meltdowns to count. Who knows what the next six months hold.

Of course, there's more. Each Saturday we round up the news stories that we didn’t break or cover in depth but that still deserve your attention. As always, click on the headlines to read the full story in each link posted. And stay safe out there.

After weeks of comments from US Congress members and officials about potential ties between Russian government intelligence and the Russian security software maker Kaspersky Lab, a Senate proposal from the end of June suggested prohibitions on Department of Defense use or interaction with Kaspersky products. In response, company CEO Eugene Kaspersky told the Associated Press on Sunday that the company will show its source code to the US government if that gesture will foster trust. “Anything I can do to prove that we don’t behave maliciously I will do it,” he said.

Source code review has become increasingly common as a way to confirm that software made in one country can be trusted by the government of another, but some fear that this norm has the potential to degrade overall industry security regardless of which nations are involved. And the situation with Kaspersky is particularly complicated, because anti-virus products have so much privilege and leeway on networks that they often share attributes with malware even as they are (presumably) intended for good. Therefore it can be particularly difficult to evaluate the long-term trustworthiness of an anti-virus product.

For years Apple resisted offering a reward for bug disclosures, but in 2016 the company finally instituted an organized, invite-only bounty program that offered researchers $25,000 to $200,000 for vulnerabilities they discovered in MacOS and iOS. It's a lot of money, some of the largest payouts from any software company, but Motherboard reports that the sums aren't tempting enough. 10 program participants said that they haven't submitted anything to the company yet and don't know anyone who has, because bugs in Apple software are so valuable elsewhere. They say it makes more sense to hold on to discoveries for additional research or sell them on the gray market to companies like Zerodium and Exodus that will buy them for closer to $500,000 or even $1 million. (These firms claim to do legitimate defense work with international corporations, law enforcement, and intelligence agencies.) For now Apple may not be getting the enthusiasm and return it was hoping for from its long-awaited bounty program.

Ukrainian law enforcement is working on criminal charges against the tax software company MeDoc after the company was compromised by hackers and its software update mechanism for customers seeded to spread NotPetya. Police seized the company's servers on Tuesday as part of the investigation. Colonel Serhiy Demydiuk, who runs Ukraine’s cyberpolice unit, told the Associated Press that the company ignored specific warnings about security concerns and weaknesses in its IT infrastructure. "They were told many times by various anti-virus firms," he said. "For this neglect, the people in this case will face criminal responsibility.”

Chinese researchers published evidence this week that the GMR-2 encryption algorithm used in most modern satellite phones can be cracked so quickly that an attacker can essentially listen in on calls in real time. The researchers were able to determine 64-bit encryption keys by reversing the algorithm procedure thousands of times on a 3.3GHz satellite stream to make keys easier to guess. As they refined the attack they were eventually able to perform it in a fraction of a second, which would allow for live eavesdropping. The findings are concerning because people in remote environments rely on satellite phones precisely because there are no alternatives. An attack that defeats the encryption on these calls could pose a significant threat to satellite phone users' privacy.