The theme of this week is by now a familiar one: "Things keep getting worse." Starting with the security of countless so-called real-time operating systems that all share some variation on the same decades-old code. That makes them all vulnerable to the set of Urgent/11 vulnerabilities we reported on just the other week. And as is so often the case with these sort of devices and ancient code, there's really no good way to fix them. And that was just the start of the week.

As a bookend, the US attorney general William Barr sent a sternly worded letter to Facebook on Friday, encouraging the company not to go forward with its plans for cross-platform end-to-end encryption, in the process reigniting the decades-old encryption debate. But while Barr had his counterparts from the UK and Australia backing up his push, it's unclear what if any actual authority he would have to weaken encryption without laws on the books forcing it. (Also, it would be a truly terrible idea.)

In slightly brighter social media news, we looked at how adversarial examples could help protect your Facebook data from the next Cambridge Analytica. And we explained how the new Incognito Mode for Google Maps helps cover your tracks—and, more important, all the ways it doesn't. Speaking of covering tracks, we took a look at how the Ukraine whistle-blower did everything meticulously by the book, and the potential dangers in the Trump administration's repeated insistence that they did not. We also talked to two past whistle-blowers for some perspective on what the current one must be going through. The consensus: their life will be forever changed.

The Trump campaign, meanwhile, appears to have been the target of Iranian hackers, although Microsoft says the phishing attempts it spotted were unsuccessful. Lastly, if you're thinking about side-loading Google apps onto a Huawei device … don't! You're welcome.

And there's more! Every Saturday we round up the security and privacy stories that we didn’t break or report on in-depth but which we think you should know about nonetheless. Click on the headlines to read them, and stay safe out there.

The bug boffins at Google's Project Zero have identified a vulnerability in popular Android handsets like the Google Pixel 2, Samsung Galaxy S9, and Moto Z3. And the researchers have spotted evidence that hackers are exploiting that bug in the wild. This isn't quite as dire as, say, the recent revelations about widespread iOS hacking. For one thing, the affected devices are mostly older although, in many cases, still widely in use. And for the attack to work, it needs either to be paired with a second Chrome browser exploit, or the victim needs to download a malicious app. Still, the potential consequences are devastating, especially given that it's actively in use: a full compromise of the device, meaning access to any of its data and more. Google says it plans to patch the vulnerability in its October security update.

In the heated, high-stakes debate over net neutrality, the Federal Communications Commission comment period became a prime battleground. Unfortunately, as was widely reported at the time, that process was also overwhelmed by bots. A Buzzfeed News investigation shows how two small firms appear to have been behind the bulk of the misrepresentation.

Security experts broadly agree that voting by app is not a great idea, electoral-integrity-wise. Still, an app called Voatz entered that particular thunderdome in West Virginia last fall, allowing members of the military from that state serving abroad to cast their ballots with their smartphones. Now, CNN reports that the FBI is investigating an apparent attempt to hack into Voatz—although it may have been as innocuous as a University of Michigan student experiment. Either way, it's a nice reminder of why everyone's so uncomfortable with this whole digital voting idea in the first place.

In late September, German authorities raided and shut down a "bulletproof" dark-web hosting operation comprising hundreds of servers housed in an former NATO bunker. Seven people were arrested in connection with hosting the sites—which included Cannabis Road, Wall Street Market, and Orange Chemicals—including the 59-year-old Dutchman alleged to be the operation's ringleader.

More Great WIRED Stories