Another week, another revelation of a massive breach with potentially far-reaching consequences. Well, two of those this week, actually. First, Symantec revealed that hackers—probably based in Russia, although the security firm didn't go so far as to name names—had hacked more than 20 power companies in North America and Europe, and in a handful of cases, had direct access to their control systems. And then Equifax confessed it had been the target of a breach that stole 143 million Americans' data, one of the worst data spills ever, and one that raises questions about data centralization, particularly for Social Security Numbers.

Megabreaches aside, Facebook admitted that a Russian troll farm had spent $100,000 on influence ads during last year's election. Google patched a flaw in Android that would allow a nasty "toast overlay" attack to take control of devices. WIRED dug into the long-running series of scams and theft plaguing new currencies in the cryptocoin economy. And we spoke to the Democratic National Committee's chief technology officer about how he hopes to prevent the next attack aimed at disemboweling the party.

And there’s more. As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories.

Researchers Uncover Serious Holes in Germany's Voting Software

After hackers believed to be Russian meddled in both the US and French elections, Germany is likely next on the target list. And this week the Chaos Computer Club, a German collective of hackers and security researchers, exposed the results of their unsolicited audit of the country's voting infrastructure. They found that a program called PC-Wahl, used for recording, counting, displaying, and analyzing votes in German elections from the local level to the national government. The hackers found they could corrupt the updates from the server controlling that software to re-tabulate votes at will, with potentially disastrous consequences for the country's October parliamentary election. The CCC says that VOTE-IT, the company behind the software, privately fixed the security flaws the group exposed while publicly refusing to acknowledge the vulnerabilities.

Ultrasonic Voice Commands Can Hijack Siri and Amazon Echos

These days, it's not just politicians who can use "dog-whistles" to send messages intended only for a very particular audience. So can hackers. Researchers at the University of Zhejiang have shown that they can send ultrasonic signals to voice assistants like your iPhone's Siri, Amazon's Echo, Google Now, and even the voice command systems of an Audi car that are inaudible to humans, but nonetheless picked up and obeyed by those systems. Their technique, which they call DolphinAttack, can be achieved with just a few dollars of equipment like an ultrasonic transducer and a battery, as well as a smartphone, and could allow hackers to silently "speak" to nearby devices and cause them to visit malware-infected websites, make calls that stream audio for surveillance purposes, or other mischief. And since the attack takes advantage of physical properties of the microphone that cause it to pick up commands from ultrasonic waves, there's no easy fix for the problem.

Critical Bug in Open-Source Framework Could Endanger Corporate Data

A bug announced this week in the Apache Struts web application software could allow attackers to take over servers running applications built with the framework, enabling the intruders to steal or manipulate sensitive data. The bug is now patched, but is significant because many organizations and Fortune 100 companies run and rely on affected applications. The vulnerability specifically impacts an Apache Struts plugin called REST that has been around since 2008. Vulnerable systems are everywhere, from public-facing platforms for banking and reservations to back-end software within a company, and researchers say exploiting the bug is simple using a web browser. They hadn't seen evidence that the bug was exploited before their announcement, but stressed how important it is for organizations to patch and monitor their systems.