Happy holidays from your security news friends! As a special gift, we got you this analysis of the Resistance’s tactical shortcomings in The Last Jedi. And so much more!

The US this week officially pinned this year’s devastating WannaCry ransomware attack on North Korea, after the security community had largely come to that same conclusion months ago. But in doing so, White House cybersecurity guru Tom Bossert failed to mention that the NSA shared some of that culpability; it was the intelligence agency’s EternalBlue tool, after all, that enabled WannaCry’s unprecedented spread.

We also took a look at Haven, Edward Snowden’s new app, which turns a burner Android smartphone into a home security system, by using its accelerometer and other sensors to check for vibrations, changes in light, or other indicators that someone might be invading your physical space when you’re not there.

Also, remember how artificial intelligence is taking over the world? That’s fun! But also not ideal, especially given how easily image-recognition AI can be fooled by so-called adversarial examples. Specifically, MIT researchers convinced Google’s Cloud Vision API that a stack of rifles was in fact a helicopter, despite not knowing precisely how the targeted algorithm works.

Elsewhere, an HHS hackathon to combat the opioid crisis was well-intentioned, and resulted in some novel ideas. But whatever gains it may have made can’t compete with the much bigger issue of the government defunding health care initiatives generally. And finally, if you were thinking of gifting a toy that connects to the internet, it’s not too late to … not do that.

But, wait, there's more! As always, we’ve rounded up all the news we didn’t break or cover in depth this week. Click on the headlines to read the full stories. And stay safe out there.

When WhatsApp announced that it would begin sharing some user data with parent company Facebook in 2016, several users saw it as as something of a betrayal, especially given how many people rely on WhatsApp specifically for its privacy protections. Now, count France among those aggrieved party. The country’s data-protection watchdog said this week that it has to stop sharing that data. At worst, WhatsApp faces a fine, which presumably it could easily afford. But the censure at least draws more attention to an already controversial move, and hopefully reminds people that if WhatsApp knows something about you, Facebook probably does too.

Internet-connected cameras are notoriously susceptible to hacks, which normally just means they get caught up in a botnet, or maybe get used for general creeping. Not so in Washington, DC, where 65 percent of outdoor surveillance cameras were allegedly compromised by a pair of Romanian hackers, and used as part of a moderately elaborate ransomware scheme. Each camera was connected to a computer, and the hackers allegedly intended to use those computers to distribute spam containing ransomware malware to nearly 180,00 email address. It’s a roundabout plot, but the lesson remains the same as it ever was: The Internet of Things is a wreck and always will be.

Cuphead is a very popular, very difficult game, one that you can only find on XboX One or on PCs. Until this week, when you could ever so briefly download a knockoff version for iOS that snuck its way into Apple’s App Store. App scams aren’t expressly new, although they more commonly plague the Google Play Store. The $5 Cuphead knockoff also distinguished itself by being a fully functional, albeit somewhat janky, download.