TRANSLATION: Worst-case scenario is now in play - HT Flash 0day with NO patch is now being used to deliver Cryptolockers via exploit kits — InfoSec Taylor (@SwiftOnSecurity) July 8, 2015

Security experts say attackers have now unleashed those tools on the internet, leaving all computers vulnerable until Adobe patches Flash, which it's expected to do tomorrow. Malwarebytes called it "one of the fastest documented cases of an immediate weaponization in the wild, possibly thanks to the detailed instructions left by the Hacking Team." So what can you do about it? Obviously, be careful about which sites you visit, but you may also want to either enable "click-to-play" for the Flash plug-in or disable it completely, as detailed by How-To Geek.

Meanwhile, there are questions about how this shitstorm happened in the first place. As Forbes pointed out, leaked emails show that the FBI and DEA were keen on Hacking Team's software, which can run $500,000 for a full cross-platform setup. Other emails revealed that Hacking Team sold its wares to oppressive regimes in countries like Sudan.

TRANSLATION: This means you can get a Cryptolocker/virus just by browsing the web with a fully-patched machine RIGHT NOW. Take action above. — InfoSec Taylor (@SwiftOnSecurity) July 8, 2015

Critics argue that increased cyber-spying by governments begets ultra-sophisticated hacking tools that can fall into the wrong hands. That in turn makes everyone more vulnerable, as today's attack proves (again). Ironically, FBI director James Comey is also trying to convince lawmakers today that it should be trusted with backdoor access to encrypted cellphones. However, given the competence and questionable ethics of the companies it works with, it's hard to see how that's a good idea.