It was a week of notable firsts, although not always welcome ones. Israel responded to a Hamas cyberattack by blowing up the building that apparently housed the responsible hacking group, a new escalation in cyberwar doctrine. Google for the first time lets you limit how long it keeps your data—so go do that. And the CIA became the first intelligence agency to establish an official presence on the Tor anonymous network. For some reason.

We also took a look inside China’s draconian surveillance of the Muslim Uyghur population, and explained why yet another major dark web takedown hasn’t actually rattled the underground internet drug trade. We explained why artificial intelligence doesn’t actually “hallucinate,” as had previously been thought, and what the practice known as application shielding does—and doesn’t—do to keep code safe from hackers. We traced the strange journey of a wicked NSA zero-day that multiple hackers got their hands on illicitly, and detailed the failings of the Computer Fraud and Abuse Act, currently being used to prosecute WikiLeaks founder Julian Assange.

Elsewhere, a new indictment raises questions about the motives behind major health care hack. And in perhaps the least surprising news of the week, major cryptocurrency exchange Binance got hacked to the tune of $40 million.

And there’s more! Each week we round up the news that we didn’t break or cover in depth but that you should know about. As always, click on the headlines to read the full stories. And stay safe out there.

While a firm date hadn’t been set, special counsel Robert Mueller had been widely expected to testify about his report on Russian election interference—and Donald Trump’s obstructive tendencies—as early as May 15. Alas, it’s not to be. After Trump himself flip-flopping on whether he’s OK with it and the Justice Department sending mixed signals, House Judiciary chair Jerry Nadler confirmed Friday that Mueller won’t be making an appearance that soon. Discussions are still active, though, and Nadler has indicated that he’ll subpoena for Mueller to appear if he has to. Given the discrepancies between Mueller’s report and Barr’s interpretation of it, hopefully we won’t have to wait long to hear from the special counsel himself.

Antivirus software occupies a controversial place in the security sphere. To do its job correctly, it requires absolute access to a system. Why is that a problem? Look no further than reports this week that a hacker collective known as Fxmsp compromised three unnamed US antivirus companies, and is selling the purported source code and network access online for $300,000. Less helpful: The researchers who identified the sale listings have not named the implicated companies. Which makes sense, but also makes it hard to know at this point who to trust.

Two years ago almost to the day, Chelsea Manning was freed from the military prison that had held her for seven years. She found herself back in jail two months ago, after refusing testify against WikiLeaks. The reprieve may be short lived, though; The New York Times reports that a new grand jury will convene on May 16, where she will be asked the same questions she had previously refused to answer. Which, presumably, will once again land her back in jail.

Millions of people use Ever, a photo storage app. Presumably very, very few of them do so knowing that the photos they upload are then used to as training data for a facial recognition algorithm. And even fewer probably realize that Ever sells that facial recognition tech to third parties, as NBC News reported this week. We’re talking over 13 billion images in all. All of this is unideal for a host of reasons, but if nothing else, let it underscore the slow creep of facial recognition technology, which continues to be used in ways and places that the average photo uploader can’t be expected to understand.

More Great WIRED Stories