Hacking Team is an Italian company that develops counter-security (i.e. hacking) software. They claim to provide their tools only to NATO partners, but there have long been suspicions that their client list includes oppressive governments. These claims have always been denied by the company, but a recent, comprehensive hack against their servers has confirmed Hacking Group sells their software to anyone who asks, including Kazakhstan, Sudan, Russia, Saudi Arabia, Egypt and Malaysia.

Nobody has yet claimed credit for the hack and data scoop, but whoever did it, they have done the world a favour in exposing the practices of Hacking Group. Unfortunately, in publishing the information obtained in the hack, at least one serious – and unpatched – Flash vulnerability has also been exposed.

Adobe responded to the publication of the vulnerability with a Flash security bulletin, in which they confirm that the vulnerability and exploit exist, and that they are currently working on a fix (expected later today). Meanwhile, the exploit has already found itself into hacking toolkits.

Anyone still using a web browser with Flash enabled should consider disabling Flash until this vulnerability is patched.

Update 2015Jul08: Bruce Schneier points out that Hacking Team’s practices are even worse than predicted, and doesn’t expect the company to survive.