The Dumbest Hack of the Year Exposed a Very Real Problem
In April 2026 a hacker hijacked Bluetooth‑enabled crosswalk buttons in multiple U.S. cities, uploading spoofed recordings of tech CEOs by exploiting the default password "1234" used by Polara devices. The breach affected intersections in Menlo Park, Redwood City, Palo Alto, Seattle and Denver, exposing how municipal officials were unprepared for cyber‑physical attacks. Vendor Synapse ITS, which now owns Polara, responded by tightening password policies and adding verification steps. The incident has sparked calls for stronger cybersecurity clauses in public‑infrastructure contracts.
Your Push Notifications Aren’t Safe From the FBI
The FBI revealed that push‑notification data can survive app removal, allowing encrypted Signal messages to be recovered from a phone’s internal cache. Anthropic announced its Claude Mythos Preview model, limited to a handful of leading tech and finance firms for...
.mp4)
How the Internet Broke Everyone’s Bullshit Detectors
The rapid rise of AI‑generated and synthetic media is outpacing verification tools, as illustrated by Iran‑linked outlets producing Lego‑style propaganda within 24 hours and the White House’s teaser videos that sparked confusion. Automated traffic now drives about 51% of internet...
The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz
Conflict in the Gulf has left roughly 1,900 commercial vessels stranded in the Strait of Hormuz, exposing a systemic failure in maritime ownership and regulation. Seafarers like India’s PK Vijay remain on abandoned ships such as the Mahakal without pay,...
How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work
President Donald Trump is reportedly weighing a ground operation to seize Iran's highly enriched uranium, potentially deploying 3,000 troops from the 82nd Airborne Division. Experts say the mission would target up to ten nuclear facilities, many of which were partially...
ICE Paid the Salaries of This Town’s Entire Police Force
Carroll, New Hampshire, a town of 820 residents, received a $122,515 wire transfer from the Department of Homeland Security after its police force joined the 287(g) Task Force Model. The agreement obligates the town’s four full‑time officers to assist ICE...
Models Are Applying to Be the Face of AI Scams
A growing underground industry in Cambodia and surrounding Southeast Asian hubs is hiring young women as "AI face models" to conduct deep‑fake video calls for cryptocurrency and romance scams. Recruiters post the roles on Telegram, demanding long hours, high call...
DHS Ousts CBP Privacy Officers Who Questioned ‘Illegal’ Orders
The Department of Homeland Security reassigned several senior Customs and Border Protection privacy officials after they objected to a December directive that re‑classified Privacy Threshold Analyses (PTAs) as draft documents exempt from FOIA. The policy would allow the agency to...
A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals
Google disclosed a sophisticated iPhone‑hacking toolkit called Coruna that exploits 23 iOS vulnerabilities across versions 13 to 17.2.1. The code first appeared in a Russian‑linked espionage campaign against Ukrainian sites, then resurfaced in a criminal operation stealing cryptocurrency from Chinese‑language...
Iran’s Digital Surveillance Machine Is Almost Complete
Iran’s government imposed a near‑total internet shutdown on Jan 8, temporarily crippling even its domestic National Information Network (NIN). Researchers observed that the abrupt blackout deviated from the regime’s refined playbook, suggesting panic or technical failure. The NIN, controlled largely by...
ICE and CBP’s Face-Recognition App Can’t Actually Verify Who People Are
The Department of Homeland Security rolled out the Mobile Fortify app in spring 2025 to let ICE and CBP agents scan faces and generate candidate matches, but the technology cannot positively verify identities. Records show the tool has been used over...
How Data Brokers Can Fuel Violence Against Public Servants
A new Public Service Alliance report finds that state consumer‑privacy statutes fail to shield public employees from data‑broker exploitation, creating a "data‑to‑violence pipeline." The analysis of 19 laws shows no right for officials to compel redaction of personal details from...
He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive
A former employee of a crypto‑romance scam compound in Laos, calling himself Red Bull, leaked extensive internal documents exposing how pig‑butchering operations function. He described forced‑labor conditions, daily quotas, and a reward system that celebrates six‑figure fraud wins. After being captured...
DOGE May Have Misused Social Security Data, DOJ Admits
The Department of Justice disclosed that operatives from the Department of Government Efficiency (DOGE) may have improperly accessed and shared Social Security Administration (SSA) data. Internal emails show a password‑protected file containing roughly 1,000 individuals’ names and addresses was transmitted...
149 Million Usernames and Passwords Exposed by Unsecured Database
A publicly accessible database containing 149 million usernames and passwords—including 48 million Gmail, 17 million Facebook, and Binance credentials—was removed after security researcher Jeremiah Fowler reported it to the hosting provider. The collection also featured government, banking, and streaming service logins, suggesting it...
ICE Agents Are ‘Doxing’ Themselves
A crowdsourced site called ICE List has published profiles of roughly 4,500 DHS employees, drawing on publicly available LinkedIn, payroll and data‑broker records. WIRED’s investigation shows that about 90% of the entries rely on self‑posted information rather than a secret...
Surveillance and ICE Are Driving Patients Away From Medical Care, Report Warns
A new EPIC report warns that the U.S. health‑privacy crisis is deepening as data brokers sell medical information and ICE agents operate inside hospitals. Outdated privacy statutes and lax enforcement let private firms and government agencies harvest, share, and repurpose...
Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking
Researchers at KU Leuven uncovered critical Fast Pair flaws in 17 audio accessories from ten manufacturers, enabling a WhisperPair attack that silently hijacks Bluetooth earbuds, headphones, and speakers within 50 feet. The vulnerability lets attackers take control of audio streams, activate...
Security News This Week: ICE Can Now Spy on Every Phone in Your Neighborhood
This week’s security roundup highlighted ICE’s deployment of Penlink’s Tangles and Webloc tools, enabling block‑level phone tracking across neighborhoods. Meanwhile, xAI’s Grok chatbot drew criticism for generating graphic sexual imagery, prompting X to restrict access to verified users. Iran imposed...
How to Protest Safely in the Age of Surveillance
Protests erupted after a federal officer killed Renee Nicole Good in Minneapolis, sparking nationwide unrest against the Trump administration's immigration policies. Activists warn that modern surveillance tools—from IMSI catchers to facial‑recognition cameras—are being deployed to monitor and suppress dissent. The...
8 WhatsApp Features to Boost Your Security and Privacy
WhatsApp, with over 3 billion users, faces growing security threats such as GhostPairing and mass phone‑number exposure. Meta has added a suite of privacy tools—including Privacy Checkup, disappearing messages, two‑factor authentication with PIN, app and chat locks, advanced security settings, and...
How to Protect Your iPhone or Android Device From Spyware
Recent zero‑click spyware attacks on iPhone and Android devices have prompted Apple and Google to release critical patches. High‑profile victims such as Jeff Bezos and activists illustrate the threat’s reach beyond nation‑state targets. Experts advise using Lockdown Mode, Android Advanced...
Fears Mount That US Federal Cybersecurity Is Stagnating—Or Worse
U.S. federal cybersecurity faces a potential setback as the Cybersecurity and Infrastructure Security Agency (CISA) shed roughly 1,000 employees, leaving a 40% vacancy rate across critical mission areas. Recent White House staffing cuts, compounded by the lingering effects of the...
The Worst Hacks of 2025
The worst cyber incidents of 2025 ranged from supply‑chain breaches of Salesforce integrations to ransomware attacks on Oracle’s E‑Business platform, massive data leaks at Aflac and Mixpanel, and a production‑shutting hack of Jaguar Land Rover. Hackers leveraged third‑party connectors, exploited...
The New Surveillance State Is You
In the first year of President Trump’s second term, citizens have flooded social media with videos and apps that track ICE and other federal agents during raids and arrests. The Department of Homeland Security responded with subpoenas to Meta, criminal...
The US Must Stop Underestimating Drone Warfare
The article warns that the United States is vulnerable to low‑cost commercial drone attacks, citing recent strikes by Ukraine, Israel, and Houthi rebels that demonstrated drones’ ability to hit high‑value targets far from battlefields. Despite the Pentagon’s 2025 budget allocating...
Hackers Stole Millions of PornHub Users’ Data for Extortion
Hackers from the ShinyHunters subgroup of the Com stole more than 200 million PornHub user records and began extorting the site. At the same time, a critical Cisco AsyncOS zero‑day has been exploited since November with no patch available, threatening enterprise...
ICE Seeks Cyber Upgrade to Better Surveil and Investigate Its Employees
Immigration and Customs Enforcement is renewing its Cyber Defense and Intelligence Support Services contract to broaden digital surveillance of employee activity. The updated agreement mandates continuous network monitoring, automated anomaly detection, and systematic archiving of logs from servers, workstations, and...