[ad_1]
Eight years after a researcher warned WhatsApp that it was doable to extract person cellphone numbers en masse from the Meta-owned app, one other staff of researchers discovered that they might nonetheless do precisely that utilizing the same method. The difficulty stems from WhatsApp’s discovery characteristic, which permits somebody to enter an individual’s cellphone quantity to see in the event that they’re on the app. By doing this billions of instances—which WhatsApp didn’t stop—researchers from the College of Vienna uncovered what they’re calling “essentially the most intensive publicity of cellphone numbers” ever.
Vaping is a serious drawback in US excessive faculties. However is the answer to spy on college students within the rest room? An investigation by The 74, copublished with WIRED, discovered that faculties across the nation are turning to vape detectors in an effort to crack down on nicotine and hashish consumption on college grounds. A number of the vape detectors go far past detecting vapor by together with microphones which might be surprisingly correct and revealing. Whereas few defend dependancy and drug use, even non-vapers say the added surveillance and the punishments that consequence go too far.
Don’t look now, however that previous networking tools your organization hasn’t considered in years might bounce out and chew you. Tech large Cisco this week launched a brand new initiative, warning corporations that AI instruments are making it more and more easy for attackers to seek out vulnerabilities in outdated and unpatched networking infrastructure. The message: Improve or else.
If you happen to’ve ever attended a convention, you most likely frightened about getting sick within the cesspools which might be a convention heart. However one hacker convention in New Zealand, Kawaiicon, invented a novel technique to maintain attendees a bit bit safer. By monitoring the CO2 ranges in every convention room, Kawaiicon’s organizers have been in a position to create a real-time air-quality monitoring system, which might inform individuals which rooms have been protected and which appeared … gross. The venture brings new which means to antivirus monitoring.
And that’s not all. Every week, we spherical up the safety and privateness information we didn’t cowl in depth ourselves. Click on the headlines to learn the total tales. And keep protected on the market.
The US Border Patrol is working a predictive-intelligence program that displays hundreds of thousands of American drivers far past the border, in keeping with an in depth investigation by the Related Press. A community of covert license-plate readers—typically hidden inside site visitors cones, barrels, and roadside tools—feeds knowledge into an algorithm that flags “suspicious” routes, fast turnarounds, and journey to and from border areas. Native police are then alerted, leading to site visitors stops for minor infractions like window-tint violations, air fresheners, or marginal rushing. AP reviewed police information exhibiting that drivers have been questioned, searched, and generally arrested regardless of no contraband being discovered.
Inside group chats obtained by way of public-records requests present Border Patrol brokers and Texas deputies sharing resort information, rental automotive standing, residence addresses, and social media particulars of US residents in actual time whereas coordinating what officers name “whisper stops” to obscure federal involvement. The AP recognized plate-reader websites greater than 120 miles from the Mexican border within the Phoenix space, in addition to places in metropolitan Detroit and close to the Michigan-Indiana line that seize site visitors headed towards Chicago and Gary. Border Patrol additionally faucets DEA plate-reader networks and has, at numerous instances, accessed techniques run by Rekor, Vigilant Options, and Flock Security.
CBP says this system is ruled by “stringent” insurance policies and constitutional safeguards, however authorized specialists advised AP that its scale raises new Fourth Modification considerations. A UC Regulation San Francisco official mentioned the system quantities to a “dragnet” monitoring Individuals’ actions, associations, and day by day routines.
Microsoft claims to have mitigated the biggest distributed denial-of-service (DDoS) assault ever recorded in a cloud atmosphere—a 15.72 Tbps, 3.64-billion-pps barrage launched on October 24 in opposition to a single Azure endpoint in Australia. Microsoft says The assault “originated from the Aisuru botnet,” a Turbo-Mirai–class IoT community of compromised residence routers, cameras, and different shopper gadgets. Greater than 500,000 IP addresses are mentioned to have participated, producing a large DDoS assault with little spoofing. Microsoft says its international Azure DDoS Safety community absorbed the site visitors with out service disruption. Microsoft described the assault because the “the biggest DDoS ever noticed within the cloud,” emphasizing the only endpoint; nonetheless, Cloudflare additionally just lately reported a 22.2 Tbps flood, naming it the biggest DDoS assault ever seen.
Researchers notice that Aisuru has just lately launched a number of assaults exceeding 20 Tbps and is increasing its capabilities to incorporate credential stuffing, AI-driven scraping, and HTTPS floods by way of residential proxies.
The US Securities and Trade Fee has dropped its remaining claims in opposition to SolarWinds and its CISO, Tim Brown, ending a long-running case over the corporate’s 2020 supply-chain hack, by which Russian SVR operatives allegedly compromised SolarWinds’ Orion software program and triggered widespread breaches throughout authorities and business. The company’s lawsuit—filed in 2023 and centered on alleged fraud and internal-control failures—had already been principally dismantled by a federal choose in 2024. SolarWinds referred to as the total dismissal a vindication of its argument that its disclosures and conduct have been applicable and mentioned it hopes the result eases considerations amongst CISOs concerning the case’s potential chilling impact.
Regulation enforcement information present that the FBI accessed messages from a non-public Sign group utilized by New York immigration court-watch activists—a community that coordinates volunteers monitoring public hearings at three federal immigration courts. In response to a two-page FBI/NYPD “joint situational data report” dated August 28, 2025, brokers quoted chat messages, labeled the nonviolent courtroom watchers as “anarchist violent extremist actors,” and circulated the evaluation nationwide. The report didn’t clarify how the FBI penetrated an encrypted Sign group, nevertheless it claimed the knowledge got here from a “delicate supply with glorious entry.”
The paperwork, first reported by the Guardian, have been unique obtained by the government-transparency group Property of the Individuals. They describe activists discussing how you can enter courtrooms, movie officers, and collect figuring out particulars of federal personnel, however present no proof to help the FBI’s allegation {that a} member beforehand advocated violence. A separate set of information—additionally obtained by the group—reveals the bureau framed peculiar commentary of public immigration hearings as a possible risk, at the same time as Immigration and Customs Enforcement has escalated courthouse arrests and set what advocates name “deportation traps.” Civil liberties specialists advised the paper that the surveillance mirrors earlier FBI campaigns concentrating on lawful dissent and dangers chilling protected political exercise.
[ad_2]
