Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Eight years later One researcher warned WhatsApp that it was possible to extract users’ phone numbers en masse from the Meta-owned app, and another team of researchers found they could still do exactly that using similar technology. The issue stems from WhatsApp’s discovery feature, which allows anyone to enter a person’s phone number to see if they are on the app. By doing this billions of times – which WhatsApp did not prevent – researchers from the University of Vienna discovered what they call “The most comprehensive display of phone numbers” ever.
Vaping is a huge problem in American high schools. But is the solution to spy on students in the bathroom? An investigation by The 74, published in collaboration with WIRED, It found that schools across the country are turning to e-cigarette detectors in an effort to eliminate nicotine and cannabis consumption on school grounds. Some vape detectors go beyond detecting vapor by including surprisingly accurate and detector microphones. While few people defend addiction and drug use, even those who don’t use e-cigarettes say the additional monitoring and resulting penalties go too far.
Don’t look now, but old networking equipment that your company hasn’t thought about in years may jump out and bite you. This week, technology giant Cisco launched a new initiative, Companies warn that artificial intelligence tools make it increasingly easier for attackers to find vulnerabilities In legacy and unpatched network infrastructure. Message: Upgrade or else.
If you’ve ever been to a convention, you’ve probably been concerned about getting sick in the drains that are a convention center. But one New Zealand hacker conference, Kawaiicon, has invented a new way to keep attendees safer. Through tracking CO2 Levels in each conference room, Kawaiicon organizers have managed to Create a system to monitor air quality in real timewhich would tell people about safe rooms and rooms that looked… gross. The project brings a new meaning to antivirus software monitoring.
And that’s not all. Every week we round up security and privacy news that we haven’t covered in depth ourselves. Click on the titles to read the full stories. And stay safe out there.
The U.S. Border Patrol runs a predictive intelligence program that monitors millions of American drivers far from the border, according to a detailed investigation by The Associated Press. A network of secret license plate readers — often hidden inside traffic cones, barrels, and roadside equipment — feeds data into an algorithm that identifies “suspicious” routes, quick detours, and travel to and from border areas. Local police are then alerted, triggering traffic stops for minor violations such as window tint, air freshener or negligent speeding violations. The Associated Press reviewed police records showing that drivers were questioned, searched and sometimes arrested even though no contraband was found.
Internal group chats obtained through public records requests show Border Patrol agents and Texas deputies sharing hotel records, rental car status, home addresses and social media details of American citizens in real time, while coordinating what officers call “whisper stations” to hide federal involvement. The Associated Press identified license plate reader locations more than 120 miles from the Mexican border in the Phoenix area, as well as locations in metropolitan Detroit and near the Michigan-Indiana line that picks up traffic headed toward Chicago and Gary. The Border Patrol also exploits Drug Enforcement Administration (DEA) plate reader networks and has, at various times, gained access to systems operated by Rekor, Vigilant Solutions, and Flock Safety.
Customs and Border Protection says the program is subject to “strict” policies and constitutional safeguards, but legal experts told the AP that its scope raises new Fourth Amendment concerns. An official at the University of California, San Francisco, said the system amounts to a “cloud network” that tracks Americans’ movements, connections and daily routines.
Microsoft claims to have mitigated the largest distributed denial of service (DDoS) attack ever recorded in a cloud environment — a 15.72 Tbps, 3.64 billion Tbps barrage launched on October 24 against a single Azure endpoint in Australia. Microsoft says the attack “originated from the Aisuru botnet,” a Turbo-Mirai IoT network made up of vulnerable home routers, cameras, and other consumer devices. More than 500,000 IP addresses were said to have been involved, creating a massive DDoS attack with little spoofing. Microsoft says its global Azure DDoS Protection network accommodated traffic without interruption of service. Microsoft described the attack as “the largest DDoS attack ever observed in the cloud,” emphasizing the single endpoint; However, Cloudflare also recently reported a 22.2 Tbps floodingHe described it as the largest DDoS attack ever.
Researchers note that Aisuru has recently launched multiple attacks exceeding 20TB/s and is expanding its capabilities to include credential stuffing, AI-based scraping, and HTTPS flooding via residential proxies.
The U.S. Securities and Exchange Commission has dropped its remaining claims against SolarWinds and its CIO, Tim Brown, ending a long-running case over the company’s supply chain breach in 2020, in which Russian SVR agents allegedly compromised SolarWinds’ Orion software and caused widespread breaches across government and industry. The agency’s lawsuit — filed in 2023 and centered on alleged fraud and internal control failures — has already been mostly dismantled by a federal judge in 2024. SolarWinds called the full dismissal a vindication of its argument that its disclosures and conduct were appropriate, and said it hoped the outcome would ease concerns among information security officials about the potential chilling effect of the case.
Law enforcement records show that the FBI gained access to messages from a private Signal group used by New York immigration court watch activists — a network that coordinates volunteers who monitor public hearings in three federal immigration courts. According to a joint two-page FBI-NYPD “situational information report” dated August 28, 2025, agents quoted chat messages, described nonviolent court monitors as “violent extremist anarchist actors,” and circulated the assessment nationally. The report did not explain how the FBI hacked the encrypted Signal group, but claimed that the information came from a “sensitive source with excellent access.”
The documents, first reported by The Guardian, were originals obtained by the government transparency group People’s ownership. They describe activists discussing how to enter courtrooms, photographing officers, and collecting identifying details for federal employees, but they provide no evidence to support the FBI’s claim that a member had previously called for violence. A separate set of records — also obtained by the group — show that the office positioned regular monitoring of public immigration hearings as a potential threat, even as ICE escalated detentions in courthouses and set what advocates call “deportation traps.” Civil liberties experts told the newspaper that the surveillance mirrors previous FBI campaigns targeting legal dissent and risks discouraging protected political activity.