Eight years after a researcher warned WhatsApp that it was potential to extract consumer telephone numbers en masse from the Meta-owned app, one other staff of researchers discovered that they may nonetheless do precisely that utilizing the same approach. The problem stems from WhatsApp’s discovery function, which permits somebody to enter an individual’s telephone quantity to see in the event that they’re on the app. By doing this billions of instances—which WhatsApp did not stop—researchers from the College of Vienna uncovered what they’re calling “the most extensive exposure of phone numbers” ever.
Vaping is a serious downside in US excessive faculties. However is the answer to spy on college students in the toilet? An investigation by The 74, copublished with WIRED, discovered that faculties round the nation are turning to vape detectors in an effort to crack down on nicotine and hashish consumption on college grounds. A few of the vape detectors go far past detecting vapor by together with microphones that are surprisingly correct and revealing. Whereas few defend dependancy and drug use, even non-vapers say the added surveillance and the punishments that end result go too far.
Don’t look now, however that outdated networking gear your organization hasn’t thought of in years could bounce out and chew you. Tech large Cisco this week launched a brand new initiative, warning companies that AI tools are making it increasingly simple for attackers to find vulnerabilities in outdated and unpatched networking infrastructure. The message: Improve or else.
For those who’ve ever attended a convention, you in all probability apprehensive about getting sick in the cesspools that are a convention heart. However one hacker convention in New Zealand, Kawaiicon, invented a novel manner to preserve attendees slightly bit safer. By monitoring the CO2 ranges in every convention room, Kawaiicon’s organizers had been in a position to create a real-time air-quality monitoring system, which might inform folks which rooms had been protected and which appeared … gross. The undertaking brings new that means to antivirus monitoring.
And that’s not all. Every week, we spherical up the safety and privateness information we didn’t cowl in depth ourselves. Click on the headlines to learn the full tales. And keep protected on the market.
The US Border Patrol is working a predictive-intelligence program that displays tens of millions of American drivers far past the border, in accordance to an in depth investigation by the Related Press. A community of covert license-plate readers—usually hidden inside site visitors cones, barrels, and roadside gear—feeds information into an algorithm that flags “suspicious” routes, fast turnarounds, and journey to and from border areas. Native police are then alerted, leading to site visitors stops for minor infractions like window-tint violations, air fresheners, or marginal dashing. AP reviewed police information displaying that drivers had been questioned, searched, and typically arrested regardless of no contraband being discovered.
Inner group chats obtained by public-records requests present Border Patrol brokers and Texas deputies sharing lodge information, rental automotive standing, dwelling addresses, and social media details of US residents in actual time whereas coordinating what officers name “whisper stops” to obscure federal involvement. The AP recognized plate-reader websites greater than 120 miles from the Mexican border in the Phoenix space, in addition to places in metropolitan Detroit and close to the Michigan-Indiana line that seize site visitors headed towards Chicago and Gary. Border Patrol additionally faucets DEA plate-reader networks and has, at varied instances, accessed techniques run by Rekor, Vigilant Options, and Flock Security.
CBP says the program is ruled by “stringent” insurance policies and constitutional safeguards, however authorized consultants advised AP that its scale raises new Fourth Modification considerations. A UC Legislation San Francisco official mentioned the system quantities to a “dragnet” monitoring Individuals’ actions, associations, and day by day routines.
Microsoft claims to have mitigated the largest distributed denial-of-service (DDoS) assault ever recorded in a cloud setting—a 15.72 Tbps, 3.64-billion-pps barrage launched on October 24 towards a single Azure endpoint in Australia. Microsoft says The assault “originated from the Aisuru botnet,” a Turbo-Mirai–class IoT community of compromised dwelling routers, cameras, and different client units. Greater than 500,000 IP addresses are mentioned to have participated, producing a large DDoS assault with little spoofing. Microsoft says its world Azure DDoS Safety community absorbed the site visitors with out service disruption. Microsoft described the assault as the “the largest DDoS ever noticed in the cloud,” emphasizing the single endpoint; nonetheless, Cloudflare additionally not too long ago reported a 22.2 Tbps flood, naming it the largest DDoS assault ever seen.
Researchers notice that Aisuru has not too long ago launched a number of assaults exceeding 20 Tbps and is increasing its capabilities to embody credential stuffing, AI-driven scraping, and HTTPS floods by way of residential proxies.
The US Securities and Change Fee has dropped its remaining claims towards SolarWinds and its CISO, Tim Brown, ending a long-running case over the firm’s 2020 supply-chain hack, by which Russian SVR operatives allegedly compromised SolarWinds’ Orion software program and triggered widespread breaches throughout authorities and business. The company’s lawsuit—filed in 2023 and centered on alleged fraud and internal-control failures—had already been principally dismantled by a federal choose in 2024. SolarWinds known as the full dismissal a vindication of its argument that its disclosures and conduct had been applicable and mentioned it hopes the final result eases considerations amongst CISOs about the case’s potential chilling impact.
Legislation enforcement information present that the FBI accessed messages from a personal Sign group utilized by New York immigration court-watch activists—a community that coordinates volunteers monitoring public hearings at three federal immigration courts. In accordance to a two-page FBI/NYPD “joint situational information report” dated August 28, 2025, brokers quoted chat messages, labeled the nonviolent court docket watchers as “anarchist violent extremist actors,” and circulated the evaluation nationwide. The report did not clarify how the FBI penetrated an encrypted Sign group, but it surely claimed the information got here from a “delicate supply with glorious entry.”
The paperwork, first reported by the Guardian, had been authentic obtained by the government-transparency group Property of the People. They describe activists discussing how to enter courtrooms, movie officers, and collect figuring out details of federal personnel, however present no proof to assist the FBI’s allegation {that a} member beforehand advocated violence. A separate set of information—additionally obtained by the group—exhibits the bureau framed bizarre statement of public immigration hearings as a possible menace, whilst Immigration and Customs Enforcement has escalated courthouse arrests and set what advocates name “deportation traps.” Civil liberties consultants advised the paper that the surveillance mirrors earlier FBI campaigns concentrating on lawful dissent and dangers chilling protected political exercise.
Disclaimer: This article is sourced from external platforms. OverBeta has not independently verified the information. Readers are advised to verify details before relying on them.
