Eight years after a researcher warned WhatsApp that it was possible to extract user phone numbers en masse from the Meta-owned app, another team of researchers found that they could still do exactly that using a similar technique. The issue stems from WhatsAppâs discovery feature, which allows someone to enter a personâs phone number to see if theyâre on the app. By doing this billions of timesâwhich WhatsApp did not preventâresearchers from the University of Vienna uncovered what theyâre calling âthe most extensive exposure of phone numbersâ ever.
Vaping is a major problem in US high schools. But is the solution to spy on students in the bathroom? [An investigation by The 74, copublished wiâŚ
Eight years after a researcher warned WhatsApp that it was possible to extract user phone numbers en masse from the Meta-owned app, another team of researchers found that they could still do exactly that using a similar technique. The issue stems from WhatsAppâs discovery feature, which allows someone to enter a personâs phone number to see if theyâre on the app. By doing this billions of timesâwhich WhatsApp did not preventâresearchers from the University of Vienna uncovered what theyâre calling âthe most extensive exposure of phone numbersâ ever.
Vaping is a major problem in US high schools. But is the solution to spy on students in the bathroom? An investigation by The 74, copublished with WIRED, found that schools around the country are turning to vape detectors in an effort to crack down on nicotine and cannabis consumption on school grounds. Some of the vape detectors go far beyond detecting vapor by including microphones that are surprisingly accurate and revealing. While few defend addiction and drug use, even non-vapers say the added surveillance and the punishments that result go too far.
Donât look now, but that old networking equipment your company hasnât thought about in years may jump out and bite you. Tech giant Cisco this week launched a new initiative, warning companies that AI tools are making it increasingly simple for attackers to find vulnerabilities in outdated and unpatched networking infrastructure. The message: Upgrade or else.
If youâve ever attended a conference, you probably worried about getting sick in the cesspools that are a conference center. But one hacker conference in New Zealand, Kawaiicon, invented a novel way to keep attendees a little bit safer. By tracking the CO2 levels in each conference room, Kawaiiconâs organizers were able to create a real-time air-quality monitoring system, which would tell people which rooms were safe and which seemed ⌠gross. The project brings new meaning to antivirus monitoring.
And thatâs not all. Each week, we round up the security and privacy news we didnât cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
The US Border Patrol is operating a predictive-intelligence program that monitors millions of American drivers far beyond the border, according to a detailed investigation by the Associated Press. A network of covert license-plate readersâoften hidden inside traffic cones, barrels, and roadside equipmentâfeeds data into an algorithm that flags âsuspiciousâ routes, quick turnarounds, and travel to and from border regions. Local police are then alerted, resulting in traffic stops for minor infractions like window-tint violations, air fresheners, or marginal speeding. AP reviewed police records showing that drivers were questioned, searched, and sometimes arrested despite no contraband being found.
Internal group chats obtained through public-records requests show Border Patrol agents and Texas deputies sharing hotel records, rental car status, home addresses, and social media details of US citizens in real time while coordinating what officers call âwhisper stopsâ to obscure federal involvement. The AP identified plate-reader sites more than 120 miles from the Mexican border in the Phoenix area, as well as locations in metropolitan Detroit and near the Michigan-Indiana line that capture traffic headed toward Chicago and Gary. Border Patrol also taps DEA plate-reader networks and has, at various times, accessed systems run by Rekor, Vigilant Solutions, and Flock Safety.
CBP says the program is governed by âstringentâ policies and constitutional safeguards, but legal experts told AP that its scale raises new Fourth Amendment concerns. A UC Law San Francisco official said the system amounts to a âdragnetâ tracking Americansâ movements, associations, and daily routines.
Microsoft Thwarts Record-Breaking Cloud DDoS Attack
Microsoft claims to have mitigated the largest distributed denial-of-service (DDoS) attack ever recorded in a cloud environmentâa 15.72 Tbps, 3.64-billion-pps barrage launched on October 24 against a single Azure endpoint in Australia. Microsoft says The attack âoriginated from the Aisuru botnet,â a Turbo-Miraiâclass IoT network of compromised home routers, cameras, and other consumer devices. More than 500,000 IP addresses are said to have participated, generating a massive DDoS attack with little spoofing. Microsoft says its global Azure DDoS Protection network absorbed the traffic without service disruption. Microsoft described the attack as the âthe largest DDoS ever observed in the cloud,â emphasizing the single endpoint; however, Cloudflare also recently reported a 22.2 Tbps flood, naming it the largest DDoS attack ever seen.
Researchers note that Aisuru has recently launched multiple attacks exceeding 20 Tbps and is expanding its capabilities to include credential stuffing, AI-driven scraping, and HTTPS floods via residential proxies.
SEC Drops Claims Against SolarWinds Over Historic 2020 Hack
The US Securities and Exchange Commission has dropped its remaining claims against SolarWinds and its CISO, Tim Brown, ending a long-running case over the companyâs 2020 supply-chain hack, in which Russian SVR operatives allegedly compromised SolarWindsâ Orion software and triggered widespread breaches across government and industry. The agencyâs lawsuitâfiled in 2023 and centered on alleged fraud and internal-control failuresâhad already been mostly dismantled by a federal judge in 2024. SolarWinds called the full dismissal a vindication of its argument that its disclosures and conduct were appropriate and said it hopes the outcome eases concerns among CISOs about the caseâs potential chilling effect.
FBI Spied on Immigration Activist Signal Group
Law enforcement records show that the FBI accessed messages from a private Signal group used by New York immigration court-watch activistsâa network that coordinates volunteers monitoring public hearings at three federal immigration courts. According to a two-page FBI/NYPD âjoint situational information reportâ dated August 28, 2025, agents quoted chat messages, labeled the nonviolent court watchers as âanarchist violent extremist actors,â and circulated the assessment nationwide. The report did not explain how the FBI penetrated an encrypted Signal group, but it claimed the information came from a âsensitive source with excellent access.â
The documents, first reported by the Guardian, were original obtained by the government-transparency group Property of the People. They describe activists discussing how to enter courtrooms, film officers, and gather identifying details of federal personnel, but provide no evidence to support the FBIâs allegation that a member previously advocated violence. A separate set of recordsâalso obtained by the groupâshows the bureau framed ordinary observation of public immigration hearings as a potential threat, even as Immigration and Customs Enforcement has escalated courthouse arrests and set what advocates call âdeportation traps.â Civil liberties experts told the paper that the surveillance mirrors earlier FBI campaigns targeting lawful dissent and risks chilling protected political activity.