Eight years after a researcher warned WhatsApp that it was possible to extract user phone numbers en masse from the Meta-owned app, another team of researchers found that they could still do exactly that using a similar technique. The issue stems from WhatsApp’s discovery feature, which allows someone to enter a person’s phone number to see if they’re on the app. By doing this billions of times—which WhatsApp did not prevent—researchers from the University of Vienna uncovered what they’re calling “the most extensive exposure of phone numbers” ever.
Vaping is a major problem in US high schools. But is the solution to spy on students in the bathroom? An investigation by The 74, copublished with WIRED, found that schools around the country are turning to vape detectors in an effort to crack down on nicotine and cannabis consumption on school grounds. Some of the vape detectors go far beyond detecting vapor by including microphones that are surprisingly accurate and revealing. While few defend addiction and drug use, even non-vapers say the added surveillance and the punishments that result go too far.
Don’t look now, but that old networking equipment your company hasn’t thought about in years may jump out and bite you. Tech giant Cisco this week launched a new initiative, warning companies that AI tools are making it increasingly simple for attackers to find vulnerabilities in outdated and unpatched networking infrastructure. The message: Upgrade or else.
If you’ve ever attended a conference, you probably worried about getting sick in the cesspools that are a conference center. But one hacker conference in New Zealand, Kawaiicon, invented a novel way to keep attendees a little bit safer. By tracking the CO2 levels in each conference room, Kawaiicon’s organizers were able to create a real-time air-quality monitoring system, which would tell people which rooms were safe and which seemed … gross. The project brings new meaning to antivirus monitoring.
And that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
The US Border Patrol is operating a predictive-intelligence program that monitors millions of American drivers far beyond the border, according to a detailed investigation by the Associated Press. A network of covert license-plate readers—often hidden inside traffic cones, barrels, and roadside equipment—feeds data into an algorithm that flags “suspicious” routes, quick turnarounds, and travel to and from border regions. Local police are then alerted, resulting in traffic stops for minor infractions like window-tint violations, air fresheners, or marginal speeding. AP reviewed police records showing that drivers were questioned, searched, and sometimes arrested despite no contraband being found.
Internal group chats obtained through public-records requests show Border Patrol agents and Texas deputies sharing hotel records, rental car status, home addresses, and social media details of US citizens in real time while coordinating what officers call “whisper stops” to obscure federal involvement. The AP identified plate-reader sites more than 120 miles from the Mexican border in the Phoenix area, as well as locations in metropolitan Detroit and near the Michigan-Indiana line that capture traffic headed toward Chicago and Gary. Border Patrol also taps DEA plate-reader networks and has, at various times, accessed systems run by Rekor, Vigilant Solutions, and Flock Safety.
CBP says the program is governed by “stringent” policies and constitutional safeguards, but legal experts told AP that its scale raises new Fourth Amendment concerns. A UC Law San Francisco official said the system amounts to a “dragnet” tracking Americans’ movements, associations, and daily routines.
Microsoft claims to have mitigated the largest distributed denial-of-service (DDoS) attack ever recorded in a cloud environment—a 15.72 Tbps, 3.64-billion-pps barrage launched on October 24 against a single Azure endpoint in Australia. Microsoft says The attack “originated from the Aisuru botnet,” a Turbo-Mirai–class IoT network of compromised home routers, cameras, and other consumer devices. More than 500,000 IP addresses are said to have participated, generating a massive DDoS attack with little spoofing. Microsoft says its global Azure DDoS Protection network absorbed the traffic without service disruption. Microsoft described the attack as the “the largest DDoS ever observed in the cloud,” emphasizing the single endpoint; however, Cloudflare also recently reported a 22.2 Tbps flood, naming it the largest DDoS attack ever seen.
Researchers note that Aisuru has recently launched multiple attacks exceeding 20 Tbps and is expanding its capabilities to include credential stuffing, AI-driven scraping, and HTTPS floods via residential proxies.
The US Securities and Exchange Commission has dropped its remaining claims against SolarWinds and its CISO, Tim Brown, ending a long-running case over the company’s 2020 supply-chain hack, in which Russian SVR operatives allegedly compromised SolarWinds’ Orion software and triggered widespread breaches across government and industry. The agency’s lawsuit—filed in 2023 and centered on alleged fraud and internal-control failures—had already been mostly dismantled by a federal judge in 2024. SolarWinds called the full dismissal a vindication of its argument that its disclosures and conduct were appropriate and said it hopes the outcome eases concerns among CISOs about the case’s potential chilling effect.
Law enforcement records show that the FBI accessed messages from a private Signal group used by New York immigration court-watch activists—a network that coordinates volunteers monitoring public hearings at three federal immigration courts. According to a two-page FBI/NYPD “joint situational information report” dated August 28, 2025, agents quoted chat messages, labeled the nonviolent court watchers as “anarchist violent extremist actors,” and circulated the assessment nationwide. The report did not explain how the FBI penetrated an encrypted Signal group, but it claimed the information came from a “sensitive source with excellent access.”
The documents, first reported by the Guardian, were original obtained by the government-transparency group Property of the People. They describe activists discussing how to enter courtrooms, film officers, and gather identifying details of federal personnel, but provide no evidence to support the FBI’s allegation that a member previously advocated violence. A separate set of records—also obtained by the group—shows the bureau framed ordinary observation of public immigration hearings as a potential threat, even as Immigration and Customs Enforcement has escalated courthouse arrests and set what advocates call “deportation traps.” Civil liberties experts told the paper that the surveillance mirrors earlier FBI campaigns targeting lawful dissent and risks chilling protected political activity.
