惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Google DeepMind News
Google DeepMind News
V
Visual Studio Blog
博客园 - Franky
N
Netflix TechBlog - Medium
WordPress大学
WordPress大学
小众软件
小众软件
Jina AI
Jina AI
L
Lohrmann on Cybersecurity
罗磊的独立博客
I
Intezer
W
WeLiveSecurity
T
Tenable Blog
Cyberwarzone
Cyberwarzone
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
S
Securelist
Recent Announcements
Recent Announcements
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Engineering at Meta
Engineering at Meta
Hacker News: Ask HN
Hacker News: Ask HN
F
Full Disclosure
S
SegmentFault 最新的问题
S
Security Affairs
L
LINUX DO - 热门话题
C
CERT Recently Published Vulnerability Notes
博客园 - 叶小钗
Stack Overflow Blog
Stack Overflow Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
S
Secure Thoughts
C
CXSECURITY Database RSS Feed - CXSecurity.com
The Register - Security
The Register - Security
月光博客
月光博客
Microsoft Azure Blog
Microsoft Azure Blog
Last Week in AI
Last Week in AI
PCI Perspectives
PCI Perspectives
N
News | PayPal Newsroom
Schneier on Security
Schneier on Security
T
Threat Research - Cisco Blogs
B
Blog RSS Feed
L
LINUX DO - 最新话题
F
Fortinet All Blogs
雷峰网
雷峰网
Security Latest
Security Latest
大猫的无限游戏
大猫的无限游戏
P
Palo Alto Networks Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
V
V2EX
人人都是产品经理
人人都是产品经理
酷 壳 – CoolShell
酷 壳 – CoolShell
博客园 - 【当耐特】

Security Latest

British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted Dialog Claims It Was Hacked. A Misconfigured Website Left Its Members Exposed OpenAI Launches Full-Scale Effort to Patch Open-Source Bugs as It Takes on Anthropic’s Mythos World Cup Scams Are Getting Harder to Spot A Critical Deadline Is Approaching for Windows and Linux Security Hackers Claim to Leak Stolen Madison Square Garden Data How the Peter Thiel-Linked Dialog Club Secretly Ranks Its Members How to Watch the Knicks Parade on NYC Traffic Surveillance Cameras The UK Will Scan Asylum-Seekers’ Faces for Age Checks—Despite Knowing the Tech Is Flawed Leak Exposes Members of Peter Thiel’s Secretive ‘Dialog’ Society ‘Dangerous’ AI Models Are Coming No Matter What Meta Tapped a Pentagon Supplier to Prototype Face Recognition for Its Glasses The FCC Wants to Kill Burner Phones Grok Is Still Hosting Sexualized Deepfakes of Famous Women Drug Sites Hijacked Spotify’s Search Ranking Through Fake Podcasts Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps CISA Tells US Agencies to Fix Security Bugs in as Little as 3 Days Thanks to AI Threats Trump Risks Key Surveillance Authority Over ‘Unqualified’ Spy-Chief Pick Wrongful Arrest Exposes Failures in One of the Oldest Police Face-Recognition Tools in the US Soccer Fans, You’re Being Watched Mapping Every Flock License Plate Reader Near US World Cup Stadiums Amnesty International Warns That World Cup Fans Face Potential Human Rights Violations Anthropic Offers Mythos Upgrade for Cyber Partners and a ‘Safe’ Version for the Rest of You Meta Deletes Face-Recognition System From Its Smart Glasses App After WIRED Report All the Ways Europe Is Ditching American Technology Crypto-Funded Chinese Peptide Labs Are Booming Meta Silently Added Face-Recognition Code for Its Smart Glasses to Millions of Phones xAI Asks Court to Strip Alleged Grok Deepfake Nudes Victims of Anonymity Android Is Fighting Phone Scams With a New Feature to Prove Who’s Calling The Manhattan Institute Helped Kill DEI. Now It’s Coming for Protests The Romance Scammer Who Made a Small Fortune Posing as a WWE Superstar Websites Can Now Spy on You Through Your Hard Drive Cybercrime Crew Claims It Hacked Mike Lindell’s MyPillow The White House’s Aliens.gov Site Brags That ICE Arrested More Than 700 US Citizens The Pentagon Knew Enemies Could Track Troops’ Phones for Years. Now They Are Scammers Are Using Your Real Hotel Reservations to Trick You With Spear-Phishing Attacks Internet Starts to Return in Iran After 3-Month Blackout US Law Enforcement Warns of ‘Anti-Tech Extremism’ as AI Hatred Grows The AI Era Is Creating a Bug-Hunting Arms Race The FBI Wants ‘Near Real-Time’ Access to US License Plate Readers ‘Creepy’ Listening Tool for Targeted Ads Didn’t Actually Work, FTC Says A Hacker Group Is Poisoning Open Source Code at an Unprecedented Scale The EU Is Going Through a Trump-Fueled Breakup With Big Tech A Bipartisan Amendment Would End Police License Plate Tracking Nationwide Madison Square Garden Bans Lawyer Representing New York Cop Injured at a Boxing Match Data Brokers’ and AI Firms’ Opt-Out Forms Are Built to Fail, Report Finds You Can Get Some of Your Nudes Removed From the Internet Under a New Law An ICE Firearms Trainer Was Involved in At Least 4 Deadly Shootings Cybercriminal Twins Caught After They Forgot to Turn Off Microsoft Teams Recording Your iPhone Gets Stolen. Then the Hacking Begins DHS Plans Experiment Running ‘Reconnaissance’ Drones Along the US-Canada Border WhatsApp Adds Meta AI Chats That Are Built to Be Fully Private Foxconn Ransomware Attack Shows Nothing Is Safe Forever Iran Is Using Tiny ‘Mosquito’ Boats to Shut Down the Strait of Hormuz Hackable Robot Lawn Mower Unlocks a New Nightmare You Can Disable Gemini in Chrome if It’s Freaking You Out Cybercriminals Are Complaining About AI Slop Flooding Their Forums DHS Demanded Google Surrender Data on Canadian’s Activity, Location Over Anti-ICE Posts Disneyland Now Uses Face Recognition on Visitors OpenAI Rolls Out ‘Advanced’ Security Mode for At-Risk Accounts Exposed Data Illustrates the Nightmare Scenario for a Stalkerware Victim The Race Is on to Keep AI Agents From Running Wild With Your Credit Cards California Engineer Identified in Suspected Shooting at White House Correspondents Dinner Discord Sleuths Gained Unauthorized Access to Anthropic’s Mythos Newly Deciphered Sabotage Malware May Have Targeted Iran’s Nuclear Program—and Predates Stuxnet AI Tools Are Helping Mediocre North Korean Hackers Steal Millions Mozilla Used Anthropic’s Mythos to Find and Fix 271 Bugs in Firefox Meta Is Sued Over Scam Ads on Facebook and Instagram They Built a Legendary Privacy Tool. Now They’re Sworn Enemies The Weird, Twisting Tale of How China Spied on Alysa Liu and Her Dad It Takes 2 Minutes to Hack the EU’s New Age-Verification App Republican Mutiny Sinks Trump's Push to Extend Warrantless Surveillance The Shocking Secrets of Madison Square Garden’s Surveillance Machine Europe’s Online Age Verification App Is Here The Deepfake Nudes Crisis in Schools Is Much Worse Than You Thought In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy Telegram Is Still Hosting a Sanctioned $21 Billion Crypto Scammer Black Market The FCC Has a Fast Lane for Complaints About Trump’s Media Critics Meta Is Warned That Facial Recognition Glasses Will Arm Sexual Predators The Dumbest Hack of the Year Exposed a Very Real Problem Your Push Notifications Aren’t Safe From the FBI How the Internet Broke Everyone’s Bullshit Detectors Anthropic’s Mythos Will Force a Cybersecurity Reckoning—Just Not the One You Think Politicians Are Spending More Money on Security as They Increasingly Become Targets ‘We Were Not Ready for This’: Lebanon's Emergency System Is Hanging by a Thread Men Are Buying Hacking Tools to Use Against Their Wives and Friends Iran-Linked Hackers Are Sabotaging US Energy and Water Infrastructure Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything Border Patrol Agents Sold Challenge Coins With ‘Charlotte’s Web’ Characters in Riot Gear Hackers Are Posting the Claude Code Leak With Bonus Malware Meta Pauses Work With Mercor After Data Breach Puts AI Industry Secrets at Risk CBP Facility Codes Sure Seem to Have Leaked Via Online Flashcards ‘Uncanny Valley’: Iran’s Threats on US Tech, Trump’s Plans for Midterms, and Polymarket’s Pop-up Flop What Happens When a Nuclear Site Is Hit? Unmasking the Paramilitary Agents Behind Trump’s Violent Immigration Crackdown Apple Will Push Out Rare ‘Backported’ Patches to Protect iOS 18 Users From DarkSword Hacking Tool Iran Threatens to Start Attacking Major US Tech Firms on April 1 The US Military’s GPS Software Is an $8 Billion Mess The Broken System That Keeps Shipping Crews Stranded in the Strait of Hormuz How Trump’s Plot to Grab Iran's Nuclear Fuel Would Actually Work
Iranian Hackers Breached Kash Patel’s Email—but Not the FBI’s
2026-03-27 · via Security Latest

As the United States-Israel war with Iran barrels into its second month, President Donald Trump is reportedly plotting a potential mission to send US special forces into the country to take Tehran’s enriched uranium. Experts WIRED spoke to say such a plan would be extremely risky, likely putting the lives of troops in peril with a low chance of success.

Since the war with Iran started at the end of February, a mysterious radio station has been broadcasting seemingly random numbers in Persian. It’s unclear who is running the so-called number station, or who its intended audience is. But many speculate that it’s an intelligence operation using cipher technology that dates back more than a century.

In addition to the conflict with Iran, WIRED explored combat from many angles with our War Machine package of coverage, including the saga of one teenager who went missing amid the destruction of Gaza, the Kafkaesque challenges Palestinians face when they’re unable to get a death certificate for a loved one, a family forced into hiding over fears of US immigration agents, a peek inside the challenges at Anduril as it attempts to disrupt the defense industry, and more.

Beyond the many battles, WIRED revealed how one small New Hampshire town is having its police department’s salaries and other costs covered by Immigration and Customs Enforcement. Nearly a thousand other police departments around the US appear to be doing the same thing.

Think using a VPN gives you more privacy? Think again. A letter from US lawmakers this week questioned director of national security Tulsi Gabbard over whether US surveillance authorities allow the National Security Agency to target people who use a VPN. Due to the ways in which US law allows the targeting of people outside the US, it may not even matter if the VPN you use connects to servers overseas.

Also this week, WIRED published an excerpt from author Andrew Guthrie Ferguson’s new book, Your Data Will Be Used Against You, about the ways in which fitness trackers and biometric surveillance are further degrading your right to privacy.

Finally, the United Kingdom imposed sanctions against Xinbi Guarantee, a black market that researchers estimate has facilitated $20 billion in illicit sales. Xinbi, like other markets linked to the global scamming industry, operated on Telegram, where it managed to evade previous bans. It’s unclear whether the new sanctions will negatively impact its business in the long run.

That’s not all! Each week we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines (except the one that has no link) to read the full story. And stay safe out there.

The Iranian hacker group Handala—perhaps the most public and chaotic face of Iran’s efforts at cyber retaliation in the midst of the US and Israeli war against the country—today announced it had hacked an email account belonging to FBI director Kash Patel. “The so-called ‘impenetrable’ systems of the FBI were brought to their knees within hours by our team,” the group wrote in a statement on its website.

The first of those claims appears to be true: A collection of emails posted to the hackers’ site and labeled with the name of Patel’s apparent Gmail address appears to contain years of Patel’s messages and photos, from hotel reservations and business deals to photos of his travels and his family, mostly dated from 2010 to 2019. A Justice Department official confirmed to Reuters that Patel’s email had been breached, and that the leaked emails appeared to be real.

Handala’s second claim, however—that it hacked the FBI—seems, for now, to be fiction. All evidence points to Handala having breached Patel’s older, personal Gmail account. Widely believed to be a “hacktivist” front for Iran’s intelligence agency the MOIS, Handala suggested on its website that the emails contained classified information, but the messages initially reviewed by WIRED didn’t appear to be related to any government work. TechCrunch did find, however, that Patel appears to have forwarded some emails from his Justice Department email account to his Gmail account in 2014.

Handala, which cybersecurity experts have described to WIRED as an “opportunistic” hacker group whose cyberattacks and breaches are often calculated more for their propaganda value than their tactical impacts, has nonetheless made the most of Patel’s embarrassing breach. “To the whole world, we declare: the FBI is just a name, and behind this name, there is no real security,” the group wrote in its statement. “If your director can be compromised this easily, what do you expect from your lower-level employees?”

Handala Hackers Put $50 Million Bounty on Trump and Netanyahu’s Heads

For further evidence of Handala’s bombastic rhetoric, look no further than another post on its website earlier this week (we’re intentionally not linking to it) that offered a $50 million bounty to anyone who could “eliminate” US president Donald Trump and Israeli prime minister Benjamin Netanyahu. “This substantial prize will be awarded, directly and securely, to any individual or group bold enough to show true action against tyranny,” the hackers’ statement read, along with an invitation to any would-be assassins to reach out via the encrypted messaging app Session. “All our communication and payment channels utilize the latest encryption and anonymization technologies, your safety and confidentiality are fully guaranteed.”

That bounty, Handala explained, was posted in answer to a statement about Handala published on the US Department of Justice website last week that offered $10 million for information leading to the identity or location of anyone who carries out “malicious cyber activities against US critical infrastructure” on behalf of a foreign government.

“Our message is clear: If you truly have the will and the power, come and find us!” Handala wrote in its response. “We fear no challenge and are prepared to respond to every attack with even greater force.”

In yet another post on its website this week, Handala also claimed to have doxed 28 engineers at military contractor Lockheed Martin working in Israel and threatened them with personal harm if they didn’t leave the country within 48 hours. When WIRED tried calling the phone numbers included in Handala’s leaked data, however, most of them didn’t work.

4 Years in, Apple’s Pegasus-Killer Remains Undefeated, Company Says

Apple says no device with its Lockdown Mode security feature enabled has ever been successfully compromised by mercenary spyware in the nearly four years since its launch. Amnesty International’s security lab head, Donncha Ó Cearbhaill, also says his team has seen no evidence of a successful attack against a Lockdown Mode–enabled iPhone. And Citizen Lab, which has documented several successful spyware attacks against iPhones, says none involve a Lockdown Mode bypass, while in two cases its researchers found the feature actively blocked attacks against NSO Group’s Pegasus and Intellexa’s Predator. Google researchers, meanwhile, found one spyware strain that simply abandons infection attempts when it detects the feature is enabled.

Lockdown Mode works by disabling commonly exploited iPhone features, such as most message attachment types and features like links and link previews. Incoming FaceTime calls are blocked unless the user has previously called that person within the past 30 days. When the iPhone is locked, it blocks connections with computers and accessories. The device will not automatically join nonsecure Wi-Fi networks, and 2G and 3G support is disabled. Apple has also doubled bounties for researchers who detect any Lockdown Mode bypass, with payouts up to $2 million.

Security researcher Patrick Wardle tells TechCrunch that Lockdown Mode is the most aggressive consumer-facing hardening feature ever shipped, noting that it eliminates entire exploit classes instead of patching individual flaws. Apple has reportedly sent spyware notifications to users in 150 countries. While it remains possible a bypass has gone undetected, Amnesty and Citizen Lab backing up Apple’s claims is a strong sign the feature is working as intended.

Russia Is Planning to Use Its Own Encryption for 5G

A proposed Russian law currently moving through the country’s legislative process would require that telecoms implement an encryption algorithm developed in Russia for all domestic 5G mobile networks. If the bill succeeds, all 5G mobile devices sold in Russia would need to support the homegrown encryption, known as NEA-7, to be able to connect to 5G. The bill includes a provision to phase out support for foreign algorithms by 2032—including the US’s AES, China’s ZUC, and the EU’s SNOW. The law seems focused, at least in part, on making it harder for Ukrainian drones (or those of other enemies) to use Russian SIM cards to aid infrastructure targeting. It also fits into the Kremlin’s years-long effort to isolate and exert control over the Russian internet. If passed, though, the law could severely hinder 5G expansion in Russia given that there currently isn’t cell tower equipment that supports NEA-7.

33 Data Brokers Admitted They Sell Americans’ Data to China, Russia, and Iran

The California Privacy Protection Agency updated its data broker registry on Tuesday with a concerning revelation: At least 33 data brokers self-reported selling or sharing Californians’ personal information with entities in China, Russia, North Korea, or Iran—the four nations California’s data broker law treats as foreign adversaries. (The registry doesn’t distinguish between sales to those nations’ governments and sales to private companies headquartered or incorporated there.)

The registry is significant even for users throughout the US, as California is the only state that statutorily requires this disclosure. China, Russia, North Korea, or Iran all have legal frameworks that can compel domestic companies to share data with state intelligence services, and all are active cyber adversaries of the United States. The US government considers even routine commercial data sales to private entities in those jurisdictions to be a national security risk.

Named companies include Cision, CoStar, Epsilon, HubSpot, Healthcare Inc., and Moody's, among others. Some of the 33 brokers have since claimed they incorrectly declared their own sales to entities in those countries on their filings, but as the Electronic Privacy Information Center noted, the reporting errors could cut both ways: If some brokers overstated their foreign sales, others may have understated theirs.