惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Apple Machine Learning Research
Apple Machine Learning Research
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
S
Security @ Cisco Blogs
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Cisco Talos Blog
Cisco Talos Blog
Cyberwarzone
Cyberwarzone
SecWiki News
SecWiki News
Webroot Blog
Webroot Blog
L
LINUX DO - 最新话题
V
Vulnerabilities – Threatpost
T
Troy Hunt's Blog
Cloudbric
Cloudbric
L
LINUX DO - 热门话题
Google DeepMind News
Google DeepMind News
H
Heimdal Security Blog
S
Schneier on Security
NISL@THU
NISL@THU
The Hacker News
The Hacker News
Attack and Defense Labs
Attack and Defense Labs
A
Arctic Wolf
V2EX - 技术
V2EX - 技术
Security Latest
Security Latest
AWS News Blog
AWS News Blog
Scott Helme
Scott Helme
W
WeLiveSecurity
S
Secure Thoughts
Y
Y Combinator Blog
GbyAI
GbyAI
H
Hackread – Cybersecurity News, Data Breaches, AI and More
博客园 - Franky
量子位
人人都是产品经理
人人都是产品经理
雷峰网
雷峰网
K
Kaspersky official blog
P
Privacy & Cybersecurity Law Blog
T
Tenable Blog
The GitHub Blog
The GitHub Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
J
Java Code Geeks
Vercel News
Vercel News
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
小众软件
小众软件
Engineering at Meta
Engineering at Meta
宝玉的分享
宝玉的分享
C
CERT Recently Published Vulnerability Notes
Security Archives - TechRepublic
Security Archives - TechRepublic
C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Palo Alto Networks Blog

The Register

Shadow IT has given way to shadow AI. Enter AI-BOMs Zed team releases version 1.0 of Rust-built editor: Traditional editor and AI tool Microsoft boss tells investors the company is working to 'win back fans' What type of 'C2 on a sleep cycle' do they leave behind? Novel Chinese spy group found in critical networks in Poland, Asia NASA boss: Make Pluto A Planet Again GitHub says sorry and vows to do better as uptime slips and devs complain Age checks could turn internet into an ID checkpoint, complains Proton CEO Microsoft gives your Word documents an AI co-author you didn’t ask for Datadog digs down into GPU efficiency as AI costs soar If malware via monitor cables is a matter of national security, this might be the gadget for you Thunderbird in hand worth 2 Outlooks as fresh FOSS fave and Firefox arrive Grafana offers AI assistant for free, warns users not to go mad Right to repair champ Framework punts modular 13in laptop with Core Ultra Series 3 France's 'Secure' ID agency probes breach as crooks claim 19M records Scotland Yard can keep using live facial recognition on Londoners, say judges UK tribunal sends £2B claim accusing Microsoft of overcharging for licensing to trial Nation-states want to cause harm, not just steal cash - stop handing your cyber defenses to the cheapest contractor Murder, she wrote: Ex-FBI chief wants some ransomware crims charged with homicide Phone-to-satellite use goes into orbit, growing 25% in 8 months macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets Anthropic bakes memory fixes into Bun 1.1.13 as developers complain of leaks The spaghettified DBMS chart that shows Oracle's crown is slowly slipping Yet another ex-ransomware negotiator admits turning rogue after payoff from crimelords FAA grounds Blue Origin's New Glenn as it probes missed satellite delivery 'mishap' AMD's Ryzen 9 9950X3D2 Dual Edition tested: Gratuitous overkill with a price to match AI-assisted intruders pwned Vercel via OAuth abuse and a pilfered employee account Crook claims to leak 'video surveillance footage' of companies Met police trials snoop tech platform in push to cuff more London shoplifters England's school phone ban gets teeth, just in time to bite no one Adaptavist Group breach spawns imposter emails as ransomware crew claims mega-haul Panasonic creates device-locked QR codes to speed facial biometric capture Iran claims US used backdoors to knock out networking equipment during war NASA Inspector fears new spacesuits won’t be ready for Moon landing Vibe coding upstart Lovable denies data leak, cites 'intentional behavior,' then throws HackerOne under the bus Trump-branded datacenter project fails to make itself great, again World's blandest man steps down from CEO job to spend more time in tastefully appointed home Chase got a spiff of $77 million to create one job with New York datacenter Scot becomes second Scattered Spider-linked crook to plead guilty in US You too can build a nuclear battery from junk you have lying around the house Schmoozebots: study finds flattery will get AI everywhere One of Europe's sovereign cloud picks may not be so-sovereign after all New Android development tool designed for robots, not humans AI is reshaping Britain's datacenter map away from London HP's remote desktop push retreats as Anyware heads for end of life 'Invisible mouse' made a mess of PC rebuild NASA working on ‘Big Bang’ upgrade to keep the Voyagers alive for longer Indonesia’s game rating system paused amid claims it leaked developer creds and glimpses of major new titles Just like phishing for gullible humans, prompt injecting AIs is here to stay Atlassian’s new data collection policy protects rich customers while AI eats the rest Intel eases reliance on TSMC with 'Merica-made Core Series 3 processors NASA gets the ball rolling on its part in Europe's jinxed Mars rover mission Attention data hoarders: Alexa loses its Plex appeal as voice feature gets canned Locked-out iPhone user tells The Reg that Apple is scrambling to fix character flaw passcode bug Would you like fries with that terminal? Capita won disastrous UK pensions gig after acing performance checks NodeWeaver says its perpetual licensing beats VMware’s perpetual price hikes Maine to pause big bit barns as local opposition spreads If you want into Anthropic's Claude club, you may have to show ID DuckDB uses RDBMS to tackle lakehouse 'small changes' issue Iran has something America can only dream of: cheap broadband Brussels tells Google to hand rivals its search crown jewels as privacy row brews Visual Studio 18.5 lands with AI debugging at a price Git identity spoof fools Claude into giving bad code the nod McGraw Hill linked to 13.5M-record data leak Microsoft announces product it doesn't want anyone to buy Obsolete Google nag drowns out vital bar information at Swedish concert hall Cops hand Motorola £25M to keep 2000-era radios alive Server-room lock was nothing but a crock QUIC will soon be as important as TCP – but it's vastly different Nobody knows how many CVEs Anthropic's Project Glasswing has actually found Allbirds shoe company moving to AI infra is the top 20-year-old Enlightenment E16 bug finally gets patched Bad teacher bots can leave hidden marks on model students Autovista blames ransomware for service disruption Networks not ready for the challenges of AI traffic Windows takes a crash dump after one McDonald's too many French cops free mother and son after crypto kidnapping US states can't account for datacenter tax breaks. Literally Salesforce debuts Headless 360 agentic platform Fission impossible: Uncle Sam wants nuclear power in space UK told its Big Tech habit is now a national security risk UKAEA lays out roadmap to take Britain closer to fusion Waymo's self-driving cars face their toughest test yet: London The only technology that died more times than VR is AI, and that seems to have worked out Boeing soars past Airbus for the first time in years Commvault has a Ctrl+Z for rogue AI agents Nvidia slaps forehead: AI, that's what quantum needs! Oracle taps Bloom for fuel cells to support datacenter binge GitHub recalls Phabricator with preview of Stacked PRs Physicist proposes two-button calculator Amazon pays $11.5B to satisfy satellite-envy while cowering in Musk's shadow No honor among thieves as 0APT threatens rival ransomware gang Krybit NASA insiders oddly relaxed about latest budget threats Microsoft raises UK Surface prices as RAM crisis reaches the checkout OpenAI CEO Sam Altman home attack suspect charged Microsoft kills off Outlook Lite as memory costs skyrocket UK state bank considers lengthening disastrous IT program Japan going back to the future by reviving its chip industry Windows Update: Torture chamber for seldom-used PCs Japanese rocket came unglued, causing mission fail
Even the Secret Service won
Jessica Lyons · 2026-06-27 · via The Register

Security

Personal cell phones on protective missions, no threat detection on government-issued devices among the litany of sins

It seems like nobody wants to carry a work phone and that includes even those charged with protecting the US president. The US Secret Service’s extremely lax mobile phone security practices - including using unsecured personal devices during mission operations - put America’s leaders’ and agents’ lives at risk, according to a government-issued report.

Secret Service agents routinely used personal cell phones to communicate with law enforcement and each other, including during protective operations in the US and overseas, because their government-issued devices lacked the capabilities they needed to perform their missions, according to a federal review ordered after the 2024 assassination attempt against President Trump in Butler, Pennsylvania.

Even when Secret Service employees did use government-furnished equipment (GFE), these mobile devices didn’t have sufficient security to “ensure real-time, continuous protection from cyberattacks by foreign adversaries or individuals,” according to a report by the Department of Homeland Security inspector general.

The inspector general’s investigation also found vulnerable apps on these GFE mobile devices. 

In addition to being prohibited - Homeland Security policy only allows Secret Service employees to use GFE devices for official business - using personal cell phones is especially bad from a cybersecurity perspective. 

As we have seen time and time again, government employees’ personal devices and private communications provide highly attractive targets for foreign spies or even homegrown criminals plotting attacks against elected leaders. 

Secret Service agents’ phones can also reveal mission-related details, geolocation - and, by proxy, the US president, vice president, and visiting heads of state’s geolocations - as well as photos, contacts, and other personal information such as family members and home addresses. 

Since these personal devices are not managed or secured by the US government, it's much easier for attackers to plant surveillanceware and other malware on them.

“If a personal device is jailbroken, infected with malicious code, or not up to date on security software, an adversary could intercept device communication,” according to the report. “Outdated and vulnerable apps could enable malicious actors to conduct surveillance, track locations, or record employees’ communications. Connecting to unsecured networks may also allow cybercriminals to access data or install malware.”

The inspector general reviewed call and text logs from Secret Service GFE mobile device records from October 2022 through May 2025, and found more than 15,000 instances among 4.8 million calls in which employees sent and received calls from colleagues’ personal phones while working protective events. 

Investigators also examined travel vouchers for Secret Service employees who travelled internationally between October 2022 and April 2025. They found 30 employees who claimed reimbursement for using personal phones for official, government business. Most of these (23 of the 24 interviewed) said they needed to use their personal cell phones during nearly every foreign assignment.

Plus, they used personal mobile devices as hotspots to provide internet access for government-issued laptops, or to access websites blocked on GFE phones. 

Even when employees did use government-issued devices on overseas trips, these phones also lacked basic security, the investigation found. For example: the Secret Service did not begin installing mobile threat defense software on any GFE phones until August 2025. Nor did the agency consistently wipe data from GFE devices after employees returned from international missions despite Secret Service policy requiring employees to do this within 24 hours of returning to the US.

Do these 5 things

As a result of its findings, the inspector general made five recommendations to improve mobile device security. These include implementing a formal policy to ensure government-issued devices have all the needed capabilities to ensure mission functions can be conducted securely, and also ensure all employees complete cybersecurity awareness training, as required by the Secret Service.

The report also recommends the Secret Service office of the chief information officer do a better job communicating to employees that the use of personal devices is not allowed for official business, and implement controls to wipe all mobile devices returning from international missions.

Finally, the inspector general also recommends an updated vulnerability testing policy be applied to all mobile app code. 

The Secret Service “concurred” with all five recommendations. 

We reached out to the Secret Service about the report and recommended actions, and a spokesperson declined to comment beyond a letter from Secret Service Director Sean Curran included in the report. 

Curran said, among other things, that in response to the inspector general’s findings, the agency made “several comprehensive enhancements to Secret Service communications policies and protocols to both mitigate the potential for adversaries to intercept and exploit Secret Service information, as well as further strengthen the protective environment.”®