惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Hackread – Cybersecurity News, Data Breaches, AI and More
C
Check Point Blog
Hacker News: Ask HN
Hacker News: Ask HN
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
WordPress大学
WordPress大学
P
Proofpoint News Feed
V
Visual Studio Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
N
Netflix TechBlog - Medium
C
CXSECURITY Database RSS Feed - CXSecurity.com
博客园 - 聂微东
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 叶小钗
Cisco Talos Blog
Cisco Talos Blog
S
Schneier on Security
T
Threat Research - Cisco Blogs
腾讯CDC
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Hacker News
The Hacker News
Google DeepMind News
Google DeepMind News
Microsoft Security Blog
Microsoft Security Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
GbyAI
GbyAI
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
T
Tenable Blog
S
Secure Thoughts
T
Threatpost
V2EX - 技术
V2EX - 技术
大猫的无限游戏
大猫的无限游戏
Martin Fowler
Martin Fowler
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Vercel News
Vercel News
罗磊的独立博客
P
Privacy & Cybersecurity Law Blog
Engineering at Meta
Engineering at Meta
小众软件
小众软件
Google DeepMind News
Google DeepMind News
N
News and Events Feed by Topic
Y
Y Combinator Blog
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Cybersecurity and Infrastructure Security Agency CISA
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
P
Privacy International News Feed
H
Heimdal Security Blog
量子位
B
Blog

Consumer Insights

The ransomware negotiator who was working for the other side After years on the run, alleged Ryuk ransomware operator pleads guilty INTERPOL crackdown shows scammers shifting to social media Meta lets strangers remix your public Instagram photos with AI—here’s how to opt out Invited to a "job interview" with Netflix or OpenAI? Beware! Your Google password could be at risk Two arrested over credit card phishing - as the Netherlands is named Europe's worst for payment fraud India pauses WhatsApp username feature over security concerns Alleged teen ransomware hustler faces US charges after arrest in Finland WhatsApp usernames explained: how to reserve yours and stay safe Scammers race to cash in on Venezuelan earthquake disaster USB drives carrying China-linked malware infected Japanese military networks for nearly a year WhatsApp tests new safety prompt before you chat with strangers Social media is worth celebrating. It's also worth protecting. Polish police dismantle SIM-swap gang accused of crypto theft Operation Endgame deals fresh blow to StealC and Amadey malware networks Hacker hijacks Brazil's national alert system, sending "misanthropy" to millions of phones Cybercrime now rivals traditional crime across parts of Asia Apple's Hide My Email tweak leaves privacy fans fuming Americans lost $3.5 billion to imposter scams last year — and the scams are getting harder to spot Scammers have killed the physical Steam Gift cards Crypto investment scam sends couriers to collect victims' cash, FBI warns Maine forced to take down data breach portal after fake notices filed with authorities Privacy own-goal: World Cup blunder leaks Lionel Messi's passport details Why schools remain one of cybercriminals' favourite targets WhatsApp detects new spyware activity from Israel’s NSO Group despite court order Got a LinkedIn message from a recruiter? It might be Chinese intelligence, warn FBI and MI5 Europol cracks down on illegal streaming globally Hackers didn't hack Instagram; they just asked Meta AI FBI Warns Fans About FIFA Scams Ahead of 2026 World Cup Virtual knife, real lawsuit: Counter-Strike skin dispute ends in court As Deepfakes Spread, YouTube Makes AI Labels Harder to Miss Carnival breach exposes data of nearly 6 million people Police arrest man following hack of Ajax football club MyPillow listed on ransomware gang's leak site, but denies it has been breached FBI warns criminals impersonating IT support to breach law firms FBI warns of Kali365 phishing kit that breaks into Microsoft 365 accounts — no password required Telecom Executives Plead Guilty to Tech Support Fraud 7-Eleven data breach exposes data of 185,000 people ASIC Warns Australians About Crypto Trading Scams Google Search AI Mode brings a major overhaul Deleted Google API keys may remain active for 23 minutes Ukrainian police identify perp in $721k infostealer scheme Steam removes horror game after malware steals player data FBI: Crypto ATM Scams Keep Growing as Americans Lose Millions FBI warns students and staff that ShinyHunters may come knocking after Canvas breach Scam Centers Under Pressure as INTERPOL Makes More Arrests FBI Warns Older Adults Lost Billions to Scammers Burst Statistics WordPress flaw under attack Android 17 Will Let Users Verify Whether Their OS Is Legit Suspected Dream Market kingpin arrested after gold bars sent to his home address BitLocker zero-day exposes Windows drives as PoC goes public Apple Fixes ‘Persistent Notifications’ Flaw on Older iPhones Football Ticket Scams Are Rising Fast, Lloyds Bank Warns When ransomware gets physical: cybercriminals turn to threats of violence iPhone-to-Android Texts Are Now Encrypted (RCS Messaging) UK Water Supplier Fined Nearly £1 Million After Hackers Roamed Networks for Almost 2 Years Instagram Drops Encrypted DMs — What This Means for You New fear: Man films woman with smart glasses, seeks money to take video down ClickFix Campaign Uses Compromised WordPress Sites to Spread Vidar Stealer in Australia Inside Department 4: Russia's secret school for hackers Ubuntu’s new AI dreams attracted a very old-fashioned crypto scam on X Chrome 4GB AI model: What weights.bin does Sri Lanka makes 37 arrests as it raids another scam centre DAEMON Tools Lite breach prompts urgent update after malware-laced installer Brits Lost £102 Million to Romance Scams Last Year The Online Safety Act Is Changing the Internet for Kids World Password Day 2026 How Hackers Stole and Sold Roblox Accounts for $250,000 Before Getting Caught Four Years in Prison for Cybersecurity Pros Turned Ransomware Attackers Teenager alleged to be Scattered Spider hacker arrested in Finland, faces US extradition 276 Arrested in Crypto Scam Crackdown Popular WordPress redirect plugin found with years-old backdoor Iran-linked Handala hackers leak US Marines data, send chilling WhatsApp threats Alleged Silk Typhoon hacker extradited to the United States to face charges FTC: Social Media Scams Cost Americans $2.1 Billion in 2025 French police arrest 21-year-old "HexDex" hacker over 100 alleged data breaches Sony Starts Enforcing PlayStation Age Verification; UK and Ireland Are First Ransomware ‘Negotiator’ Faces 20 Years in Prison for Allegedly Betraying His Employers You’ve Got Mail and It’s Tracking Your Warship Crypto Investment Scam Costs Woman in Hong Kong Nearly $1 Million Operation PowerOFF warns 75,000 DDoS users Singer loses life savings to fake wallet downloaded from the Apple App Store AgingFly malware targets Ukraine government, hospitals 108 malicious Chrome extensions caught stealing Google and Telegram data from 20,000 users Rockstar Games confirms breach after ShinyHunters leaks stolen analytics data FBI: Cybercrime Losses Hit $21 Billion in 2025, Fueled by AI Life imprisonment for Cambodian scam compound operators - but will it make a difference? Fake Claude Code leak on GitHub spreads Vidar malware Apple Expands ‘DarkSword’ Patch to More iPhones and iPads Nigerian romance scammer jailed after being caught out by fellow fraudster Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns Fake CERT-UA emails spread AGEWHEEZE in ukraine Alleged RedLine malware developer extradited to United States The Scam That Tricks You Into Infecting Your Own Mac Iranian hackers breach FBI director's personal email, and post his CV and photos online Don't Ignore This Security Alert Apple Sent to iPhone Lock Screens Meta and YouTube Designed Addictive Platforms, Jury Finds TikTok Business phishing campaign targets advertisers Lapsus$ claims AstraZeneca breach exposes code and credentials How one man used 10,000 bots to steal $8,000,000 from music artists
iOS Flaw Exposed ‘Deleted’ Signal Messages
Filip TRUȚĂ · 2026-04-23 · via Consumer Insights

Apple has rolled out emergency security updates to fix a privacy flaw that allowed “deleted” notification data—including message previews from encrypted apps like Signal—to persist on iPhones and be recovered later.

The issue, now patched in iOS 26.4.2 and older supported versions, drew attention after reports that U.S. investigators were able to extract supposedly deleted Signal messages from a suspect’s device—not by breaking encryption, but by accessing the iPhone’s notification database.

Key takeaways

  • Apple fixed a bug that stored deleted notifications on-device
  • The flaw could expose sensitive message previews from apps like Signal
  • FBI investigators reportedly used this data in a criminal case
  • Encryption wasn’t broken—the data came from system-level notification logs
  • Users should review notification preview settings for better privacy

How the FBI accessed Signal messages

The bug gained popular attention after a 404 Media report revealed that the FBI had recovered Signal messages from an iPhone tied to a criminal investigation:

The FBI was able to forensically extract copies of incoming Signal messages from a defendant’s iPhone, even after the app was deleted, because copies of the content were saved in the device’s push notification database, multiple people present for FBI testimony in a recent trial told 404 Media. The case involved a group of people setting off fireworks and vandalizing property at the ICE Prairieland Detention Facility in Alvarado, Texas in July, and one shooting a police officer in the neck.

The messages were not pulled from Signal itself. Instead, investigators extracted them from the device’s notification database, where message previews had been stored. In fact, the Signal app had been deleted from the device before investigators extracted the message contents.

Because these previews can include some message content, they effectively created a secondary record of conversations—one that persisted even after the messages were deleted or the Signal app was uninstalled.

A bug that kept “deleted” data alive

Apple has released iOS 26.4.2 and iOS 18.7.8 to address the issue.

According to Apple’s security advisory, the flaw meant that notifications “marked for deletion could be unexpectedly retained on the device.”

While these notifications disappear from the user interface, their contents—possibly including message text, login codes, or other sensitive data from any app—could remain stored internally due to a logging issue.

Apple says the issue has now been addressed through improved data redaction, ensuring that deleted notifications are no longer recoverable.

Signal thanks Apple for patching the flaw

“We are very happy that today Apple issued a patch and a security advisory,” the private messaging service said in a post on X. “This comes following @404mediaco reporting that the FBI accessed Signal message notification content via iOS despite the app being deleted.”

The company said “no action is needed for this fix to protect Signal users on iOS.” While it’s true that Signal itself requires no amendment to address this issue, users still have to manually deploy the iOS update that delivers the fix.

“Once you install the patch, all inadvertently-preserved notifications will be deleted and no forthcoming notifications will be preserved for deleted applications,” Signal added. “We’re grateful to Apple for the quick action here, and for understanding and acting on the stakes of this kind of issue. It takes an ecosystem to preserve the fundamental human right to private communication.”

Update your iPhone!

As we regularly warn, even if you’re not a high-risk individual, it’s a good idea to stay up to date with the latest security patches — you never know when you trip a wire and become a target.

As of today, you want to be on iOS 26.4.2 or iOS 18.7.8 (even if you don’t use Signal).

If you haven’t updated your iPhone in a while, now’s a good time to do so.

Besides addressing this nasty flaw, this week’s update packs fixes for security holes exploited in widespread espionage and crypto theft.

For peace of mind, run an independent security solution on all your personal devices. Keep the trusty Lockdown Mode toggle handy if you have reason to believe hackers might target you.

How to protect your Signal communications

To prevent Signal from storing message content, you must focus on on-device storage, as Signal does not store message content on its servers. Because Signal stores messages locally, you need to use disappearing messages and limit storage history, then turn off notification previews. 

Here are the specific methods to prevent Signal from storing message content:

1. Enable Disappearing Messages – removes messages automatically from both ends of a conversation.

  • For new chats: go to Signal Settings > Privacy > Default timer for new chats and set a time.
  • For existing chats: open a chat, tap the contact name/group name, select Disappearing Messages, and set the timer.

2. Configure Local Storage Management – limits how much message history is kept on your phone. 

  • Go to Settings > Data and Storage > Manage storage > Keep messages.
  • Select a duration to automatically delete older messages.
  • Limit conversation length by message count (e.g., 100 messages).

3. Change notification settings – prevents authorities from recovering messages from iPhone notification logs.

  • Go to Signal Settings > Notifications > Show.
  • Select No name or message (or "No name or content").

Remember, Signal messages are encrypted on your device. These steps merely ensure they are not retained (stored) permanently.

You may also want to read:

Apple Patches Older iPhones Against ‘Coruna’ Hacks Used in Espionage and Crypto Theft

Fake WhatsApp Clone Used in Spyware Campaign, Meta Warns

Apple Debuts ‘Background Security Improvements’ with Urgent WebKit Fix for iPhone and Mac – Here’s How to Enable the Feature