惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
雷峰网
雷峰网
罗磊的独立博客
T
The Blog of Author Tim Ferriss
阮一峰的网络日志
阮一峰的网络日志
量子位
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
云风的 BLOG
云风的 BLOG
人人都是产品经理
人人都是产品经理
GbyAI
GbyAI
Cisco Talos Blog
Cisco Talos Blog
Engineering at Meta
Engineering at Meta
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
A
About on SuperTechFans
D
Darknet – Hacking Tools, Hacker News & Cyber Security
The Cloudflare Blog
Know Your Adversary
Know Your Adversary
T
Threat Research - Cisco Blogs
Spread Privacy
Spread Privacy
D
DataBreaches.Net
T
The Exploit Database - CXSecurity.com
K
Kaspersky official blog
Cyberwarzone
Cyberwarzone
爱范儿
爱范儿
U
Unit 42
Security Latest
Security Latest
M
MIT News - Artificial intelligence
月光博客
月光博客
Scott Helme
Scott Helme
G
Google Developers Blog
有赞技术团队
有赞技术团队
T
Tor Project blog
宝玉的分享
宝玉的分享
Y
Y Combinator Blog
博客园 - Franky
H
Hackread – Cybersecurity News, Data Breaches, AI and More
aimingoo的专栏
aimingoo的专栏
The GitHub Blog
The GitHub Blog
V
V2EX
B
Blog
Apple Machine Learning Research
Apple Machine Learning Research
S
Securelist
博客园 - 三生石上(FineUI控件)
Blog — PlanetScale
Blog — PlanetScale
TaoSecurity Blog
TaoSecurity Blog
Stack Overflow Blog
Stack Overflow Blog
P
Proofpoint News Feed
腾讯CDC
D
Docker
Google Online Security Blog
Google Online Security Blog

The Register - Special Features

Troops’ phones gave away location data to foreign adversaries Qualcomm picks bad time to pitch a $300 laptop platform AI agents get their own phone directory built atop DNS Carnival confirms ShinyHunters cruised off with 6M customer records after April breach Google engineer accused of turning Year in Search secrets into Polymarket payday Are we human? India's cyber agency sets clock at 12 hours to tackle exploited bugs as AI turns up the heat Broadcom gets early start on WiFi 8 with next-gen wireless routing kit Are we human? Microsoft Excel champ proves he still has the formula Anthropic co-founder hallucinates ghost in the machine Anthropic co-founder hallucinates ghost in the machine NASA plans Moon Base buildout with rovers, drones, cargo landers MyPillow must decide whether to be firm or soft as ransomware crims demand pay Starship shows it can deploy satellites, but Moon mission clock still ticks Huawei's chip law looks less like Moore and more like marketing Experts pour cold borscht on Farage's Russian hack claim Logitech unveils a cushioned mouse for all-day use AI eyes scanning for bugs create a worrisome Linux security trend A Russian speaker and jailbroken Gemini went on a hacking spree and emptied at least one MAGA victim's crypto wallets AI datacenter boom collides with US grid reality Media giant settles for $930k amid user-snooping allegations AT&T sues to ditch Cali copper phone lines to save billions FBI warns of Kali365 as device code phishing soars Techie claims Trump Mobile website was leaking thousands of people's data BOFH: Vibe-coded solutions arrive for problems nobody has Dems slam Trump for making cybersecurity hold out the tin cup while splurging on ballroom and Jan. 6 'slush fund' Google explains how it will infuse ads into AI answers AI is getting pricey, but relief is coming, but not for you Deus ex machina: Half of US Christians trust AI's spiritual advice Attackers spill plaintext passwords of 46k Myspace93 users after 2021 breach Apple adds AI smarts to Voice Control, VoiceOver and Magnifier ahead of Accessibility Day Microsoft open-sources agentic AI safety tools OpenAI wants upfront cash for guaranteed AI capacity Fedora: Microsoft is all aboard, but Deepin is dumped Bye-bye, Gemini CLI; Google nudges devs toward Antigravity Plex appeal fades as Lifetime Pass jumps to $750 AI sackings reach New Zealand, which will use it to eject 14 percent of government staff Anthropic’s Stainless steal tightens grip on AI dev tooling Are we human? Google touts tokenmaxxing, huge capex, and AI agents at I/O America's top cyber-defense agency left a GitHub repo open with with passwords, keys, tokens – and incredibly obvious filenames America's top cyber-defense agency left a GitHub repo open with passwords, keys, tokens – and incredibly obvious filenames Shadow AI invades the workplace, up 4x in the last year Microsoft refreshes Surface for Business lineup, starts AI PC upsell at $1,499 Broadcom finds a VMware customer willing to stick around: London Stock Exchange 468k records allegedly stolen from Portugal’s postal carrier Baidu says the quiet part out loud – you can’t build AI infrastructure, so clouds can cash in Shai-Hulud copycat worm infects yet another npm package Uncle Sam's next big super might not use GPUs Are we human? Datacenters slurping up so much juice they boosted prices 75% in largest US energy market MPs want social media treated more like unsafe toys than harmless apps Cerebras’ wafer-scale AI bet delivers blockbuster IPO Nobody believes the 'criminals and scumbags' who hacked Canvas really deleted stolen student data Anthropic tosses agents into the API billing pool Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year Jen Easterly, cybersecurity's 'relentless optimist' Smooth criminals talking their way into cloud environments, Google says Voice phishing skyrockets as smooth crims talk their way in RSAC 2026: Uncle Sam backs out, AI agents everywhere RSAC 2026: Uncle Sam backs out, AI agents everywhere Decoding Nvidia's Groq-powered LPX and the rest of its new rack systems A closer look at Nvidia's Groq-powered LPX rack systems Nvidia slaps $20B Groq tech into massive new LPX racks to speed AI response time Nvidia slaps Groq into new LPX racks for faster AI response AI Burning Man happens next week – what to expect at Nvidia GTC 2026 Nvidia GTC 2026: What to expect at AI Burning Man Unaccounted-for AI agents are being handed wide access Unaccounted-for AI agents are being handed wide access Google to foist Gemini pane on Chrome users Google to foist Gemini pane on Chrome users Yes, you can build an AI agent – here's how, using LangFlow How to build an AI agent using LangFlow Clawdbot becomes Moltbot, but can’t shed security concerns Clawdbot becomes Moltbot, but can’t shed security concerns Gartner questions if Salesforce AI will stay all-you-can-eat Gartner questions if Salesforce AI will stay all-you-can-eat Claude supports MCP Apps, presents UI within chat window Claude supports MCP Apps, presents UI within chat window Cursor is better at marketing than coding Cursor is better at marketing than coding Feds skipping infosec industry's biggest conference, RSAC AI is rewriting how power flows through the datacenter All aglow about DCs, investors launch $300M at microreactor startup Radiant bags $300M-plus to commercialize its microreactors Why do bit barns keep bumping up our bills, Senators ask DC operators Senate trio questions DC operators over rising energy costs Building the AI factory datacenter Delays? What delays? Oracle insists its $300B cloud contract with OpenAI is on track Oracle insists its $300B contract with OpenAI is on schedule Salesforce willing to lose money on AI to lock in customers Salesforce willing to lose money on AI to lock in customers Galactic Brain space datacenter coming in 2027, pledges startup Aetherflux Galactic Brain space datacenter promised in 2027 Activist groups urge Congress to pause datacenter buildouts Activist groups urge Congress to pause datacenter buildouts Bezos-backed Unconventional AI addresses datacenter power Bezos-backed Unconventional AI addresses datacenter power AWS re:Invent keynote: Matt Garman bores, then thrills
Even the Secret Service won
Jessica Lyons · 2026-06-27 · via The Register - Special Features

Security

Personal cell phones on protective missions, no threat detection on government-issued devices among the litany of sins

It seems like nobody wants to carry a work phone and that includes even those charged with protecting the US president. The US Secret Service’s extremely lax mobile phone security practices - including using unsecured personal devices during mission operations - put America’s leaders’ and agents’ lives at risk, according to a government-issued report.

Secret Service agents routinely used personal cell phones to communicate with law enforcement and each other, including during protective operations in the US and overseas, because their government-issued devices lacked the capabilities they needed to perform their missions, according to a federal review ordered after the 2024 assassination attempt against President Trump in Butler, Pennsylvania.

Even when Secret Service employees did use government-furnished equipment (GFE), these mobile devices didn’t have sufficient security to “ensure real-time, continuous protection from cyberattacks by foreign adversaries or individuals,” according to a report by the Department of Homeland Security inspector general.

The inspector general’s investigation also found vulnerable apps on these GFE mobile devices. 

In addition to being prohibited - Homeland Security policy only allows Secret Service employees to use GFE devices for official business - using personal cell phones is especially bad from a cybersecurity perspective. 

As we have seen time and time again, government employees’ personal devices and private communications provide highly attractive targets for foreign spies or even homegrown criminals plotting attacks against elected leaders. 

Secret Service agents’ phones can also reveal mission-related details, geolocation - and, by proxy, the US president, vice president, and visiting heads of state’s geolocations - as well as photos, contacts, and other personal information such as family members and home addresses. 

Since these personal devices are not managed or secured by the US government, it's much easier for attackers to plant surveillanceware and other malware on them.

“If a personal device is jailbroken, infected with malicious code, or not up to date on security software, an adversary could intercept device communication,” according to the report. “Outdated and vulnerable apps could enable malicious actors to conduct surveillance, track locations, or record employees’ communications. Connecting to unsecured networks may also allow cybercriminals to access data or install malware.”

The inspector general reviewed call and text logs from Secret Service GFE mobile device records from October 2022 through May 2025, and found more than 15,000 instances among 4.8 million calls in which employees sent and received calls from colleagues’ personal phones while working protective events. 

Investigators also examined travel vouchers for Secret Service employees who travelled internationally between October 2022 and April 2025. They found 30 employees who claimed reimbursement for using personal phones for official, government business. Most of these (23 of the 24 interviewed) said they needed to use their personal cell phones during nearly every foreign assignment.

Plus, they used personal mobile devices as hotspots to provide internet access for government-issued laptops, or to access websites blocked on GFE phones. 

Even when employees did use government-issued devices on overseas trips, these phones also lacked basic security, the investigation found. For example: the Secret Service did not begin installing mobile threat defense software on any GFE phones until August 2025. Nor did the agency consistently wipe data from GFE devices after employees returned from international missions despite Secret Service policy requiring employees to do this within 24 hours of returning to the US.

Do these 5 things

As a result of its findings, the inspector general made five recommendations to improve mobile device security. These include implementing a formal policy to ensure government-issued devices have all the needed capabilities to ensure mission functions can be conducted securely, and also ensure all employees complete cybersecurity awareness training, as required by the Secret Service.

The report also recommends the Secret Service office of the chief information officer do a better job communicating to employees that the use of personal devices is not allowed for official business, and implement controls to wipe all mobile devices returning from international missions.

Finally, the inspector general also recommends an updated vulnerability testing policy be applied to all mobile app code. 

The Secret Service “concurred” with all five recommendations. 

We reached out to the Secret Service about the report and recommended actions, and a spokesperson declined to comment beyond a letter from Secret Service Director Sean Curran included in the report. 

Curran said, among other things, that in response to the inspector general’s findings, the agency made “several comprehensive enhancements to Secret Service communications policies and protocols to both mitigate the potential for adversaries to intercept and exploit Secret Service information, as well as further strengthen the protective environment.”®