惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
T
Threatpost
WordPress大学
WordPress大学
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
PCI Perspectives
PCI Perspectives
T
The Exploit Database - CXSecurity.com
Y
Y Combinator Blog
雷峰网
雷峰网
爱范儿
爱范儿
The Hacker News
The Hacker News
Last Week in AI
Last Week in AI
Simon Willison's Weblog
Simon Willison's Weblog
T
Tor Project blog
S
Securelist
宝玉的分享
宝玉的分享
L
LangChain Blog
O
OpenAI News
AI
AI
P
Privacy International News Feed
L
LINUX DO - 最新话题
D
DataBreaches.Net
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Attack and Defense Labs
Attack and Defense Labs
罗磊的独立博客
M
MIT News - Artificial intelligence
Security Archives - TechRepublic
Security Archives - TechRepublic
月光博客
月光博客
博客园 - 【当耐特】
T
Tailwind CSS Blog
C
Cybersecurity and Infrastructure Security Agency CISA
H
Help Net Security
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园_首页
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Hacker News - Newest:
Hacker News - Newest: "LLM"
腾讯CDC
Jina AI
Jina AI
The Last Watchdog
The Last Watchdog
K
Kaspersky official blog
Webroot Blog
Webroot Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Blog — PlanetScale
Blog — PlanetScale
MyScale Blog
MyScale Blog
MongoDB | Blog
MongoDB | Blog
P
Proofpoint News Feed
Recorded Future
Recorded Future
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 三生石上(FineUI控件)
The Cloudflare Blog

CyberScoop

Security researchers find stalkers abusing Chrome's sync feature SonicWall customers under threat as attackers exploit 2 zero-days Dems press DNI nominee Jay Clayton on election security questions, but leave dismayed Forget the model. When it comes to cybersecurity, it’s all about the harness White House details ‘Gold Eagle’ clearinghouse for AI cyber threats Microsoft discloses ‘the mother of all’ vulnerability loads, tripling June’s previous record Treasury sanctions First VPN Service, others for abetting ransomware gangs States are building their own election defense networks as federal support evaporates Europe strikes out against Russia’s Turla over espionage, ‘destructive attacks’ Officials once again warn defenders that Russian hackers are targeting network devices AI-generated code has made security debt a governance problem Armenian national pleads guilty to Ryuk ransomware attacks CISA looks to remedy ailments from big May credential leak Former DigitalMint ransomware negotiator who duped clients sentenced to 70 months in jail Interpol cybercrime crackdown nets 5,800 arrests across 97 countries 764 splinter group leader sentenced to 40 years in jail French nonprofit starts global intelligence and research hub for AI cyber threats Found fast, fixed slow: The gap the AI clearinghouse must close Spain arrests suspected hacker linked to Russian hacktivist campaign Deepfake CSAM lawsuit against xAI, Grok expands Suspected Chinese espionage group used a Roundcube exploit chain to burrow into universities US Army websites defaced with pro-Kurdish sentiments, insults to Trump Sysdig clocks first documented case of agentic ransomware Finding vulnerabilities was never the hard part Someone infected a spyware probe overseer with spyware Alleged longstanding member of Scattered Spider extradited to US Researchers spot exploitation of another critical Oracle defect U.S. lifting export control restrictions on Anthropic’s Mythos, Fable This phishing kit looks more like BEC-as-a-service Citrix patches a new NetScaler flaw with echoes of CitrixBleed Trump budget boss Russell Vought open to re-staffing CISA DHS to unveil replacement council for critical infrastructure cybersecurity How ransomware syndicates weaponize corporate-style organization Warner bill would create federally vetted list for secure, trustworthy AI agents Supreme Court approves mail-in ballots that arrive after Election Day Supreme Court delivers ‘major win’ for tech privacy in Chatrie ruling What the post-quantum executive order really demands of CISOs FCC passes new cybersecurity rules for emergency systems, undersea cables Federal court rules Trump election-focused executive order illegal Russia uses Cellebrite to break into human rights activist’s phone, even after cancellation of contract Minnesota man known as ‘Snoopy’ sentenced in DraftKings hack Why patch directives only go so far Malicious hackers exploit Cisco zero-day for highest access level at communications service provider In a first, a court takedown goes after two cybercrime tools at once Open-source security is posing challenges governments can't easily solve Justice Department seizes infrastructure used by cyber scam and criminal marketplace Algerian man charged with running two cybercrime marketplaces Court rules SAVE database illegal, orders it dismantled Trump executive orders speed up post-quantum migration, boost industry Intel agencies: Frontier AI models will reshape cybersecurity faster than expected Authorities disrupt Evil Corp’s SocGholish botnet Congress tees up No FAKES Act, aiming at AI-generated deepfakes How software development's speed obsession enabled TeamPCP’s chaos crusade Accenture shells out $4.18B on three companies in big industrial cybersecurity push Attackers hit pair of critical Fortinet vulnerabilities the vendor disclosed in April Lawmakers leary about Trump administration’s Anthropic order AI’s constant patching treadmill can be a security problem A case for how to shape ‘ingredient lists’ for AI models Google exposes China espionage group that’s been lurking in networks undetected since 2023 Cybersecurity experts don’t think Anthropic’s Fable 5 presents a unique threat Anthropic disables new models after government calls them a national security concern FBI takes down massive China-based cybercrime network that caused $1.9B in losses US, France, and Italian authorities shut down massive deepfake porn site Conti ransomware group member pleads guilty, faces up to 20 years in prison ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw CyberCorps is adapting to AI. The budget isn’t keeping up. Russian national charged in connection with Void Blizzard espionage campaign OpenAI: ‘Likely’ Chinese influence operation tried to use ChatGPT to stir debate on data centers CISA directive orders agencies to prioritize vulnerability patching in a new way Microsoft breaks Patch Tuesday record with 206 vulnerabilities Anthropic’s new model is Mythos on a leash CISA is rethinking how it prioritizes risks and vulnerabilities for feds, private sector Cisco customers encounter another SD-WAN zero-day under attack Meta accuses NSO Group of defying spyware injunction, files contempt of court complaint The AI security race needs accountability, not overregulation Nightmare Eclipse incident shows the researcher-vendor fights may never fully go away Hill Dems hammer GOP for $250M CISA budget cut Your AI agent could become your biggest insider threat Inside the race to adapt to an AI-powered security world European authorities crack down on illegal streaming networks DHS Secretary Markwayne Mullin pinpoints optimal CISA staffing levels DOD wants to integrate cyber in all operations, and integrate security into AI Trump administration releases scaled-back AI executive order Anthropic expanding access to Project Glasswing Attackers are exploiting Palo Alto Networks defect that initially flew under the radar Tina Peters, convicted in election-security breach, emerges defiant and vows legal fight USPS moving forward with mail-in ballot changes as courts weigh Trump’s election order Election threats are focused on campaign systems, not voting machines Tennessee man linked to 764 accused of series of crimes against children dating back to 2022 Federal audit reveals NIST’s NVD is plagued by poor planning and duplication House panel poised to hold hearing centered on AI impact on cyber Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket Zapier fixes bug chain that researchers say risked widespread account takeover OpenAI heralds cybersecurity, election interference safeguard plans for 2026 midterms FBI warns US-based law firms to be on the lookout for cybercrime group that steals data in person UK spy chief labels AI ‘unstoppable force’ with offensive, defensive ramifications for cyberspace CrowdStrike disrupts Glassworm botnet that preyed on open-source supply chain Apple open-sources quantum-resistant encryption code White House charts new course for federal agencies and cybersecurity logging Anthropic: Mythos finds more than 10,000 software flaws in first month
ATF cancels controversial commercial geolocation contract
Derek B. Johnson · 2026-06-27 · via CyberScoop

The Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) canceled a contract with Penlink that used ad-surveillance technologies to track the location of Americans.

The contract was canceled a little more than a month after ATF Director Robert Cekada acknowledged under questioning from Rep. Michael Cloud, R-Texas, in a congressional hearing that the agency was purchasing the geolocation data of Americans through a contract for “an ad-tech type thing” that would provide the agency with geolocation data “based on the ads that go through.”

 “We have purchased access to that system but we have not used it for a criminal case because we have not established any policies yet on how we would do it,” Cekada said.

He described that system and data as novel and said ATF was still determining how to craft official guidance for how agents would use it in investigative work.

In an email, an ATF spokesperson confirmed to CyberScoop that the contract had been canceled, describing it as a limited pilot project for capabilities the agency was no longer seeking.

”ATF continually evaluates tools and techniques to enhance our investigations and ultimately reduce violent crime in American communities,” the spokesperson wrote. “We did conduct a pilot with Webloc to determine if it could improve our investigative capabilities. After completing our review, we determined the tool does not meet our needs and cancelled the contract. ATF is not currently using any other ad-tech-sourced services.”

According to Sen. Ron Wyden, D-Ore., he requested and his staff received a briefing from ATF on the matter on June 12. In the meeting, Cekada identified purchasing licenses for Penlink’s Webloc commercial location surveillance tool as the contract in question.

Further he said the ATF had already conducted more than 340 searches using the system, including more than 222 that were directly tied to active ATF case numbers.

On its website, Penlink describes itself as an open-source intelligence analysis platform that provides real time data collection, forensic and web analysis and digital evidence collection. The firm touts its use of “AI-driven analysis” to increase case resolution rates by 80% as well as the ability to “tie disparate data together to one subject, place, or group using comprehensive identity resolution capabilities.”

Wyden, who earlier this year led a group of 70 congressional Democrats calling for an investigation into the purchase of commercial location data by Immigration and Customs Enforcement, said that ATF ultimately did “the right thing” but called for Congress to pass his legislation that would change the practice throughout the federal government.

“After Representative Cloud and my staff informed the ATF about the legal and privacy quagmire surrounding adtech data,  the agency did the right thing,” Wyden said in a statement. “Canceling this contract is a victory for Americans’ constitutional rights, but Americans’ privacy shouldn’t depend on ad hoc congressional interventions. Congress must pass the Government Surveillance Reform Act to close the data broker loophole once and for all.”

Wyden’s office noted that the purchase of ad-tech geolocation data is illegal in some states, and that the Federal Trade Commission has already established that selling sensitive location data to government agencies and contractors falls under deceptive and unfair practices under the FTC Act.

The use of ad-tech to surveil and geolocate targets online is a growing problem. While such tools are commonly used by marketing and advertising agencies to send targeted ads based on geography or region, bad actors can also use use to unmask the identities or locations of individuals, or combine them with other public data in ways that worry privacy advocates. A University of Tennessee student is suing a company based in the Virgin Islands for pulling videos from her social media, turning them into nonconsensual ads for their dating service and then using ad-tech geolocation to serve the ads to men online near her.

Wyden’s office said in one instance, the tool was used to get location data for devices associated with a defense contractor at the same time as a suspected arson incident, but that the ATF later backed off from using it in court after both the prosecutor and judge expressed “serious discomfort with the use of warrantless adtech data.” The ATF ultimately opted to seek a court order for bulk cell phone tower data instead.