US Border Patrol Is Spying on Millions of American Drivers
Eight years later one researcher warned WhatsApp that it was possible to bulk extract the phone numbers of users of the Meta-owned app, another team of researchers found that they could still do just that using a similar technique. The problem stems from WhatsApp’s discovery feature, which allows someone to enter a person’s phone number to see if they are on the app. By doing this billions of times – which WhatsApp didn’t stop – researchers at the University of Vienna discovered what they call “the largest exposure of phone numbers” ever.
Vaping is a major problem in American high schools. But is the solution to spy on students in the toilets? An investigation by The 74, co-published with WIRED, found that schools across the country are turning to vape detectors in an effort to combat nicotine and cannabis use on school grounds. Some vape detectors go far beyond vapor detection by including surprisingly accurate and revealing microphones. Although few defend addiction and drug use, even non-vapers believe the increased surveillance and resulting penalties go too far.
Don’t look now, but that old networking equipment your business hasn’t thought about in years could pop up and bite you. Tech giant Cisco launched a new initiative this week, warning businesses that AI tools are making it increasingly easy for attackers to find vulnerabilities in outdated, unpatched network infrastructure. The message: Upgrade or else.
If you’ve ever attended a conference, you’re probably worried about getting sick in conference center cesspools. But a hacker conference in New Zealand, Kawaiicon, has invented a new way to keep attendees a little more secure. By following the CO2 In each conference room, Kawaiicon organizers were able to create a real-time air quality monitoring system, which would tell people which rooms were safe and which seemed… gross. The project gives new meaning to antivirus monitoring.
And that’s not all. Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.
The U.S. Border Patrol operates a predictive intelligence program that monitors millions of U.S. drivers well beyond the border, according to a detailed Associated Press investigation. A network of secret license plate readers – often hidden inside traffic cones, barrels and road equipment – feeds data into an algorithm that flags “suspicious” routes, fast turnarounds and travel to and from border regions. Local police are then alerted, resulting in traffic stops for minor infractions such as window tint violations, air fresheners, or marginal speeding. AP reviewed police records showing drivers were questioned, searched and sometimes arrested when no contraband was found.
Internal group chats obtained through public records requests show Border Patrol agents and Texas deputies sharing hotel records, rental car statuses, home addresses and social media details of U.S. citizens in real time, while coordinating what agents call “whisper stops” to obscure federal involvement. The AP has identified plate reading sites more than 120 miles from the Mexican border in the Phoenix area, as well as locations in metro Detroit and near the Michigan-Indiana line that capture traffic heading to Chicago and Gary. Border Patrol also operates DEA plate reader networks and has on multiple occasions accessed systems operated by Rekor, Vigilant Solutions and Flock Safety.
CBP says the program is governed by “strict” policies and constitutional safeguards, but legal experts told AP its scale raises new Fourth Amendment concerns. A UC Law San Francisco official said the system amounts to a “net” that tracks Americans’ movements, associations and daily routines.
Microsoft claims to have mitigated the largest distributed denial of service (DDoS) attack ever recorded in a cloud environment: a 15.72 Tbps, 3.64 billion pps barrage launched on October 24 against a single Azure endpoint in Australia. Microsoft says the attack “originated from the Aisuru botnet,” a Turbo-Mirai-class IoT network composed of compromised home routers, cameras, and other consumer devices. More than 500,000 IP addresses are believed to have participated, generating a massive DDoS attack with little identity theft. Microsoft says its global Azure DDoS Protection network absorbed traffic without service interruption. Microsoft described the attack as “the largest DDoS attack ever seen in the cloud”, with a focus on the single endpoint; However, Cloudflare also recently reported a 22.2 Tbps flood, calling it the largest DDoS attack ever seen.
Researchers note that Aisuru has recently launched several attacks exceeding 20 Tbps and is expanding its capabilities to include credential stuffing, AI-driven scraping, and HTTPS flooding via residential proxies.
The U.S. Securities and Exchange Commission has dropped its remaining charges against SolarWinds and its CISO, Tim Brown, ending a long-running case involving the company’s 2020 supply chain hack, in which Russian SVR operatives allegedly compromised SolarWinds’ Orion software and triggered widespread breaches across government and industry. The agency’s lawsuit, filed in 2023 and centered on allegations of fraud and internal control failures, had already been largely dismantled by a federal judge in 2024. SolarWinds called the complete dismissal a vindication of its argument that its disclosures and conduct were appropriate and said it hopes the outcome assuages CISOs’ concerns about the case’s potential chilling effect.
Law enforcement records show the FBI accessed messages from a private Signal group used by New York immigration court monitoring activists — a network that coordinates volunteers who monitor public hearings in three federal immigration courts. According to a two-page “joint situational information report” from the FBI and NYPD dated August 28, 2025, agents cited chat messages, referred to nonviolent court observers as “anarchist violent extremist actors” and broadcast the assessment nationwide. The report doesn’t explain how the FBI penetrated an encrypted Signal group, but it does say the information came from a “sensitive source with excellent access.”
The documents, first reported by the Guardian, were originals obtained by government transparency group Property of the People. They describe activists discussing how to enter courtrooms, film officers and collect identifying information on federal personnel, but provide no evidence to support the FBI’s allegation that a member previously advocated violence. Another set of documents — also obtained by the group — show that the office presented routine observation of public immigration hearings as a potential threat, even as Immigration and Customs Enforcement stepped up arrests at courthouses and set up what advocates call “deportation traps.” Civil liberties experts told the newspaper that the surveillance mirrors past FBI campaigns targeting legal dissent and risks crippling protected political activity.
