Your Push Notifications Aren’t Safe From the FBI

Amidst horrible threats As the United States and Iran negotiated a ceasefire, the U.S. government warned this week that hackers linked to Iran were carrying out attacks on U.S. targets in energy and water infrastructure. While nearly one in five people in Lebanon have been displaced by Israeli attacks, the government is trying to manage the crisis without modern digital infrastructure and an emergency system that is barely holding on. Additionally, a WIRED analysis examined the Syrian government account hijackings in March and the inadequacies they exposed in Syria’s basic cybersecurity defenses.

Amid growing fears of political violence, a WIRED investigation found that U.S. political candidates are spending more on security, including purchasing equipment such as home alarms and body armor. And recent research into Telegram groups found that men share thousands of non-consensual images of women and girls, buy spyware to use against their wives and friends, and engage in doxing and sexual abuse. Meanwhile, as governments scramble to combat the growing industrial scam originating from Southeast Asia, China has become the primary law enforcement player, but also a selective player, leading crime syndicates to focus overseas to avoid Chinese targets.

Anthropic officially announced its new Claude Mythos Preview model this week and said that for now it would only make the model available to a select group of a few dozen leading technology and financial organizations, including Apple, Microsoft, Google and the Linux Foundation. The consortium, dubbed Project Glasswing, will explore Mythos Preview’s advanced hacking and cybersecurity capabilities and evaluate the best ways to improve software and hardware defenses before features like those in Mythos Preview proliferate more widely in other models and inevitably end up in the hands of attackers. These announcements have sparked controversy over whether Mythos Preview and similar features will actually be as important to cybersecurity as Anthropic claims. Experts told WIRED that while it’s not a dramatic disaster, it’s important for advocates to come together and use their early access to make changes in how software is developed and how organizations around the world invest in patches.

Finally, a WIRED investigation found that nonprofit groups linked to Customs and Border Protection were selling coins celebrating the Trump administration’s immigration raids, including a coin depicting Charlotte’s website characters in riot gear.

And there’s more. Every week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe out there.

The FBI recently got its hands on copies of encrypted Signal messages sent to a defendant’s iPhone because the contents of those messages were included in push notifications, 404 Media reports. Even though Signal had been deleted from the phone before it was seized by the FBI, the notifications were still present in the phone’s internal memory.

The issue affects all apps that send push notifications, not just Signal, but users of that app can adjust their settings to not show the content of a message or the sender’s name in push notifications. To adjust your settings for upcoming notifications, open Signal and go to SettingsSO Notificationsand change the option to Name only Or No name or content.

Despite the fragile and disputed ceasefire in the U.S.-Israel war against Iran, tens of millions of ordinary Iranians are still without a regular, reliable internet connection. The regime’s internet blackout, which began during the early hours of the war on February 28, has now reached 1,000 hours, according to internet monitoring group NetBlocks. In recent weeks, the internet shutdown has become the longest in Iranian history and one of the longest in the world – depriving Iranians of accurate information about the war, preventing them from contacting family and loved ones, and causing even more economic damage to the nation. The US-based Iranian digital rights project Filter Watch detailed how the Iranian regime, while being bombarded during the conflict, called anti-censorship tools “malicious” and claimed to have arrested individuals using Starlink internet connections to bypass the neighborhood.

The FBI’s annual Internet crime report generally paints a bleak picture: year after year, the number of cybercrime reports increases and the amount of money Americans lose explodes. Unfortunately, 2025 was no different. Last year, according to the FBI’s annual report, losses reported to the Internet Crime Complaint Center exceeded $20 billion, a 26% increase from 2024. More than half of those reported losses ($11.3 billion) were linked to cryptocurrency scams, often through fraudulent investment schemes, according to the FBI. Other common crime reports include business email compromises, technical and customer support scams, personal data breaches, and trust or romance scams. Crimes involving AI resulted in losses of $893 million.

Google this week extended Gmail’s end-to-end encryption to its Android and iOS apps, allowing enterprise users to compose and read E2EE messages natively on mobile for the first time with no separate email apps or portals required. Encrypted emails appear as standard threads in the Gmail app for recipients using Gmail, while those from other providers can access them through a secure browser view. This deployment builds on the client-side encryption model introduced to Google Workspace web users in April 2025, in which messages are encrypted with client-controlled keys, preventing Google from accessing their content. This approach is particularly valuable for organizations subject to strict compliance requirements, including HIPAA, export controls, and data sovereignty regulations.

However, access is still limited: the feature is only available to Google Workspace Enterprise Plus customers with the Assured Controls or Assured Controls Plus add-on, and is not supported for personal Gmail accounts. Administrators must also explicitly enable Android and iOS clients in the admin interface before eligible users can access the feature, which is disabled by default. End users then enable per-message encryption by tapping the lock icon and selecting “Additional encryption,” mirroring the web workflow. Deployment is available immediately for Rapid Release and Scheduled Release domains.