WIRED took a closer look at the highly militarized ICE and CBP units that use extreme tactics typically only seen in active combat. The two agents involved in the shooting deaths of American civilians in Minneapolis are reportedly members of these paramilitary units. And a new report this week from the Public Service Coalition found that data brokers may be fueling violence against public servants, who face greater threats but have few ways to protect their personal information under state privacy laws.
Meanwhile, with the Milano Cortina Olympic Games set to begin this week, Italians and other spectators are excited as a throng of security personnel – including ICE agents and members of Qatari security forces – are descending on the event.
There is so much more. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on titles to read full stories. And stay safe there.
AI has been introduced as a super-powered tool for hackers to exploit or for defenders to find security flaws in code. For now, one thing is confirmed: A.I. makes Many of them have hackable bugs – including a very nasty bug revealed this week in an AI-coded social network for AI agents called Moltbuk.
Researchers at security firm Viz revealed this week that they have found a serious security flaw in Moltbuk, a social network that aims to be a Reddit-like platform for AI agents to interact with each other. Mismanagement of a private key in the site’s JavaScript code exposed the email addresses of thousands of users along with millions of API credentials, allowing anyone access “that would allow impersonation of any user’s full account on the platform”, as Viz wrote, along with access to private communications between AI agents.
This security flaw may be a bit surprising, as Moltbuk was proudly “vibe-coded” by its founder, Matt Schlicht, who has said that he “didn’t write a line of code” himself in creating the site. “I simply had a vision for technical architecture, and AI made it a reality,” he wrote on X.
Although Moltbuk has now fixed the site’s flaw discovered by Viz, its serious vulnerability should serve as a warning about the security of AI-generated platforms. The problem is often not some security flaw inherent in companies’ implementation of AI. Instead, it’s that these companies are much more likely to let AI write their code – and there are a lot of AI-generated bugs, too.
The FBI raid on Washington Post reporter Hannah Knutson’s home and search of her computer and phone amid an investigation into alleged leaks from a federal contractor has offered an important security lesson about how federal agents can access your device if you have biometrics enabled. It also reveals at least one security measure that could keep them off those devices: Apple’s Lockdown Mode for iOS. The feature, designed at least in part to prevent the hacking of iPhones by governments that contract with spyware companies like NSO Group, kept the FBI away from Natson’s phones, according to a court filing first reported by 404 Media. “Because the iPhone was in lockdown mode, CART could not extract that device,” the filing says, using the acronym for the FBI’s Computer Analysis Response Team. This protection is likely a result of the Lockdown Mode security measure that prevents connections to external devices, as well as forensic analysis tools like Graykey or Cellebrite tools used to hack phones, unless the phone is unlocked.
The role of Elon Musk and Starlink in the war in Ukraine has been complex, and they have not always sided with Ukraine in defense against Russian aggression. But Starlink scored a significant victory for Ukraine this week by disabling the Russian military’s use of Starlink, causing a communications blackout between many of its front-line forces. Russian military bloggers described this measure as a serious problem for Russian troops, especially for the use of drones. The move reportedly comes after Ukraine’s defense minister wrote a letter to Starlink’s parent company SpaceX last month. Now it appears he has responded to that request for help. “The enemy not only has problems, but the enemy also has sabotage,” Serhiy Beskrestnov, one of the defense minister’s advisers, wrote on Facebook.
In a coordinated digital operation last year, U.S. Cyber Command used digital weapons to disrupt Iran’s air missile defense systems during a U.S. kinetic attack on Iran’s nuclear program. According to The Record, the disruption “helped prevent Iran from launching surface-to-air missiles at U.S. warplanes.” US agents reportedly used National Security Agency intelligence to discover an advantageous weakness in Iran’s military systems, allowing them to bypass anti-missile defenses without a direct attack and defeat Iran’s military digital defenses.
“U.S. Cyber Command is proud to support Operation Midnight Hammer and is fully equipped to execute the orders of the Commander-in-Chief and the Secretary of War at any time and in any location,” a command spokesperson said in a statement to The Record.
<a href