The US Border Patrol is spying on millions of American drivers

Eight years later While one researcher warned WhatsApp that it was possible to mass-extract users’ phone numbers from the Meta-owned app, another team of researchers found they could still do it using the exact same technique. The problem stems from WhatsApp’s discovery feature, which allows someone to enter a person’s phone number to see if they’re on the app. By doing this billions of times – which WhatsApp didn’t prevent – researchers at the University of Vienna discovered what they call “the most extensive exposure to phone numbers ever”.

Vaping is a huge problem in US high schools. But is the solution to spying on students in the bathroom? An investigation published by The 74 in collaboration with WIRED found that schools across the country are turning to vapor detectors in an effort to crack down on nicotine and cannabis use on school grounds. Some steam detectors go beyond steam detection by including microphones that are surprisingly accurate and revealing. While few defend addiction and drug use, even non-vapers say the extra oversight and penalties are too much.

Don’t look now, but outdated network equipment that your company hasn’t thought about in years could be coming back to bite you. Tech giant Cisco launched a new initiative this week, warning companies that artificial intelligence tools are making it easier for attackers to find vulnerabilities in outdated and unpatched network infrastructure. Message: upgrade or otherwise.

If you’ve ever attended a conference, you’ve probably worried about getting sick in the pools that are the center of the conference. But one hacker conference in New Zealand, Kawaiicon, invented a new way to keep attendees safe. With CO tracking₂ The organizers of Kawaiicon were able to set up a real-time air quality monitoring system in each conference room, which tells people which rooms are safe and which rooms seem…unpleasant. This project brings a new meaning to antivirus monitoring.

And that’s not all. Each week, we round up security and privacy news that we haven’t covered in depth ourselves. Click on the headlines to read the full stories. And stay safe there

According to a detailed investigation by the Associated Press, the US Border Patrol is running an intelligence-forecasting program that monitors millions of American drivers far beyond the border. A network of hidden license plate readers – often hidden in traffic cones, barrels and roadside equipment – feeds data into an algorithm that flags “suspicious” routes, quick detours, and travel to and from border areas. Local police are then alerted, leading to traffic stops for minor violations such as tint violations, air fresheners, or speeding. The AP reviewed police records that show drivers were questioned, searched and sometimes arrested despite contraband being found.

Internal group chats obtained through public records requests show Border Patrol agents and Texas deputies simultaneously sharing hotel records, rental car status, home addresses and social media details of US citizens while coordinating what officers call “whisper stops” to cover up federal involvement. The AP identified scanner sites more than 120 miles from the Mexican border in the Phoenix area, as well as locations in metropolitan Detroit and near the Michigan-Indiana line that capture traffic bound for Chicago and Gary. The Border Patrol also uses the DEA’s screen reader networks and has at various times accessed systems operated by Rekor, Vigilant Solutions and Flock Safety.

CBP says the program is governed by “strict” policies and constitutional safeguards, but legal experts told the AP that its scale raises new Fourth Amendment concerns. A UC San Francisco law official said the system is a network tracking Americans’ movements, associations and daily routines.

Microsoft claims to have mitigated the largest distributed denial of service (DDoS) attack ever recorded in a cloud environment – a 15.72 terabits per second, 3.64 billion pps barrage launched on October 24 against an Azure endpoint in Australia. Microsoft says the attack “originated from the Aisuru botnet,” a Turbo-Mirai-class IoT network of home routers, cameras, and other compromised consumer devices. More than 500,000 IP addresses are said to have participated, creating a massive DDoS attack with little spoofing. Microsoft says Azure’s global DDoS protection network absorbed the traffic without disrupting service. Microsoft described the attack as “the largest DDoS seen in the cloud,” with an emphasis on a single endpoint. However, Cloudflare also recently reported a 22.2 terabit/s flood, calling it the largest DDoS attack ever seen.

The researchers note that Aisuru has recently carried out multiple attacks exceeding 20 terabits per second and is expanding its capabilities to include credential stuffing, AI-based scraping, and HTTPS floods through residential proxies.

The U.S. Securities and Exchange Commission has dropped its remaining claims against SolarWinds and its CISO, Tim Brown, ending a long-running case related to the company’s 2020 supply chain hack in which Russian SVR agents allegedly compromised SolarWinds’ Orion software, causing widespread intrusions across government and industry. The agency’s lawsuit — filed in 2023 and centered on alleged fraud and internal control deficiencies — was previously dismissed by a federal judge in 2024. SolarWinds cited the full dismissal as proof of its argument that its disclosures and conduct were appropriate, and hopes that the outcome will ease CI’s potential concerns about the case.

Law enforcement records show the FBI accessed messages from a private Signal group used by New York immigration court monitoring activists — a network that coordinates volunteers monitoring public hearings at three federal immigration courts. According to a two-page FBI/NYPD “Joint Situational Intelligence Report” dated Aug. 28, 2025, agents quoted chat messages, called nonviolent court observers “violent extremist anarchist actors” and broadcast the assessment nationwide. The report did not explain how the FBI broke into an encrypted signal group, but claimed that the information came from a “sensitive source with high access.”

The documents, first reported by the Guardian, were originally obtained by the government-transparency group People’s Property. They describe activists discussing how to enter courtrooms, film officers and collect identity information on federal personnel, but provide no evidence to support the FBI’s claim that a member has previously advocated violence. A separate set of records — also obtained by the group — show the agency’s routine monitoring of immigration hearings as a potential threat, even as ICE has stepped up court-ordered arrests and set up what advocates call “deportation traps.” Civil liberties experts told the newspaper that the surveillance mirrors previous FBI campaigns targeting legal dissent and risks chilling protected political activity.