Amid horrific threats from United States president Donald Trump as the US and Iran negotiated a ceasefire, the US government warned this week that Iran-linked hackers were carrying out attacks against US energy and water infrastructure targets. With nearly one in five people in Lebanon displaced by Israeli attacks, the government is attempting to manage the crisis without modern digital infrastructure and an emergency system that is barely hanging on. Plus, a WIRED analysis looked at Syrian government account hijacks in March and the inadequacies they expose in Syria’s baseline cybersecurity defenses.
Amid rising fears of political violence, a WIRED investigation found that US political candidates are spending more on security, including purchasing equipment like home alarms and bulletproof vests. And recent research looking at Telegram groups found that men are sharing thousands of nonconsensual images of women and girls, purchasing spyware to use against their wives and friends, and engaging in doxing and sexual abuse. Meanwhile, as governments scramble to address growing industrial scamming originating from Southeast Asia, China has emerged as the biggest enforcer, but also a selective one, resulting in crime syndicates shifting their focus abroad to avoid Chinese targets.
Anthropic formally announced its new Claude Mythos Preview model this week and said that for now it will only make the model available to a select group of a few dozen leading tech and financial organizations, including Apple, Microsoft, Google, and the Linux Foundation. The consortium, dubbed Project Glasswing, will explore Mythos Preview’s advanced hacking and other cybersecurity capabilities and assess the best ways to improve software and hardware defenses before capabilities like the ones in Mythos Preview proliferate more broadly across other models and inevitably end up in the hands of attackers. The announcements sparked controversy about whether Mythos Preview and similar capabilities will truly be as consequential for cybersecurity as Anthropic says. Experts told WIRED that while it may not be a dramatic catastrophe, it is important for defenders to come together and use their early access to make changes in how software is developed and how organizations around the world invest in patching.
Finally, a WIRED investigation found that nonprofit groups linked to Customs and Border Protection facilities were selling challenge coins that celebrated the Trump administration’s immigration raids, including one coin that depicted Charlotte’s Web characters in riot gear.
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
The FBI recently got its hands on copies of encrypted Signal messages being sent to a defendant’s iPhone because the contents of those messages were included in push notifications, 404 Media reports. Even though Signal had been removed from the phone prior to it being seized by the FBI, the notifications still lived on in the phone’s internal memory.
The issue affects all apps that send push notifications, not just Signal, but users of that app can adjust their settings to not show the content of a message or the name of the sender in push notifications. To adjust your settings for notifications going forward, open Signal and go to Settings, then Notifications, and change the option to Name Only or No Name or Content.
Despite the tenuous and contested ceasefire enacted in the US-Israel war with Iran, tens of millions of ordinary Iranians are still without regular and reliable internet connectivity. The regime-imposed internet blackout, which started during the first hours of the war on February 28, is now reaching the 1,000 hour point, according to internet monitoring group NetBlocks. In recent weeks, the internet shutdown has become the longest in Iranian history and one of the longest worldwide—depriving Iranians of accurate news about the war, stopping them contacting family and loved ones, and causing further economic harm to the nation. US-based Iranian digital rights project Filter Watch has detailed how the Iranian regime, while being bombarded during the conflict, has labeled anti-censorship tools as “malicious” and claimed to have arrested individuals using Starlink internet connections to get around the block.
The FBI’s annual internet crime report typically paints a bleak picture: year-on-year, the number of cybercrime reports increases and the amount of money lost by Americans shoots up. Unfortunately, 2025 was no different. Last year, according to the FBI’s annual report, losses reported to the Internet Crime Complaint Center topped $20 billion—an increase of 26 percent compared to 2024. More than half of these reported losses ($11.3 billion) were linked to cryptocurrency scams, often through fraudulent investment schemes, according to the FBI. Business email compromise, tech and customer support scams, personal data breaches, and confidence or romance scams, make up the other most common crime reports. Crimes mentioning AI led to $893 million in losses.
Google this week expanded Gmail’s end-to-end encryption to its Android and iOS apps, allowing enterprise users to compose and read E2EE messages natively on mobile for the first time without separate apps or mail portals required. Encrypted emails appear as standard threads in the Gmail app for recipients using Gmail, while those on other providers can access them via a secure browser view. This rollout builds on the client-side encryption model introduced to Google Workspace web users in April 2025, where messages are encrypted with customer-controlled keys, preventing Google from accessing their contents. The approach is particularly appealing for organizations with strict compliance requirements, including HIPAA, export controls, and data sovereignty regulations.
Access, however, remains limited: The feature is available only to Google Workspace Enterprise Plus customers with the Assured Controls or Assured Controls Plus add-on, and is not supported for personal Gmail accounts. Administrators must also explicitly enable the Android and iOS clients in the admin interface before eligible users can access the feature, which is off by default. End users then toggle encryption per-message by tapping the lock icon and selecting “Additional encryption,” mirroring the web workflow. The rollout is available immediately to both Rapid Release and Scheduled Release domains.
