Lily Hay Newman Matt Burgess Andy Greenberg Dell Cameron Security Mar 7, 2026 6:30 AM Security News This Week: CBP Used Online Ad Data to Track Phone Locations Plus: Proton helped the FBI identify a protester, the Leakbase cybercrime forum was busted in an international operation, and more. Photograph: Getty Images Save this story Save this story The United States and Israel launched a war in Iran last week that has already killed more than 1,200 Iranians and spilled out across the Middle East . There are many unknowns about US president Donald Trump’s goals as the conflict enters its second week and the situation seems poised to trigger an energy crisis with reverberations around the world. Iran is in a nationwide internet shutdown with only the country’s regime-built intranet available, plunging Iranians into digital darkness and making it difficult for humanitarian aid workers, journalists, and others to disseminate information both inside and outside the country. As strikes on Tehran began last weekend, an apparently hacked prayer app sent messages saying “surrender” and “help is on the way” to Iranians around the country. Meanwhile, GPS attacks like jamming —not to mention physical threats—are on the rise in the Strait of Hormuz, threatening shipping vessels. Security camera hacking has emerged as part of the playbook of war . And missile-intercept systems across the Middle East are under strain—and in some cases being destroyed in strikes. Trump ousted Department of Homeland Security secretary Kristi Noem this week. Her tenure was marked by aggressive anti-immigration tactics and ICE and CBP’s killing of two US protesters. A highly sophisticated iPhone hacking tool kit that was likely originally built for the US government is in the hands of multiple other nations as well as scammers who have likely used the tools to infect tens of thousands of phones or more. Some US lawmakers are calling for an investigation into the threat of the decades-old side-channel hacking technique. And WIRED went inside how music streaming CEO Elie Habib built the open-source global threat map World Monitor in his spare time. And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there. CBP Used Online Ad Data to Track Phone Locations United States Customs and Border Protection has, for the first time, admitted it purchased phone location data from the sprawling, surveillance-heavy online advertising industry. The agency’s acknowledgement was included in a document, called a Privacy Threshold Analysis, obtained by 404 Media through a Freedom of Information Act request. The document relates to a trial that CBP ran between 2019 and 2021. The publication reports that CBP purchased data linked to real-time bidding processes . When you see ads online or in apps, they have often been shown to you after automated, instantaneous, auctions take place where advertisers bid to show you that specific ad. The murkiest parts of the advertising industry can collect data from your device, including your phone’s identifying details and location data; this is then repackaged and sold to companies and entities. The data has been called a “gold mine” for tracking people’s daily activities. CBP did not respond to 404 Media’s request for comment on whether it is still buying the data; however, ICE has reportedly planned to purchase access to another system, called Webloc, that allows whole neighborhoods to be monitored for mobile phone movements. Encrypted Email Provider Proton Helped FBI Identify Protester The FBI was able to identify a protester in Atlanta after ultimately obtaining information from Swiss encrypted email service Proton Mail, court documents have revealed this week. A court document reviewed by 404 Media shows that payment information linked to a Proton email address was provided to US law enforcement by Swiss authorities after a request was made under an Mutual Legal Assistance Treaty (MLAT), which allows agencies to share data internationally. Swiss officials made a request for the data under Swiss laws to Proton for payment information linked to the email address defendtheatlantaforest@protonmail.com , which was associated with protests in Atlanta. This information was then provided to US law enforcement officials under the international agreements, and they were able to identify an individual linked to the account. The incident reinforces the differences between privacy and anonymity. Encrypted services can’t provide message data which they can’t access but may still provide information they hold about customers in other forms. A spokesperson for Proton Mail said, “We want to first clarify that Proton did not provide any information to the FBI, the information was obtained from the Swiss justice department via MLAT. Proton only provides the limited information that we have when issued with a legally binding order from Swiss authorities, which can only happen after all Swiss legal checks are passed.” FBI Is Responding to “Suspicious” Activity on a Part of Its Network That Handles Wiretaps With a headline that triggered feelings of déjà vu for the cybersecurity community, CNN reported this week that the FBI is investigating a suspected cybersecurity incident involving the portion of its network that handles wiretaps and surveillance warrants. The FBI confirmed that it was responding to that “suspicious activity,” but neither the Bureau nor CNN offered more details, with the news network adding only that the incident had prompted a response from senior officials at the FBI and the Justice Department focused on national security and civil liberties. But any mention of a potential breach of wiretap data calls to mind 2024’s disastrous intrusions by China’s Salt Typhoon hacker group, which broke into practically every US telecom, in some cases by exploiting their systems for enabling wiretaps on behalf of law enforcement. Leakbase Cybercrime Forum Busted in Sweeping Multinational Operation The FBI, Europol, and numerous European law enforcement agencies tore down Leakbase, a subscription cybercrime-focused forum that had grown to 142,000 paying members since its launch in 2021. The bust included 13 arrests, seizures of the dark-web site’s infrastructure from the Netherlands to Malaysia, and interviews with dozens of suspects, according to cybersecurity news site The Record’s interview with Brett Leatherman, the assistant director of the FBI’s cyber division. Leakbase had been a well-known source of stolen data and user credentials. Workers Reviewing Meta Smart Glasses Footage Say They’ve Seen Users in Bathrooms and Having Sex Contractors working for Meta say they’ve routinely reviewed sensitive footage captured by the company’s AI-powered smart glasses, including videos showing users in bathrooms, undressing, or exposing financial information. Workers employed by the data-labeling firm Sama in Nairobi told reporters that the footage is being used to train Meta’s AI systems and that employees who raise concerns may be fired. The glasses record video and audio during the “live AI” feature, which allows users to ask questions about what they’re seeing. Meta’s policies permit the company to retain and review these recordings, but contractors said many users appear unaware that humans—not just autonomous systems—can see the content. The news was first reported by Swedish newspapers Svenska Dagbladet and Goteborgs-Posten, which interviewed more than 30 workers and former employees involved in annotating video and audio for Meta’s AI systems. You Might Also Like In your inbox: WIRED's most ambitious, future-defining stories The authors of ICE’s ‘mega’ detention center plans Big Story: The worst thing that could happen to the ISS College campuses are in upheaval over faculty ties to Epstein Event: Helping small business owners succeed Written by WIRED Staff Topics security roundup cybersecurity security encryption hacking Customs and Border Protection smart glasses Read More Area Man Accidentally Hacks 6,700 Camera-Enabled Robot Vacuums Plus: The top US cyber agency falls into shambles, AI models develop an upsetting penchant for nuclear weapons, and more. Password Managers Share a Hidden Weakness Plus: The cybersecurity community grapples with Epstein files revelations, the US State Department plans an online anti-censorship “portal” for the world, and more. How Journalists Are Reporting From Iran With No Internet After strikes killed senior Iranian officials, Iran cut off internet access. Journalists are relying on satellite links, encrypted apps, and smuggled footage to report from inside the country. Moltbook, the Social Network for AI Agents, Exposed Real Humans’ Data Plus: Apple’s Lockdown mode keeps the FBI out of a reporter’s phone, Elon Musk’s Starlink cuts off Russian forces, and more. Ring Kills Flock Safety Deal After Super Bowl Ad Uproar Plus: Meta plans to add face recognition to its smart glasses, Jared Kushner named as part of whistleblower’s mysterious national security complaint, and more. How Mexico's ‘CJNG’ Drug Cartel Embraced AI, Drones, and Social Media Drug kingpin Nemesio “El Mencho” Oseguera Cervantes may be dead, but the Jalisco cartel he ran for years will likely outlive him—thanks, in part, to the criminal group’s embrace of technology. All the Ways Big Tech Fuels ICE and CBP A WIRED analysis shows that ICE and CBP have collectively spent at least $515 million on products from Microsoft, Amazon, Google, and Palantir in the last few years alone. Hacked Prayer App Sends ‘Surrender’ Messages to Iranians Amid Israeli and US Strikes As Israeli airstrikes hit Tehran this morning, Iranians received mysterious push notifications saying that “help is on the way,” promising amnesty if they surrender. OpenAI Fires an Employee for Prediction Market Insider Trading Prediction markets like Polymarket and Kalshi