These 3 cybersecurity threats may not be the most sophisticated, but they're the most effective—and serious—threats for small businesses.

In an online world filled with extraordinarily sophisticated cyberattacks—including organized assaults on software supply chains, state-directed exploitations of undiscovered vulnerabilities, and the novel and malicious use of artificial intelligence (AI)—small businesses are forced to prioritize a different type of cyberattack: The type that gets through.

Without robust IT budgets or fully staffed cybersecurity departments, small businesses often rely on their own small stable of workers (including sole proprietors with effectively zero employees) to stay safe online. That means that what worries these businesses most in cybersecurity is what is most likely to work against them.

Here are the three biggest cybersecurity threats to small businesses right now. They may sound basic or even crude, but they are the biggest threats precisely because they are so effective.

**1\. Phishing**

In phishing scams, cybercriminals trick people and businesses into handing over sensitive information like credit card numbers or login details for vital online accounts.

Cybercriminals do this by sending messages—like emails and texts—disguised as legitimate communications from major businesses (think Slack, Uber, FedEx, and Google). These messages frequently warn recipients about a problem with their accounts, like a password that needs to be updated, a policy change that requires a login, or a delayed package that has to be approved.

But when victims follow the links within these malicious messages, they are brought to a website that, while appearing genuine, is completely controlled by cybercriminals. Lured in by similar color schemes, company logos, and familiar layouts, victims “log in” to their account by entering their username and password. In reality, those usernames and passwords are delivered directly to cybercriminals on the other side of the website.

In phishing attacks, there never is a genuine problem with a user’s account, and there never is a real request for information from the company. Instead, the entire back-and-forth is a charade.

As devastating as this is, the more complex threat of phishing lies in its adaptability. Whereas early phishing scams arrived almost entirely through emails, modern phishing scams can reach victims through malicious websites, text messages, social media, and even mobile app downloads.

In 2024, Malwarebytes found more than 22,800 phishing apps on Android, according to the recent 2025 State of Malware report. Disguised as apps such as TikTok, Spotify, and WhatsApp, these Android apps can trick victims into handing over their associated usernames and passwords when asking them to login.

Understandably, some small business owners might discount the threat of losing their login credentials to consumer tools like Spotify and TikTok. But here, the threat of phishing is compounded by another enormous problem in cybersecurity, which is that too many individuals and businesses reuse passwords across multiple accounts. That means that email login credentials that were successfully stolen in a phishing scam could also provide access to a small business’s financial accounts, payroll services, and even tax info.

Further, if a hacker were to use their wrongful access to steal customer data, then a small business might also have to front the cost for sending out data breach notifications, per their state’s regulations.

**How to protect your business:**

*   Use unique, strong passwords for each online account and store and create these passwords using a password manager
*   Enable “multifactor authentication” on all important business accounts so that hackers who steal passwords cannot access accounts with only usernames and passwords
*   Do not click on links from unknown senders
*   If you’re asked for login information through an email or online message, do _not_ input your login info in the email or through whatever link you’re directed towards. Instead, navigate to the site directly.

Social media is not just a vital tool for promoting many small businesses, it can often be the entire business itself.

YouTube video creators, Twitch streamers, and lifestyle influencers on TikTok and Instagram are effectively small business owners. They make a product and they earn revenue just like many online businesses—through ads and sponsored partnership deals.

If any of these social media business owners lost their login credentials through a phishing scam or data breach, they could potentially lose access to their entire operation.

In 2023, famous YouTube tech personality Linus Sebastian suffered a hack of three different YouTube channels associated with his company, Linus Media Group. The hackers hijacked the channels to spread cryptocurrency scams, while deleting some of the group’s old videos in the process. The attack was largely reminiscent of a 2022 YouTube account hack that repurposed a 2018 interview with Apple CEO Tim Cook to fool viewers into following a separate cryptocurrency scam.

Both incidents reveal the real threat to small businesses everywhere.

Social media account hacks are not only a risk to content creators—they’re a risk to any business with a legitimate online audience. Once scammers have control of any business’s social media account, they can send fraudulent messages to people on the business’s behalf and promote online scams that could tarnish the business’s reputation for years to come. Hackers could even swipe sensitive information before access is restored.

While social media hacks are often the byproduct of successful phishing attacks, cybercriminals can also gain wrongful access to a social media account through separate data breaches.

Hackers frequently buy usernames and passwords on the dark web from prior data breaches. They then use those login credentials on a variety of online accounts that belong to the same owner—entering the username and password for, say, a breached LinkedIn account into the username and password fields for QuickBooks, Shopify, and Hubspot. When people and businesses reuse passwords across accounts, hackers find an easy way in.

**How to protect your business:**

*   Use unique, strong passwords for each account and store and create these passwords using a password manager
*   Enable “multifactor authentication” on all important business accounts so that hackers who steal passwords cannot access accounts with only usernames and passwords
*   Avoid phishing attacks by refusing to click on links from unknown senders
*   Do not download any attachments from unknown senders or from unexpected emails. These attachments could contain malware that steals passwords, data, and multifactor authentication codes.

**3\. Ransomware**

Ransomware is more than a cyberthreat—it is an existential one, threatening to lock down computer systems, remove vital data, and waste potentially hundreds of thousands of dollars in recovery.

But because most ransomware news coverage focuses on major, multibillion dollar corporations that get hit with disruptive attacks, many boutique businesses might assume that ransomware gangs would never bother with a small outfit like theirs.

In reality, ransomware gangs do not care about the size, budget, or resources of their victims, because ransomware itself has become increasingly easy to scale and deploy.

Modern gangs operate on a “Ransomware-as-a-Service” model, where ransomware developers lease out their malicious software to “affiliates” who, if successful in launching an attack, return a small portion of their ill-gotten gains back to the ransomware developers at the top. LockBit, which was once the most active ransomware gang in history, had at least 194 affiliates doing its dirty work.

While LockBit most frequently attacked large conglomerates and governments, another Ransomware-as-a-Service group called Phobos was more than happy to prey on smaller organizations.

In 2024, when the US Department of Justice charged a Russian national named Evgenii Ptitsyn for his alleged involvement into running Phobos, its indictment revealed that one of the ransomware gang’s affiliates allegedly extorted a Maryland-based healthcare provider out of just $2,300. Other victims cited in the indictment included a marketing and data analytics firm in Arizona, a Connecticut public school system, and an automotive company out of Ohio.

According to data analyzed by Malwarebytes’ business unit ThreatDown, these smaller victims were the bread and butter of Phobos. Unlike other ransomware gangs that demanded up to $1 million or more from each victim in 2023, Phobos operators demanded an average of $1,719 from victims, with a median demand of just $300.

**How to protect your business:**

*   **Block common forms of entry.** Patch known vulnerabilities in internet-facing software and disable or harden the login credentials for remote work tools like RDP ports and VPNs.
*   **Prevent intrusions and stop malicious encryption.** Stop threats early before they can infiltrate or infect your endpoints. Use always-on cybersecurity software that can prevent exploits and malware used to deliver ransomware.
*   **Create offsite, offline backups.** Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
*   **Don’t get attacked twice.** Once you’ve isolated an outbreak and stopped a first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

 The 3 biggest cybersecurity threats to small businesses 

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google's security team this week.

Cybercriminals are having less success targeting end-user technology with zero-day attacks, said Google’s security team this week. While most attacks do still target personal technology like smartphones and browsers, the focus is moving increasingly to enterprise tech.

Zero-day vulnerabilities are those that are exploited before vendors have a chance to patch them – and often before they even know about them. Attackers using these flaws to compromise systems are still primarily espionage groups, says the Google Threat Intelligence Group in its annual analysis of zero-day exploits.

Government-backed groups and customers of commercial surveillance vendors (that’s sanitized corporate-speak for spyware) were responsible for over half the attacks that the researchers were able to attribute. Spyware continues to be a much bigger factor in zero-day exploits today than it was before 2023.

The Chinese government exploited five zero-day flaws that Google knows of, while for the first time North Korea equaled that number. Spyware customers used eight zero-day exploits.

But state and private espionage-focused attackers aren’t the only ones using zero-days. Google also sees crime groups using them to come after your data. However, as it points out, some of these groups involved in cybercrime also maintain strong links to the Russian government.

While the number of zero-day exploits that Google identified dipped to 75 from last year’s 98, the trend is still moving slowly upward, the company says. In 2022, it found 63 zero-day exploits, and the year before that it was 95, but 2019 and 2020 both showed just 31 zero-day exploits each.

Vendors are also doing better at protecting at least some of their products, found the research. Google said attackers are having less success targeting browsers and mobile operating systems. Attackers traditionally use these technologies to get at consumer users.

Perhaps that increased protection is one reason behind another key fact: The proportion of zero-day exploits targeting end-user technologies was lower this year at 56% than those targeting enterprise tech. That’s a consistently falling number; 90.32% of zero-day exploits targeted end-user tech in 2019, followed by 70.97%, 74.74%, 63.49%, and 63.27% respectively through 2023.

In particular, exploitation of browsers and mobile devices was far lower this year than last. Browsers saw a third fewer zero-day exploits than last year, with most targeting Chrome due to its popularity, while mobile device zero-day attacks halved.

This doesn’t mean attackers won’t continue trying their best to infiltrate end-user products. “Phones and browsers will almost certainly remain popular targets, although enterprise software and appliances will likely see a continued rise in zero-day exploitation,” Google said.

When spyware attackers do target mobile devices, they will chain together multiple vulnerabilities in complex attacks on mobile devices to get around mobile vendors’ security practices.

As Google points out, it’s difficult to separate attacks against enterprise and end-user technology because enterprises often use these technologies too. Nevertheless, it has seen a 9% rise in zero-day attacks using purely enterprise tech, namely security and network products. They comprised 60% of all zero-day attacks on enterprise technologies, the company said.

What does all this mean for you? Just keep on doing what you already should be, applying basic cyber hygiene when using your devices. Admittedly, keeping your system up to date won’t help against a zero-day, but patching quickly could stop attacks reaching you if vendors see them and issue updates in time. In addition, some technologies use heuristics to try and stop software they haven’t seen before which look suspicious. And of course, avoiding opening links and files that you’re not sure about can stop zero-day exploits hitting your device in the first place.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Zero-day attacks on browsers and smartphones drop, says Google 

For years, North Korea has been secretly placing young IT workers inside Western companies. With AI, their schemes are now more devious—and effective—than ever.

North Korea Stole Your Job

Google enhances cybersecurity with Agentic AI, launching Unified Security to fight zero-day exploits, enterprise threats, and credential-based attacks.…

Google enhances cybersecurity with Agentic AI, launching Unified Security to fight zero-day exploits, enterprise threats, and credential-based attacks.

Google’s Threat Intelligence Group (GTIG) has released its findings for 2024, revealing a slight decrease in the exploitation of zero-day vulnerabilities compared to the previous year, with 75 instances tracked. However, GTIG emphasizes that this decrease is likely a temporary fluctuation within an overall upward trend of zero-day exploitation.

The M-Trends 2025 report, based on extensive incident investigations in 2024, highlights that while exploits remain the most common initial access point for attackers, the use of stolen credentials is on the rise, with the financial sector being the primary target. The report further details that the most common initial infection vector in observed attacks was via exploits (33%), followed by stolen credentials (16%), and email phishing (14%). Here’s a detailed breakdown:

(Source: Google)

Notably, there was a continued rise in attacks targeting enterprise-specific technologies, accounting for 44% of all zero-days exploited, primarily focusing on security and networking products. Cyber espionage actors, including government-backed groups and commercial surveillance vendors, remained the leading culprits behind attributed zero-day exploits, making up over half of the total. For the first time, North Korean actors were credited with exploiting the same number of zero-days as groups linked to China.

Simultaneously, Google Cloud Security is focusing on empowering security teams against such threats, especially with the integration of Artificial Intelligence. To combat these threats, Google has launched Google Unified Security, a platform that converges threat intelligence from Mandiant with security operations, cloud security, and secure enterprise browsing, all enhanced by Gemini AI, and aimed at enabling proactive security measures.

Source (Google)

Specifically, Google Security Operations now offers “Curated Detections” and “Applied Threat Intelligence Rule Packs” based on M-Trends 2025 findings to help detect malicious activities like infostealer malware and cloud compromise.

Google is also focusing on the development of “agentic AI” in security operations, utilizing intelligent AI agents to automate routine tasks like alert triage, investigation, response, threat research, and detection engineering. These agents are designed to learn and act autonomously, allowing security teams to focus on more complex threats. Google has introduced AI-powered features like an alert triage agent and a malware analysis agent, with plans for further development in their “SecOps Labs.”

Furthermore, the tech giant is aiming for an “agentic SOC” where AI enhances and automates security workflows. The tech giant is also promoting open standards like the Agent2Agent protocol and open-sourcing their Model Context Protocol (MCP) servers for interoperability between different security tools and vendors.

Casey Charrier, Senior Analyst at Google Threat Intelligence Group, told Hackread.com that while zero-day exploitation is growing steadily, efforts by major vendors are reducing attacks on historically targeted products. However, threat actors are now shifting focus to enterprise tools, highlighting the need for broader vendor action.

Google Introduces Agentic AI to Combat Cybersecurity Threats

China-linked hackers targeted Uyghur activists using a Trojanized UyghurEditPP app in a spear-phishing campaign, Citizen Lab researchers reveal.…

China-linked hackers targeted Uyghur activists using a Trojanized UyghurEditPP app in a spear-phishing campaign, Citizen Lab researchers reveal.

Citizen Lab reveals a targeted spear phishing campaign aimed at Uyghur activists, deploying surveillance malware disguised as a legitimate Uyghur language tool. Learn about the attack methods and suspected Chinese government involvement.

In March 2025, several leading figures within the World Uyghur Congress (WUC), an international organization based in Munich that advocates for the rights of the Uyghur people, became the targets of a carefully orchestrated cyber espionage attempt.

Researchers at the University of Toronto’s Citizen Lab report that these individuals received warnings from Google, indicating that their online accounts were under attack, allegedly, by state-sponsored actors. 

Google Alerts Sent to WUC (Source: The Citizen Lab)

The method used in this campaign was spear phishing, which is a targeted form of attack where emails are crafted to appear legitimate and trustworthy to specific individuals. In this case, the malicious emails impersonated a known contact from a partner organization of the WUC.

Phishing Email (Source: The Citizen Lab)

These emails contained links to Google Drive, which, if clicked, would lead to the download of a password-protected archive file. This archive held a compromised version of UyghurEditPP, a genuine open-source word processing and spell-check tool specifically designed for the Uyghur language.

The recipients had no idea that this seemingly harmless application was Trojanized, meaning it contained a hidden backdoor. Once the infected UyghurEditPP was executed on a victim’s computer, this backdoor would silently gather system information, including the machine name, username, IP address, operating system version, and a unique hash derived from the hardware. This data was then transmitted to a remote command-and-control (C2) server.

The server’s operators could then send instructions back to the infected device, enabling them to perform various malicious actions such as downloading files from the target, uploading additional malicious files (including further malware), and executing commands through uploaded plugins. 

The Citizen Lab’s analysis of the campaign’s infrastructure reveals two distinct command-and-control clusters. The first, likely active between June 2024 and February 2025, used domain names mimicking the UyghurEditPP tool’s developer (gheyretcom, gheyretnet, and uheyretcom).

The second, targeting the WUC between December 2024 and March 2025, used subdomains registered through Dynu Services, incorporating Uyghur words but not directly referencing the tool or its developer.

Both clusters shared the same Microsoft certificate and used IP addresses belonging to Choopa LLC, a hosting provider used by various cyber threat actors. This dual infrastructure either indicates attackers’ shifting tactics or targeting of different segments within the Uyghur community.

Furthermore, researchers highlighted the high level of social engineering in the delivery method of the surveillance malware, which itself was not as technologically advanced. The attackers demonstrated a deep understanding of the Uyghur community, leveraging the trust of the original developer of UyghurEditPP, known to members of the WUC.

This suggests a highly customized and targeted operation, possibly beginning in May 2024. The campaign likely involved (PDF) ties to the Chinese government, aligning with their known efforts to conduct transnational repression against the Uyghur community.

China Hackers Used Trojanized UyghurEditPP App to Target Uyghur Activists

Frankfurt am Main, Germany, 30th April 2025, CyberNewsWire

**Frankfurt am Main, Germany, April 30th, 2025, CyberNewsWire**

**Link11 has fully integrated DOSarrest and Reblaze to become one of Europe’s leading providers of network security, web application security, and application performance**

Link11, DOSarrest, and Reblaze have combined their strengths into a single, integrated platform with a new brand identity. The result: a consistent user experience, maximum efficiency, and seamless security. As a European provider, Link11 addresses the current business risks associated with geopolitical uncertainties and growing compliance requirements. At the same time, the company secures business-critical processes worldwide through the synergies created.

With the acquisitions of DOSarrest in 2021 and Reblaze Technologies in 2024, Link11 has expanded its market position. The new Link11 WAAP (Web Application and API Protection) SaaS platform combines comprehensive DDoS protection against web attacks with ML-based adaptive security and API protection. The result is an unmatched combination of adaptive real-time traffic filtering, AI-powered bot detection, and a next-gen web application firewall for secure and encrypted interactions in a single suite.

At the end of 2023, Link11 secured an investment of €26.5 million from Pride Capital Partners. This financing will support the company’s planned product developments and international go-to-market strategy.

**Maximum security through proprietary, sovereign cloud infrastructure and artificial intelligence**

Link11 is setting new standards in protection against DDoS attacks by using its own AI-based technology. The patented DDoS filter secures all traffic within the Link11 cloud – faster and more efficiently than conventional solutions. The advantages over competitors lie in users’ full control over scaling and intelligent real-time analysis of traffic, as well as continuous learning from attacks.

While other providers rely on third-party infrastructures such as AWS or Google, Link11 controls its own cloud infrastructure. This allows protection mechanisms to work in real time – without delays that can have critical consequences in a DDoS attack. As one of Europe’s leading IT security providers, Link11 enables platform-independent protection, even in multi-cloud environments.

**Technological independence as a security factor**

The solution is designed for workloads in any cloud environment. Link11’s network was developed specifically for modern cybersecurity requirements and sovereignty. It strengthens security at the network edge, accelerates global content delivery, and provides resilience and data sovereignty.

> Jens-Philipp Jung, founder and CEO of Link11: “Cybersecurity today means resilience against threats and outages. European companies that set global standards in data protection should also insist on independence when it comes to their cyber resilience. Especially in times of geopolitical uncertainty, sovereign, powerful and trustworthy IT solutions are needed. With Link11, we are demonstrating what European cutting-edge technology can achieve: maximum resilience, top performance and uncompromising compliance – independently and confidently”.

**European companies should rely on an EU-based DDoS protection provider**

Recent surveys of cybersecurity managers show that, given the option, independent and trustworthy security solutions from Europe will be used more in the future. Link11 has been successfully providing its services to companies such as financial institutions, media companies, retail and logistics companies, and the public sector for many years. With a strong brand and a multi-layered security approach, Link11 helps its customers reduce their dependence on cybersecurity. The goal is to make security architectures more resilient – technologically, functionally, and geopolitically. 

YouTube link: Link11 – Always at your side

**About Link11**

Link11 is a specialized European IT security provider that protects global infrastructures and web applications from cyberattacks. Its cloud-based IT security solutions help companies worldwide strengthen the cyber resilience of their networks and critical applications and avoid business interruptions. Link11 is a BSI-qualified provider of DDoS protection for critical infrastructure. With ISO 27001 certification, it meets the highest standards in data security.  

**Contact**

**Lisa Froehlich**  
**Link11 GmbH**  
**\[email protected\]**

Link11 brings three brands together on one platform with new branding

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023. 
Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances.
"Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for

Google Reports 75 Zero-Days Exploited in 2024 — 44% Targeted Enterprise Security Products

Records reviewed by WIRED show law enforcement agencies are eager to take advantage of the data trails generated by a flood of new internet-connected vehicle features.

Automakers are increasingly pushing consumers to accept monthly and annual fees to unlock preinstalled safety and performance features, from hands-free driving systems and heated seats to cameras that can automatically record accident situations. But the additional levels of internet connectivity this subscription model requires can increase drivers’ exposure to government surveillance and the likelihood of being caught up in police investigations.

A cache of more than two dozen police records recently reviewed by WIRED show US law enforcement agencies regularly trained on how to take advantage of “connected cars,” with subscription-based features drastically increasing the amount of data that can be accessed during investigations. The records make clear that law enforcement’s knowledge of the surveillance far exceeds that of the public and reveal how corporate policies and technologies—not the law—determine driver privacy.

“Each manufacturer has their whole protocol on how the operating system in the vehicle utilizes telematics, mobile Wi-Fi, et cetera,” one law enforcement officer noted in a presentation prepared by the California State Highway Patrol (CHP) and reviewed by WIRED. The presentation, while undated, contains statistics on connected cars for the year 2024. “If the vehicle has an active subscription,” they add, “it does create more data.”

The CHP presentation, obtained by government transparency nonprofit Property of the People via a public records request, trains police on how to acquire data based on a variety of hypothetical scenarios, each describing how vehicle data can be acquired based on the year, make, and model of a vehicle. The presentation acknowledges that access to data can ultimately be limited due to choices made by not only vehicle manufacturers but the internet service providers on which connected devices rely.

One document notes, for instance, that when a General Motors vehicle is equipped with an active OnStar subscription, it will transmit data—revealing its location—roughly twice as often as a Ford vehicle. Different ISPs appear to have not only different capabilities but policies when it comes to responding to government requests for information. Police may be able to rely on AT&T to help identify certain vehicles based on connected devices active in the car but lack the ability to do so when the device relies on a T-Mobile or Verizon network instead.

Charlotte McCoy, a GM spokesperson, tells WIRED the company now requires a court order before handing over location data to law enforcement. “We review each request individually to assess the circumstances and the nature of the request before providing any information,” they say. “Connectivity offers many benefits—including navigation, communication, safety, and maintenance—and customers can mask their location or turn off connectivity at any time.”

Other car manufacturers listed in the CHP presentation, including Ford, did not respond to a request for comment.

“There's definitely a role being played by the companies in deciding what kind of standard they're going to insist on,” says Andrew Crocker, the surveillance litigation director at the Electronic Frontier Foundation. “And this is a dynamic we've seen in other areas of tech. Google and Facebook and Apple all played a role in saying, ‘We'll only provide this data in response to a warrant; other data we'll provide in response to a subpoena.’”

When police are investigating a specific suspect, they will often use a technique known as a “ping” to geographically locate a specific device known to belong to that individual. But when canvassing near a crime scene for an unknown perpetrator, authorities commonly rely on a procedure known as a “tower dump,” requesting that ISPs cast a wider net and identify virtually any devices that have connected to a specific cell tower during a certain window of time. Police analysts can then comb through this data and attempt to identify a culprit, often using surveillance footage or witness testimony about a vehicle’s color, make, or model.

Nearly all subscription-based car features rely on devices that come preinstalled in a vehicle, with a cellular connection necessary only to enable the automaker's recurring-revenue scheme. The ability of car companies to charge users to activate some features is effectively the only reason the car’s systems need to communicate with cell towers. The police documents note that companies often hook customers into adopting the services through free trial offers, and in some cases the devices are communicating with cell towers even when users decline to subscribe.

In an August 2022 email, one detective noted: “In some vehicles, again \[it\] depends on manufacturer, the vehicle is still doing this despite the lack of an active subscription, and just sending the data back to the mother ship. This could be due to collecting user data for what the manufacturer sells it for, to providing this data to try to sell you on renewing your \[subscription\] package that lapsed.”

The “tower dump” technique is becoming increasingly unpopular in US courts following the US Supreme Court’s acknowledgement in 2018 that location data raises significant Fourth Amendment concerns. While the Supreme Court specifically avoided addressing tower dumps in its landmark _US v. Carpenter_ decision, a Fifth Circuit ruling last year placed the capability in great jeopardy, concluding that a warrant to “geofence” an area and collect evidence from a wide variety of individuals is inherently unconstitutional.

On the back of that decision, a federal magistrate in Mississippi ruled two months ago that tower dumps are likewise unconstitutional. While a “tower dump” and a “geofence” are not precisely the same—the latter relying on GPS coordinates obtained from internet companies such as Google, as opposed to a cell tower—the results are more or less identical: offering police a dragnet with which to accumulate vast amounts of location data on individuals, many if not most of whom are not suspected of committing a crime.

In response to the rapid changes in case law surrounding location data, Google—historically a frequent target of geofence warrants—announced technical changes to its software last year, making it effectively impossible to respond to these types of warrants.

“Location data is some of the most sensitive, revealing information that is generated by our devices, including our cars,” the EFF’s Crocker says. “It's extremely revealing of obviously where you go and where you've been, but also all the people you associate with and all the things you're doing. You can paint a very clear picture of someone's life with just a list of all the places they've been in their car. The Supreme Court has made that very clear.”

The police documents reviewed by WIRED alone demonstrate the arbitrary nature of vehicle surveillance upon this shifting legal landscape, with police noting, for instance, that while Verizon will refuse to allow police to define their own radius when requesting cell tower data, its competitors impose no such limitations. Another document notes that while AT&T will conduct “pings,” locating a device in real time, it will only do so for “voice devices.”

What is also clear from the documents is that US police are aware of the control corporations have over their ability to acquire vehicle location data, expressing fears that they could abruptly decide to kill off certain capabilities at any time.

In a letter sent in April 2024 to the Federal Trade Commission, US senators Ron Wyden and Edward Markey—Democrats from Oregon and Massachusetts, respectively—noted that a range of automakers, from Toyota, Nissan, and Subaru, among others, are willing to disclose location data to the government in response to a subpoena without a court order. Volkswagen, meanwhile, had its own arbitrary rules, limiting subpoenas to fewer than seven days’ worth of data. The senators noted that these policies stood in contrast to public pledges previously made by some automakers to require a warrant or court order before surrendering a customer’s location data.

Automakers “differ significantly on the important issue of whether customers are ever told they were spied on,” the senators wrote. At the time of the letter, only Tesla had a policy, they said, of informing customers about legal demands. “The other car companies do not tell their customers about government demands for their data, even if they are allowed to do so.”

“We respect our customers’ privacy and take our responsibility to protect their personal information seriously,” Bennet Ladyman, a T-Mobile spokesperson, says.

AT&T spokesperson Jim Kimberly says: “Like all companies, we are required by law to provide information to law enforcement and other government entities by complying with court orders, subpoenas, and other lawful discovery requests. In all cases, we review requests to determine whether they are valid. We require a search warrant based on the probable-cause standard for all government demands for real-time or historical location information, except in emergency situations. For government demands for cell tower searches, we require a probable-cause search warrant or a court order, except in emergency situations.”

Verizon did not respond to a request for comment.

“Especially now, with American civil liberties eroding rapidly, people should exercise great caution in granting new surveillance powers to law enforcement,” says Ryan Shapiro, executive director of Property of the People.

Jay Stanley, a senior policy analyst at the American Civil Liberties Union, notes that the police documents reviewed by WIRED contained substantial detail about car surveillance that appear to be publicly unavailable, suggesting that corporations are being far more open with law enforcement than they are with their own customers.

“It's an ongoing scandal that this kind of surveillance is taking place without people being aware of it, let alone giving permission for it,” Stanley says. “If they're carrying out surveillance on the public, the public should know. They should have meaningful knowledge and give meaningful consent before any kind of surveillance is activated, which clearly is not the case.”

Car Subscription Features Raise Your Risk of Government Surveillance, Police Records Show

A list of topics we covered in the week of April 21 to April 27 of 2025

April 28, 2025 - WorkComposer, an employee monitoring app, has leaked millions of screenshots through an unprotected AWS S3 bucket.

April 25, 2025 - After hearing about ChatGPT o3 ability at geo-guessing we decided to run some tests and the tested AIs didn't fail to amaze us

April 24, 2025 - Attackers are luring victims into a Zoom call and then taking over their PC to install malware, infiltrate their accounts, and steal their assets.

April 24, 2025 - A newly discovered malicious program effectively turns Android phones into malicious tap machines that vacuum up payment card data.

April 24, 2025 - Blue Shield of California said it accidentally leaked the personal data of 4.7 million individuals to Google after a Google Analytics misconfiguration.

 A week in security (April 21 &#8211; April 27) 

Plus: Cybercriminals stole a record-breaking fortune from US residents and businesses in 2024, and Google performs its final flip-flop in its yearslong quest to kill tracking cookies.

As the Trump administration’s aggressive immigration policy ramps up, people have started to seriously consider their privacy and security when crossing into the United States. That’s especially true when it comes to searches of travelers’ phones and other devices, which US Customs and Border Protection agents have broad authority to search. Fortunately, there are some steps you can take, such as deleting certain apps from your personal phone or using an alternative phone that’s set up just for traveling internationally.

Operatives with Elon Musk’s so-called Department of Government Efficiency (DOGE) have spent the first months of the Trump administration clawing their way into US government systems. It’s now starting to become clear exactly what those systems are and what kind of data on US residents they hold. WIRED this week detailed the 19 systems DOGE operatives have access to just at the Department of Health and Human Services.

Pope Francis died on Monday at age 88. The passing of the supreme pontiff sets in motion a conclave, the secretive process used to select the new pope. To protect the conclave’s integrity and try to prevent leaks, a wide range of security measures will be put in place, from privacy film on windows at the Vatican to signal jammers and sweeps for hidden microphones.

Google recently announced the initial rollout of end-to-end encrypted email for Google Workspace accounts, which is good news for the privacy of enterprise-level users. When a Workspace user emails a non-Workspace account, the recipient gets an invitation to create a guest account so they can read the email. Unfortunately, security experts say, this will likely create new opportunities for phishing attacks, as scammers try to bait people with fake invitations.

But that’s not all. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.

SignalGate is the scandal that just won’t die—at least not if you’re US secretary of defense Pete Hegseth. On Wednesday, The Washington Post reported that Hegseth had installed Signal on a “second computer in his office” so that he could “use Signal in a classified space, where his cellphone and other personal electronics are not permitted, and communicate with ease with anyone.”

The Associated Press on Thursday added to the picture of Hegseth’s reported Signal use, revealing that Hegseth got a second internet line installed that connected directly to the public internet rather than through the Pentagon’s secured connection, according to sources who spoke with the AP. Hegseth allegedly did this so he could use that second computer with Signal installed. Then on Friday, The New York Times found that the phone number associated with Hegseth’s Signal account—the one he used in that infamous group chat—is easily discoverable online, potentially opening him up to targeted cyberattacks by hostile nations.

**Cybercriminals Stole a Record-Breaking $16.6 Billion From US Entities in 2024**

Despite a steady flow of arrests and takedowns of online scammers, cybercriminals are operating at unprecedented levels and making more money than ever. Two reports released this week reveal the stark scale of online criminality. Last year in the United States, businesses and individuals lost $16.6 billion to online crimes, according to the FBI’s Internet Crime Complaint Center—that’s the highest figure ever reported and a leap of 33 percent compared to 2023. In 2024, there were 859,532 complaints about potential online crimes, with the FBI saying phishing and spoofing complaints account for 193,000 of them, followed by extortion with 86,000 complaints. Investment scams, which often involve cryptocurrency, made up more than $6 billion of the total losses, with business email compromise scams leading to losses of $2.7 billion.

Around the same time, the United Nations Office on Drugs and Crime highlighted that giant scam compounds in Southeast Asia—where human trafficking victims are forced to work scamming people—are generating $40 billion in profits per year and keep on growing. These industrial-scale scam organizations, which are often linked to Chinese criminals, heavily use investment scams (sometimes called pig-butchering) to con people out of their life savings and are expanding outside of the region. “It spreads like a cancer,” Benedikt Hofmann of the UNODC said in a statement.

**Google Chrome Won’t Ditch Creepy Tracking Cookies After All**

Back in 2020, Google announced its Chrome browser would stop using third-party cookies, which track people around the web, and would move to a less creepy way of powering its advertising businesses. Web browsers such as Safari, Firefox, and Brave ditched cookies years before Google made the announcement. But this week, after countless U-turns, failed efforts to develop alternatives, and criticism that proposals to replace cookies would favor Google, the company announced it will, in fact, keep the trackers in Chrome.

“We’ve made the decision to maintain our current approach to offering users third-party cookie choice in Chrome,” wrote Anthony Chavez, the Google VP in charge of its Privacy Sandbox efforts, in a blog post. “As we’ve engaged with the ecosystem, including publishers, developers, regulators, and the ads industry, it remains clear that there are divergent perspectives on making changes that could impact the availability of third-party cookies,” Chavez wrote. While the US government is proposing that Google sell off Chrome as part of its antitrust case against the company, it’s still possible to turn off third-party cookies or use a privacy-friendly browser instead.

Tag

#google