Your Push Notifications Are Vulnerable to FBI Scrutiny

In the midst of alarming threats from U.S. President Donald Trump during ceasefire negotiations with Iran, the U.S. government alerted this week that hackers linked to Iran are executing attacks on U.S. energy and water infrastructure. With approximately one in five individuals in Lebanon displaced due to Israeli attacks, the government is striving to handle the crisis with outdated digital infrastructure and an emergency system that is barely operational. Additionally, a WIRED analysis highlighted account hijacks by the Syrian government in March, revealing significant shortcomings in Syria’s basic cybersecurity defenses.

Amid escalating concerns over political violence, a WIRED investigation found that U.S. political candidates are increasingly investing in security measures, including purchasing equipment such as home alarms and bulletproof vests. Furthermore, recent research examining Telegram groups revealed that men are disseminating thousands of nonconsensual images of women and girls, acquiring spyware for use against partners and friends, and engaging in doxing and sexual abuse. Meanwhile, as governments rush to combat rising industrial scams originating from Southeast Asia, China has become the primary enforcer but is also selective, leading crime syndicates to shift their focus abroad to evade Chinese targets.

Anthropic formally revealed its new Claude Mythos Preview model this week, stating that it will initially be available to a limited number of leading tech and financial organizations, including Apple, Microsoft, Google, and the Linux Foundation. The consortium, named Project Glasswing, aims to explore Mythos Preview’s advanced hacking capabilities and other cybersecurity features while assessing the best strategies to enhance software and hardware defenses before these capabilities proliferate and eventually fall into the wrong hands. The announcement sparked debate over whether Mythos Preview and similar technologies will have the significant impact on cybersecurity that Anthropic claims. Experts warned WIRED that, while it may not lead to catastrophic outcomes, it is crucial for defenders to unite and leverage their early access to reform software development practices and global investment in patching.

Additionally, a WIRED investigation uncovered that nonprofit organizations associated with Customs and Border Protection facilities were selling challenge coins celebrating the Trump administration’s immigration raids, including one coin that featured Charlotte’s Web characters in riot gear.

And there’s more. Each week, we compile security and privacy news that we haven’t explored in depth ourselves. Click the headlines for the full stories. And stay safe!

The FBI recently obtained copies of encrypted Signal messages sent to a defendant’s iPhone, as the message contents were included in push notifications, 404 Media reports. Although Signal had been deleted from the phone before being seized by the FBI, the notifications remained in the phone’s internal memory.

This issue affects all applications that use push notifications, not just Signal; however, Signal users can modify their settings to hide message content or sender names in push notifications. To update your notification settings, open Signal, go to Settings, then Notifications, and switch the option to Name Only or No Name or Content.

Despite the fragile and disputed ceasefire in the U.S.-Israel conflict with Iran, millions of ordinary Iranians still lack stable and reliable internet access. The state-imposed internet blackout, which commenced during the early hours of the conflict on February 28, is approaching the 1,000-hour mark, according to the internet monitoring group NetBlocks. Recently, this internet shutdown has become the longest in Iranian history and one of the longest globally—preventing Iranians from receiving accurate news about the war, hindering communication with loved ones, and inflicting further economic damage on the country. A U.S.-based Iranian digital rights initiative, Filter Watch, has highlighted how the Iranian regime, while facing bombardment during the conflict, has labeled anti-censorship tools as “malicious” and claimed to have detained individuals attempting to use Starlink internet connections to bypass the restrictions.

The FBI’s annual internet crime report generally presents a grim outlook: each year, the number of cybercrime reports rises and the amount of money lost by Americans increases. Unfortunately, 2025 was no exception. Last year, based on the FBI’s annual report, losses reported to the Internet Crime Complaint Center exceeded $20 billion—marking a 26 percent rise compared to 2024. Over half of these reported losses ($11.3 billion) were associated with cryptocurrency scams, often due to fraudulent investment schemes, according to the FBI. Business email compromise, tech and customer support scams, personal data breaches, and confidence or romance scams comprise the other prevalent crime reports. Incidents related to AI resulted in $893 million in losses.

This week, Google expanded Gmail’s end-to-end encryption to its Android and iOS applications, enabling enterprise users to compose and read E2EE messages natively on mobile for the first time without requiring separate apps or mail portals. Encrypted emails appear as standard threads in the Gmail app for recipients using Gmail, while those on other platforms can access them through a secure browser view. This launch builds on the client-side encryption model introduced to Google Workspace web users in April 2025, where messages are encrypted with customer-controlled keys, preventing Google from accessing their contents. This approach is particularly attractive to organizations with stringent compliance requirements, including HIPAA, export controls, and data sovereignty regulations.

However, access remains restricted: the feature is available exclusively to Google Workspace Enterprise Plus customers with the Assured Controls or Assured Controls Plus add-on, and personal Gmail accounts are not supported. Administrators must also enable the Android and iOS clients in the admin interface before eligible users can utilize the feature, which is disabled by default. End-users can then toggle encryption per message by tapping the lock icon and selecting “Additional encryption,” mirroring the web workflow. The rollout is now available to both Rapid Release and Scheduled Release domains.