Lily Hay Newman

A Possible US Government iPhone-Hacking Toolkit Is Now in the Hands of Foreign Spies and Criminals A highly sophisticated set of iPhone hijacking techniques has likely infected tens of thousands of phones or more. Clues suggest it was originally built for the US government.

A full iOS exploitation toolkit, "Coruna," has been found in the wild, hacking iPhones that visited infected websites, used by Russian spies targeting Ukrainians and thieves targeting Chinese crypto holders. And it may have been originally created for the US government. www.wired.com/story/coruna...

Attacks on GPS Spike Amid US and Israeli War on Iran New analysis shows that attacks on satellite navigation systems have impacted some 1,100 ships in the Middle East since the US and Israel attacked Iran on February 28.

an update on current GPS jamming activity in the Strait of Hormuz, by @mattburgess1.bsky.social www.wired.com/story/gps-at...

really excellent/wild story bsky.app/profile/kimz...

How to Organize Safely in the Age of Surveillance From threat modeling to encrypted collaboration apps, we’ve collected experts’ tips and tools for safely and effectively building a group—even while being targeted and tracked by the powerful.

It's hard enough to figure out your own threat model and how to approach your own digital privacy and security, but it's even more overwhelming to try to think it through for bigger groups. @agreenberg.bsky.social and I put together this guide as a starting point www.wired.com/story/how-to...

Reminder that the Washington Post lost 250,000 subscribers, more than most outlets will ever have, after its decision not to publish an endorsement in the last election. www.npr.org/2024/10/29/n...

That kind of cowardice, not AI or whatever, is what's "drastically reshaping" readers' expectations.

FBI Couldn’t Get into WaPo Reporter’s iPhone Because It Had Lockdown Mode Enabled Lockdown Mode is a sometimes overlooked feature of Apple devices that broadly make them harder to hack. A court record indicates the feature might be effective at stopping third parties unlocking some...

New from 404 Media: the FBI has been unable to get into the iPhone of raided Washington Post journalist because the phone had Lockdown Mode enabled. Apple markets Lockdown Mode mostly to stop spyware like NSO. Here, a real world example of it stopping access too www.404media.co/fbi-couldnt-...

New survey reveals how security researchers and journalists experience legal and criminal threats Over 100 security researchers and journalists answered our survey and told us how they experienced threats for doing their work. Here are some of the top takeaways.

ICYMI: Yesterday we published the results of a survey of 100+ security researchers and journalists asking about the legal and criminal threats they face for doing their jobs.

A very interesting takeaway: While legal & criminal threats are common, most of our respondents *did not* give in to them.

An AI Toy Exposed 50,000 Logs of Its Chats With Kids to Anyone With a Gmail Account AI chat toy company Bondu left its web console almost entirely unprotected. Researchers who accessed it found nearly all the conversations children had had with the company's stuffed animals.

The AI-chat-enabled stuffed toy Bondu invites little kids to have intimate conversations with it, like an LLM imaginary friend. It also exposed virtually all their chats on a web interface with no security. Anyone with a Gmail account could log in and read transcripts. www.wired.com/story/an-ai-...

Can Woke 2 Go IRL? Even Thomas Chatterton Williams Thinks It’s Possible The very intellectual and the very online have an answer for why Trump’s cultural revolution hasn’t really taken root. They’ve also got memes.

my magnum opus on woke 2 has arrived!!! (magnum wokus?) thank you to @olufemiotaiwo.bsky.social and @kattenbarge.bsky.social for providing your thoughts on the matter www.vanityfair.com/culture/stor...

Attack Against Poland's Grid Disrupted Communication Devices at About 30 Sites The hackers behind a cyberattack that targeted Poland's grid infrastructure in December disabled communication devices for at least 30 sites across a number of energy facilities in different parts of ...

Hackers behind cyberattack against Poland electric grid in Dec disabled communication devices for at least 30 sites across a number of energy facilities in country. They rendered the devices - known as remote terminal units or RTUs - not only inoperable but also unrecoverable

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and then escape. This is his story.

Last year, a human trafficking victim trapped in a crypto scam compound in the Golden Triangle region of Laos contacted me. He then proceeded to leak to me a huge collection of the compound's internal materials.

Then he had to get out alive. This is his story.

🧵👇 www.wired.com/story/he-lea...

Revealed: Leaked Chats Expose the Daily Life of a Scam Compound’s Enslaved Workforce A whistleblower trapped inside a “pig butchering” scam compound gave WIRED a vast trove of its internal materials—including 4,200 pages of messages that lay out its operations in unprecedented detail.

Red Bull felt compelled to expose this apparatus that is enslaving and victimizing so many. The documentation he provided to @agreenberg.bsky.social offers key insight into these destructive institutions. It was a privilege to review this data with @wired.com colleagues www.wired.com/story/the-re...

He Leaked the Secrets of a Southeast Asian Scam Compound. Then He Had to Get Out Alive A source trapped inside an industrial-scale scamming operation contacted me, determined to expose his captors’ crimes—and then escape. This is his story.

Human trafficking to scam compounds in SE Asia is a catastrophe for forced laborers and their scam victims worldwide. One individual, Red Bull, gave @agreenberg.bsky.social incredible insight into the situation over months from inside. Then he attempted an escape www.wired.com/story/he-lea...

For This Influencer, Rejection Is the New Perfection

for The New York Times, I wrote about the 1,000 Rejections Challenge and why getting comfortable with "no" is more useful than resolutions about becoming the perfect version of yourself www.nytimes.com/2026/01/26/a...

149 Million Usernames and Passwords Exposed by Unsecured Database This “dream wish list for criminals” includes millions of Gmail, Facebook, banking logins, and more. The researcher who discovered it suspects they were collected using infostealing malware.

NEW: A database left accessible to anyone online contained tens of millions of login credentials from Gmail, Facebook, Apple, OnlyFans, crypto accounts, and more. @lhn.bsky.social has the scoop: www.wired.com/story/149-mi...

Trump officials consider skipping premier cyber conference after Biden-era cyber leader named CEO Jen Easterly, who led the Cybersecurity and Infrastructure Security Agency under Biden, was named CEO of RSAC Conference Thursday.

Officials in ONCD, NSC and CISA discussed potential plans to no longer attend after Jen Easterly, the former CISA director under Biden, was named as CEO of RSAC Conference on Thursday:
www.nextgov.com/people/2026/...

Hundreds of Millions of Audio Devices Need a Patch to Prevent Wireless Hacking and Tracking Flaws in how 17 models of headphones and speakers use Google’s one-tap Fast Pair Bluetooth protocol have left devices open to eavesdroppers and stalkers.

a big load of earbuds, headphones and speakers need updating to patch vulnerabilities that could be exploited to hijack audio, take over mics for eavesdropping, or even in some cases for location tracking www.wired.com/story/google...

Former CISA Director Jen Easterly Will Lead RSA Conference The longtime cybersecurity professional says she’s taking the helm of the legacy security organization at “an inflection point” for tech and the world beyond.

The Rubik's cubes and jam sessions are coming to RSA Conference www.wired.com/story/former...

What to Do If ICE Invades Your Neighborhood With federal agents storming the streets of American communities, there's no single right way to approach this dangerous moment. But there are steps you can take to stay safe—and have an impact.

WIRED Security has always had the very earnest, kind of dopey unofficial tagline “stay safe out there” and it’s more apt than ever right now www.wired.com/story/what-t...

New Records Reveal the Mess RFK Jr. Left When He Dumped a Dead Bear in Central Park Robert F. Kennedy Jr. says he left a bear cub's corpse in Central Park in 2014 to "be fun." Records newly obtained by WIRED show what he left New York civil servants to clean up.

Okay, remember in 2024 when RFK Jr. admitted he dumped a dead black bear cub in Central Park in 2014? An event that was a NY mystery for a decade?

if this story has also haunted you...... I got new docs, emails, & pics about it from NYC's Dept of Parks & Rec via FOIA:
www.wired.com/story/rfk-jr...

Fears Mount That US Federal Cybersecurity Is Stagnating—or Worse Government staffing cuts and instability, including this year’s prolonged shutdown, could be hindering US digital defense and creating vulnerabilities.

'“On a daily basis I’m worrying that federal cybersecurity and critical infrastructure protection may be backsliding,”' - @malwarejake.bsky.social tells @lhn.bsky.social in @wired.com. Me too, brother. Me too. www.wired.com/story/expire... @gate15.bsky.social @fergdawg.bsky.social #cybersecurity

The Ultra-Realistic AI Face Swapping Platform Driving Romance Scams Capable of creating “nearly perfect” face swaps during live video chats, Hoatian has made millions, mainly via Telegram. But its main channel vanished after WIRED's inquiry into scammers using the app...

NEW: Scammers are using a face-swapping app that experts say can create "nearly perfect" face swaps during video calls. It's largely marketed on Telegram, but its main channel disappeared after @wired.com inquired. @mattburgess1.bsky.social, @lhn.bsky.social, @zeyiyang.bsky.social w/ the scoop:

San Francisco Mayor Daniel Lurie: ‘We Are a City on the Rise’ Since taking office, San Francisco’s mayor has been on a quest to revitalize the city and increase public safety. He’s also kept the National Guard out—with a little help from some very powerful frien...

At the @wired.com Big Interview event last week, I spoke to SF mayor Daniel Lurie. Our entire conversation is now online as a podcast ep + text piece.

Neither quite capture how unhinged and boisterous the entire thing was IRL, but needless to say, he *did* remove one shoe onstage.

The WIRED Guide to Digital Opsec for Teens Practicing good “operations security” is essential to staying safe online. Here's a complete guide for teenagers (and anyone else) who wants to button up their digital lives.

ICYMI: This weekend, we published the @wired.com guide to digital opsec for teens (tho it applies to pretty much everyone!) We hope you and the kids in your life will read it and stay safe out there. No paywall! @lhn.bsky.social and JP Aumasson report: www.wired.com/story/digita...

The WIRED Guide to Digital Opsec for Teens Practicing good “operations security” is essential to staying safe online. Here's a complete guide for teenagers (and anyone else) who wants to button up their digital lives.

I was really thrilled to get to work on The WIRED Guide to Digital Opsec for Teens with @aumasson.jp. I think we did a good job but also apologies in advance to the teens that we tried to make jokes and generally Be Chill. Also no paywall to make it easier to share! www.wired.com/story/digita...

The Destruction of a Notorious Myanmar Scam Compound Appears to Have Been ‘Performative’ Myanmar’s military has been blowing up parts of the KK Park scam compound. Experts say the actions are likely for show.

NEW: Myanmar has made a big show of destroying the notorious KK Park scam compound—even publishing a video of a steamroller driving over thousands of phones

But new images show buildings are only destroyed in one area. Hundreds are left untouched and experts say the crackdown is mostly propaganda

the people have spoken! bsky.app/profile/rans...

Hoth Takes #65: Show Me the First Padawan Braid Between Andor and the upcoming Mandalorian and Grogu movie, Star Wars is currently leaning into stories about the “regular” people of the galaxy. But what about the Jedi and the Sith, the people at…

We've got a new @hothtakes.bsky.social episode for you today! @lhn.bsky.social joins Haley and me to talk about how Star Wars tells stories about Jedi and Sith, and what we want from those stories going forward. hothtakes.wordpress.com/2025/11/24/h...

DOJ Issued Seizure Warrant to Starlink Over Satellite Internet Systems Used at Scam Compound A new US law enforcement initiative is aimed at crypto fraudsters targeting Americans—and now seeks to seize infrastructure it claims is crucial to notorious scam compounds.

NEW: The US Department of Justice issued a warrant demanding SpaceX seize and disable Starlink devices and accounts being used at a scam compound in Myanmar.

At least 9 Starlink devices were linked to a crypto scam that stole $6 million people, an FBI affidavit says

Story with @lhn.bsky.social