Your Push Notifications Aren’t Safe From the FBI

At a glance:

• FBI accessed encrypted Signal messages via push notifications stored in phone memory
• Iran's internet blackout reaches 1,000 hours, disrupting 80 million users
• Cryptocurrency scams cost Americans $11.3 billion in 2025

FBI's Push Notification Vulnerability

The FBI recently obtained copies of encrypted Signal messages through push notifications that persisted on a defendant's iPhone even after the app was removed. This method bypasses Signal's end-to-end encryption, as notifications contain message previews and sender information. Users can mitigate this by adjusting notification settings to display only sender names or no content. The vulnerability affects all apps using push notifications, not just Signal, but the FBI's case highlights a critical gap in mobile security protocols.

Iran's Internet Blackout Escalates

Iran's internet blackout, initiated during the US-Israel conflict with Iran, has now lasted over 1,000 hours, according to NetBlocks. This is the longest blackout in Iranian history and one of the longest globally. The regime has blocked access to anti-censorship tools like Starlink, arresting users attempting to bypass restrictions. The shutdown has severed communication for 80 million Iranians, crippling economic activity and limiting access to accurate war updates. US-based digital rights group Filter Watch documented the regime's crackdown on circumvention tools.

Cryptocurrency Scams Surge to $11.3 Billion

The FBI's 2025 internet crime report reveals cryptocurrency scams accounted for $11.3 billion in losses, a 26% increase from 2024. These scams, often involving fraudulent investment schemes, outpaced other cybercrimes like business email compromise and romance scams. AI-related crimes contributed $893 million in losses. The FBI warns that as AI becomes more integrated into financial systems, the risk of sophisticated fraud will likely grow.

Gmail's End-to-End Encryption Expands

Google has rolled out end-to-end encryption for Gmail on Android and iOS, allowing enterprise users to send secure messages without third-party apps. The feature, available to Google Workspace Enterprise Plus customers with Assured Controls, uses customer-controlled keys to prevent Google from accessing message contents. Users enable encryption via a lock icon in the app, mirroring the web interface. However, personal Gmail accounts and non-enterprise users remain excluded from this security upgrade.

Anthropic's Claude Mythos Preview Sparks Debate

Anthropic announced its Claude Mythos Preview model, initially limited to a select group of tech and financial organizations. The project, called Glasswing, aims to test the model's cybersecurity capabilities before broader deployment. Critics question whether the model's advanced hacking tools will ultimately benefit defenders or attackers. Experts emphasize the importance of collaborative efforts to improve software development and patching practices.

Nonprofit Coin Controversy

A WIRED investigation uncovered nonprofit groups linked to Customs and Border Protection selling challenge coins celebrating Trump's immigration raids. One coin featured Charlotte's Web characters in riot gear, drawing criticism for trivializing law enforcement actions. This incident highlights the intersection of political messaging and nonprofit fundraising in the digital age.