\n<\/p>\n
Planning a big<\/span> night out at Madison Square Garden? Have fun\u2014but don\u2019t say we didn\u2019t warn you.<\/p>\n A WIRED investigation this week revealed new details about the private surveillance state instituted by MSG owner Jim Dolan and his head of security, John Eversole. According to court records and WIRED sources, visitors to the Garden and some other Dolan-owned venues have been subjected to face recognition, social media monitoring, in-person surveillance, and more.<\/p>\n The US government\u2019s warrantless wiretap powers hit a roadblock this week. Despite a push from President Donald Trump for a long-term reauthorization of the so-called Section 702 spy program, 20 Republican lawmakers in the House of Representatives voted against a full reauthorization, forcing Speaker Mike Johnson to merely extend the program for an additional 10 days.<\/p>\n Meta\u2019s Ray-Ban and Oakley AI smartglasses have an image problem\u2014for good reason. More than 70 civil society groups, including the ACLU and the National Organization for Women, sent a letter to the company this week, demanding that it abandon any plans it may have to equip its AI glasses with face-recognition features. The groups argue that including face recognition in the wearable devices, which can already surreptitiously record videos of people, would further erode any semblance of privacy and potentially facilitate stalkers, domestic abusers, and federal agents.<\/p>\n Nonconsensual deepfake nudes are a scourge at schools around the world, according to an analysis by WIRED and Indicator. By tracking publicly reported incidents of deepfake \u201cnudify\u201d tech used against middle- and high-school-aged girls, we were able to identify more than 600 victims in 28 countries around the world.<\/p>\n You might think banning a $20 billion black market for scammers from your platform would be a no-brainer. But not if you\u2019re Telegram. A WIRED investigation found that the messaging app continued to host Xinbi Guarantee despite the UK government\u2019s designating it a facilitator of human trafficking and sanctioning the largest-ever online marketplace of its kind. Crypto-tracing firm Elliptic says that Xinbi carried out another $505 million in transactions in the 19 days after the UK issued its sanction.<\/p>\n The AI race has finally entered the cybersecurity lap. After Anthropic revealed its new model, Mythos, as a unique risk to the security status quo, OpenAI announced that it, too, has a new cybersecurity strategy, and a new model to go with it\u2014GPT-5.4-Cyber.<\/p>\n That\u2019s not all! Each week, we round up the security and privacy news we didn\u2019t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.<\/p>\n The European Commission this week released its free, open source app for verifying the ages of visitors to social networks and pornography websites. At a press conference on Wednesday, European Commission president Ursula von der Leyen proclaimed that, with the release of the app, \u201cthere are no more excuses\u201d for platforms that fail to check users\u2019 ages. That, however, was before experts found the app to be a security disaster.<\/p>\n As reported by Politico, security consultant Paul Moore claimed on X to have found a series of security issues with the app that allowed him to hack it \u201cin less than 2 minutes.\u201d The issues include how the app reportedly stores a user-created PIN that could allow an attacker to easily take over that person\u2019s app profile. (Baptiste Robert, a whitehat hacker, confirmed the vulnerability to Politico.) Tagging von der Leyen in his post, Moore concluded, \u201cThis product will be the catalyst for an enormous breach at some point. It’s just a matter of time.\u201d<\/p>\n Europe’s largest gym chain, Basic-Fit, confirmed a major data breach on Monday, revealing that the bank details of roughly a million customers were compromised. Around 200,000 members in the Netherlands alone were affected. The stolen data includes bank details along with customers’ names, home and email addresses, phone numbers, and dates of birth. A spokesperson told The Register that members in Belgium, France, Germany, Luxembourg, and Spain were also similarly hit through a single system that records member visits to clubs. No passwords, which Basic-Fit says it does not store, were reportedly compromised.<\/p>\n The same day, global travel and hotel reservation giant Booking.com confirmed that hackers may have extracted customer data including names, emails addresses, phone numbers, and booking details. The company informed TechCrunch that it \u201cnoticed some suspicious activity\u201d and \u201ctook action to contain the issue.\u201d Company notices posted by purported customers on Reddit appear to disclose a breach touching on \u201canything\u201d the users \u201cmay have shared with the accommodation.\u201d TechCrunch reported that Booking.com had declined to share details about the scope of the breach, but did separately tell The Guardian that no \u201cfinancial information\u201d was lost.<\/p>\n Bluesky\u2019s site and app struggled through Thursday after what the company confirmed was a distributed denial-of-service attack. Chief operations officer Rose Wang said the \u201csophisticated\u201d attack began April 15 around 8:40 pm ET and caused intermittent failures across feeds, notifications, and search. The company said it has not seen any evidence of unauthorized access to user data.<\/p>\n The outages hit Bluesky\u2019s own infrastructure but spared communities like Blacksky that run their own instances on the underlying AT Protocol. Blacksky told TechCrunch it has seen a significant spike in migration requests over the past 12 hours, as users and rival ATmosphere operators promote alternatives. As of Friday afternoon, its status page shows the service fully operational.<\/p>\n The Trump administration has been on a hiring spree. A Department of Homeland Security press release from January says that ICE hired over 12,000 officers and agents in less than a year. As part of their job applications, immigration officers are supposed to go through extensive background checks that probe everything from what arrests they might have had, the debts they\u2019ve racked up, and foreign nationals they\u2019ve interacted with in the past seven years. The Associated Press did its own background checks on 40 ICE agents and found three that had faced lawsuits because of alleged misconduct in their previous law enforcement jobs, and several that reportedly faced legal actions because of their histories of unpaid debt. DHS didn\u2019t comment on specific hiring choices, but acknowledged to the AP that it had given some applicants \u201ctemporary selection letters\u201d and offers to start working before their full background checks had been completed.<\/p>\n The Russian cryptocurrency exchange Grinex, widely reported to have aided Russia\u2019s sanctions evasion, abruptly announced Thursday that it would be suspending its operations following a breach that it says allowed a hacker to steal more than a billion rubles\u2019 worth of its users\u2019 funds, equivalent to more than $13 million dollars. In its announcements on its social accounts, Grinex blamed the \u201cspecial services\u201d of a foreign country, writing that the \u201cdigital traces and the nature of the attack indicate an unprecedented level of resources and technologies available exclusively to structures of unfriendly states\u201d and seemed to be aimed at \u201ccausing direct damage to Russia’s financial sovereignty.\u201d Grinex, which was itself sanctioned by US financial authorities, had served as the successor to Garantex, another Russian exchange that had been sanctioned for enabling sanctions evasion and other alleged financial crimes. According to crypto-tracing firm Elliptic, Grinex was likely created by the same owners and inherited Garantex funds and customers. Grinex didn\u2019t provide any public evidence to back its claim that the theft of its funds was carried out by state-sponsored hackers.<\/p>\n<\/div>\n