A new edition of ~ this week in security ~ is out, featuring: • ICE challenges Fourth Amendment • U.S. says DOGE may've misused Social Security data • Russia blamed for failed Poland power outage • Microsoft gave FBI Windows encryption keys • Ireland mulling cops using spyware • Under Armour breach involves 'sensitive' data ...and lots more news. Plus, the happy corner & 🐈 a reader-submitted cyber-cat. 🐈‍⬛ Read online:
~this week in security~
this week in security — january 25 2026 edition
DHS memo challenges Fourth Amendment, DOGE may have misused Social Security data, Russia's Sandworm blamed for failed Poland power outage, and more.
 Sign up:
~this week in security~
~this week in security~
a weekly cybersecurity newsletter by Zack Whittaker, plus articles and more.
It's not just you. Gmail's spam filter looks like it's gone to shit overnight, for reasons as yet unclear. Hearing from others as well that typical spam is making its way through to their Gmail inboxes. Promotion email sorting (for those who have it) also seems busted.
Feels like -5°F (or -20°C) here on the east coast, and my cat just wants to sleep. image
New, by me: Under Armour says it’s aware of data breach claims after 72M customer records were posted online. A spox. told me a "small percentage" of customers had sensitive information compromised, but wouldn't say what kinds of data Under Armour considers "sensitive," nor provide an accurate figure of affected customers.
TechCrunch
Under Armour says it's 'aware' of data breach claims after 72M customer records were posted online | TechCrunch
TechCrunch obtained a sample of the stolen data, which contained names, email addresses, dates of birth, and the user's approximate geographic...
Always thankful for Techdirt.
Techdirt
Everyone Knows Our Mad King’s Greenland Obsession Is Insane. Why Won’t Congress Stop It?
Look, I know we’ve all gotten somewhat numb to the constant stream of unhinged pronouncements from the White House. At some point, the brain ...
🚨 Last call for our survey! 🚨 Are you a security researcher or journalist? We want to hear from you — please take this survey! Dissent Doe at DataBreaches, and I, are running this survey to better understand the state of legal demands and criminal threats in cybersecurity. Please help us by filling out this survey (and please share!)
Survey about legal and criminal threats experienced by journalists and security researchers
NEW, by me: A hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East this week, sent as a phishing lure over WhatsApp. I obtained a copy of the phishing page and analyzed it with the help of experts. The attack aimed to steal passwords, hijack WhatsApp accounts, and grab victims' location data. But a bug in the code also *exposed* victims' data, allowing us to see dozens of people who had fallen victim. More:
TechCrunch
How a hacking campaign targeted high-profile Gmail and WhatsApp users across the Middle East | TechCrunch
The phishing campaign targeted users on WhatsApp, including an Iranian-British activist, and stole the credentials of a Lebanese cabinet minister a...
New, by me: Security researcher Eaton Zveare spent weeks trying to alert a little-known but critical U.S. cargo tech giant that their shipping systems and customers' data were exposed to the web. After weeks of trying, Zveare asked TechCrunch for help. We were ignored, too. On the third time we emailed the firm's CEO, we included a partial copy of his password to show the seriousness of the flaws. A couple of hours later, we got a response — from its law firm.
TechCrunch
Exclusive: US cargo tech company publicly exposed its shipping systems and customer data to the web
Shipping tech company Bluspark left internal plaintext passwords, including those of executives, exposed to the internet, at a time when hacks in t...
This is utterly insane, almost unheard of. This morning, the FBI *searched the home* of a Washington Post reporter, and seized her phone and smart watch, as part of an investigation into an alleged leak of classified info. by a government employee. (The federal case appears to be 1:26-mj-00045.) https://www.washingtonpost.com/national-security/2026/01/14/washington-post-reporter-search/
Daily Beast reports that a DHS whistleblower has leaked the personal details of around 4,500 ICE and Border Patrol employees. The data is said to include about 1,800 on-the-ground agents and 150 supervisors.
The Daily Beast
Personal Details of Thousands of Border Patrol and ICE Goons Allegedly Leaked in Huge Data Breach
A DHS whistleblower appears to have exposed data on federal immigration workers after the shooting of Renee Good.