After WIRED reported last week that Meta’s smart glasses app contained code that would enable the company to activate face-recognition features on the devices, the company removed the code this week without commenting on why or whether it plans to add such functionality back into the app later. Another WIRED investigation this week found that xAI’s Grok is still hosting sexualized deepfakes, including “nudified” images and videos, of celebrities and at least one prominent US politician.
After limiting the release of its new Mythos-class AI model over concerns about its potential impacts on cybersecurity, Anthropic announced a model upgrade for partners in its limited-access group this week and launched a “safe” version of the model to the public with guardrails meant to keep the system from being used to fuel cyberattacks. Meanwhile, the United States Cybersecurity and Infrastructure Security Agency issued a new directive to federal agencies this week in reaction to new AI threats that includes a requirement to fix the most urgent software vulnerabilities in as little as three days.
As Europe looks to separate and insulate itself from US Big Tech, WIRED created a timeline that tracks all the ways EU governments, companies, and other organizations are moving away from US tech. A new open-source project dubbed Encrypted Spaces could be used to make countless mainstream collaboration apps more private and surveillance-resistant with end-to-end encryption. And illegal pharmacy and scam websites hijacked Spotify’s search rankings using fake podcasts, according to a new joint US Congressional report.
The 2026 World Cup is in full swing, and WIRED looked at the surveillance technologies, from anti-drone tech to face recognition, that are being used in US, Canadian, and Mexican stadiums. We also mapped every Flock license plate reader near a US World Cup stadium. More broadly, Amnesty International said this week that it has concluded fans in all three host countries—both local residents and visitors—face potential human rights violations as a result of the FIFA tournament.
The American Civil Liberties Union is suing two Florida police departments over its use of FACES, one of the longest-running face recognition tools in the US, after its alleged misuse led to the wrongful arrest of a Fort Myers man. Donald Trump, meanwhile, jeopardized the future of a key surveillance authority after selecting Bill Pulte, who’s been described as “deeply unqualified,” as the acting director of national intelligence. (Trump has since selected an alternative nominee for the permanent role.)
And there’s more. Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
A New FCC Proposal Could Kill Burner Phones—and Every Other Anonymous Cellular Service
As difficult as digital anonymity has become in the modern world, obtaining a phone number without revealing almost any identifying information—whether by buying a temporary burner phone or registering an account with a privacy-preserving phone carrier—has remained entirely legal in the US. Now the Federal Communications Commission wants to change that.
Late last month, the FCC released a proposal for a new rule that would implement know-your-customer requirements for cellular networks, requiring that cellular providers “at a minimum, obtain and retain the name, physical address, government issued identification number, and an alternate telephone number of any new and renewing customer before granting access to its services.” The proposal is described as a measure akin to money-laundering laws designed to make it more difficult for scammers to exploit the phone networks. But privacy advocates argue it also threatens a last conduit of anonymity for those seeking to evade phone surveillance—whether that’s journalists, whistleblowers, activists, or simply people seeking to avoid mass data collection in yet another facet of their communications.
The new rule would threaten, for instance, to curtail the privacy promises of Phreeli, a newly launched phone carrier that allows users to register with nothing but a ZIP code. “We’re trying to help people feel more comfortable living their normal lives, where they’re not doing anything wrong, and not feel watched and exploited by giant surveillance and data mining operations,” as Phreeli’s founder, Nicholas Merrill, put it to WIRED last year. “I think it’s not controversial to say the vast majority of people want that.”
The FCC is accepting comments on the proposal until June 25.
ShinyHunter Hackers Exploit Oracle Zero-Day Bug in Intrusion Spree
Google warned on Thursday that the cybercriminal group known as ShinyHunters was on a rampage through victim networks in the education sector, exploiting a critical vulnerability in Oracle’s HR and payroll software known as PeopleSoft. According to the group’s own claims, it had breached more than a hundred organizations and counting. Oracle alerted customers to the vulnerability, but not before ShinyHunters had already discovered it and begun its hacking spree. ShinyHunters has a long history of holding victims ransom, including in a notorious ransomware attack against the education software company Instructure last month that affected thousands of schools before Instructure paid a ransom to the hackers. Now it seems the group has perhaps realized the leverage it can gain over school and university targets, and has continued to seek similar victims.
Microsoft Releases Its Biggest Patch Tuesday Ever, Courtesy of AI
For years, Microsoft’s Patch Tuesday has been part of every IT administrator’s calendar. It’s the company’s cyclical release of software updates, which often includes some designed to fix serious security issues. But with the advent of AI-enabled bug hunting, the company has now carried out its biggest Patch Tuesday ever, with more than 200 bug fixes by some counts. (Microsoft counts the number of distinct updates somewhat differently than security firms that track the releases.) Microsoft noted last month that its bumper crop of patches—which almost reached the current record—was the result of AI’s ability to automatically ferret out security vulnerabilities at inhuman speeds. “Advanced AI models are part of the discovery picture and help to accelerate it,” Microsoft Security Response Center’s Tom Gallagher wrote with the company’s usual gift for understatement.
Google Sues an Alleged Chinese Scam Group for Using Its AI Tool
Google launched a lawsuit Friday against an alleged Chinese scam network, known as Outsider Enterprises, that it says used its Gemini AI tool in its efforts to scam hundreds of thousands of Americans with fake websites mimicking everything from YouTube to New York’s E-ZPass highway toll system. Google also partnered with the FBI in its effort to combat the group’s use of its tool, which it said had stolen millions from Americans. In a glimpse of the scale of the group’s scam attempts as described by Google, the company said it had sent 2.5 million messages to Android phone users with links to 9,000 spoofed websites in just a two-week period in May.
Trump Drops Bill Pulte as Intelligence Chief Pick, Taps Jay Clayton
President Donald Trump this week dropped his bid to appoint Bill Pulte, the director of the Federal Housing Finance Agency, to replace former director of national intelligence Tulsi Gabbard following widespread criticism of the pick across Capitol Hill. Pulte had drawn fire for his lack of any intelligence or law enforcement experience, as well as his apparent willingness to use federal powers to attack Trump’s enemies. House minority leader Hakeem Jeffries had called him “deeply unqualified” and “deeply dangerous.” Trump has now instead given the nod to Jay Claton, a US attorney in Manhattan, to take the top intelligence job.
